Virus Rootkit
benurrr Messages postés 9766 Statut Contributeur sécurité -
j'oré besoins d'un grand coup de main voila depuis peu j'ai un virus qui a chaque ouverture d'un page que se soit internet ou autre me note ceci :
(par avast) :
nom du fichier : C:/windows/system32/ati2cqa.dll
logiciel malveillant : Win32:Rootkit-gen[rtk]
Rootkit
s'il vous plait il me faut une aide au plus vite !
je vous remercie d'avance !!
Configuration: Windows XP Internet Explorer 7.0
46 réponses
- 1
- 2
- 3
Une détection antivirus signale un rootkit Win32:Rootkit-gen[rtk] dans le fichier C:\Windows\system32\ati2cqa.dll sur un ordinateur Windows XP avec Internet Explorer 7, et alerte les utilisateurs sur une possible infection nécessitant une expertise. Des conseils insistent sur l’analyse des rapports et des fichiers potentiellement légitimes avant toute suppression et recommandent de ne pas lancer une désinfection sans l’avis d’un spécialiste. L'échange réunit des extraits de rapports et de scans (NaviPromo et HijackThis), montrant des entrées suspectes et des modules potentiels, et souligne que ces résultats peuvent révéler des fichiers légitimes nécessitant une vérification minutieuse.
-
salut
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:/windows/system32/ati2cqa.dll
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant.
tu attend le resultat
-
-
ok
sa veux peut-etre que le fichier est vide ou que avast la virer mais la j'ai un doute
fait ceçi
salut
télécharge remover.exe de g-data anti rootkit
https://www.commentcamarche.net/telecharger/ 34055373 remover exe gdata
double clic sur l'icône pour le lancer
et clic une fois pour le scan
-----------------------
apres analyse poste un rapport hijackthis
poste un rapport hijackthis (outil de diagnostic)
Télécharge http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
--) Enregistre HJTInstall.exe sur ton bureau
--) Double-clique sur HJTInstall.exe pour lancer le programme
--) Par défaut, il s'installera içi C:\Programme Files\Trend Micro\HijackThis
--) Accepte la license en cliquant sur le bouton "I Accept"
--) Choisis l'option "Do a system scan and save a log file"
--) Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
--) Clique sur "Édition -> Sélectionner tout", puis sur "Édition -> Copier" pour copier tout le contenu du rapport
--) Colle le rapport que tu viens de copier sur ce forum
--) Ne fixe encore AUCUNE ligne,
-
-
ok , je le fais la !
j'orais une question est ce possible que a cause de se Rootkit mon ordi plante c'est a dire qu'il redemare tout seul des moment il bip mes ne demare pas ou même demare mes rien ne safiche a l'ecran ? -
a daccord mes sa fais pas juste une ptit bip sa biiiiip sa s'arréte sa re biiiip sa s'arréte sa le fais beaucoup de fois !
(je dois parraitre debile mes sur cela je ne mi conais vraiment pas ) -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
-
- Salut Benurr , Moise ....!
Moi aussi je ne suis pas expérimenter en matière virus mais , je l'ai pas. Voilà moise a dit qu'il a un
virus dans son pc. Ce que je voulais comprendre pourqu'oi faire tous ces étapes pour détruire un virus
et,qu'il a dans son pc un anti-virus installé <<AVAST >>
La question est : Est ce AVAST n'est pas en mesure d'enlever cet virus du pc de Moise ?.
Merci beucoup les collègue et,bonne année à tous.
-
-
-
-
ces terminer sa ma mi sa :
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:18, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll (file missing)
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C2935995-3DE8-4984-A812-ECEDC07530A9} - C:\WINDOWS\system32\ati2cqa.dll
O2 - BHO: adssite - {cea5ab77-fbc1-3a92-4d6d-96f3f0388491} - C:\WINDOWS\system32\nsi51A.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O5 "LPT1:" /M "Stylus C46"
O4 - HKLM\..\Run: [EPSON Stylus C46 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P33 "EPSON Stylus C46 Series (Copie 1)" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB002" /M "Stylus DX4200"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [extra love] C:\DOCUME~1\Damien\APPLIC~1\PROCBI~1\Regs face.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ewegyqu] "c:\documents and settings\damien\local settings\application data\ewegyqu.exe" ewegyqu
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/NueLorie.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
-
-
Télécharge LOP S&D d'Eric71 ici https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Sélectionne la langue souhaitée , puis choisis l'option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )
( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
-
-
-
-
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Damien ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081213-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:144 Go (Free:31 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 14/12/2008|19:02 )
--------------------\\ Listing des dossiers dans APPLIC~1
[16/08/2004|17:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[30/11/2007|23:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[22/10/2004|01:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[22/10/2004|01:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[22/10/2004|01:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[22/10/2004|01:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
[26/11/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[17/05/2006|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[31/07/2007|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[31/07/2007|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[17/01/2006|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[15/05/2007|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[23/01/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
[20/09/2006|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/12/2005|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[04/11/2008|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[06/01/2006|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[06/02/2008|13:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[28/12/2007|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[01/02/2006|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[09/08/2007|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\plus once flap wipe
[14/01/2005|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[16/08/2004|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[04/11/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software Licensors
[03/06/2006|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[22/10/2004|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[08/10/2006|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[22/10/2004|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[10/08/2006|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[06/02/2007|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[09/04/2008|15:16] C:\DOCUME~1\Damien\APPLIC~1\Adobe
[10/07/2005|17:55] C:\DOCUME~1\Damien\APPLIC~1\AdobeUM
[20/10/2007|23:15] C:\DOCUME~1\Damien\APPLIC~1\Adssite Advanced Toolbar
[06/01/2006|17:14] C:\DOCUME~1\Damien\APPLIC~1\AOL
[06/07/2006|10:51] C:\DOCUME~1\Damien\APPLIC~1\Apple Computer
[05/06/2005|09:58] C:\DOCUME~1\Damien\APPLIC~1\ArcSoft
[22/08/2007|22:49] C:\DOCUME~1\Damien\APPLIC~1\Artweaver
[03/09/2008|17:22] C:\DOCUME~1\Damien\APPLIC~1\Atari
[17/05/2007|19:33] C:\DOCUME~1\Damien\APPLIC~1\ConvertTemp
[15/05/2007|16:39] C:\DOCUME~1\Damien\APPLIC~1\CursorArts
[26/11/2004|12:30] C:\DOCUME~1\Damien\APPLIC~1\CyberLink
[03/01/2005|18:40] C:\DOCUME~1\Damien\APPLIC~1\DATA BECKER
[23/01/2008|10:29] C:\DOCUME~1\Damien\APPLIC~1\DivX
[09/05/2007|18:52] C:\DOCUME~1\Damien\APPLIC~1\EPSON
[27/01/2008|16:11] C:\DOCUME~1\Damien\APPLIC~1\FileZilla
[23/03/2008|16:15] C:\DOCUME~1\Damien\APPLIC~1\GARMIN
[02/12/2008|20:02] C:\DOCUME~1\Damien\APPLIC~1\Glory of the Roman Empire
[20/09/2006|18:27] C:\DOCUME~1\Damien\APPLIC~1\Google
[19/11/2008|23:03] C:\DOCUME~1\Damien\APPLIC~1\gtk-2.0
[06/01/2006|17:15] C:\DOCUME~1\Damien\APPLIC~1\HbTools
[26/11/2004|15:07] C:\DOCUME~1\Damien\APPLIC~1\Help
[16/08/2004|17:19] C:\DOCUME~1\Damien\APPLIC~1\Identities
[16/07/2007|16:05] C:\DOCUME~1\Damien\APPLIC~1\InterTrust
[11/12/2004|11:40] C:\DOCUME~1\Damien\APPLIC~1\Leadertech
[14/12/2008|17:06] C:\DOCUME~1\Damien\APPLIC~1\LimeWire
[02/07/2006|18:16] C:\DOCUME~1\Damien\APPLIC~1\Macromedia
[04/11/2008|18:07] C:\DOCUME~1\Damien\APPLIC~1\Malwarebytes
[11/03/2006|14:10] C:\DOCUME~1\Damien\APPLIC~1\Media Player Classic
[23/09/2008|21:21] C:\DOCUME~1\Damien\APPLIC~1\Microsoft
[01/09/2007|11:59] C:\DOCUME~1\Damien\APPLIC~1\Morpheus Software
[09/11/2008|21:12] C:\DOCUME~1\Damien\APPLIC~1\Mozilla
[15/10/2005|14:21] C:\DOCUME~1\Damien\APPLIC~1\MSNInstaller
[27/01/2008|15:33] C:\DOCUME~1\Damien\APPLIC~1\Nvu
[09/08/2007|15:11] C:\DOCUME~1\Damien\APPLIC~1\Procbinburn
[27/11/2004|05:14] C:\DOCUME~1\Damien\APPLIC~1\Real
[06/07/2008|12:34] C:\DOCUME~1\Damien\APPLIC~1\Samsung
[30/12/2006|21:53] C:\DOCUME~1\Damien\APPLIC~1\Shareaza
[23/12/2005|13:03] C:\DOCUME~1\Damien\APPLIC~1\ShopperReports
[24/03/2006|14:57] C:\DOCUME~1\Damien\APPLIC~1\Sierra
[11/12/2004|11:40] C:\DOCUME~1\Damien\APPLIC~1\Sonic
[22/10/2004|01:03] C:\DOCUME~1\Damien\APPLIC~1\Sun
[22/10/2004|01:12] C:\DOCUME~1\Damien\APPLIC~1\Symantec
[28/04/2005|19:23] C:\DOCUME~1\Damien\APPLIC~1\Template
[16/06/2008|12:03] C:\DOCUME~1\Damien\APPLIC~1\Temporary
[16/06/2008|12:07] C:\DOCUME~1\Damien\APPLIC~1\TransRender
[14/08/2008|18:20] C:\DOCUME~1\Damien\APPLIC~1\Viewpoint
[20/10/2007|23:30] C:\DOCUME~1\Damien\APPLIC~1\WinRAR
[22/10/2004|01:09] C:\DOCUME~1\Damien\APPLIC~1\You've Got Pictures Screensaver
[16/08/2004|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[30/11/2007|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[22/10/2004|01:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[22/10/2004|01:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[22/10/2004|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[22/10/2004|01:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
[16/08/2004|17:19] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[16/08/2004|16:54] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[22/10/2004|01:15] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[22/10/2004|01:03] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[22/10/2004|01:12] C:\DOCUME~1\INVIT~1\APPLIC~1\Symantec
[22/10/2004|01:09] C:\DOCUME~1\INVIT~1\APPLIC~1\You've Got Pictures Screensaver
[16/09/2006|15:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[27/10/2008|08:24] C:\DOCUME~1\Maman\APPLIC~1\Adobe
[15/11/2005|21:07] C:\DOCUME~1\Maman\APPLIC~1\AdobeUM
[06/01/2006|17:14] C:\DOCUME~1\Maman\APPLIC~1\AOL
[10/04/2005|18:08] C:\DOCUME~1\Maman\APPLIC~1\CyberLink
[15/12/2005|15:56] C:\DOCUME~1\Maman\APPLIC~1\Google
[06/01/2006|17:15] C:\DOCUME~1\Maman\APPLIC~1\HbTools
[19/10/2005|09:44] C:\DOCUME~1\Maman\APPLIC~1\Help
[16/08/2004|17:19] C:\DOCUME~1\Maman\APPLIC~1\Identities
[20/10/2005|09:52] C:\DOCUME~1\Maman\APPLIC~1\Macromedia
[05/03/2007|20:32] C:\DOCUME~1\Maman\APPLIC~1\Microsoft
[13/05/2008|13:15] C:\DOCUME~1\Maman\APPLIC~1\Mozilla
[17/12/2004|18:56] C:\DOCUME~1\Maman\APPLIC~1\Real
[23/12/2005|15:13] C:\DOCUME~1\Maman\APPLIC~1\ShopperReports
[22/10/2004|01:03] C:\DOCUME~1\Maman\APPLIC~1\Sun
[22/10/2004|01:12] C:\DOCUME~1\Maman\APPLIC~1\Symantec
[22/10/2004|01:09] C:\DOCUME~1\Maman\APPLIC~1\You've Got Pictures Screensaver
[30/11/2007|23:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[27/11/2004|13:03] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[03/12/2008 22:32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[14/12/2008 18:22][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[14/12/2008 11:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][---h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ MsgPlus SPONSOR INSTALLED !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"DisplayName"="Messenger Plus! 3 & Sponsor"
"SponsorInstalled"=dword:00000000
--------------------\\ Listing des dossiers dans C:\Program Files
[30/11/2008|20:08] C:\Program Files\3aLab
[10/12/2008|17:53] C:\Program Files\Activision
[16/07/2007|16:05] C:\Program Files\Adobe
[20/10/2007|23:15] C:\Program Files\Adssite Advanced Toolbar
[05/04/2007|15:52] C:\Program Files\AGEIA Technologies
[27/03/2007|19:06] C:\Program Files\Alwil Software
[05/04/2007|15:31] C:\Program Files\AOL Compagnon
[26/07/2008|13:32] C:\Program Files\AOL Toolbar
[06/08/2008|14:18] C:\Program Files\Apple Software Update
[05/06/2005|09:55] C:\Program Files\ArcSoft
[03/09/2008|17:23] C:\Program Files\Atari
[05/04/2007|15:51] C:\Program Files\ATI Technologies
[05/04/2007|15:31] C:\Program Files\AtomixMP3
[09/09/2008|19:24] C:\Program Files\Audacity
[04/11/2008|17:41] C:\Program Files\AWS
[17/09/2008|09:09] C:\Program Files\Bonjour
[10/12/2008|13:57] C:\Program Files\Call of Duty Game of the Year Edition
[01/09/2007|12:45] C:\Program Files\CaraQ
[26/05/2008|15:14] C:\Program Files\Conduit
[22/10/2004|01:14] C:\Program Files\CyberLink
[24/08/2007|10:13] C:\Program Files\directx
[14/11/2008|20:59] C:\Program Files\DivX
[23/09/2008|12:15] C:\Program Files\Dofus
[09/09/2008|10:04] C:\Program Files\DofusArena2
[11/03/2006|14:15] C:\Program Files\Dusco
[13/03/2008|13:34] C:\Program Files\DVD X Player 4.1 Professionnel
[01/06/2007|13:25] C:\Program Files\DVDCAM
[01/06/2007|13:29] C:\Program Files\DVD-RAM
[25/12/2006|10:10] C:\Program Files\Eidos
[27/12/2005|12:15] C:\Program Files\Eidos Interactive
[25/12/2005|10:15] C:\Program Files\Empire Interactive
[12/11/2008|23:42] C:\Program Files\eMule
[20/03/2007|21:39] C:\Program Files\EPSON
[03/09/2008|17:22] C:\Program Files\Fichiers communs
[27/01/2008|15:54] C:\Program Files\FileZilla FTP Client
[26/11/2007|22:42] C:\Program Files\GIMP-2.0
[06/02/2006|18:36] C:\Program Files\GMixon
[05/04/2007|15:46] C:\Program Files\Google
[06/01/2006|17:15] C:\Program Files\HbTools
[10/12/2008|19:33] C:\Program Files\InstallShield Installation Information
[22/03/2006|09:59] C:\Program Files\InterActual
[12/12/2008|00:51] C:\Program Files\Internet Explorer
[26/11/2008|10:58] C:\Program Files\iPod
[26/11/2008|10:59] C:\Program Files\iTunes
[30/09/2008|11:21] C:\Program Files\Java
[21/04/2008|20:41] C:\Program Files\K-Lite Codec Pack
[27/04/2007|09:52] C:\Program Files\Labtec
[26/07/2008|13:32] C:\Program Files\LimeWire
[07/06/2006|15:38] C:\Program Files\Logitech
[04/11/2008|18:07] C:\Program Files\Malwarebytes' Anti-Malware
[10/08/2005|12:16] C:\Program Files\Maxis
[30/09/2008|11:08] C:\Program Files\Messenger
[05/09/2008|18:08] C:\Program Files\Messenger Plus! Live
[10/08/2007|19:10] C:\Program Files\MessengerPlus! 3
[28/09/2008|17:03] C:\Program Files\Metin2_France
[17/04/2006|16:37] C:\Program Files\Micro Application
[16/10/2006|17:49] C:\Program Files\Microsoft ActiveSync
[16/08/2004|17:11] C:\Program Files\microsoft frontpage
[22/10/2004|01:20] C:\Program Files\microsoft office
[26/07/2008|13:32] C:\Program Files\Microsoft Works
[22/10/2004|01:19] C:\Program Files\Microsoft.NET
[26/05/2008|15:14] C:\Program Files\Mininova
[30/09/2008|10:06] C:\Program Files\Movie Maker
[13/12/2008|17:57] C:\Program Files\Mozilla Firefox
[06/01/2006|17:13] C:\Program Files\MSN
[16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
[30/09/2008|11:14] C:\Program Files\MSN Messenger
[14/09/2007|09:43] C:\Program Files\MSN Messenger(2)
[15/08/2007|11:30] C:\Program Files\MSXML 4.0
[17/03/2006|21:11] C:\Program Files\MyXOFT
[30/09/2008|10:00] C:\Program Files\NetMeeting
[05/04/2007|15:30] C:\Program Files\Norton Internet Security
[27/01/2008|15:33] C:\Program Files\Nvu
[16/08/2004|17:03] C:\Program Files\Online Services
[04/11/2008|17:48] C:\Program Files\Onlpdate
[26/11/2006|22:38] C:\Program Files\orange
[30/09/2008|10:00] C:\Program Files\Outlook Express
[01/06/2007|13:23] C:\Program Files\Panasonic
[13/12/2008|15:18] C:\Program Files\PC Wizard 2008
[23/08/2007|15:27] C:\Program Files\PhotoFiltre
[25/04/2007|18:00] C:\Program Files\Procbinburn
[05/04/2007|15:51] C:\Program Files\Ptskuvu
[26/11/2008|10:52] C:\Program Files\QuickTime
[22/10/2004|01:09] C:\Program Files\Real
[26/01/2008|18:38] C:\Program Files\Riva
[28/07/2007|13:04] C:\Program Files\RM-X Player V5.0
[26/11/2008|10:22] C:\Program Files\Safari
[02/12/2008|17:57] C:\Program Files\SAGEM
[06/07/2008|12:30] C:\Program Files\Samsung
[15/05/2007|21:45] C:\Program Files\Secured eMule
[15/05/2007|21:45] C:\Program Files\Secured_eMule
[16/08/2004|17:07] C:\Program Files\Services en ligne
[06/01/2006|17:15] C:\Program Files\ShopperReports
[01/04/2006|11:59] C:\Program Files\Sierra
[22/10/2004|01:21] C:\Program Files\Sonic
[03/06/2006|16:11] C:\Program Files\Sony Ericsson
[30/09/2008|11:21] C:\Program Files\Sun
[24/03/2006|14:51] C:\Program Files\SurfAccuracy
[05/04/2007|15:30] C:\Program Files\Symantec
[15/12/2005|09:02] C:\Program Files\Technodev
[27/06/2005|08:17] C:\Program Files\Transport Giant Demo
[14/12/2008|13:57] C:\Program Files\Trend Micro
[17/04/2006|16:48] C:\Program Files\Uninstall Information
[28/12/2005|11:04] C:\Program Files\Valve
[20/11/2008|22:43] C:\Program Files\Veoh Networks
[22/10/2004|01:09] C:\Program Files\Viewpoint
[03/07/2006|17:57] C:\Program Files\VSO
[14/12/2008|11:47] C:\Program Files\Wanadoo
[26/07/2008|13:32] C:\Program Files\Wanadoo Messager
[02/12/2008|12:04] C:\Program Files\Win Stream plugin
[16/01/2008|22:22] C:\Program Files\Windows Live
[30/11/2007|23:47] C:\Program Files\Windows Live Favorites
[16/11/2008|23:46] C:\Program Files\Windows Live Safety Center
[26/07/2008|13:32] C:\Program Files\Windows Live Toolbar
[26/07/2008|13:32] C:\Program Files\Windows Media Connect 2
[30/09/2008|10:00] C:\Program Files\Windows Media Player
[30/09/2008|10:00] C:\Program Files\Windows NT
[24/03/2008|11:52] C:\Program Files\WinRAR
[06/02/2006|18:36] C:\Program Files\winupdates
[16/08/2004|17:11] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/07/2007|16:05] C:\Program Files\Fichiers communs\Adobe
[06/01/2006|17:14] C:\Program Files\Fichiers communs\AOL
[05/05/2005|16:50] C:\Program Files\Fichiers communs\aolback
[05/04/2007|15:49] C:\Program Files\Fichiers communs\aolshare
[26/11/2008|10:58] C:\Program Files\Fichiers communs\Apple
[01/06/2007|13:22] C:\Program Files\Fichiers communs\CNC
[22/10/2004|01:20] C:\Program Files\Fichiers communs\DESIGNER
[08/10/2006|10:24] C:\Program Files\Fichiers communs\InstallShield
[01/06/2007|13:22] C:\Program Files\Fichiers communs\IviSDK
[22/10/2004|01:03] C:\Program Files\Fichiers communs\Java
[07/06/2006|15:37] C:\Program Files\Fichiers communs\Labtec
[23/07/2008|02:04] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
[04/11/2008|17:08] C:\Program Files\Fichiers communs\Nullsoft
[06/01/2006|17:14] C:\Program Files\Fichiers communs\Oberon Media
[11/04/2007|14:02] C:\Program Files\Fichiers communs\ODBC
[01/06/2007|13:26] C:\Program Files\Fichiers communs\Panasonic
[22/10/2004|01:15] C:\Program Files\Fichiers communs\Real
[16/08/2004|17:06] C:\Program Files\Fichiers communs\Services
[22/10/2004|01:21] C:\Program Files\Fichiers communs\Sonic Shared
[16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
[14/11/2005|18:34] C:\Program Files\Fichiers communs\SureThing Shared
[26/01/2008|18:39] C:\Program Files\Fichiers communs\SWF Studio
[05/04/2007|15:42] C:\Program Files\Fichiers communs\Symantec Shared
[30/09/2008|10:00] C:\Program Files\Fichiers communs\System
[24/09/2008|22:30] C:\Program Files\Fichiers communs\Teleca Shared
[22/10/2004|01:15] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 58 Processes )
IEXPLORE.EXE ~ [PID:472]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\Damien\LOCALS~1\Temp\nsb1F.tmp
C:\DOCUME~1\Damien\LOCALS~1\Temp\nsb69E.tmp
C:\DOCUME~1\Damien\LOCALS~1\Temp\nsg679.tmp
C:\DOCUME~1\Damien\LOCALS~1\Temp\nsj67F.tmp
C:\DOCUME~1\Damien\LOCALS~1\Temp\nsnF.tmp
C:\DOCUME~1\Damien\LOCALS~1\Temp\nss3D.tmp
C:\DOCUME~1\Damien\Cookies\damien@advertising[1].txt
C:\DOCUME~1\Damien\Cookies\damien@adopt.euroclick[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD
-> 72 [ 70 ## added by CiD ]
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 19:09:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 99
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Pack.epk
C:\DOCUME~1\Damien\LOCALS~1\APPLIC~1\gouigse_navfx.dat
C:\WINDOWS\System32\agzsaognm_navfx.dat
C:\WINDOWS\System32\cqfbdxbmy_navfx.dat
C:\WINDOWS\System32\isazmgv_navfx.dat
C:\WINDOWS\System32\nnbrzw_navfx.dat
C:\WINDOWS\System32\qrcqrh_navfx.dat
C:\WINDOWS\System32\sqcigus.dat
C:\WINDOWS\System32\sqcigus_navup.dat
[b]==> EGDACCESS <==/b
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Damien\Mes documents\LimeWire\Incomplete\T-5684110-Sexy blonde finger her super sexy pussy_fuck big butts like it big hot ass butt crack big booty girls teen butt booty fucked.mpg
C:\DOCUME~1\Damien\Mes documents\LimeWire\Saved\Activision.Call.of.Duty.4.Modern.Warfare.crack
C:\DOCUME~1\Damien\Mes documents\LimeWire\Saved\Activision.Call.of.Duty.4.Modern.Warfare.crack\Activision.Call.of.Duty.4.Modern.Warfare.crack.zip
[F:35846][D:643]-> C:\DOCUME~1\Damien\LOCALS~1\Temp
[F:79][D:0]-> C:\DOCUME~1\Damien\Cookies
[F:1005][D:31]-> C:\DOCUME~1\Damien\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 14/12/2008|19:20 - Option : [1]
--------------------\\ Fin du rapport a 19:20:21 -
Slt
Il était passé aux oubliettes, je l'ai restauré. -
-
merci toptitbal
Relance LOP S&D d'Eric71
Choisis cette fois ci l'Option 2 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré (situé aussi ici C:\lopR.txt )
-
Bonjour,
je m'incruste 10 sec;
Benurrr, il y a urgence à traiter l'infection navipromo. -
salut lyonnais ;tu va bien mon ami
j'en avait l'intention après l'option 2 de lop
-
-
[05/08/2004 13:00][---h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ MsgPlus SPONSOR INSTALLED !
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
"SponsorInstalled"=dword:00000000
--------------------\\ Listing des dossiers dans C:\Program Files
[30/11/2008|20:08] C:\Program Files\3aLab
[10/12/2008|17:53] C:\Program Files\Activision
[16/07/2007|16:05] C:\Program Files\Adobe
[20/10/2007|23:15] C:\Program Files\Adssite Advanced Toolbar
[05/04/2007|15:52] C:\Program Files\AGEIA Technologies
[27/03/2007|19:06] C:\Program Files\Alwil Software
[05/04/2007|15:31] C:\Program Files\AOL Compagnon
[26/07/2008|13:32] C:\Program Files\AOL Toolbar
[06/08/2008|14:18] C:\Program Files\Apple Software Update
[05/06/2005|09:55] C:\Program Files\ArcSoft
[03/09/2008|17:23] C:\Program Files\Atari
[05/04/2007|15:51] C:\Program Files\ATI Technologies
[05/04/2007|15:31] C:\Program Files\AtomixMP3
[09/09/2008|19:24] C:\Program Files\Audacity
[04/11/2008|17:41] C:\Program Files\AWS
[17/09/2008|09:09] C:\Program Files\Bonjour
[10/12/2008|13:57] C:\Program Files\Call of Duty Game of the Year Edition
[01/09/2007|12:45] C:\Program Files\CaraQ
[26/05/2008|15:14] C:\Program Files\Conduit
[22/10/2004|01:14] C:\Program Files\CyberLink
[24/08/2007|10:13] C:\Program Files\directx
[14/11/2008|20:59] C:\Program Files\DivX
[23/09/2008|12:15] C:\Program Files\Dofus
[09/09/2008|10:04] C:\Program Files\DofusArena2
[11/03/2006|14:15] C:\Program Files\Dusco
[13/03/2008|13:34] C:\Program Files\DVD X Player 4.1 Professionnel
[01/06/2007|13:25] C:\Program Files\DVDCAM
[01/06/2007|13:29] C:\Program Files\DVD-RAM
[25/12/2006|10:10] C:\Program Files\Eidos
[27/12/2005|12:15] C:\Program Files\Eidos Interactive
[25/12/2005|10:15] C:\Program Files\Empire Interactive
[12/11/2008|23:42] C:\Program Files\eMule
[20/03/2007|21:39] C:\Program Files\EPSON
[03/09/2008|17:22] C:\Program Files\Fichiers communs
[27/01/2008|15:54] C:\Program Files\FileZilla FTP Client
[26/11/2007|22:42] C:\Program Files\GIMP-2.0
[06/02/2006|18:36] C:\Program Files\GMixon
[05/04/2007|15:46] C:\Program Files\Google
[06/01/2006|17:15] C:\Program Files\HbTools
[10/12/2008|19:33] C:\Program Files\InstallShield Installation Information
[22/03/2006|09:59] C:\Program Files\InterActual
[12/12/2008|00:51] C:\Program Files\Internet Explorer
[26/11/2008|10:58] C:\Program Files\iPod
[26/11/2008|10:59] C:\Program Files\iTunes
[30/09/2008|11:21] C:\Program Files\Java
[21/04/2008|20:41] C:\Program Files\K-Lite Codec Pack
[27/04/2007|09:52] C:\Program Files\Labtec
[26/07/2008|13:32] C:\Program Files\LimeWire
[07/06/2006|15:38] C:\Program Files\Logitech
[04/11/2008|18:07] C:\Program Files\Malwarebytes' Anti-Malware
[10/08/2005|12:16] C:\Program Files\Maxis
[30/09/2008|11:08] C:\Program Files\Messenger
[05/09/2008|18:08] C:\Program Files\Messenger Plus! Live
[10/08/2007|19:10] C:\Program Files\MessengerPlus! 3
[28/09/2008|17:03] C:\Program Files\Metin2_France
[17/04/2006|16:37] C:\Program Files\Micro Application
[16/10/2006|17:49] C:\Program Files\Microsoft ActiveSync
[16/08/2004|17:11] C:\Program Files\microsoft frontpage
[22/10/2004|01:20] C:\Program Files\microsoft office
[26/07/2008|13:32] C:\Program Files\Microsoft Works
[22/10/2004|01:19] C:\Program Files\Microsoft.NET
[26/05/2008|15:14] C:\Program Files\Mininova
[30/09/2008|10:06] C:\Program Files\Movie Maker
[14/12/2008|22:54] C:\Program Files\Mozilla Firefox
[06/01/2006|17:13] C:\Program Files\MSN
[16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
[30/09/2008|11:14] C:\Program Files\MSN Messenger
[14/09/2007|09:43] C:\Program Files\MSN Messenger(2)
[15/08/2007|11:30] C:\Program Files\MSXML 4.0
[17/03/2006|21:11] C:\Program Files\MyXOFT
[30/09/2008|10:00] C:\Program Files\NetMeeting
[05/04/2007|15:30] C:\Program Files\Norton Internet Security
[27/01/2008|15:33] C:\Program Files\Nvu
[16/08/2004|17:03] C:\Program Files\Online Services
[04/11/2008|17:48] C:\Program Files\Onlpdate
[26/11/2006|22:38] C:\Program Files\orange
[30/09/2008|10:00] C:\Program Files\Outlook Express
[01/06/2007|13:23] C:\Program Files\Panasonic
[13/12/2008|15:18] C:\Program Files\PC Wizard 2008
[23/08/2007|15:27] C:\Program Files\PhotoFiltre
[25/04/2007|18:00] C:\Program Files\Procbinburn
[05/04/2007|15:51] C:\Program Files\Ptskuvu
[26/11/2008|10:52] C:\Program Files\QuickTime
[22/10/2004|01:09] C:\Program Files\Real
[26/01/2008|18:38] C:\Program Files\Riva
[28/07/2007|13:04] C:\Program Files\RM-X Player V5.0
[26/11/2008|10:22] C:\Program Files\Safari
[02/12/2008|17:57] C:\Program Files\SAGEM
[06/07/2008|12:30] C:\Program Files\Samsung
[15/05/2007|21:45] C:\Program Files\Secured eMule
[15/05/2007|21:45] C:\Program Files\Secured_eMule
[16/08/2004|17:07] C:\Program Files\Services en ligne
[06/01/2006|17:15] C:\Program Files\ShopperReports
[01/04/2006|11:59] C:\Program Files\Sierra
[22/10/2004|01:21] C:\Program Files\Sonic
[03/06/2006|16:11] C:\Program Files\Sony Ericsson
[30/09/2008|11:21] C:\Program Files\Sun
[24/03/2006|14:51] C:\Program Files\SurfAccuracy
[05/04/2007|15:30] C:\Program Files\Symantec
[15/12/2005|09:02] C:\Program Files\Technodev
[27/06/2005|08:17] C:\Program Files\Transport Giant Demo
[14/12/2008|13:57] C:\Program Files\Trend Micro
[17/04/2006|16:48] C:\Program Files\Uninstall Information
[28/12/2005|11:04] C:\Program Files\Valve
[20/11/2008|22:43] C:\Program Files\Veoh Networks
[03/07/2006|17:57] C:\Program Files\VSO
[15/12/2008|10:28] C:\Program Files\Wanadoo
[26/07/2008|13:32] C:\Program Files\Wanadoo Messager
[02/12/2008|12:04] C:\Program Files\Win Stream plugin
[16/01/2008|22:22] C:\Program Files\Windows Live
[30/11/2007|23:47] C:\Program Files\Windows Live Favorites
[16/11/2008|23:46] C:\Program Files\Windows Live Safety Center
[26/07/2008|13:32] C:\Program Files\Windows Live Toolbar
[26/07/2008|13:32] C:\Program Files\Windows Media Connect 2
[30/09/2008|10:00] C:\Program Files\Windows Media Player
[30/09/2008|10:00] C:\Program Files\Windows NT
[24/03/2008|11:52] C:\Program Files\WinRAR
[06/02/2006|18:36] C:\Program Files\winupdates
[16/08/2004|17:11] C:\Program Files\xerox
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/07/2007|16:05] C:\Program Files\Fichiers communs\Adobe
[06/01/2006|17:14] C:\Program Files\Fichiers communs\AOL
[05/05/2005|16:50] C:\Program Files\Fichiers communs\aolback
[05/04/2007|15:49] C:\Program Files\Fichiers communs\aolshare
[26/11/2008|10:58] C:\Program Files\Fichiers communs\Apple
[01/06/2007|13:22] C:\Program Files\Fichiers communs\CNC
[22/10/2004|01:20] C:\Program Files\Fichiers communs\DESIGNER
[08/10/2006|10:24] C:\Program Files\Fichiers communs\InstallShield
[01/06/2007|13:22] C:\Program Files\Fichiers communs\IviSDK
[22/10/2004|01:03] C:\Program Files\Fichiers communs\Java
[07/06/2006|15:37] C:\Program Files\Fichiers communs\Labtec
[23/07/2008|02:04] C:\Program Files\Fichiers communs\Microsoft Shared
[16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
[04/11/2008|17:08] C:\Program Files\Fichiers communs\Nullsoft
[06/01/2006|17:14] C:\Program Files\Fichiers communs\Oberon Media
[11/04/2007|14:02] C:\Program Files\Fichiers communs\ODBC
[01/06/2007|13:26] C:\Program Files\Fichiers communs\Panasonic
[22/10/2004|01:15] C:\Program Files\Fichiers communs\Real
[16/08/2004|17:06] C:\Program Files\Fichiers communs\Services
[22/10/2004|01:21] C:\Program Files\Fichiers communs\Sonic Shared
[16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
[14/11/2005|18:34] C:\Program Files\Fichiers communs\SureThing Shared
[26/01/2008|18:39] C:\Program Files\Fichiers communs\SWF Studio
[05/04/2007|15:42] C:\Program Files\Fichiers communs\Symantec Shared
[30/09/2008|10:00] C:\Program Files\Fichiers communs\System
[24/09/2008|22:30] C:\Program Files\Fichiers communs\Teleca Shared
[22/10/2004|01:15] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 55 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\Damien\Cookies\damien@advertising[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 10:57:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 99
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Pack.epk
C:\DOCUME~1\Damien\LOCALS~1\APPLIC~1\gouigse_navfx.dat
C:\WINDOWS\System32\agzsaognm_navfx.dat
C:\WINDOWS\System32\cqfbdxbmy_navfx.dat
C:\WINDOWS\System32\isazmgv_navfx.dat
C:\WINDOWS\System32\nnbrzw_navfx.dat
C:\WINDOWS\System32\qrcqrh_navfx.dat
C:\WINDOWS\System32\sqcigus.dat
C:\WINDOWS\System32\sqcigus_navup.dat
[b]==> EGDACCESS <==/b
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Damien\Mes documents\LimeWire\Incomplete\T-5684110-Sexy blonde finger her super sexy pussy_fuck big butts like it big hot ass butt crack big booty girls teen butt booty fucked.mpg
C:\DOCUME~1\Damien\Mes documents\LimeWire\Saved\Activision.Call.of.Duty.4.Modern.Warfare.crack
C:\DOCUME~1\Damien\Mes documents\LimeWire\Saved\Activision.Call.of.Duty.4.Modern.Warfare.crack\Activision.Call.of.Duty.4.Modern.Warfare.crack.zip
[F:35801][D:642]-> C:\DOCUME~1\Damien\LOCALS~1\Temp
[F:84][D:0]-> C:\DOCUME~1\Damien\Cookies
[F:1558][D:31]-> C:\DOCUME~1\Damien\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 14/12/2008|19:20 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 15/12/2008|11:02 - Option : [2]
--------------------\\ Fin du rapport a 11:02:35
- 1
- 2
- 3