Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

TR/GEN

Flaos

Par Flaos
dans Analyses et éradication malwares

 Partager

Messages recommandés

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

bien! les restes de Symantec ont été supprimés et le malware ne réapparait pas.

Tu as utilisé Toolbar S&D: peux tu poster le rapport C:\TB.txt stp ?

Au passage, on voit dans ton rapport un reste d'une infection (pas méchante) qui se nomme CID. Pour info =>

 

L'infection CID , on la crée nous même sans le savoir lors de l'installation de MessengerPlus! 3. (et de certains programmes du type BitTorrent) Elle affiche des pubs intempestives lors des surfs.

Lorsque tu installes ce programme, il ne faut surtout pas accepter les sponsors > il faut cocher le bouton radio "Je refuse d'apporter mon soutien...." >>

messenger5on.jpg

 

On va faire le nettoyage =>

 

Désactive tes protections résidentes (Antivirus, ...) tu les réactivera après le scan

 

Télécharge Lop S&D < ici

  • Double-clique sur Lop S&D.exe présent sur ton bureau
  • Séléctionne la langue souhaitée, puis choisis l'Option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré. Si tu ne le vois pas, tu le trouveras dans le répertoire (C\) et il se nomme lopR.txt

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Flaos Junior Member

Flaos

Posté(e)
  • Auteur
Posté(e)
-----------\\ ToolBar S&D 1.2.9 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron Processor 3000+ )

BIOS : Phoenix - Award BIOS v6.00PG

USER : Linkthe ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

C:\ (Local Disk) - NTFS - Total:143 Go (Free:54 Go)

D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

 

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )

Option : [2] ( 27/02/2010|21:50 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings\kb127

Supprime! - C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings\kb128

Supprime! - C:\WINDOWS\iun6002.exe

Supprime! - C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"SearchMigratedDefaultURL"="http://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Start Page"="http://www.google.com"'>http://www.google.com"'>http://www.google.com"

"Start Page_bak"="http://www.google.com"

"Default_Search_URL"="http://www.google.com"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

"Update_Check_Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Linkthe\Bureau\L!nkth3\Programmes\[Nero.Burning.Rom.7.?????].Nero7_keygen.exe

C:\DOCUME~1\Linkthe\Mes documents\LimeWire\Saved\Cracks,serialnumbers,keygenerators,nero,corel draw,antivirus,adobe,macromedia, norton,paint shop pro,winrar,winzip,x win,ast.doc

C:\DOCUME~1\Linkthe\Mes documents\LimeWire\Saved\~$acks,serialnumbers,keygenerators,nero,corel draw,antivirus,adobe,macromedia, norton,paint shop pro,winrar,winzip,x win,ast.doc

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 27/02/2010|21:41 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 27/02/2010|21:51 - Option : [2]

 

-----------\\ Fin du rapport a 21:51:12,10

 

 

 

 

Je me disais que j'en avais oublié un >_<"

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

ok: on va laisser LOP S&D pour le moment et on va s'assurer qu'un rootkit n'est pas en activité =>

 

Désactive l'antivirus temporairement le temps du scan.

 

Télécharge GMER Rootkit Scanner du lien suivant :

 

http://www.gmer.net/#files

 

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau.

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes.

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche l' option suivante :

  • Sections
     
     
  • **Assure-toi que "Show All" est décoché**

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

Flaos Junior Member

Flaos

Posté(e)
  • Auteur
Posté(e)

voilà j'ai finit les scans et voici les logs ^^

 

lopR.txt

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron Processor 3000+ )

BIOS : Phoenix - Award BIOS v6.00PG

USER : Linkthe ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)

C:\ (Local Disk) - NTFS - Total:143 Go (Free:54 Go)

D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 27/02/2010|23:47 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[03/01/2005|08:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[25/11/2004|04:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[03/01/2005|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[03/01/2005|08:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView

[03/01/2005|08:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

 

[03/10/2009|18:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[15/09/2009|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[04/04/2006|07:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[19/09/2009|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[15/01/2008|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[19/09/2009|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[31/05/2008|14:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU

[27/01/2009|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard

[29/09/2009|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts

[15/09/2006|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[03/01/2005|07:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[03/01/2005|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[30/01/2006|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak

[26/02/2010|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[26/06/2006|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[16/09/2009|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[11/11/2009|09:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS

[21/03/2007|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[03/01/2005|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[03/01/2005|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic

[29/09/2009|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony

[30/07/2006|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[30/07/2009|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[12/05/2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania

[16/04/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania United

[31/07/2006|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems

[12/07/2006|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[03/01/2005|08:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer

[25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[03/01/2005|08:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[03/01/2005|08:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView

[03/01/2005|08:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

 

 

[22/12/2006|16:32] C:\DOCUME~1\Linkthe\APPLIC~1\.BitTornado

[26/02/2010|20:05] C:\DOCUME~1\Linkthe\APPLIC~1\Adobe

[21/08/2007|08:18] C:\DOCUME~1\Linkthe\APPLIC~1\AdobeUM

[28/05/2009|12:50] C:\DOCUME~1\Linkthe\APPLIC~1\AdSigner

[14/05/2006|10:01] C:\DOCUME~1\Linkthe\APPLIC~1\Ahead

[28/09/2009|18:00] C:\DOCUME~1\Linkthe\APPLIC~1\Apple Computer

[19/08/2009|11:07] C:\DOCUME~1\Linkthe\APPLIC~1\ArcSoft

[14/03/2006|14:42] C:\DOCUME~1\Linkthe\APPLIC~1\ATI

[31/05/2008|14:20] C:\DOCUME~1\Linkthe\APPLIC~1\AVS4YOU

[26/10/2006|07:08] C:\DOCUME~1\Linkthe\APPLIC~1\BitTorrent

[15/06/2007|22:31] C:\DOCUME~1\Linkthe\APPLIC~1\Dev-Cpp

[09/04/2007|21:22] C:\DOCUME~1\Linkthe\APPLIC~1\DivX

[27/02/2009|15:41] C:\DOCUME~1\Linkthe\APPLIC~1\Download Manager

[13/06/2006|19:38] C:\DOCUME~1\Linkthe\APPLIC~1\Errorcake

[07/11/2009|21:55] C:\DOCUME~1\Linkthe\APPLIC~1\FileZilla

[25/02/2010|16:49] C:\DOCUME~1\Linkthe\APPLIC~1\Free Download Manager

[24/08/2008|12:32] C:\DOCUME~1\Linkthe\APPLIC~1\fretsonfire

[15/09/2006|17:50] C:\DOCUME~1\Linkthe\APPLIC~1\Google

[18/05/2008|20:12] C:\DOCUME~1\Linkthe\APPLIC~1\GrabIt

[02/05/2006|18:26] C:\DOCUME~1\Linkthe\APPLIC~1\Help

[02/04/2008|19:47] C:\DOCUME~1\Linkthe\APPLIC~1\HLSW

[21/02/2006|10:14] C:\DOCUME~1\Linkthe\APPLIC~1\HP

[20/01/2006|18:42] C:\DOCUME~1\Linkthe\APPLIC~1\HPQ

[25/11/2004|04:26] C:\DOCUME~1\Linkthe\APPLIC~1\Identities

[08/02/2009|10:18] C:\DOCUME~1\Linkthe\APPLIC~1\IndexEducation

[10/10/2009|14:50] C:\DOCUME~1\Linkthe\APPLIC~1\InstallShield

[29/01/2006|18:11] C:\DOCUME~1\Linkthe\APPLIC~1\InterVideo

[07/03/2009|15:28] C:\DOCUME~1\Linkthe\APPLIC~1\Leadertech

[07/08/2009|10:34] C:\DOCUME~1\Linkthe\APPLIC~1\LimeWire

[25/12/2006|03:00] C:\DOCUME~1\Linkthe\APPLIC~1\Macromedia

[26/02/2010|22:40] C:\DOCUME~1\Linkthe\APPLIC~1\Malwarebytes

[18/09/2009|16:32] C:\DOCUME~1\Linkthe\APPLIC~1\Microsoft

[02/07/2006|19:55] C:\DOCUME~1\Linkthe\APPLIC~1\morebowsone

[28/10/2009|15:49] C:\DOCUME~1\Linkthe\APPLIC~1\Mozilla

[17/05/2008|20:15] C:\DOCUME~1\Linkthe\APPLIC~1\Notepad++

[27/02/2010|22:42] C:\DOCUME~1\Linkthe\APPLIC~1\pdfforge

[12/04/2007|20:09] C:\DOCUME~1\Linkthe\APPLIC~1\Publish Providers

[03/01/2005|08:04] C:\DOCUME~1\Linkthe\APPLIC~1\SampleView

[23/08/2007|16:52] C:\DOCUME~1\Linkthe\APPLIC~1\Samsung

[07/10/2007|17:32] C:\DOCUME~1\Linkthe\APPLIC~1\Screenshot Sender

[27/02/2010|22:43] C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings

[24/09/2006|20:16] C:\DOCUME~1\Linkthe\APPLIC~1\Skype

[21/02/2006|14:04] C:\DOCUME~1\Linkthe\APPLIC~1\SmartFTP

[07/03/2009|15:28] C:\DOCUME~1\Linkthe\APPLIC~1\Sonic

[12/04/2007|20:08] C:\DOCUME~1\Linkthe\APPLIC~1\Sony

[29/11/2007|21:09] C:\DOCUME~1\Linkthe\APPLIC~1\Sony Setup

[23/02/2006|13:45] C:\DOCUME~1\Linkthe\APPLIC~1\Sun

[18/02/2007|01:46] C:\DOCUME~1\Linkthe\APPLIC~1\Talkback

[25/02/2010|16:21] C:\DOCUME~1\Linkthe\APPLIC~1\teamspeak2

[17/02/2010|23:07] C:\DOCUME~1\Linkthe\APPLIC~1\TS3Client

[08/02/2010|15:15] C:\DOCUME~1\Linkthe\APPLIC~1\uTorrent

[28/06/2008|14:55] C:\DOCUME~1\Linkthe\APPLIC~1\Ventrilo

[04/12/2009|12:15] C:\DOCUME~1\Linkthe\APPLIC~1\vlc

 

[20/09/2009|10:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe

[03/01/2005|07:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[16/01/2006|19:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[24/03/2008|22:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[17/02/2010 23:08][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[17/01/2007 21:51][--a------] C:\WINDOWS\tasks\Connexion facile à Internet.job

[27/02/2010 23:00][--ah-----] C:\WINDOWS\tasks\A31A82FD90FD39C5.job

[27/02/2010 22:39][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

 

( A31A82FD90FD39C5.job )=( c:\docume~1\linkthe\applic~1\errorc~1\BlahFaceGlue.exe )

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[03/12/2009|22:07] C:\Program Files\Adobe

[10/02/2006|18:21] C:\Program Files\AimOne_AlltoMP3

[08/06/2008|00:15] C:\Program Files\AMVapp

[19/08/2008|13:30] C:\Program Files\Apple Software Update

[27/02/2010|22:42] C:\Program Files\Application Updater

[10/10/2009|14:32] C:\Program Files\ArcSoft

[14/03/2006|14:42] C:\Program Files\ATI Technologies

[03/02/2008|16:19] C:\Program Files\Audacity

[19/09/2009|13:21] C:\Program Files\Avira

[08/06/2008|00:14] C:\Program Files\AviSynth 2.5

[31/05/2008|14:18] C:\Program Files\AVS4YOU

[31/01/2010|12:34] C:\Program Files\Blip Blop

[09/01/2010|14:23] C:\Program Files\Bodom-Child - RaBBi

[07/09/2009|18:51] C:\Program Files\Bodom-Child - RaBBi(2)

[09/09/2009|17:43] C:\Program Files\Bonjour

[07/09/2009|18:52] C:\Program Files\Bonjour(2)

[29/04/2009|23:41] C:\Program Files\CCleaner

[12/06/2008|08:57] C:\Program Files\Common Files

[24/11/2004|02:37] C:\Program Files\ComPlus Applications

[29/11/2007|21:38] C:\Program Files\CSE Demoplayer

[19/03/2006|13:37] C:\Program Files\Custom-Strike

[16/09/2007|01:24] C:\Program Files\DaemonTools_WhenUSave_Installer

[18/02/2007|02:23] C:\Program Files\Darluok Server

[25/11/2007|11:56] C:\Program Files\Disney Imagineering

[17/06/2009|12:46] C:\Program Files\DivX

[07/06/2008|23:25] C:\Program Files\DVD Decrypter

[04/08/2009|14:57] C:\Program Files\EA GAMES

[19/11/2006|10:21] C:\Program Files\Easy Internet signup

[11/08/2009|19:28] C:\Program Files\Electronic Arts

[21/04/2009|16:35] C:\Program Files\eMule

[09/06/2006|23:08] C:\Program Files\Errorcake

[15/09/2007|02:06] C:\Program Files\Eurobarre

[07/05/2006|14:13] C:\Program Files\Fake Webcam

[08/06/2008|00:07] C:\Program Files\ffdshow

[26/02/2010|20:02] C:\Program Files\Fichiers communs

[01/04/2008|21:24] C:\Program Files\FileZilla FTP Client

[04/08/2006|09:57] C:\Program Files\Free Audio Pack

[21/03/2007|18:00] C:\Program Files\Free Download Manager

[14/01/2006|20:05] C:\Program Files\Free.fr

[04/12/2009|12:06] C:\Program Files\Freeplayer

[09/11/2008|09:17] C:\Program Files\Frets on Fire

[23/12/2009|13:22] C:\Program Files\Full Tilt Poker

[16/10/2009|13:41] C:\Program Files\GameSpy Arcade

[04/03/2006|21:53] C:\Program Files\GIMP-2.0

[19/11/2007|21:04] C:\Program Files\GoldWave

[09/04/2007|21:18] C:\Program Files\Google

[11/09/2009|20:54] C:\Program Files\GUILD WARS

[14/10/2008|14:25] C:\Program Files\Guitar Pro 5

[03/01/2005|07:56] C:\Program Files\Hewlett-Packard

[02/04/2008|19:36] C:\Program Files\HLSW

[03/01/2005|07:44] C:\Program Files\HP

[19/09/2009|19:02] C:\Program Files\IKEA HomePlanner

[10/10/2009|14:32] C:\Program Files\InstallShield Installation Information

[22/01/2010|22:21] C:\Program Files\Internet Explorer

[03/01/2005|07:57] C:\Program Files\InterVideo

[09/09/2009|17:44] C:\Program Files\iPod

[07/09/2009|18:51] C:\Program Files\iPod(2)

[09/09/2009|17:45] C:\Program Files\iTunes

[07/09/2009|18:51] C:\Program Files\iTunes(2)

[10/11/2009|18:39] C:\Program Files\Java

[07/06/2008|10:37] C:\Program Files\KeepV Converter

[30/01/2006|19:19] C:\Program Files\Kodak

[13/01/2007|21:48] C:\Program Files\Landes Eternelles

[22/03/2008|15:43] C:\Program Files\LimeWire

[18/03/2006|19:09] C:\Program Files\Logitech

[30/09/2007|16:11] C:\Program Files\Magicbit

[26/02/2010|22:40] C:\Program Files\Malwarebytes' Anti-Malware

[08/10/2008|20:10] C:\Program Files\Messenger

[02/02/2008|01:39] C:\Program Files\MessengerDiscovery

[16/09/2009|16:41] C:\Program Files\Microsoft

[17/09/2009|20:37] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[25/11/2004|04:27] C:\Program Files\microsoft frontpage

[19/01/2006|17:27] C:\Program Files\Microsoft Office

[16/09/2009|16:41] C:\Program Files\Microsoft Office Outlook Connector

[05/01/2008|19:54] C:\Program Files\Microsoft Research Asia

[20/01/2010|16:45] C:\Program Files\Microsoft Silverlight

[12/04/2007|20:02] C:\Program Files\Microsoft SQL Server

[16/09/2009|16:39] C:\Program Files\Microsoft SQL Server Compact Edition

[16/09/2009|16:40] C:\Program Files\Microsoft Sync Framework

[03/01/2005|07:59] C:\Program Files\Microsoft Works

[12/07/2009|10:48] C:\Program Files\Microsoft WSE

[19/01/2006|17:27] C:\Program Files\Microsoft.NET

[30/09/2007|15:54] C:\Program Files\MIKSOFT

[18/01/2006|20:19] C:\Program Files\Mindscape

[27/11/2009|23:09] C:\Program Files\mIRC

[15/08/2009|21:45] C:\Program Files\Miscelnia

[07/10/2008|16:44] C:\Program Files\Movie Maker

[27/02/2010|22:42] C:\Program Files\Mozilla Firefox

[29/11/2007|21:25] C:\Program Files\MSBuild

[19/05/2007|08:50] C:\Program Files\MSN

[25/11/2004|04:27] C:\Program Files\MSN Gaming Zone

[16/09/2009|16:46] C:\Program Files\MSN Messenger

[23/06/2006|06:06] C:\Program Files\MSXML 4.0

[01/12/2007|07:49] C:\Program Files\MSXML 6.0

[07/03/2006|19:23] C:\Program Files\Neoact

[14/05/2006|08:52] C:\Program Files\Nero

[07/10/2008|16:40] C:\Program Files\NetMeeting

[17/05/2008|19:41] C:\Program Files\Notepad++

[25/11/2004|04:27] C:\Program Files\Online Services

[12/08/2009|22:44] C:\Program Files\Outlook Express

[29/03/2007|16:31] C:\Program Files\PacificPoker

[16/02/2010|10:25] C:\Program Files\Paradise Online

[15/09/2009|18:37] C:\Program Files\PDFCreator

[27/02/2010|22:42] C:\Program Files\pdfforge Toolbar

[09/06/2007|00:48] C:\Program Files\PhotoFiltre Studio

[29/09/2009|19:47] C:\Program Files\PokerStars

[05/05/2006|16:22] C:\Program Files\Prana-Updater

[07/04/2008|23:28] C:\Program Files\QuickPar

[14/10/2009|22:21] C:\Program Files\QuickTime

[07/09/2009|18:51] C:\Program Files\QuickTime(2)

[04/02/2008|17:18] C:\Program Files\Red Kawa

[29/11/2007|21:18] C:\Program Files\Reference Assemblies

[16/05/2007|13:46] C:\Program Files\RO

[25/12/2006|14:43] C:\Program Files\S2SaTstrat

[14/10/2009|22:10] C:\Program Files\Safari

[14/01/2006|19:45] C:\Program Files\SAGEM

[10/10/2009|14:52] C:\Program Files\Salix

[23/08/2007|14:49] C:\Program Files\Samsung

[03/01/2005|08:12] C:\Program Files\Services en ligne

[06/01/2008|21:11] C:\Program Files\Sierra On-Line

[11/06/2009|08:55] C:\Program Files\Smallvideosoft

[21/02/2006|14:04] C:\Program Files\SmartFTP Client 2.0

[21/02/2006|14:03] C:\Program Files\SmartFTP Client 2.0 Setup Files

[05/08/2007|12:31] C:\Program Files\SMTown-Online

[03/03/2008|21:48] C:\Program Files\Sony

[30/07/2006|09:36] C:\Program Files\Spybot - Search & Destroy

[17/02/2010|22:43] C:\Program Files\Steam

[29/09/2009|19:52] C:\Program Files\StepMania

[27/02/2010|22:30] C:\Program Files\Symantec

[17/02/2010|23:05] C:\Program Files\TeamSpeak 3 Client

[27/05/2008|16:26] C:\Program Files\Teamspeak2_RC2

[04/10/2008|21:52] C:\Program Files\Titan Poker

[27/02/2010|22:47] C:\Program Files\trend micro

[12/04/2007|20:03] C:\Program Files\Uninstall Information

[23/06/2008|20:41] C:\Program Files\uTorrent

[07/11/2009|22:58] C:\Program Files\Ventrilo

[29/01/2006|09:10] C:\Program Files\VideoLAN

[18/03/2006|22:23] C:\Program Files\VideoMach-3.4.1

[26/08/2006|00:40] C:\Program Files\Virtual Personality

[08/06/2008|00:17] C:\Program Files\VirtualDub-Mpeg2 1.6.14 VF

[05/08/2007|12:32] C:\Program Files\Way of Elendil

[18/01/2006|20:28] C:\Program Files\Web Publish

[16/09/2009|16:40] C:\Program Files\Windows Live

[16/09/2009|16:36] C:\Program Files\Windows Live SkyDrive

[07/10/2008|16:40] C:\Program Files\Windows Media Player

[07/10/2008|16:40] C:\Program Files\Windows NT

[24/11/2004|02:37] C:\Program Files\WindowsUpdate

[22/04/2006|22:27] C:\Program Files\WinRAR

[25/11/2004|04:28] C:\Program Files\xerox

[08/06/2008|00:15] C:\Program Files\Xvid

[14/05/2006|08:50] C:\Program Files\Yahoo!

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[02/03/2009|12:13] C:\Program Files\Fichiers communs\Adobe

[04/04/2006|07:15] C:\Program Files\Fichiers communs\Adobe Systems Shared

[14/05/2006|08:52] C:\Program Files\Fichiers communs\Ahead

[14/10/2009|22:19] C:\Program Files\Fichiers communs\Apple

[10/10/2009|14:34] C:\Program Files\Fichiers communs\ArcSoft

[31/05/2008|14:18] C:\Program Files\Fichiers communs\AVSMedia

[29/01/2009|08:45] C:\Program Files\Fichiers communs\Blizzard Entertainment

[19/01/2006|17:27] C:\Program Files\Fichiers communs\DESIGNER

[17/06/2009|12:45] C:\Program Files\Fichiers communs\DivX Shared

[04/03/2006|21:52] C:\Program Files\Fichiers communs\GTK

[03/01/2005|07:50] C:\Program Files\Fichiers communs\Hewlett-Packard

[03/01/2005|07:47] C:\Program Files\Fichiers communs\HP

[03/01/2005|08:02] C:\Program Files\Fichiers communs\InstallShield

[03/01/2005|07:30] C:\Program Files\Fichiers communs\Java

[30/01/2006|19:18] C:\Program Files\Fichiers communs\Kodak

[18/03/2006|19:09] C:\Program Files\Fichiers communs\Logitech

[02/03/2009|12:08] C:\Program Files\Fichiers communs\Macrovision Shared

[17/09/2009|20:35] C:\Program Files\Fichiers communs\Microsoft Shared

[25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap

[03/01/2005|08:03] C:\Program Files\Fichiers communs\muvee Technologies

[25/11/2004|04:26] C:\Program Files\Fichiers communs\ODBC

[10/10/2009|14:52] C:\Program Files\Fichiers communs\PAC207

[01/02/2005|08:50] C:\Program Files\Fichiers communs\Services

[03/01/2005|07:54] C:\Program Files\Fichiers communs\Sonic Shared

[25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines

[03/01/2005|07:55] C:\Program Files\Fichiers communs\SureThing Shared

[27/02/2010|22:30] C:\Program Files\Fichiers communs\Symantec Shared

[16/09/2009|16:41] C:\Program Files\Fichiers communs\System

[03/01/2005|07:55] C:\Program Files\Fichiers communs\TiVo Shared

[17/05/2008|21:39] C:\Program Files\Fichiers communs\Vbox

[16/09/2009|16:29] C:\Program Files\Fichiers communs\Windows Live

[07/11/2009|22:58] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 40 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

C:\DOCUME~1\Linkthe\APPLIC~1\errorc~1

C:\Program Files\errorc~1

C:\WINDOWS\Tasks\A31A82FD90FD39C5.job

 

--------------------\\ Verification du Registre

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-27 23:48:43

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

C:\DOCUME~1\Linkthe\LOCALS~1\APPLIC~1\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims 2 : Boit@Look.lnk 1098 bytes hidden from API

scan completed successfully

hidden processes: 0

hidden files: 1

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Linkthe\Bureau\L!nkth3\Programmes\[Nero.Burning.Rom.7.?????].Nero7_keygen.exe

C:\DOCUME~1\Linkthe\Mes documents\LimeWire\Saved\Cracks,serialnumbers,keygenerators,nero,corel draw,antivirus,adobe,macromedia, norton,paint shop pro,winrar,winzip,x win,ast.doc

C:\DOCUME~1\Linkthe\Mes documents\LimeWire\Saved\~$acks,serialnumbers,keygenerators,nero,corel draw,antivirus,adobe,macromedia, norton,paint shop pro,winrar,winzip,x win,ast.doc

 

 

[F:36][D:6]-> C:\DOCUME~1\Linkthe\LOCALS~1\Temp

[F:22][D:0]-> C:\DOCUME~1\Linkthe\Cookies

[F:129][D:5]-> C:\DOCUME~1\Linkthe\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 27/02/2010|23:50 - Option : [1]

 

--------------------\\ Fin du rapport a 23:50:39

 

 

 

et là ark.txt

 

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-02-28 10:14:55

Windows 5.1.2600 Service Pack 3

Running: r36q7zqr.exe; Driver: C:\DOCUME~1\Linkthe\LOCALS~1\Temp\pgldypow.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT BAFAA2A6 ZwCreateKey

SSDT BAFAA29C ZwCreateThread

SSDT BAFAA2AB ZwDeleteKey

SSDT BAFAA2B5 ZwDeleteValueKey

SSDT sptd.sys ZwEnumerateKey [0xBA6C5E2C]

SSDT sptd.sys ZwEnumerateValueKey [0xBA6C61BA]

SSDT BAFAA2BA ZwLoadKey

SSDT sptd.sys ZwOpenKey [0xBA6C00B0]

SSDT BAFAA288 ZwOpenProcess

SSDT BAFAA28D ZwOpenThread

SSDT sptd.sys ZwQueryKey [0xBA6C6292]

SSDT sptd.sys ZwQueryValueKey [0xBA6C6112]

SSDT BAFAA2C4 ZwReplaceKey

SSDT BAFAA2BF ZwRestoreKey

SSDT BAFAA2B0 ZwSetValueKey

SSDT BAFAA297 ZwTerminateProcess

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [bA6C0AD4] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [bA6C0C1A] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [bA6C0B9C] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [bA6C1748] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [bA6C161E] sptd.sys

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 8A3601E8

Device \FileSystem\Fastfat \FatCdrom 89CA87A0

Device \Driver\NetBT \Device\NetBT_Tcpip_{47B4D868-0BAF-4C38-A19B-9AB0ECD0EFF5} 89D157A0

Device \Driver\usbohci \Device\USBPDO-0 8A12F7A0

Device \Driver\usbohci \Device\USBPDO-1 8A12F7A0

Device \Driver\usbehci \Device\USBPDO-2 8A1025E0

 

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

 

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A2F61E8

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A2F61E8

Device \Driver\Cdrom \Device\CdRom0 8A0F41E8

Device \Driver\USBSTOR \Device\00000072 89D257A0

Device \Driver\atapi \Device\Ide\IdePort0 [bA639B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1 [bA639B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2 [bA639B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort3 [bA639B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [bA639B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 [bA639B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\USBSTOR \Device\00000076 89D257A0

Device \Driver\USBSTOR \Device\00000077 89D257A0

Device \Driver\NetBT \Device\NetBt_Wins_Export 89D157A0

Device \Driver\USBSTOR \Device\00000078 89D257A0

Device \Driver\NetBT \Device\NetbiosSmb 89D157A0

Device \Driver\USBSTOR \Device\00000079 89D257A0

Device \Driver\usbohci \Device\USBFDO-0 8A12F7A0

Device \Driver\usbohci \Device\USBFDO-1 8A12F7A0

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89EC97A0

Device \Driver\usbehci \Device\USBFDO-2 8A1025E0

Device \FileSystem\MRxSmb \Device\LanmanRedirector 89EC97A0

Device \Driver\Ftdisk \Device\FtControl 8A2F61E8

Device \FileSystem\Fastfat \Fat 89CA87A0

 

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

Device \FileSystem\Cdfs \Cdfs 89D807A0

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Documents and Settings\Linkthe\Bureau\L!nkth3\WORMS\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0xF4 0x37 0x5C ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x47 0x14 0xAB ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x15 0x51 0xB3 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Documents and Settings\Linkthe\Bureau\L!nkth3\WORMS\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0xF4 0x37 0x5C ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x47 0x14 0xAB ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x15 0x51 0xB3 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Documents and Settings\Linkthe\Bureau\L!nkth3\WORMS\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4C 0xF4 0x37 0x5C ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xED 0x47 0x14 0xAB ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA2 0x15 0x51 0xB3 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Classes\.svg@ TheGIMP20

 

---- EOF - GMER 1.0.15 ----

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Ok bonne nouvelle: pas de trace d'un éventuel rootkit :P

On nettoie les restes de l'infection CID comme ceci =>

 

Relance Lop S&D

 

  • Choisis cette fois ci l'Option 2 (Suppression)
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)

 

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Flaos Junior Member

Flaos

Posté(e)
  • Auteur
Posté(e)

voilà voilà =D

 

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron Processor 3000+ )

BIOS : Phoenix - Award BIOS v6.00PG

USER : Linkthe ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

C:\ (Local Disk) - NTFS - Total:143 Go (Free:54 Go)

D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 28/02/2010|14:18 )

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\WINDOWS\Tasks\A31A82FD90FD39C5.job

Supprime! - C:\DOCUME~1\Linkthe\APPLIC~1\errorc~1

Supprime! - C:\Program Files\errorc~1

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[03/01/2005|08:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[25/11/2004|04:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[03/01/2005|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[03/01/2005|08:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView

[03/01/2005|08:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

 

[03/10/2009|18:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[15/09/2009|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[04/04/2006|07:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[19/09/2009|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[15/01/2008|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[19/09/2009|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[31/05/2008|14:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU

[27/01/2009|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard

[29/09/2009|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts

[15/09/2006|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[03/01/2005|07:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[03/01/2005|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[30/01/2006|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak

[26/02/2010|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[26/06/2006|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[16/09/2009|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[11/11/2009|09:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS

[21/03/2007|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[03/01/2005|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[03/01/2005|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic

[29/09/2009|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony

[30/07/2006|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[30/07/2009|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[12/05/2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania

[16/04/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania United

[31/07/2006|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems

[12/07/2006|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[03/01/2005|08:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer

[25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[03/01/2005|08:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[03/01/2005|08:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView

[03/01/2005|08:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

 

 

[22/12/2006|16:32] C:\DOCUME~1\Linkthe\APPLIC~1\.BitTornado

[26/02/2010|20:05] C:\DOCUME~1\Linkthe\APPLIC~1\Adobe

[21/08/2007|08:18] C:\DOCUME~1\Linkthe\APPLIC~1\AdobeUM

[28/05/2009|12:50] C:\DOCUME~1\Linkthe\APPLIC~1\AdSigner

[14/05/2006|10:01] C:\DOCUME~1\Linkthe\APPLIC~1\Ahead

[28/09/2009|18:00] C:\DOCUME~1\Linkthe\APPLIC~1\Apple Computer

[19/08/2009|11:07] C:\DOCUME~1\Linkthe\APPLIC~1\ArcSoft

[14/03/2006|14:42] C:\DOCUME~1\Linkthe\APPLIC~1\ATI

[31/05/2008|14:20] C:\DOCUME~1\Linkthe\APPLIC~1\AVS4YOU

[26/10/2006|07:08] C:\DOCUME~1\Linkthe\APPLIC~1\BitTorrent

[15/06/2007|22:31] C:\DOCUME~1\Linkthe\APPLIC~1\Dev-Cpp

[09/04/2007|21:22] C:\DOCUME~1\Linkthe\APPLIC~1\DivX

[27/02/2009|15:41] C:\DOCUME~1\Linkthe\APPLIC~1\Download Manager

[07/11/2009|21:55] C:\DOCUME~1\Linkthe\APPLIC~1\FileZilla

[25/02/2010|16:49] C:\DOCUME~1\Linkthe\APPLIC~1\Free Download Manager

[24/08/2008|12:32] C:\DOCUME~1\Linkthe\APPLIC~1\fretsonfire

[15/09/2006|17:50] C:\DOCUME~1\Linkthe\APPLIC~1\Google

[18/05/2008|20:12] C:\DOCUME~1\Linkthe\APPLIC~1\GrabIt

[02/05/2006|18:26] C:\DOCUME~1\Linkthe\APPLIC~1\Help

[02/04/2008|19:47] C:\DOCUME~1\Linkthe\APPLIC~1\HLSW

[21/02/2006|10:14] C:\DOCUME~1\Linkthe\APPLIC~1\HP

[20/01/2006|18:42] C:\DOCUME~1\Linkthe\APPLIC~1\HPQ

[25/11/2004|04:26] C:\DOCUME~1\Linkthe\APPLIC~1\Identities

[08/02/2009|10:18] C:\DOCUME~1\Linkthe\APPLIC~1\IndexEducation

[10/10/2009|14:50] C:\DOCUME~1\Linkthe\APPLIC~1\InstallShield

[29/01/2006|18:11] C:\DOCUME~1\Linkthe\APPLIC~1\InterVideo

[07/03/2009|15:28] C:\DOCUME~1\Linkthe\APPLIC~1\Leadertech

[07/08/2009|10:34] C:\DOCUME~1\Linkthe\APPLIC~1\LimeWire

[25/12/2006|03:00] C:\DOCUME~1\Linkthe\APPLIC~1\Macromedia

[26/02/2010|22:40] C:\DOCUME~1\Linkthe\APPLIC~1\Malwarebytes

[18/09/2009|16:32] C:\DOCUME~1\Linkthe\APPLIC~1\Microsoft

[02/07/2006|19:55] C:\DOCUME~1\Linkthe\APPLIC~1\morebowsone

[28/10/2009|15:49] C:\DOCUME~1\Linkthe\APPLIC~1\Mozilla

[17/05/2008|20:15] C:\DOCUME~1\Linkthe\APPLIC~1\Notepad++

[27/02/2010|22:42] C:\DOCUME~1\Linkthe\APPLIC~1\pdfforge

[12/04/2007|20:09] C:\DOCUME~1\Linkthe\APPLIC~1\Publish Providers

[03/01/2005|08:04] C:\DOCUME~1\Linkthe\APPLIC~1\SampleView

[23/08/2007|16:52] C:\DOCUME~1\Linkthe\APPLIC~1\Samsung

[07/10/2007|17:32] C:\DOCUME~1\Linkthe\APPLIC~1\Screenshot Sender

[27/02/2010|22:43] C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings

[24/09/2006|20:16] C:\DOCUME~1\Linkthe\APPLIC~1\Skype

[21/02/2006|14:04] C:\DOCUME~1\Linkthe\APPLIC~1\SmartFTP

[07/03/2009|15:28] C:\DOCUME~1\Linkthe\APPLIC~1\Sonic

[12/04/2007|20:08] C:\DOCUME~1\Linkthe\APPLIC~1\Sony

[29/11/2007|21:09] C:\DOCUME~1\Linkthe\APPLIC~1\Sony Setup

[23/02/2006|13:45] C:\DOCUME~1\Linkthe\APPLIC~1\Sun

[18/02/2007|01:46] C:\DOCUME~1\Linkthe\APPLIC~1\Talkback

[25/02/2010|16:21] C:\DOCUME~1\Linkthe\APPLIC~1\teamspeak2

[17/02/2010|23:07] C:\DOCUME~1\Linkthe\APPLIC~1\TS3Client

[08/02/2010|15:15] C:\DOCUME~1\Linkthe\APPLIC~1\uTorrent

[28/06/2008|14:55] C:\DOCUME~1\Linkthe\APPLIC~1\Ventrilo

[04/12/2009|12:15] C:\DOCUME~1\Linkthe\APPLIC~1\vlc

 

[20/09/2009|10:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe

[03/01/2005|07:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[16/01/2006|19:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[24/03/2008|22:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[17/02/2010 23:08][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[17/01/2007 21:51][--a------] C:\WINDOWS\tasks\Connexion facile à Internet.job

[27/02/2010 22:39][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[03/12/2009|22:07] C:\Program Files\Adobe

[10/02/2006|18:21] C:\Program Files\AimOne_AlltoMP3

[08/06/2008|00:15] C:\Program Files\AMVapp

[19/08/2008|13:30] C:\Program Files\Apple Software Update

[27/02/2010|22:42] C:\Program Files\Application Updater

[10/10/2009|14:32] C:\Program Files\ArcSoft

[14/03/2006|14:42] C:\Program Files\ATI Technologies

[03/02/2008|16:19] C:\Program Files\Audacity

[19/09/2009|13:21] C:\Program Files\Avira

[08/06/2008|00:14] C:\Program Files\AviSynth 2.5

[31/05/2008|14:18] C:\Program Files\AVS4YOU

[31/01/2010|12:34] C:\Program Files\Blip Blop

[09/01/2010|14:23] C:\Program Files\Bodom-Child - RaBBi

[07/09/2009|18:51] C:\Program Files\Bodom-Child - RaBBi(2)

[09/09/2009|17:43] C:\Program Files\Bonjour

[07/09/2009|18:52] C:\Program Files\Bonjour(2)

[29/04/2009|23:41] C:\Program Files\CCleaner

[12/06/2008|08:57] C:\Program Files\Common Files

[24/11/2004|02:37] C:\Program Files\ComPlus Applications

[29/11/2007|21:38] C:\Program Files\CSE Demoplayer

[19/03/2006|13:37] C:\Program Files\Custom-Strike

[16/09/2007|01:24] C:\Program Files\DaemonTools_WhenUSave_Installer

[18/02/2007|02:23] C:\Program Files\Darluok Server

[25/11/2007|11:56] C:\Program Files\Disney Imagineering

[17/06/2009|12:46] C:\Program Files\DivX

[07/06/2008|23:25] C:\Program Files\DVD Decrypter

[04/08/2009|14:57] C:\Program Files\EA GAMES

[19/11/2006|10:21] C:\Program Files\Easy Internet signup

[11/08/2009|19:28] C:\Program Files\Electronic Arts

[21/04/2009|16:35] C:\Program Files\eMule

[15/09/2007|02:06] C:\Program Files\Eurobarre

[07/05/2006|14:13] C:\Program Files\Fake Webcam

[08/06/2008|00:07] C:\Program Files\ffdshow

[26/02/2010|20:02] C:\Program Files\Fichiers communs

[01/04/2008|21:24] C:\Program Files\FileZilla FTP Client

[04/08/2006|09:57] C:\Program Files\Free Audio Pack

[21/03/2007|18:00] C:\Program Files\Free Download Manager

[14/01/2006|20:05] C:\Program Files\Free.fr

[04/12/2009|12:06] C:\Program Files\Freeplayer

[09/11/2008|09:17] C:\Program Files\Frets on Fire

[23/12/2009|13:22] C:\Program Files\Full Tilt Poker

[16/10/2009|13:41] C:\Program Files\GameSpy Arcade

[04/03/2006|21:53] C:\Program Files\GIMP-2.0

[19/11/2007|21:04] C:\Program Files\GoldWave

[09/04/2007|21:18] C:\Program Files\Google

[11/09/2009|20:54] C:\Program Files\GUILD WARS

[14/10/2008|14:25] C:\Program Files\Guitar Pro 5

[03/01/2005|07:56] C:\Program Files\Hewlett-Packard

[02/04/2008|19:36] C:\Program Files\HLSW

[03/01/2005|07:44] C:\Program Files\HP

[19/09/2009|19:02] C:\Program Files\IKEA HomePlanner

[10/10/2009|14:32] C:\Program Files\InstallShield Installation Information

[22/01/2010|22:21] C:\Program Files\Internet Explorer

[03/01/2005|07:57] C:\Program Files\InterVideo

[09/09/2009|17:44] C:\Program Files\iPod

[07/09/2009|18:51] C:\Program Files\iPod(2)

[09/09/2009|17:45] C:\Program Files\iTunes

[07/09/2009|18:51] C:\Program Files\iTunes(2)

[10/11/2009|18:39] C:\Program Files\Java

[07/06/2008|10:37] C:\Program Files\KeepV Converter

[30/01/2006|19:19] C:\Program Files\Kodak

[13/01/2007|21:48] C:\Program Files\Landes Eternelles

[22/03/2008|15:43] C:\Program Files\LimeWire

[18/03/2006|19:09] C:\Program Files\Logitech

[30/09/2007|16:11] C:\Program Files\Magicbit

[26/02/2010|22:40] C:\Program Files\Malwarebytes' Anti-Malware

[08/10/2008|20:10] C:\Program Files\Messenger

[02/02/2008|01:39] C:\Program Files\MessengerDiscovery

[16/09/2009|16:41] C:\Program Files\Microsoft

[17/09/2009|20:37] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[25/11/2004|04:27] C:\Program Files\microsoft frontpage

[19/01/2006|17:27] C:\Program Files\Microsoft Office

[16/09/2009|16:41] C:\Program Files\Microsoft Office Outlook Connector

[05/01/2008|19:54] C:\Program Files\Microsoft Research Asia

[20/01/2010|16:45] C:\Program Files\Microsoft Silverlight

[12/04/2007|20:02] C:\Program Files\Microsoft SQL Server

[16/09/2009|16:39] C:\Program Files\Microsoft SQL Server Compact Edition

[16/09/2009|16:40] C:\Program Files\Microsoft Sync Framework

[03/01/2005|07:59] C:\Program Files\Microsoft Works

[12/07/2009|10:48] C:\Program Files\Microsoft WSE

[19/01/2006|17:27] C:\Program Files\Microsoft.NET

[30/09/2007|15:54] C:\Program Files\MIKSOFT

[18/01/2006|20:19] C:\Program Files\Mindscape

[27/11/2009|23:09] C:\Program Files\mIRC

[15/08/2009|21:45] C:\Program Files\Miscelnia

[07/10/2008|16:44] C:\Program Files\Movie Maker

[28/02/2010|10:15] C:\Program Files\Mozilla Firefox

[29/11/2007|21:25] C:\Program Files\MSBuild

[19/05/2007|08:50] C:\Program Files\MSN

[25/11/2004|04:27] C:\Program Files\MSN Gaming Zone

[16/09/2009|16:46] C:\Program Files\MSN Messenger

[23/06/2006|06:06] C:\Program Files\MSXML 4.0

[01/12/2007|07:49] C:\Program Files\MSXML 6.0

[07/03/2006|19:23] C:\Program Files\Neoact

[14/05/2006|08:52] C:\Program Files\Nero

[07/10/2008|16:40] C:\Program Files\NetMeeting

[17/05/2008|19:41] C:\Program Files\Notepad++

[25/11/2004|04:27] C:\Program Files\Online Services

[12/08/2009|22:44] C:\Program Files\Outlook Express

[29/03/2007|16:31] C:\Program Files\PacificPoker

[16/02/2010|10:25] C:\Program Files\Paradise Online

[15/09/2009|18:37] C:\Program Files\PDFCreator

[27/02/2010|22:42] C:\Program Files\pdfforge Toolbar

[09/06/2007|00:48] C:\Program Files\PhotoFiltre Studio

[29/09/2009|19:47] C:\Program Files\PokerStars

[05/05/2006|16:22] C:\Program Files\Prana-Updater

[07/04/2008|23:28] C:\Program Files\QuickPar

[14/10/2009|22:21] C:\Program Files\QuickTime

[07/09/2009|18:51] C:\Program Files\QuickTime(2)

[04/02/2008|17:18] C:\Program Files\Red Kawa

[29/11/2007|21:18] C:\Program Files\Reference Assemblies

[16/05/2007|13:46] C:\Program Files\RO

[25/12/2006|14:43] C:\Program Files\S2SaTstrat

[14/10/2009|22:10] C:\Program Files\Safari

[14/01/2006|19:45] C:\Program Files\SAGEM

[10/10/2009|14:52] C:\Program Files\Salix

[23/08/2007|14:49] C:\Program Files\Samsung

[03/01/2005|08:12] C:\Program Files\Services en ligne

[06/01/2008|21:11] C:\Program Files\Sierra On-Line

[11/06/2009|08:55] C:\Program Files\Smallvideosoft

[21/02/2006|14:04] C:\Program Files\SmartFTP Client 2.0

[21/02/2006|14:03] C:\Program Files\SmartFTP Client 2.0 Setup Files

[05/08/2007|12:31] C:\Program Files\SMTown-Online

[03/03/2008|21:48] C:\Program Files\Sony

[30/07/2006|09:36] C:\Program Files\Spybot - Search & Destroy

[17/02/2010|22:43] C:\Program Files\Steam

[29/09/2009|19:52] C:\Program Files\StepMania

[27/02/2010|22:39] C:\Program Files\Symantec

[17/02/2010|23:05] C:\Program Files\TeamSpeak 3 Client

[27/05/2008|16:26] C:\Program Files\Teamspeak2_RC2

[04/10/2008|21:52] C:\Program Files\Titan Poker

[27/02/2010|22:47] C:\Program Files\trend micro

[12/04/2007|20:03] C:\Program Files\Uninstall Information

[23/06/2008|20:41] C:\Program Files\uTorrent

[07/11/2009|22:58] C:\Program Files\Ventrilo

[29/01/2006|09:10] C:\Program Files\VideoLAN

[18/03/2006|22:23] C:\Program Files\VideoMach-3.4.1

[26/08/2006|00:40] C:\Program Files\Virtual Personality

[08/06/2008|00:17] C:\Program Files\VirtualDub-Mpeg2 1.6.14 VF

[05/08/2007|12:32] C:\Program Files\Way of Elendil

[18/01/2006|20:28] C:\Program Files\Web Publish

[16/09/2009|16:40] C:\Program Files\Windows Live

[16/09/2009|16:36] C:\Program Files\Windows Live SkyDrive

[07/10/2008|16:40] C:\Program Files\Windows Media Player

[07/10/2008|16:40] C:\Program Files\Windows NT

[24/11/2004|02:37] C:\Program Files\WindowsUpdate

[22/04/2006|22:27] C:\Program Files\WinRAR

[25/11/2004|04:28] C:\Program Files\xerox

[08/06/2008|00:15] C:\Program Files\Xvid

[14/05/2006|08:50] C:\Program Files\Yahoo!

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[02/03/2009|12:13] C:\Program Files\Fichiers communs\Adobe

[04/04/2006|07:15] C:\Program Files\Fichiers communs\Adobe Systems Shared

[14/05/2006|08:52] C:\Program Files\Fichiers communs\Ahead

[14/10/2009|22:19] C:\Program Files\Fichiers communs\Apple

[10/10/2009|14:34] C:\Program Files\Fichiers communs\ArcSoft

[31/05/2008|14:18] C:\Program Files\Fichiers communs\AVSMedia

[29/01/2009|08:45] C:\Program Files\Fichiers communs\Blizzard Entertainment

[19/01/2006|17:27] C:\Program Files\Fichiers communs\DESIGNER

[17/06/2009|12:45] C:\Program Files\Fichiers communs\DivX Shared

[04/03/2006|21:52] C:\Program Files\Fichiers communs\GTK

[03/01/2005|07:50] C:\Program Files\Fichiers communs\Hewlett-Packard

[03/01/2005|07:47] C:\Program Files\Fichiers communs\HP

[03/01/2005|08:02] C:\Program Files\Fichiers communs\InstallShield

[03/01/2005|07:30] C:\Program Files\Fichiers communs\Java

[30/01/2006|19:18] C:\Program Files\Fichiers communs\Kodak

[18/03/2006|19:09] C:\Program Files\Fichiers communs\Logitech

[02/03/2009|12:08] C:\Program Files\Fichiers communs\Macrovision Shared

[17/09/2009|20:35] C:\Program Files\Fichiers communs\Microsoft Shared

[25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap

[03/01/2005|08:03] C:\Program Files\Fichiers communs\muvee Technologies

[25/11/2004|04:26] C:\Program Files\Fichiers communs\ODBC

[10/10/2009|14:52] C:\Program Files\Fichiers communs\PAC207

[01/02/2005|08:50] C:\Program Files\Fichiers communs\Services

[03/01/2005|07:54] C:\Program Files\Fichiers communs\Sonic Shared

[25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines

[03/01/2005|07:55] C:\Program Files\Fichiers communs\SureThing Shared

[27/02/2010|22:30] C:\Program Files\Fichiers communs\Symantec Shared

[16/09/2009|16:41] C:\Program Files\Fichiers communs\System

[03/01/2005|07:55] C:\Program Files\Fichiers communs\TiVo Shared

[17/05/2008|21:39] C:\Program Files\Fichiers communs\Vbox

[16/09/2009|16:29] C:\Program Files\Fichiers communs\Windows Live

[07/11/2009|22:58] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 40 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-28 14:20:40

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

C:\DOCUME~1\Linkthe\LOCALS~1\APPLIC~1\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims 2 : Boit@Look.lnk 1098 bytes hidden from API

scan completed successfully

hidden processes: 0

hidden files: 1

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Linkthe\Bureau\L!nkth3\Programmes\[Nero.Burning.Rom.7.?????].Nero7_keygen.exe

C:\DOCUME~1\Linkthe\Mes documents\LimeWire\Saved\Cracks,serialnumbers,keygenerators,nero,corel draw,antivirus,adobe,macromedia, norton,paint shop pro,winrar,winzip,x win,ast.doc

C:\DOCUME~1\Linkthe\Mes documents\LimeWire\Saved\~$acks,serialnumbers,keygenerators,nero,corel draw,antivirus,adobe,macromedia, norton,paint shop pro,winrar,winzip,x win,ast.doc

 

 

[F:39][D:7]-> C:\DOCUME~1\Linkthe\LOCALS~1\Temp

[F:22][D:0]-> C:\DOCUME~1\Linkthe\Cookies

[F:146][D:5]-> C:\DOCUME~1\Linkthe\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 27/02/2010|23:50 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 28/02/2010|14:23 - Option : [2]

 

--------------------\\ Fin du rapport a 14:23:21

 

 

 

Mon ordi est hors de danger ? ^^"

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)
Mon ordi est hors de danger ? ^^"

Non...tant que tu utiliseras ce type de programme ^^ >>

C:\DOCUME~1\Linkthe\Bureau\L!nkth3\Programmes\[Nero.Burning.Rom.7.?????].Nero7_keygen.exe

C:\DOCUME~1\Linkthe\Mes documents\LimeWire\Saved\Cracks,serialnumbers,keygenerators,nero,corel draw,antivirus,adobe,macromedia, norton,paint shop pro,winrar,winzip,x win,ast.doc

C:\DOCUME~1\Linkthe\Mes documents\LimeWire\Saved\~$acks,serialnumbers,keygenerators,nero,corel draw,antivirus,adobe,macromedia, norton,paint shop pro,winrar,winzip,x win,ast.doc

Ce qui suit n'est pas pour faire la morale, mais vise plutôt à te faire prendre conscience des risques liés à l'utilisation des cracks/Keygen/serials et des logiciels P2P!! Pour t'en convaincre, lis ces topics très clairs:

 

*Article de Malekal concernant les cracks => http://forum.malekal.com/viewtopic.php?f=33&t=893

*Article de Ogu sur les fausses idées concernant le peer to peer => img-103332veltm.jpg (clique sur l'image).

 

Les infections véhiculées pas le peer to peer sont une menace réelle!! par exemple le vers Worm.Win32_Sumom-A qui est un ver de messagerie instantanée et de réseaux peer-to-peer,se met dans le dossier incoming/Shared afin d'être expédié à toutes les personnes qui partagent tes téléchargements...=> http://www.virustraq.com/info_virus/10134/details/

Maintenant que tu sais, c'est à toi de voir... est ce que ca vaut le coup de risquer une grosse infection(et mettre tes données en peril)? La plupart des logiciels payants ont un équivalent en freeware.

 

A des fins d'analyse de virus/malwares, nous téléchargeons de nombreux cracks: il se trouve que ce sont quasiment tous des malwares. Aussi fais vraiment attention car rien n'est vraiment gratuit sur la toile!

********

LOP S&D a fait le boulot et nettoyé les restes.

Tu avais utilisé ComboFix: j'aurais aimé voir le contenu du rapport. Il se trouve dans le répertoire C:\et se nomme ComboFix.txt

Flaos Junior Member

Flaos

Posté(e)
  • Auteur
Posté(e)

Merci de m'avoir montré ces liens ^^, surtout pour le peer to peer, y avait pas mal de choses dont je n'étais pas au courant xD

 

Voilà le rapport de combifix,

 

ComboFix 10-02-25.02 - Linkthe 26/02/2010 19:57:47.1.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1470.1068 [GMT 1:00]

Lancé depuis: C:\Documents and Settings\Linkthe\Mes documents\Téléchargements\ComboFix.exe

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Linkthe\Application Data\Adobe\crc.dat

C:\Documents and Settings\Linkthe\Application Data\Adobe\Player.exe.bak

C:\Documents and Settings\Linkthe\Application Data\avdrn.dat

C:\Documents and Settings\Linkthe\Application Data\wiaserva.log

C:\Program Files\pdfforge Toolbar\SearchSettings.dll

C:\Program Files\Search Settings

C:\Program Files\Search Settings\kb127\SearchSettings.dll

C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll

C:\Program Files\Search Settings\SearchSettings.exe

C:\WINDOWS\srchasst\nls302en.lex

C:\WINDOWS\system32\jbeoykcw.ini

C:\WINDOWS\system32\lajdljlj.ini

C:\WINDOWS\system32\lsfgcopr.ini

C:\WINDOWS\system32\ps2.bat

C:\WINDOWS\system32\SIntf16.dll

C:\WINDOWS\system32\TutDKRqr.ini

C:\WINDOWS\system32\TutDKRqr.ini2

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_TDSSserv

-------\Service_TDSSserv

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-26 au 2010-02-26 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-26 08:50:12 . 2008-04-13 19:40:26 34688 ----a-w- C:\WINDOWS\system32\drivers\lbrtfdc.sys

2010-02-26 08:50:12 . 2008-04-13 19:40:26 34688 ----a-w- C:\WINDOWS\system32\dllcache\lbrtfdc.sys

2010-02-26 08:48:12 . 2008-04-13 19:41:22 8576 ----a-w- C:\WINDOWS\system32\drivers\i2omgmt.sys

2010-02-26 08:48:12 . 2008-04-13 19:41:22 8576 ----a-w- C:\WINDOWS\system32\dllcache\i2omgmt.sys

2010-02-26 08:46:58 . 2008-04-13 19:40:58 8192 ----a-w- C:\WINDOWS\system32\drivers\changer.sys

2010-02-26 08:46:58 . 2008-04-13 19:40:58 8192 ----a-w- C:\WINDOWS\system32\dllcache\changer.sys

2010-02-26 08:44:26 . 2010-02-26 08:44:26 116 ----a-w- C:\WINDOWS\system32\fjhdyfhsn.bat

2010-02-25 15:49:29 . 2010-02-25 15:49:29 -------- d-----w- C:\WINDOWS\system32\wbem\Repository

2010-02-25 15:49:04 . 2010-02-25 15:49:04 -------- d-----w- C:\Documents and Settings\Linkthe\Application Data\Free Download Manager

2010-02-17 22:05:26 . 2010-02-17 22:07:02 -------- d-----w- C:\Documents and Settings\Linkthe\Application Data\TS3Client

2010-02-17 22:05:06 . 2010-02-17 22:05:11 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2010-02-16 09:02:44 . 2010-02-16 09:25:49 -------- d-----w- C:\Program Files\Paradise Online

2010-01-31 11:34:09 . 2010-01-31 11:34:56 -------- d-----w- C:\Program Files\Blip Blop

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

 

En me baladant un peu sur le forum j'ai vu que l'utiliser sans la recommandation d'un admin était plutot risqué, j'espère qu'il n'y a rien de grave ^^'

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Non rien de grave je te rassure :P c'était juste pour voir ce qu'il avait supprimé.

Tu peux désinstaller ComboFix comme ceci à présent >>

 

Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) > et copie/colle ceci >

 

ComboFix /uninstall (il y a un espace entre x et / si tu recopies la commande manuellement)

 

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc.

 

Désinstalle ce programme si tu trouves => pdfforge Toolbar v1.1.1

 

On supprime les dossiers restants avec LOP S&D.

Lance LOP S&D

  • Selectionne le texte ci dessous en entier (sauf le mot CODE) puis fais un clic droit dessus et choisis Copier
    C:\DOCUME~1\Linkthe\APPLIC~1\morebowsone
C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings
C:\DOCUME~1\Linkthe\APPLIC~1\pdfforge
C:\Program Files\pdfforge Toolbar


  • Relance Lop S&D
  • Choisis l'Option 4 (LopScript)
  • Une page blanche va s'ouvrir: fais un clic droit dedans et choisis Coller.
  • Ferme la page: il te sera demandé de la sauvegarder, clique sur le bouton [save]
  • Ne ferme pas la fenêtre durant la suppression!
  • Poste le rapport qui a été créé: si tu ne le vois pas, il se trouve dans le lecteur C:\ et se nomme lopR.txt

Flaos Junior Member

Flaos

Posté(e)
  • Auteur
Posté(e)

Voilà le rapport

 

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : AMD Sempron Processor 3000+ )

BIOS : Phoenix - Award BIOS v6.00PG

USER : Linkthe ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

C:\ (Local Disk) - NTFS - Total:143 Go (Free:55 Go)

D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [4] ( 28/02/2010|16:14 )

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script

 

C:\DOCUME~1\Linkthe\APPLIC~1\morebowsone

C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings

C:\DOCUME~1\Linkthe\APPLIC~1\pdfforge

C:\Program Files\pdfforge Toolbar

 

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\Linkthe\APPLIC~1\morebowsone

Echec ! - C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings

Supprime! - C:\DOCUME~1\Linkthe\APPLIC~1\pdfforge

Supprime! - C:\Program Files\pdfforge Toolbar

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE

 

... C:\DOCUME~1\Linkthe\APPLIC~1\morebowsone -> n'existe pas !

Echec ! - C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings

... C:\DOCUME~1\Linkthe\APPLIC~1\pdfforge -> n'existe pas !

... C:\Program Files\pdfforge Toolbar -> n'existe pas !

 

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[03/01/2005|08:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer

[25/11/2004|04:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities

[03/01/2005|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[03/01/2005|08:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView

[03/01/2005|08:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

 

[03/10/2009|18:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[15/09/2009|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[04/04/2006|07:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

[19/09/2009|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[15/01/2008|17:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[19/09/2009|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[31/05/2008|14:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU

[27/01/2009|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard

[29/09/2009|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Electronic Arts

[15/09/2006|07:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

[03/01/2005|07:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

[03/01/2005|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield

[30/01/2006|19:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak

[26/02/2010|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[26/06/2006|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[16/09/2009|16:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[11/11/2009|09:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS

[21/03/2007|08:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

[03/01/2005|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI

[03/01/2005|07:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic

[29/09/2009|19:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony

[30/07/2006|09:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

[30/07/2009|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[12/05/2008|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania

[16/04/2008|10:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania United

[31/07/2006|16:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems

[12/07/2006|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

 

[03/01/2005|08:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer

[25/11/2004|04:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities

[03/01/2005|08:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[03/01/2005|08:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView

[03/01/2005|08:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

 

 

[22/12/2006|16:32] C:\DOCUME~1\Linkthe\APPLIC~1\.BitTornado

[26/02/2010|20:05] C:\DOCUME~1\Linkthe\APPLIC~1\Adobe

[21/08/2007|08:18] C:\DOCUME~1\Linkthe\APPLIC~1\AdobeUM

[28/05/2009|12:50] C:\DOCUME~1\Linkthe\APPLIC~1\AdSigner

[14/05/2006|10:01] C:\DOCUME~1\Linkthe\APPLIC~1\Ahead

[28/09/2009|18:00] C:\DOCUME~1\Linkthe\APPLIC~1\Apple Computer

[19/08/2009|11:07] C:\DOCUME~1\Linkthe\APPLIC~1\ArcSoft

[14/03/2006|14:42] C:\DOCUME~1\Linkthe\APPLIC~1\ATI

[31/05/2008|14:20] C:\DOCUME~1\Linkthe\APPLIC~1\AVS4YOU

[26/10/2006|07:08] C:\DOCUME~1\Linkthe\APPLIC~1\BitTorrent

[15/06/2007|22:31] C:\DOCUME~1\Linkthe\APPLIC~1\Dev-Cpp

[09/04/2007|21:22] C:\DOCUME~1\Linkthe\APPLIC~1\DivX

[27/02/2009|15:41] C:\DOCUME~1\Linkthe\APPLIC~1\Download Manager

[07/11/2009|21:55] C:\DOCUME~1\Linkthe\APPLIC~1\FileZilla

[25/02/2010|16:49] C:\DOCUME~1\Linkthe\APPLIC~1\Free Download Manager

[24/08/2008|12:32] C:\DOCUME~1\Linkthe\APPLIC~1\fretsonfire

[15/09/2006|17:50] C:\DOCUME~1\Linkthe\APPLIC~1\Google

[18/05/2008|20:12] C:\DOCUME~1\Linkthe\APPLIC~1\GrabIt

[02/05/2006|18:26] C:\DOCUME~1\Linkthe\APPLIC~1\Help

[02/04/2008|19:47] C:\DOCUME~1\Linkthe\APPLIC~1\HLSW

[21/02/2006|10:14] C:\DOCUME~1\Linkthe\APPLIC~1\HP

[20/01/2006|18:42] C:\DOCUME~1\Linkthe\APPLIC~1\HPQ

[25/11/2004|04:26] C:\DOCUME~1\Linkthe\APPLIC~1\Identities

[08/02/2009|10:18] C:\DOCUME~1\Linkthe\APPLIC~1\IndexEducation

[10/10/2009|14:50] C:\DOCUME~1\Linkthe\APPLIC~1\InstallShield

[29/01/2006|18:11] C:\DOCUME~1\Linkthe\APPLIC~1\InterVideo

[07/03/2009|15:28] C:\DOCUME~1\Linkthe\APPLIC~1\Leadertech

[07/08/2009|10:34] C:\DOCUME~1\Linkthe\APPLIC~1\LimeWire

[25/12/2006|03:00] C:\DOCUME~1\Linkthe\APPLIC~1\Macromedia

[26/02/2010|22:40] C:\DOCUME~1\Linkthe\APPLIC~1\Malwarebytes

[18/09/2009|16:32] C:\DOCUME~1\Linkthe\APPLIC~1\Microsoft

[28/10/2009|15:49] C:\DOCUME~1\Linkthe\APPLIC~1\Mozilla

[17/05/2008|20:15] C:\DOCUME~1\Linkthe\APPLIC~1\Notepad++

[12/04/2007|20:09] C:\DOCUME~1\Linkthe\APPLIC~1\Publish Providers

[03/01/2005|08:04] C:\DOCUME~1\Linkthe\APPLIC~1\SampleView

[23/08/2007|16:52] C:\DOCUME~1\Linkthe\APPLIC~1\Samsung

[07/10/2007|17:32] C:\DOCUME~1\Linkthe\APPLIC~1\Screenshot Sender

[27/02/2010|22:43] C:\DOCUME~1\Linkthe\APPLIC~1\Search Settings

[24/09/2006|20:16] C:\DOCUME~1\Linkthe\APPLIC~1\Skype

[21/02/2006|14:04] C:\DOCUME~1\Linkthe\APPLIC~1\SmartFTP

[07/03/2009|15:28] C:\DOCUME~1\Linkthe\APPLIC~1\Sonic

[12/04/2007|20:08] C:\DOCUME~1\Linkthe\APPLIC~1\Sony

[29/11/2007|21:09] C:\DOCUME~1\Linkthe\APPLIC~1\Sony Setup

[23/02/2006|13:45] C:\DOCUME~1\Linkthe\APPLIC~1\Sun

[18/02/2007|01:46] C:\DOCUME~1\Linkthe\APPLIC~1\Talkback

[25/02/2010|16:21] C:\DOCUME~1\Linkthe\APPLIC~1\teamspeak2

[17/02/2010|23:07] C:\DOCUME~1\Linkthe\APPLIC~1\TS3Client

[08/02/2010|15:15] C:\DOCUME~1\Linkthe\APPLIC~1\uTorrent

[28/06/2008|14:55] C:\DOCUME~1\Linkthe\APPLIC~1\Ventrilo

[04/12/2009|12:15] C:\DOCUME~1\Linkthe\APPLIC~1\vlc

 

[20/09/2009|10:04] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe

[03/01/2005|07:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[16/01/2006|19:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[24/03/2008|22:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[17/02/2010 23:08][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[17/01/2007 21:51][--a------] C:\WINDOWS\tasks\Connexion facile à Internet.job

[28/02/2010 15:55][--ah-----] C:\WINDOWS\tasks\SA.DAT

[05/08/2004 19:00][-rah-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[03/12/2009|22:07] C:\Program Files\Adobe

[10/02/2006|18:21] C:\Program Files\AimOne_AlltoMP3

[08/06/2008|00:15] C:\Program Files\AMVapp

[19/08/2008|13:30] C:\Program Files\Apple Software Update

[27/02/2010|22:42] C:\Program Files\Application Updater

[10/10/2009|14:32] C:\Program Files\ArcSoft

[14/03/2006|14:42] C:\Program Files\ATI Technologies

[03/02/2008|16:19] C:\Program Files\Audacity

[19/09/2009|13:21] C:\Program Files\Avira

[08/06/2008|00:14] C:\Program Files\AviSynth 2.5

[31/05/2008|14:18] C:\Program Files\AVS4YOU

[31/01/2010|12:34] C:\Program Files\Blip Blop

[09/01/2010|14:23] C:\Program Files\Bodom-Child - RaBBi

[07/09/2009|18:51] C:\Program Files\Bodom-Child - RaBBi(2)

[09/09/2009|17:43] C:\Program Files\Bonjour

[07/09/2009|18:52] C:\Program Files\Bonjour(2)

[29/04/2009|23:41] C:\Program Files\CCleaner

[12/06/2008|08:57] C:\Program Files\Common Files

[24/11/2004|02:37] C:\Program Files\ComPlus Applications

[29/11/2007|21:38] C:\Program Files\CSE Demoplayer

[19/03/2006|13:37] C:\Program Files\Custom-Strike

[16/09/2007|01:24] C:\Program Files\DaemonTools_WhenUSave_Installer

[18/02/2007|02:23] C:\Program Files\Darluok Server

[25/11/2007|11:56] C:\Program Files\Disney Imagineering

[17/06/2009|12:46] C:\Program Files\DivX

[07/06/2008|23:25] C:\Program Files\DVD Decrypter

[04/08/2009|14:57] C:\Program Files\EA GAMES

[19/11/2006|10:21] C:\Program Files\Easy Internet signup

[11/08/2009|19:28] C:\Program Files\Electronic Arts

[21/04/2009|16:35] C:\Program Files\eMule

[15/09/2007|02:06] C:\Program Files\Eurobarre

[07/05/2006|14:13] C:\Program Files\Fake Webcam

[08/06/2008|00:07] C:\Program Files\ffdshow

[26/02/2010|20:02] C:\Program Files\Fichiers communs

[01/04/2008|21:24] C:\Program Files\FileZilla FTP Client

[04/08/2006|09:57] C:\Program Files\Free Audio Pack

[21/03/2007|18:00] C:\Program Files\Free Download Manager

[14/01/2006|20:05] C:\Program Files\Free.fr

[04/12/2009|12:06] C:\Program Files\Freeplayer

[09/11/2008|09:17] C:\Program Files\Frets on Fire

[23/12/2009|13:22] C:\Program Files\Full Tilt Poker

[16/10/2009|13:41] C:\Program Files\GameSpy Arcade

[04/03/2006|21:53] C:\Program Files\GIMP-2.0

[19/11/2007|21:04] C:\Program Files\GoldWave

[09/04/2007|21:18] C:\Program Files\Google

[11/09/2009|20:54] C:\Program Files\GUILD WARS

[14/10/2008|14:25] C:\Program Files\Guitar Pro 5

[03/01/2005|07:56] C:\Program Files\Hewlett-Packard

[02/04/2008|19:36] C:\Program Files\HLSW

[03/01/2005|07:44] C:\Program Files\HP

[19/09/2009|19:02] C:\Program Files\IKEA HomePlanner

[10/10/2009|14:32] C:\Program Files\InstallShield Installation Information

[22/01/2010|22:21] C:\Program Files\Internet Explorer

[03/01/2005|07:57] C:\Program Files\InterVideo

[09/09/2009|17:44] C:\Program Files\iPod

[07/09/2009|18:51] C:\Program Files\iPod(2)

[09/09/2009|17:45] C:\Program Files\iTunes

[07/09/2009|18:51] C:\Program Files\iTunes(2)

[10/11/2009|18:39] C:\Program Files\Java

[07/06/2008|10:37] C:\Program Files\KeepV Converter

[30/01/2006|19:19] C:\Program Files\Kodak

[13/01/2007|21:48] C:\Program Files\Landes Eternelles

[22/03/2008|15:43] C:\Program Files\LimeWire

[18/03/2006|19:09] C:\Program Files\Logitech

[30/09/2007|16:11] C:\Program Files\Magicbit

[26/02/2010|22:40] C:\Program Files\Malwarebytes' Anti-Malware

[08/10/2008|20:10] C:\Program Files\Messenger

[02/02/2008|01:39] C:\Program Files\MessengerDiscovery

[16/09/2009|16:41] C:\Program Files\Microsoft

[17/09/2009|20:37] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[25/11/2004|04:27] C:\Program Files\microsoft frontpage

[19/01/2006|17:27] C:\Program Files\Microsoft Office

[16/09/2009|16:41] C:\Program Files\Microsoft Office Outlook Connector

[05/01/2008|19:54] C:\Program Files\Microsoft Research Asia

[20/01/2010|16:45] C:\Program Files\Microsoft Silverlight

[12/04/2007|20:02] C:\Program Files\Microsoft SQL Server

[16/09/2009|16:39] C:\Program Files\Microsoft SQL Server Compact Edition

[16/09/2009|16:40] C:\Program Files\Microsoft Sync Framework

[03/01/2005|07:59] C:\Program Files\Microsoft Works

[12/07/2009|10:48] C:\Program Files\Microsoft WSE

[19/01/2006|17:27] C:\Program Files\Microsoft.NET

[30/09/2007|15:54] C:\Program Files\MIKSOFT

[18/01/2006|20:19] C:\Program Files\Mindscape

[27/11/2009|23:09] C:\Program Files\mIRC

[15/08/2009|21:45] C:\Program Files\Miscelnia

[07/10/2008|16:44] C:\Program Files\Movie Maker

[28/02/2010|16:10] C:\Program Files\Mozilla Firefox

[29/11/2007|21:25] C:\Program Files\MSBuild

[19/05/2007|08:50] C:\Program Files\MSN

[25/11/2004|04:27] C:\Program Files\MSN Gaming Zone

[16/09/2009|16:46] C:\Program Files\MSN Messenger

[23/06/2006|06:06] C:\Program Files\MSXML 4.0

[01/12/2007|07:49] C:\Program Files\MSXML 6.0

[07/03/2006|19:23] C:\Program Files\Neoact

[14/05/2006|08:52] C:\Program Files\Nero

[07/10/2008|16:40] C:\Program Files\NetMeeting

[17/05/2008|19:41] C:\Program Files\Notepad++

[25/11/2004|04:27] C:\Program Files\Online Services

[12/08/2009|22:44] C:\Program Files\Outlook Express

[29/03/2007|16:31] C:\Program Files\PacificPoker

[16/02/2010|10:25] C:\Program Files\Paradise Online

[15/09/2009|18:37] C:\Program Files\PDFCreator

[09/06/2007|00:48] C:\Program Files\PhotoFiltre Studio

[29/09/2009|19:47] C:\Program Files\PokerStars

[05/05/2006|16:22] C:\Program Files\Prana-Updater

[07/04/2008|23:28] C:\Program Files\QuickPar

[14/10/2009|22:21] C:\Program Files\QuickTime

[07/09/2009|18:51] C:\Program Files\QuickTime(2)

[04/02/2008|17:18] C:\Program Files\Red Kawa

[29/11/2007|21:18] C:\Program Files\Reference Assemblies

[16/05/2007|13:46] C:\Program Files\RO

[25/12/2006|14:43] C:\Program Files\S2SaTstrat

[14/10/2009|22:10] C:\Program Files\Safari

[14/01/2006|19:45] C:\Program Files\SAGEM

[10/10/2009|14:52] C:\Program Files\Salix

[23/08/2007|14:49] C:\Program Files\Samsung

[03/01/2005|08:12] C:\Program Files\Services en ligne

[06/01/2008|21:11] C:\Program Files\Sierra On-Line

[11/06/2009|08:55] C:\Program Files\Smallvideosoft

[21/02/2006|14:04] C:\Program Files\SmartFTP Client 2.0

[21/02/2006|14:03] C:\Program Files\SmartFTP Client 2.0 Setup Files

[05/08/2007|12:31] C:\Program Files\SMTown-Online

[03/03/2008|21:48] C:\Program Files\Sony

[30/07/2006|09:36] C:\Program Files\Spybot - Search & Destroy

[17/02/2010|22:43] C:\Program Files\Steam

[29/09/2009|19:52] C:\Program Files\StepMania

[27/02/2010|22:39] C:\Program Files\Symantec

[17/02/2010|23:05] C:\Program Files\TeamSpeak 3 Client

[27/05/2008|16:26] C:\Program Files\Teamspeak2_RC2

[04/10/2008|21:52] C:\Program Files\Titan Poker

[27/02/2010|22:47] C:\Program Files\trend micro

[12/04/2007|20:03] C:\Program Files\Uninstall Information

[23/06/2008|20:41] C:\Program Files\uTorrent

[07/11/2009|22:58] C:\Program Files\Ventrilo

[29/01/2006|09:10] C:\Program Files\VideoLAN

[18/03/2006|22:23] C:\Program Files\VideoMach-3.4.1

[26/08/2006|00:40] C:\Program Files\Virtual Personality

[08/06/2008|00:17] C:\Program Files\VirtualDub-Mpeg2 1.6.14 VF

[05/08/2007|12:32] C:\Program Files\Way of Elendil

[18/01/2006|20:28] C:\Program Files\Web Publish

[16/09/2009|16:40] C:\Program Files\Windows Live

[16/09/2009|16:36] C:\Program Files\Windows Live SkyDrive

[07/10/2008|16:40] C:\Program Files\Windows Media Player

[07/10/2008|16:40] C:\Program Files\Windows NT

[24/11/2004|02:37] C:\Program Files\WindowsUpdate

[22/04/2006|22:27] C:\Program Files\WinRAR

[25/11/2004|04:28] C:\Program Files\xerox

[08/06/2008|00:15] C:\Program Files\Xvid

[14/05/2006|08:50] C:\Program Files\Yahoo!

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[02/03/2009|12:13] C:\Program Files\Fichiers communs\Adobe

[04/04/2006|07:15] C:\Program Files\Fichiers communs\Adobe Systems Shared

[14/05/2006|08:52] C:\Program Files\Fichiers communs\Ahead

[14/10/2009|22:19] C:\Program Files\Fichiers communs\Apple

[10/10/2009|14:34] C:\Program Files\Fichiers communs\ArcSoft

[31/05/2008|14:18] C:\Program Files\Fichiers communs\AVSMedia

[29/01/2009|08:45] C:\Program Files\Fichiers communs\Blizzard Entertainment

[19/01/2006|17:27] C:\Program Files\Fichiers communs\DESIGNER

[17/06/2009|12:45] C:\Program Files\Fichiers communs\DivX Shared

[04/03/2006|21:52] C:\Program Files\Fichiers communs\GTK

[03/01/2005|07:50] C:\Program Files\Fichiers communs\Hewlett-Packard

[03/01/2005|07:47] C:\Program Files\Fichiers communs\HP

[03/01/2005|08:02] C:\Program Files\Fichiers communs\InstallShield

[03/01/2005|07:30] C:\Program Files\Fichiers communs\Java

[30/01/2006|19:18] C:\Program Files\Fichiers communs\Kodak

[18/03/2006|19:09] C:\Program Files\Fichiers communs\Logitech

[02/03/2009|12:08] C:\Program Files\Fichiers communs\Macrovision Shared

[17/09/2009|20:35] C:\Program Files\Fichiers communs\Microsoft Shared

[25/11/2004|04:26] C:\Program Files\Fichiers communs\MSSoap

[03/01/2005|08:03] C:\Program Files\Fichiers communs\muvee Technologies

[25/11/2004|04:26] C:\Program Files\Fichiers communs\ODBC

[10/10/2009|14:52] C:\Program Files\Fichiers communs\PAC207

[01/02/2005|08:50] C:\Program Files\Fichiers communs\Services

[03/01/2005|07:54] C:\Program Files\Fichiers communs\Sonic Shared

[25/11/2004|04:26] C:\Program Files\Fichiers communs\SpeechEngines

[03/01/2005|07:55] C:\Program Files\Fichiers communs\SureThing Shared

[27/02/2010|22:30] C:\Program Files\Fichiers communs\Symantec Shared

[16/09/2009|16:41] C:\Program Files\Fichiers communs\System

[03/01/2005|07:55] C:\Program Files\Fichiers communs\TiVo Shared

[17/05/2008|21:39] C:\Program Files\Fichiers communs\Vbox

[16/09/2009|16:29] C:\Program Files\Fichiers communs\Windows Live

[07/11/2009|22:58] C:\Program Files\Fichiers communs\Wise Installation Wizard

 

--------------------\\ Process

 

( 38 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-28 16:18:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

C:\DOCUME~1\Linkthe\LOCALS~1\APPLIC~1\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims 2 : Boit@Look.lnk 1098 bytes hidden from API

scan completed successfully

hidden processes: 0

hidden files: 1

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\Linkthe\Mes documents\LimeWire\Saved\~$acks,serialnumbers,keygenerators,nero,corel draw,antivirus,adobe,macromedia, norton,paint shop pro,winrar,winzip,x win,ast.doc

 

 

[F:43][D:9]-> C:\DOCUME~1\Linkthe\LOCALS~1\Temp

[F:23][D:0]-> C:\DOCUME~1\Linkthe\Cookies

[F:150][D:5]-> C:\DOCUME~1\Linkthe\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 27/02/2010|23:50 - Option : [1]

2 - "C:\Lop SD\LopR_2.txt" - 28/02/2010|14:23 - Option : [2]

3 - "C:\Lop SD\LopR_3.txt" - 28/02/2010|16:22 - Option : [4]

 

--------------------\\ Fin du rapport a 16:22:01

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...