Virus Rootkit

moïse -  
benurrr Messages postés 9766 Statut Contributeur sécurité -
Bonjour,
j'oré besoins d'un grand coup de main voila depuis peu j'ai un virus qui a chaque ouverture d'un page que se soit internet ou autre me note ceci :
(par avast) :
nom du fichier : C:/windows/system32/ati2cqa.dll
logiciel malveillant : Win32:Rootkit-gen[rtk]
Rootkit

s'il vous plait il me faut une aide au plus vite !
je vous remercie d'avance !!
Configuration: Windows XP
Internet Explorer 7.0

46 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une détection antivirus signale un rootkit Win32:Rootkit-gen[rtk] dans le fichier C:\Windows\system32\ati2cqa.dll sur un ordinateur Windows XP avec Internet Explorer 7, et alerte les utilisateurs sur une possible infection nécessitant une expertise. Des conseils insistent sur l’analyse des rapports et des fichiers potentiellement légitimes avant toute suppression et recommandent de ne pas lancer une désinfection sans l’avis d’un spécialiste. L'échange réunit des extraits de rapports et de scans (NaviPromo et HijackThis), montrant des entrées suspectes et des modules potentiels, et souligne que ces résultats peuvent révéler des fichiers légitimes nécessitant une vérification minutieuse.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:/windows/system32/ati2cqa.dll

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant.

    tu attend le resultat
    0
    1. moïse
       
      vs avez une autre solution?
      0
  2. moïse
     
    sa me marque toujour ceci :
    0 bytes size received / Se ha recibido un archivo vacio
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      ok

      sa veux peut-etre que le fichier est vide ou que avast la virer mais la j'ai un doute

      fait ceçi

      salut

      télécharge remover.exe de g-data anti rootkit

      https://www.commentcamarche.net/telecharger/ 34055373 remover exe gdata

      double clic sur l'icône pour le lancer

      et clic une fois pour le scan

      -----------------------

      apres analyse poste un rapport hijackthis

      poste un rapport hijackthis (outil de diagnostic)

      Télécharge http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

      --) Enregistre HJTInstall.exe sur ton bureau
      --) Double-clique sur HJTInstall.exe pour lancer le programme
      --) Par défaut, il s'installera içi C:\Programme Files\Trend Micro\HijackThis
      --) Accepte la license en cliquant sur le bouton "I Accept"
      --) Choisis l'option "Do a system scan and save a log file"
      --) Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
      --) Clique sur "Édition -> Sélectionner tout", puis sur "Édition -> Copier" pour copier tout le contenu du rapport
      --) Colle le rapport que tu viens de copier sur ce forum
      --) Ne fixe encore AUCUNE ligne,
      0
  3. moïse
     
    ok , je le fais la !
    j'orais une question est ce possible que a cause de se Rootkit mon ordi plante c'est a dire qu'il redemare tout seul des moment il bip mes ne demare pas ou même demare mes rien ne safiche a l'ecran ?
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      tres possible


      pour les bip il faut les compter et donner le nom de ton bios

      chaque nombre de bip correspond a un probleme
      0
  4. moïse
     
    a daccord mes sa fais pas juste une ptit bip sa biiiiip sa s'arréte sa re biiiip sa s'arréte sa le fais beaucoup de fois !
    (je dois parraitre debile mes sur cela je ne mi conais vraiment pas )
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moïse
     
    il ma detecter un trojan je le supprime?
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      oui
      0
      1. Djilali > benurrr Messages postés 9766 Statut Contributeur sécurité
         
        Salut Benurr , Moise ....!

        Moi aussi je ne suis pas expérimenter en matière virus mais , je l'ai pas. Voilà moise a dit qu'il a un
        virus dans son pc. Ce que je voulais comprendre pourqu'oi faire tous ces étapes pour détruire un virus
        et,qu'il a dans son pc un anti-virus installé <<AVAST >>

        La question est : Est ce AVAST n'est pas en mesure d'enlever cet virus du pc de Moise ?.

        Merci beucoup les collègue et,bonne année à tous.
        0
  7. moïse
     
    sa mes du temp je trouve !!
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      c'est sa la désinfection

      dommage on a pas de baguette magique
      0
  8. moïse
     
    oui lol ! mes je prefere que sa desinfecte que de ne rien faire et enpiré les chose ^^
    0
  9. moïse
     
    ces terminer sa ma mi sa :

    # Copyright (c) 1993-1999 Microsoft Corp.
    #
    # Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
    # pour Windows.
    #
    # Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
    # Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
    # dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
    # IP et le nom d'hôte doivent être séparés par au moins un espace.
    #
    # De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
    # lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
    # symbole '#'.
    #
    # Par exemple :
    #
    # 102.54.94.97 rhino.acme.com # serveur source
    # 38.25.63.10 x.acme.com # hôte client x

    127.0.0.1 localhost
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD
    0
  10. moïse
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:58:18, on 14/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\AGEIA Technologies\TrayIcon.exe
    C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Labtec\Desktop\V5.1\MOUSE32A.EXE
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll (file missing)
    O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C2935995-3DE8-4984-A812-ECEDC07530A9} - C:\WINDOWS\system32\ati2cqa.dll
    O2 - BHO: adssite - {cea5ab77-fbc1-3a92-4d6d-96f3f0388491} - C:\WINDOWS\system32\nsi51A.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
    O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
    O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
    O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O5 "LPT1:" /M "Stylus C46"
    O4 - HKLM\..\Run: [EPSON Stylus C46 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P33 "EPSON Stylus C46 Series (Copie 1)" /O6 "USB001" /M "Stylus C46"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB002" /M "Stylus DX4200"
    O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
    O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Desktop\V5.1\kbdap32a.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [extra love] C:\DOCUME~1\Damien\APPLIC~1\PROCBI~1\Regs face.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [ewegyqu] "c:\documents and settings\damien\local settings\application data\ewegyqu.exe" ewegyqu
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/NueLorie.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    0
  11. moïse
     
    ????????
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      Télécharge LOP S&D d'Eric71 ici https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

      Double-clique dessus pour lancer l'installation.

      Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
      Sélectionne la langue souhaitée , puis choisis l'option 1 ( Recherche )

      Patiente jusqu'à la fin du scan.
      Poste le rapport généré (situé aussi ici C:\lopR.txt )

      ( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
      0
  12. moïse
     
    j'ai poster le rapport ici mes rien saffiche :S
    0
    1. benurrr Messages postés 9766 Statut Contributeur sécurité 107
       
      peut -etre trop long

      envoie le en plusieurs étape en 2 ou 3 fois
      0
  13. moïse
     
    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2800+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : Damien ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1229 [VPS 081213-0] 4.8.1229 (Activated)
    C:\ (Local Disk) - NTFS - Total:144 Go (Free:31 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 14/12/2008|19:02 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [16/08/2004|17:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [30/11/2007|23:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
    [22/10/2004|01:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    [22/10/2004|01:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
    [22/10/2004|01:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
    [22/10/2004|01:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

    [26/11/2008|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [17/05/2006|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    [31/07/2007|14:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [31/07/2007|14:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [17/01/2006|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
    [15/05/2007|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
    [23/01/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
    [20/09/2006|17:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [18/12/2005|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [04/11/2008|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [06/01/2006|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [06/02/2008|13:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [28/12/2007|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
    [01/02/2006|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
    [09/08/2007|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\plus once flap wipe
    [14/01/2005|20:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [16/08/2004|17:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [04/11/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Software Licensors
    [03/06/2006|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [22/10/2004|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [08/10/2006|10:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [22/10/2004|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [10/08/2006|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [06/02/2007|17:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

    [09/04/2008|15:16] C:\DOCUME~1\Damien\APPLIC~1\Adobe
    [10/07/2005|17:55] C:\DOCUME~1\Damien\APPLIC~1\AdobeUM
    [20/10/2007|23:15] C:\DOCUME~1\Damien\APPLIC~1\Adssite Advanced Toolbar
    [06/01/2006|17:14] C:\DOCUME~1\Damien\APPLIC~1\AOL
    [06/07/2006|10:51] C:\DOCUME~1\Damien\APPLIC~1\Apple Computer
    [05/06/2005|09:58] C:\DOCUME~1\Damien\APPLIC~1\ArcSoft
    [22/08/2007|22:49] C:\DOCUME~1\Damien\APPLIC~1\Artweaver
    [03/09/2008|17:22] C:\DOCUME~1\Damien\APPLIC~1\Atari
    [17/05/2007|19:33] C:\DOCUME~1\Damien\APPLIC~1\ConvertTemp
    [15/05/2007|16:39] C:\DOCUME~1\Damien\APPLIC~1\CursorArts
    [26/11/2004|12:30] C:\DOCUME~1\Damien\APPLIC~1\CyberLink
    [03/01/2005|18:40] C:\DOCUME~1\Damien\APPLIC~1\DATA BECKER
    [23/01/2008|10:29] C:\DOCUME~1\Damien\APPLIC~1\DivX
    [09/05/2007|18:52] C:\DOCUME~1\Damien\APPLIC~1\EPSON
    [27/01/2008|16:11] C:\DOCUME~1\Damien\APPLIC~1\FileZilla
    [23/03/2008|16:15] C:\DOCUME~1\Damien\APPLIC~1\GARMIN
    [02/12/2008|20:02] C:\DOCUME~1\Damien\APPLIC~1\Glory of the Roman Empire
    [20/09/2006|18:27] C:\DOCUME~1\Damien\APPLIC~1\Google
    [19/11/2008|23:03] C:\DOCUME~1\Damien\APPLIC~1\gtk-2.0
    [06/01/2006|17:15] C:\DOCUME~1\Damien\APPLIC~1\HbTools
    [26/11/2004|15:07] C:\DOCUME~1\Damien\APPLIC~1\Help
    [16/08/2004|17:19] C:\DOCUME~1\Damien\APPLIC~1\Identities
    [16/07/2007|16:05] C:\DOCUME~1\Damien\APPLIC~1\InterTrust
    [11/12/2004|11:40] C:\DOCUME~1\Damien\APPLIC~1\Leadertech
    [14/12/2008|17:06] C:\DOCUME~1\Damien\APPLIC~1\LimeWire
    [02/07/2006|18:16] C:\DOCUME~1\Damien\APPLIC~1\Macromedia
    [04/11/2008|18:07] C:\DOCUME~1\Damien\APPLIC~1\Malwarebytes
    [11/03/2006|14:10] C:\DOCUME~1\Damien\APPLIC~1\Media Player Classic
    [23/09/2008|21:21] C:\DOCUME~1\Damien\APPLIC~1\Microsoft
    [01/09/2007|11:59] C:\DOCUME~1\Damien\APPLIC~1\Morpheus Software
    [09/11/2008|21:12] C:\DOCUME~1\Damien\APPLIC~1\Mozilla
    [15/10/2005|14:21] C:\DOCUME~1\Damien\APPLIC~1\MSNInstaller
    [27/01/2008|15:33] C:\DOCUME~1\Damien\APPLIC~1\Nvu
    [09/08/2007|15:11] C:\DOCUME~1\Damien\APPLIC~1\Procbinburn
    [27/11/2004|05:14] C:\DOCUME~1\Damien\APPLIC~1\Real
    [06/07/2008|12:34] C:\DOCUME~1\Damien\APPLIC~1\Samsung
    [30/12/2006|21:53] C:\DOCUME~1\Damien\APPLIC~1\Shareaza
    [23/12/2005|13:03] C:\DOCUME~1\Damien\APPLIC~1\ShopperReports
    [24/03/2006|14:57] C:\DOCUME~1\Damien\APPLIC~1\Sierra
    [11/12/2004|11:40] C:\DOCUME~1\Damien\APPLIC~1\Sonic
    [22/10/2004|01:03] C:\DOCUME~1\Damien\APPLIC~1\Sun
    [22/10/2004|01:12] C:\DOCUME~1\Damien\APPLIC~1\Symantec
    [28/04/2005|19:23] C:\DOCUME~1\Damien\APPLIC~1\Template
    [16/06/2008|12:03] C:\DOCUME~1\Damien\APPLIC~1\Temporary
    [16/06/2008|12:07] C:\DOCUME~1\Damien\APPLIC~1\TransRender
    [14/08/2008|18:20] C:\DOCUME~1\Damien\APPLIC~1\Viewpoint
    [20/10/2007|23:30] C:\DOCUME~1\Damien\APPLIC~1\WinRAR
    [22/10/2004|01:09] C:\DOCUME~1\Damien\APPLIC~1\You've Got Pictures Screensaver

    [16/08/2004|17:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [30/11/2007|23:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [22/10/2004|01:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
    [22/10/2004|01:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
    [22/10/2004|01:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
    [22/10/2004|01:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

    [16/08/2004|17:19] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
    [16/08/2004|16:54] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
    [22/10/2004|01:15] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
    [22/10/2004|01:03] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
    [22/10/2004|01:12] C:\DOCUME~1\INVIT~1\APPLIC~1\Symantec
    [22/10/2004|01:09] C:\DOCUME~1\INVIT~1\APPLIC~1\You've Got Pictures Screensaver

    [16/09/2006|15:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [27/10/2008|08:24] C:\DOCUME~1\Maman\APPLIC~1\Adobe
    [15/11/2005|21:07] C:\DOCUME~1\Maman\APPLIC~1\AdobeUM
    [06/01/2006|17:14] C:\DOCUME~1\Maman\APPLIC~1\AOL
    [10/04/2005|18:08] C:\DOCUME~1\Maman\APPLIC~1\CyberLink
    [15/12/2005|15:56] C:\DOCUME~1\Maman\APPLIC~1\Google
    [06/01/2006|17:15] C:\DOCUME~1\Maman\APPLIC~1\HbTools
    [19/10/2005|09:44] C:\DOCUME~1\Maman\APPLIC~1\Help
    [16/08/2004|17:19] C:\DOCUME~1\Maman\APPLIC~1\Identities
    [20/10/2005|09:52] C:\DOCUME~1\Maman\APPLIC~1\Macromedia
    [05/03/2007|20:32] C:\DOCUME~1\Maman\APPLIC~1\Microsoft
    [13/05/2008|13:15] C:\DOCUME~1\Maman\APPLIC~1\Mozilla
    [17/12/2004|18:56] C:\DOCUME~1\Maman\APPLIC~1\Real
    [23/12/2005|15:13] C:\DOCUME~1\Maman\APPLIC~1\ShopperReports
    [22/10/2004|01:03] C:\DOCUME~1\Maman\APPLIC~1\Sun
    [22/10/2004|01:12] C:\DOCUME~1\Maman\APPLIC~1\Symantec
    [22/10/2004|01:09] C:\DOCUME~1\Maman\APPLIC~1\You've Got Pictures Screensaver

    [30/11/2007|23:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [27/11/2004|13:03] C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [03/12/2008 22:32][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [14/12/2008 18:22][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
    [14/12/2008 11:47][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][---h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ MsgPlus SPONSOR INSTALLED !

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
    "DisplayName"="Messenger Plus! 3 & Sponsor"
    "SponsorInstalled"=dword:00000000

    --------------------\\ Listing des dossiers dans C:\Program Files

    [30/11/2008|20:08] C:\Program Files\3aLab
    [10/12/2008|17:53] C:\Program Files\Activision
    [16/07/2007|16:05] C:\Program Files\Adobe
    [20/10/2007|23:15] C:\Program Files\Adssite Advanced Toolbar
    [05/04/2007|15:52] C:\Program Files\AGEIA Technologies
    [27/03/2007|19:06] C:\Program Files\Alwil Software
    [05/04/2007|15:31] C:\Program Files\AOL Compagnon
    [26/07/2008|13:32] C:\Program Files\AOL Toolbar
    [06/08/2008|14:18] C:\Program Files\Apple Software Update
    [05/06/2005|09:55] C:\Program Files\ArcSoft
    [03/09/2008|17:23] C:\Program Files\Atari
    [05/04/2007|15:51] C:\Program Files\ATI Technologies
    [05/04/2007|15:31] C:\Program Files\AtomixMP3
    [09/09/2008|19:24] C:\Program Files\Audacity
    [04/11/2008|17:41] C:\Program Files\AWS
    [17/09/2008|09:09] C:\Program Files\Bonjour
    [10/12/2008|13:57] C:\Program Files\Call of Duty Game of the Year Edition
    [01/09/2007|12:45] C:\Program Files\CaraQ
    [26/05/2008|15:14] C:\Program Files\Conduit
    [22/10/2004|01:14] C:\Program Files\CyberLink
    [24/08/2007|10:13] C:\Program Files\directx
    [14/11/2008|20:59] C:\Program Files\DivX
    [23/09/2008|12:15] C:\Program Files\Dofus
    [09/09/2008|10:04] C:\Program Files\DofusArena2
    [11/03/2006|14:15] C:\Program Files\Dusco
    [13/03/2008|13:34] C:\Program Files\DVD X Player 4.1 Professionnel
    [01/06/2007|13:25] C:\Program Files\DVDCAM
    [01/06/2007|13:29] C:\Program Files\DVD-RAM
    [25/12/2006|10:10] C:\Program Files\Eidos
    [27/12/2005|12:15] C:\Program Files\Eidos Interactive
    [25/12/2005|10:15] C:\Program Files\Empire Interactive
    [12/11/2008|23:42] C:\Program Files\eMule
    [20/03/2007|21:39] C:\Program Files\EPSON
    [03/09/2008|17:22] C:\Program Files\Fichiers communs
    [27/01/2008|15:54] C:\Program Files\FileZilla FTP Client
    [26/11/2007|22:42] C:\Program Files\GIMP-2.0
    [06/02/2006|18:36] C:\Program Files\GMixon
    [05/04/2007|15:46] C:\Program Files\Google
    [06/01/2006|17:15] C:\Program Files\HbTools
    [10/12/2008|19:33] C:\Program Files\InstallShield Installation Information
    [22/03/2006|09:59] C:\Program Files\InterActual
    [12/12/2008|00:51] C:\Program Files\Internet Explorer
    [26/11/2008|10:58] C:\Program Files\iPod
    [26/11/2008|10:59] C:\Program Files\iTunes
    [30/09/2008|11:21] C:\Program Files\Java
    [21/04/2008|20:41] C:\Program Files\K-Lite Codec Pack
    [27/04/2007|09:52] C:\Program Files\Labtec
    [26/07/2008|13:32] C:\Program Files\LimeWire
    [07/06/2006|15:38] C:\Program Files\Logitech
    [04/11/2008|18:07] C:\Program Files\Malwarebytes' Anti-Malware
    [10/08/2005|12:16] C:\Program Files\Maxis
    [30/09/2008|11:08] C:\Program Files\Messenger
    [05/09/2008|18:08] C:\Program Files\Messenger Plus! Live
    [10/08/2007|19:10] C:\Program Files\MessengerPlus! 3
    [28/09/2008|17:03] C:\Program Files\Metin2_France
    [17/04/2006|16:37] C:\Program Files\Micro Application
    [16/10/2006|17:49] C:\Program Files\Microsoft ActiveSync
    [16/08/2004|17:11] C:\Program Files\microsoft frontpage
    [22/10/2004|01:20] C:\Program Files\microsoft office
    [26/07/2008|13:32] C:\Program Files\Microsoft Works
    [22/10/2004|01:19] C:\Program Files\Microsoft.NET
    [26/05/2008|15:14] C:\Program Files\Mininova
    [30/09/2008|10:06] C:\Program Files\Movie Maker
    [13/12/2008|17:57] C:\Program Files\Mozilla Firefox
    [06/01/2006|17:13] C:\Program Files\MSN
    [16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
    [30/09/2008|11:14] C:\Program Files\MSN Messenger
    [14/09/2007|09:43] C:\Program Files\MSN Messenger(2)
    [15/08/2007|11:30] C:\Program Files\MSXML 4.0
    [17/03/2006|21:11] C:\Program Files\MyXOFT
    [30/09/2008|10:00] C:\Program Files\NetMeeting
    [05/04/2007|15:30] C:\Program Files\Norton Internet Security
    [27/01/2008|15:33] C:\Program Files\Nvu
    [16/08/2004|17:03] C:\Program Files\Online Services
    [04/11/2008|17:48] C:\Program Files\Onlpdate
    [26/11/2006|22:38] C:\Program Files\orange
    [30/09/2008|10:00] C:\Program Files\Outlook Express
    [01/06/2007|13:23] C:\Program Files\Panasonic
    [13/12/2008|15:18] C:\Program Files\PC Wizard 2008
    [23/08/2007|15:27] C:\Program Files\PhotoFiltre
    [25/04/2007|18:00] C:\Program Files\Procbinburn
    [05/04/2007|15:51] C:\Program Files\Ptskuvu
    [26/11/2008|10:52] C:\Program Files\QuickTime
    [22/10/2004|01:09] C:\Program Files\Real
    [26/01/2008|18:38] C:\Program Files\Riva
    [28/07/2007|13:04] C:\Program Files\RM-X Player V5.0
    [26/11/2008|10:22] C:\Program Files\Safari
    [02/12/2008|17:57] C:\Program Files\SAGEM
    [06/07/2008|12:30] C:\Program Files\Samsung
    [15/05/2007|21:45] C:\Program Files\Secured eMule
    [15/05/2007|21:45] C:\Program Files\Secured_eMule
    [16/08/2004|17:07] C:\Program Files\Services en ligne
    [06/01/2006|17:15] C:\Program Files\ShopperReports
    [01/04/2006|11:59] C:\Program Files\Sierra
    [22/10/2004|01:21] C:\Program Files\Sonic
    [03/06/2006|16:11] C:\Program Files\Sony Ericsson
    [30/09/2008|11:21] C:\Program Files\Sun
    [24/03/2006|14:51] C:\Program Files\SurfAccuracy
    [05/04/2007|15:30] C:\Program Files\Symantec
    [15/12/2005|09:02] C:\Program Files\Technodev
    [27/06/2005|08:17] C:\Program Files\Transport Giant Demo
    [14/12/2008|13:57] C:\Program Files\Trend Micro
    [17/04/2006|16:48] C:\Program Files\Uninstall Information
    [28/12/2005|11:04] C:\Program Files\Valve
    [20/11/2008|22:43] C:\Program Files\Veoh Networks
    [22/10/2004|01:09] C:\Program Files\Viewpoint
    [03/07/2006|17:57] C:\Program Files\VSO
    [14/12/2008|11:47] C:\Program Files\Wanadoo
    [26/07/2008|13:32] C:\Program Files\Wanadoo Messager
    [02/12/2008|12:04] C:\Program Files\Win Stream plugin
    [16/01/2008|22:22] C:\Program Files\Windows Live
    [30/11/2007|23:47] C:\Program Files\Windows Live Favorites
    [16/11/2008|23:46] C:\Program Files\Windows Live Safety Center
    [26/07/2008|13:32] C:\Program Files\Windows Live Toolbar
    [26/07/2008|13:32] C:\Program Files\Windows Media Connect 2
    [30/09/2008|10:00] C:\Program Files\Windows Media Player
    [30/09/2008|10:00] C:\Program Files\Windows NT
    [24/03/2008|11:52] C:\Program Files\WinRAR
    [06/02/2006|18:36] C:\Program Files\winupdates
    [16/08/2004|17:11] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [16/07/2007|16:05] C:\Program Files\Fichiers communs\Adobe
    [06/01/2006|17:14] C:\Program Files\Fichiers communs\AOL
    [05/05/2005|16:50] C:\Program Files\Fichiers communs\aolback
    [05/04/2007|15:49] C:\Program Files\Fichiers communs\aolshare
    [26/11/2008|10:58] C:\Program Files\Fichiers communs\Apple
    [01/06/2007|13:22] C:\Program Files\Fichiers communs\CNC
    [22/10/2004|01:20] C:\Program Files\Fichiers communs\DESIGNER
    [08/10/2006|10:24] C:\Program Files\Fichiers communs\InstallShield
    [01/06/2007|13:22] C:\Program Files\Fichiers communs\IviSDK
    [22/10/2004|01:03] C:\Program Files\Fichiers communs\Java
    [07/06/2006|15:37] C:\Program Files\Fichiers communs\Labtec
    [23/07/2008|02:04] C:\Program Files\Fichiers communs\Microsoft Shared
    [16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
    [04/11/2008|17:08] C:\Program Files\Fichiers communs\Nullsoft
    [06/01/2006|17:14] C:\Program Files\Fichiers communs\Oberon Media
    [11/04/2007|14:02] C:\Program Files\Fichiers communs\ODBC
    [01/06/2007|13:26] C:\Program Files\Fichiers communs\Panasonic
    [22/10/2004|01:15] C:\Program Files\Fichiers communs\Real
    [16/08/2004|17:06] C:\Program Files\Fichiers communs\Services
    [22/10/2004|01:21] C:\Program Files\Fichiers communs\Sonic Shared
    [16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
    [14/11/2005|18:34] C:\Program Files\Fichiers communs\SureThing Shared
    [26/01/2008|18:39] C:\Program Files\Fichiers communs\SWF Studio
    [05/04/2007|15:42] C:\Program Files\Fichiers communs\Symantec Shared
    [30/09/2008|10:00] C:\Program Files\Fichiers communs\System
    [24/09/2008|22:30] C:\Program Files\Fichiers communs\Teleca Shared
    [22/10/2004|01:15] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 58 Processes )

    IEXPLORE.EXE ~ [PID:472]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\Damien\LOCALS~1\Temp\nsb1F.tmp
    C:\DOCUME~1\Damien\LOCALS~1\Temp\nsb69E.tmp
    C:\DOCUME~1\Damien\LOCALS~1\Temp\nsg679.tmp
    C:\DOCUME~1\Damien\LOCALS~1\Temp\nsj67F.tmp
    C:\DOCUME~1\Damien\LOCALS~1\Temp\nsnF.tmp
    C:\DOCUME~1\Damien\LOCALS~1\Temp\nss3D.tmp
    C:\DOCUME~1\Damien\Cookies\damien@advertising[1].txt
    C:\DOCUME~1\Damien\Cookies\damien@adopt.euroclick[2].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts MODIFIE

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
    127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
    127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
    127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
    127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
    127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
    127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
    127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
    127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
    127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
    127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

    -> 72 [ 70 ## added by CiD ]

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-14 19:09:14
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 99

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\Pack.epk

    C:\DOCUME~1\Damien\LOCALS~1\APPLIC~1\gouigse_navfx.dat
    C:\WINDOWS\System32\agzsaognm_navfx.dat
    C:\WINDOWS\System32\cqfbdxbmy_navfx.dat
    C:\WINDOWS\System32\isazmgv_navfx.dat
    C:\WINDOWS\System32\nnbrzw_navfx.dat
    C:\WINDOWS\System32\qrcqrh_navfx.dat
    C:\WINDOWS\System32\sqcigus.dat
    C:\WINDOWS\System32\sqcigus_navup.dat
    [b]==> EGDACCESS <==/b

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Damien\Mes documents\LimeWire\Incomplete\T-5684110-Sexy blonde finger her super sexy pussy_fuck big butts like it big hot ass butt crack big booty girls teen butt booty fucked.mpg
    C:\DOCUME~1\Damien\Mes documents\LimeWire\Saved\Activision.Call.of.Duty.4.Modern.Warfare.crack
    C:\DOCUME~1\Damien\Mes documents\LimeWire\Saved\Activision.Call.of.Duty.4.Modern.Warfare.crack\Activision.Call.of.Duty.4.Modern.Warfare.crack.zip

    [F:35846][D:643]-> C:\DOCUME~1\Damien\LOCALS~1\Temp
    [F:79][D:0]-> C:\DOCUME~1\Damien\Cookies
    [F:1005][D:31]-> C:\DOCUME~1\Damien\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 14/12/2008|19:20 - Option : [1]

    --------------------\\ Fin du rapport a 19:20:21
    0
  14. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Slt

    Il était passé aux oubliettes, je l'ai restauré.
    0
  15. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    merci toptitbal

    Relance LOP S&D d'Eric71

    Choisis cette fois ci l'Option 2 ( Suppression )
    Ne ferme pas la fenêtre lors de la suppression !
    Poste le rapport généré (situé aussi ici C:\lopR.txt )
    0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    je m'incruste 10 sec;

    Benurrr, il y a urgence à traiter l'infection navipromo.
    0
  17. benurrr Messages postés 9766 Statut Contributeur sécurité 107
     
    salut lyonnais ;tu va bien mon ami

    j'en avait l'intention après l'option 2 de lop
    0
  18. moïse
     
    chui entrin de faire l'option 2 ^^ je posteré le rapport des que c'est fini !
    0
  19. moïse
     
    [05/08/2004 13:00][---h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ MsgPlus SPONSOR INSTALLED !

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin]
    "SponsorInstalled"=dword:00000000

    --------------------\\ Listing des dossiers dans C:\Program Files

    [30/11/2008|20:08] C:\Program Files\3aLab
    [10/12/2008|17:53] C:\Program Files\Activision
    [16/07/2007|16:05] C:\Program Files\Adobe
    [20/10/2007|23:15] C:\Program Files\Adssite Advanced Toolbar
    [05/04/2007|15:52] C:\Program Files\AGEIA Technologies
    [27/03/2007|19:06] C:\Program Files\Alwil Software
    [05/04/2007|15:31] C:\Program Files\AOL Compagnon
    [26/07/2008|13:32] C:\Program Files\AOL Toolbar
    [06/08/2008|14:18] C:\Program Files\Apple Software Update
    [05/06/2005|09:55] C:\Program Files\ArcSoft
    [03/09/2008|17:23] C:\Program Files\Atari
    [05/04/2007|15:51] C:\Program Files\ATI Technologies
    [05/04/2007|15:31] C:\Program Files\AtomixMP3
    [09/09/2008|19:24] C:\Program Files\Audacity
    [04/11/2008|17:41] C:\Program Files\AWS
    [17/09/2008|09:09] C:\Program Files\Bonjour
    [10/12/2008|13:57] C:\Program Files\Call of Duty Game of the Year Edition
    [01/09/2007|12:45] C:\Program Files\CaraQ
    [26/05/2008|15:14] C:\Program Files\Conduit
    [22/10/2004|01:14] C:\Program Files\CyberLink
    [24/08/2007|10:13] C:\Program Files\directx
    [14/11/2008|20:59] C:\Program Files\DivX
    [23/09/2008|12:15] C:\Program Files\Dofus
    [09/09/2008|10:04] C:\Program Files\DofusArena2
    [11/03/2006|14:15] C:\Program Files\Dusco
    [13/03/2008|13:34] C:\Program Files\DVD X Player 4.1 Professionnel
    [01/06/2007|13:25] C:\Program Files\DVDCAM
    [01/06/2007|13:29] C:\Program Files\DVD-RAM
    [25/12/2006|10:10] C:\Program Files\Eidos
    [27/12/2005|12:15] C:\Program Files\Eidos Interactive
    [25/12/2005|10:15] C:\Program Files\Empire Interactive
    [12/11/2008|23:42] C:\Program Files\eMule
    [20/03/2007|21:39] C:\Program Files\EPSON
    [03/09/2008|17:22] C:\Program Files\Fichiers communs
    [27/01/2008|15:54] C:\Program Files\FileZilla FTP Client
    [26/11/2007|22:42] C:\Program Files\GIMP-2.0
    [06/02/2006|18:36] C:\Program Files\GMixon
    [05/04/2007|15:46] C:\Program Files\Google
    [06/01/2006|17:15] C:\Program Files\HbTools
    [10/12/2008|19:33] C:\Program Files\InstallShield Installation Information
    [22/03/2006|09:59] C:\Program Files\InterActual
    [12/12/2008|00:51] C:\Program Files\Internet Explorer
    [26/11/2008|10:58] C:\Program Files\iPod
    [26/11/2008|10:59] C:\Program Files\iTunes
    [30/09/2008|11:21] C:\Program Files\Java
    [21/04/2008|20:41] C:\Program Files\K-Lite Codec Pack
    [27/04/2007|09:52] C:\Program Files\Labtec
    [26/07/2008|13:32] C:\Program Files\LimeWire
    [07/06/2006|15:38] C:\Program Files\Logitech
    [04/11/2008|18:07] C:\Program Files\Malwarebytes' Anti-Malware
    [10/08/2005|12:16] C:\Program Files\Maxis
    [30/09/2008|11:08] C:\Program Files\Messenger
    [05/09/2008|18:08] C:\Program Files\Messenger Plus! Live
    [10/08/2007|19:10] C:\Program Files\MessengerPlus! 3
    [28/09/2008|17:03] C:\Program Files\Metin2_France
    [17/04/2006|16:37] C:\Program Files\Micro Application
    [16/10/2006|17:49] C:\Program Files\Microsoft ActiveSync
    [16/08/2004|17:11] C:\Program Files\microsoft frontpage
    [22/10/2004|01:20] C:\Program Files\microsoft office
    [26/07/2008|13:32] C:\Program Files\Microsoft Works
    [22/10/2004|01:19] C:\Program Files\Microsoft.NET
    [26/05/2008|15:14] C:\Program Files\Mininova
    [30/09/2008|10:06] C:\Program Files\Movie Maker
    [14/12/2008|22:54] C:\Program Files\Mozilla Firefox
    [06/01/2006|17:13] C:\Program Files\MSN
    [16/08/2004|17:03] C:\Program Files\MSN Gaming Zone
    [30/09/2008|11:14] C:\Program Files\MSN Messenger
    [14/09/2007|09:43] C:\Program Files\MSN Messenger(2)
    [15/08/2007|11:30] C:\Program Files\MSXML 4.0
    [17/03/2006|21:11] C:\Program Files\MyXOFT
    [30/09/2008|10:00] C:\Program Files\NetMeeting
    [05/04/2007|15:30] C:\Program Files\Norton Internet Security
    [27/01/2008|15:33] C:\Program Files\Nvu
    [16/08/2004|17:03] C:\Program Files\Online Services
    [04/11/2008|17:48] C:\Program Files\Onlpdate
    [26/11/2006|22:38] C:\Program Files\orange
    [30/09/2008|10:00] C:\Program Files\Outlook Express
    [01/06/2007|13:23] C:\Program Files\Panasonic
    [13/12/2008|15:18] C:\Program Files\PC Wizard 2008
    [23/08/2007|15:27] C:\Program Files\PhotoFiltre
    [25/04/2007|18:00] C:\Program Files\Procbinburn
    [05/04/2007|15:51] C:\Program Files\Ptskuvu
    [26/11/2008|10:52] C:\Program Files\QuickTime
    [22/10/2004|01:09] C:\Program Files\Real
    [26/01/2008|18:38] C:\Program Files\Riva
    [28/07/2007|13:04] C:\Program Files\RM-X Player V5.0
    [26/11/2008|10:22] C:\Program Files\Safari
    [02/12/2008|17:57] C:\Program Files\SAGEM
    [06/07/2008|12:30] C:\Program Files\Samsung
    [15/05/2007|21:45] C:\Program Files\Secured eMule
    [15/05/2007|21:45] C:\Program Files\Secured_eMule
    [16/08/2004|17:07] C:\Program Files\Services en ligne
    [06/01/2006|17:15] C:\Program Files\ShopperReports
    [01/04/2006|11:59] C:\Program Files\Sierra
    [22/10/2004|01:21] C:\Program Files\Sonic
    [03/06/2006|16:11] C:\Program Files\Sony Ericsson
    [30/09/2008|11:21] C:\Program Files\Sun
    [24/03/2006|14:51] C:\Program Files\SurfAccuracy
    [05/04/2007|15:30] C:\Program Files\Symantec
    [15/12/2005|09:02] C:\Program Files\Technodev
    [27/06/2005|08:17] C:\Program Files\Transport Giant Demo
    [14/12/2008|13:57] C:\Program Files\Trend Micro
    [17/04/2006|16:48] C:\Program Files\Uninstall Information
    [28/12/2005|11:04] C:\Program Files\Valve
    [20/11/2008|22:43] C:\Program Files\Veoh Networks
    [03/07/2006|17:57] C:\Program Files\VSO
    [15/12/2008|10:28] C:\Program Files\Wanadoo
    [26/07/2008|13:32] C:\Program Files\Wanadoo Messager
    [02/12/2008|12:04] C:\Program Files\Win Stream plugin
    [16/01/2008|22:22] C:\Program Files\Windows Live
    [30/11/2007|23:47] C:\Program Files\Windows Live Favorites
    [16/11/2008|23:46] C:\Program Files\Windows Live Safety Center
    [26/07/2008|13:32] C:\Program Files\Windows Live Toolbar
    [26/07/2008|13:32] C:\Program Files\Windows Media Connect 2
    [30/09/2008|10:00] C:\Program Files\Windows Media Player
    [30/09/2008|10:00] C:\Program Files\Windows NT
    [24/03/2008|11:52] C:\Program Files\WinRAR
    [06/02/2006|18:36] C:\Program Files\winupdates
    [16/08/2004|17:11] C:\Program Files\xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [16/07/2007|16:05] C:\Program Files\Fichiers communs\Adobe
    [06/01/2006|17:14] C:\Program Files\Fichiers communs\AOL
    [05/05/2005|16:50] C:\Program Files\Fichiers communs\aolback
    [05/04/2007|15:49] C:\Program Files\Fichiers communs\aolshare
    [26/11/2008|10:58] C:\Program Files\Fichiers communs\Apple
    [01/06/2007|13:22] C:\Program Files\Fichiers communs\CNC
    [22/10/2004|01:20] C:\Program Files\Fichiers communs\DESIGNER
    [08/10/2006|10:24] C:\Program Files\Fichiers communs\InstallShield
    [01/06/2007|13:22] C:\Program Files\Fichiers communs\IviSDK
    [22/10/2004|01:03] C:\Program Files\Fichiers communs\Java
    [07/06/2006|15:37] C:\Program Files\Fichiers communs\Labtec
    [23/07/2008|02:04] C:\Program Files\Fichiers communs\Microsoft Shared
    [16/08/2004|17:06] C:\Program Files\Fichiers communs\MSSoap
    [04/11/2008|17:08] C:\Program Files\Fichiers communs\Nullsoft
    [06/01/2006|17:14] C:\Program Files\Fichiers communs\Oberon Media
    [11/04/2007|14:02] C:\Program Files\Fichiers communs\ODBC
    [01/06/2007|13:26] C:\Program Files\Fichiers communs\Panasonic
    [22/10/2004|01:15] C:\Program Files\Fichiers communs\Real
    [16/08/2004|17:06] C:\Program Files\Fichiers communs\Services
    [22/10/2004|01:21] C:\Program Files\Fichiers communs\Sonic Shared
    [16/08/2004|16:56] C:\Program Files\Fichiers communs\SpeechEngines
    [14/11/2005|18:34] C:\Program Files\Fichiers communs\SureThing Shared
    [26/01/2008|18:39] C:\Program Files\Fichiers communs\SWF Studio
    [05/04/2007|15:42] C:\Program Files\Fichiers communs\Symantec Shared
    [30/09/2008|10:00] C:\Program Files\Fichiers communs\System
    [24/09/2008|22:30] C:\Program Files\Fichiers communs\Teleca Shared
    [22/10/2004|01:15] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 55 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\Damien\Cookies\damien@advertising[2].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 10:57:38
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 99

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\Pack.epk

    C:\DOCUME~1\Damien\LOCALS~1\APPLIC~1\gouigse_navfx.dat
    C:\WINDOWS\System32\agzsaognm_navfx.dat
    C:\WINDOWS\System32\cqfbdxbmy_navfx.dat
    C:\WINDOWS\System32\isazmgv_navfx.dat
    C:\WINDOWS\System32\nnbrzw_navfx.dat
    C:\WINDOWS\System32\qrcqrh_navfx.dat
    C:\WINDOWS\System32\sqcigus.dat
    C:\WINDOWS\System32\sqcigus_navup.dat
    [b]==> EGDACCESS <==/b

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Damien\Mes documents\LimeWire\Incomplete\T-5684110-Sexy blonde finger her super sexy pussy_fuck big butts like it big hot ass butt crack big booty girls teen butt booty fucked.mpg
    C:\DOCUME~1\Damien\Mes documents\LimeWire\Saved\Activision.Call.of.Duty.4.Modern.Warfare.crack
    C:\DOCUME~1\Damien\Mes documents\LimeWire\Saved\Activision.Call.of.Duty.4.Modern.Warfare.crack\Activision.Call.of.Duty.4.Modern.Warfare.crack.zip

    [F:35801][D:642]-> C:\DOCUME~1\Damien\LOCALS~1\Temp
    [F:84][D:0]-> C:\DOCUME~1\Damien\Cookies
    [F:1558][D:31]-> C:\DOCUME~1\Damien\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 14/12/2008|19:20 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 15/12/2008|11:02 - Option : [2]

    --------------------\\ Fin du rapport a 11:02:35
    0
  • 1
  • 2
  • 3