Sujet Précédent Sujet Suivant

Plus aucune protection

Fermé
Virginie - 15 nov. 2008 à 21:22
 Virginie - 15 nov. 2008 à 23:11
Bonsoir,

J ai un gros soucis ! Je suis quasiment sûr que je navigue sans protection ! Au demarrage de ma machine , il ne me demarre " plus" mes protections habituelles . Et quand , j essaye de les lancer directement , il me dit que ce ne sont pas des applications win32 valide .De plus j ai l impression que je n ai qu un certain temps avant qu internet soit comletement gelé.

Est ce que l un d entre vous pourait me venir aide ?

15 réponses

Réponse 1 / 15
Utilisateur anonyme
15 nov. 2008 à 21:26
Hi,

1- Télécharges- FindyKill de Chiquitine29 :

FindyKill de Chiquitine29

->-Enregistres le sur ton bureau et pas ailleurs !

-!! Déconnectes toi et fermes toute applications en cours !!

( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

-> Cliques sur "-FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.


-Notes importantes :
* si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

--> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .

-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
1
Virginie
15 nov. 2008 à 21:34
Je ne peux pas repondre à tout le monde par peur qu internet se gèle .

Voilà le rapport demandé :


----------------- FindyKill V4.700 ------------------

* User : Admin - XPSP2-B08C5FE6A
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 13/11/08 par Chiquitine29
* Recherche effectuée à 21:30:46 le 15/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\169500.EXE-26E66438.pf
Found ! - C:\WINDOWS\prefetch\215171.EXE-245A053D.pf
Found ! - C:\WINDOWS\prefetch\217953.EXE-154685D7.pf
Found ! - C:\WINDOWS\prefetch\224406.EXE-3518837C.pf
Found ! - C:\WINDOWS\prefetch\338359.EXE-17849BE2.pf
Found ! - C:\WINDOWS\prefetch\363281.EXE-16C30D63.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-1808CC41.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [15/11/2008 21:16] - C:\WINDOWS\system32\mdelk.exe
Found ! [15/11/2008 21:16] - C:\WINDOWS\system32\wintems.exe
Found ! [15/11/2008 21:28] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [15/11/2008 21:27] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [15/11/2008 21:27] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [09/01/2006 06:03] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [15/11/2008 21:29] - "C:\WINDOWS\system32\drivers\downld"
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\169500.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\182640.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\183750.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\193203.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\194078.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\215171.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\217953.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\225421.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\236968.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\299796.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\340953.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\359937.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Admin\Application Data

Found ! [15/11/2008 21:16] - "C:\Documents and Settings\Admin\Application Data\m\flec006.exe"
Found ! [15/11/2008 21:16] - "C:\Documents and Settings\Admin\Application Data\m\list.oct"
Found ! [15/11/2008 21:17] - "C:\Documents and Settings\Admin\Application Data\m\data.oct"
Found ! [15/11/2008 21:17] - "C:\Documents and Settings\Admin\Application Data\m\srvlist.oct"
Found ! [15/11/2008 21:17] - "C:\Documents and Settings\Admin\Application Data\m\shared"
Found ! [15/11/2008 21:17] - "C:\Documents and Settings\Admin\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\Admin\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5

Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[2].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_2[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[2].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[2].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64_2[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_1[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_3[1].jpg

--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
nwiz REG_SZ nwiz.exe /install
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
CmPCIaudio REG_SZ RunDll32 CMICNFG3.cpl,CMICtrlWnd
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Google Update REG_SZ "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM


+- Contenu de l'autorun : C:\autorun.inf

[autorun]
icon=vista.ico

+- presence des fichiers :

Found ! [15/04/2007 11:57][---hs----] - C:\autorun.inf


--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 2 / 15
AlainBE Messages postés 249 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 juillet 2012 30
15 nov. 2008 à 21:24
Bonsoir Virgine,

Quelles étaient tes protections habituelles?
0
Réponse 3 / 15
vrille1 Messages postés 489 Date d'inscription samedi 15 novembre 2008 Statut Membre Dernière intervention 14 novembre 2009 12
15 nov. 2008 à 21:25
salut regarde deja si dans ta barre de bureau en bas a gauche si ton antivirus et activer si il ne l'est pas il y auras un x dessus
0
Réponse 4 / 15
Utilisateur anonyme
15 nov. 2008 à 21:43
Hi,


Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA

BAGLE.

Vire tout t'es cracks,sinon cela recommencera.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir

--> Double-clique sur le raccourci FindyKill sur ton bureau

--> Au menu principal, choisis l'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
télécharge hijackthis
-> enregistre la cible sous .... "le bureau"

-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

-> Clique sur Install ensuite sur "I Accept"

-> Clique sur" Do a scan system and save log file"

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

->Tuto hijackthis(Merci à Balltrap34)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Virginie
15 nov. 2008 à 21:54
Voici déjà le premier rapport :

----------------- FindyKill V4.700 ------------------

* User : Admin - XPSP2-B08C5FE6A
* executed from : C:\Program Files\FindyKill
* Update on 13/11/08 par Chiquitine29
* Start at 21:49:02 the 15/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LogonUI.EXE
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\169500.EXE-26E66438.pf
Deleted ! - C:\WINDOWS\prefetch\181312.EXE-1B624D9D.pf
Deleted ! - C:\WINDOWS\prefetch\197921.EXE-37063310.pf
Deleted ! - C:\WINDOWS\prefetch\207562.EXE-08C501C0.pf
Deleted ! - C:\WINDOWS\prefetch\215171.EXE-245A053D.pf
Deleted ! - C:\WINDOWS\prefetch\217953.EXE-154685D7.pf
Deleted ! - C:\WINDOWS\prefetch\224406.EXE-3518837C.pf
Deleted ! - C:\WINDOWS\prefetch\338359.EXE-17849BE2.pf
Deleted ! - C:\WINDOWS\prefetch\363281.EXE-16C30D63.pf
Deleted ! - C:\WINDOWS\prefetch\491125.EXE-0371B6B9.pf
Deleted ! - C:\WINDOWS\prefetch\504328.EXE-24B3ABC2.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-1808CC41.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\169500.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\182640.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\183750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\188421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\190000.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\193203.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\197921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\207562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\212187.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\215171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\217953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\225421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\231546.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\236968.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\299796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\340953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\359937.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\385234.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\491125.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\498843.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\509421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\570062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\579718.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression files in C:\Documents and Settings\Admin\Application Data

Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\12Ghosts Clip .27.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\156-215 - Check Point Security Administration NGX (156-215.1) Practice Test Questions 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\@PROMT_English-Russian_Express_Translator_7.0_(Key).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Actual_Worktime_2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Adsense_Notifier_0.8.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Affiliate_Pro_2.2_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ALTools Lunar Zodiac Dragon Wallpaper 2005 (Key+Serial).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Anti-Spy.Info adware remover 1.7.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Antispyware_5.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Auction_Tender_6.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Avex DVD to Zune Video Suite 4.5 Build 02.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Avisynth Batch Scripter 0.5.2.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Barcode_Alpha_1.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Binary_Vortex_4.2_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ByteWedge 2.2 (build 1397) [Patch].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\CapitalGain_1.2.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Casino_Verite_Pai_Gow_Poker_1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ChordWizard Gold 2.01a.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\CoffeeCup_PixConverter_4.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Collective_News_Wire_Service_1.0_(Key+Serial).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ContactKeeper 1.4.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\CSCryptoX_1.32_[KeyGen].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\DelayPack_1.2.1_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Deskman_SE_7.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\EasyBurn 4.0.0.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\eBay_Widget_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Extended_Password_Generator_1.5.1.628.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Fatsondo 1.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FlashPlayerControl_.NET_2.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Flash_File_Recovery_2.2_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FlexTouch_3.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FrameServer 2.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FuzzyDupes_2007_5.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GALtoDB 3.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Geniecommands_1.01.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Ghost Forest Screen Saver 2 1.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Girly 0.0.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GotVoice 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Gplex Crawler 2.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Graphite Clock 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Gravity Deluxe 1.01.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GSGlossary 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GS_SLEEP_1.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\HiFi MP3 WAV Converter 3.00.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\honestech Easy Video Editor 2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\HtmlSnap_ActiveX_Control_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\IE Quick Start.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Image_Size_2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ImTOO_Audio_Encoder_2.1.64.0727.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Incredimail Email Address Extractor Pro 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\InfGadget 3.007a.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Internet Lock 5.1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ionReader Pro 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Jaiva-Dharma_1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Join (Merge, Combine) Multiple (or Two) Image Files Into One Software 7.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\jRestaurant_3.0.0_[Patch].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Just Watching 2.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Kate's Video Converter 2.8.4.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Kerio.Winroute.Firewall.6.0.0.With.Mcafee.Multilanguage.With.Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Keyboard_Tweaker_2.3_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\LeAN OVER 2.7.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Letterman_Spam_Control_Pro_3.5_build_281.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\LifePreserver 2.3.0.54.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MagicSRF_AutoCAD_&_BricsCAD_Surface_Area_Manager_4.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Magic_DVD_Creator_8.0.1.18_[Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Material_Safety_Viewer_1.0_(Patch).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Miami Toolbar 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MIDCNTIN 1.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MiM_Lite_A_(Eng)_1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MM3-ProxySwitch_2007.20.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Model_Analyzer_for_Excel_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Monet Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MP3_BR_Imager_1.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MP3_Tools_for_Windows_2.1_(Key).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MrSwing Messenger 1.2.3.143.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MyNapster 3.4.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MythusCDRipper_2.0_(Key+Serial).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Naevius_Directory_Watcher_1.0_[Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\NetSecrets_[e-mail]_2.4_(With_Crack).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\NewsBliss_2.2.10.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\nod32 20050614.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\NoteZ_1.1.52.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\novaPDF_Pro_5.2_Build_229_[Cracked].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\No_Fuss_Screenshot_1.6.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\OpenX for Oracle 7i, 8i 2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\OraSphere_Query_Master_1.4.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Oxigen ASP Dropdown 1.0 build 0.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\PC_Sound_Recorder_and_Editor_WMA_1.05_Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Perl_Builder_2k.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Piano ChordZ 4.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\PopupNukerPro_2005_1.0.10.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\PostCard Maker 1.0.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\protalentPERFORMER_Deluxe_1.95.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ProxyList_Grabber_1.1.10.3_Key.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Qedoc_Quiz_Maker_1.60.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Rapid_Screen_Capture_2.1_(Crack).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Real Estate Manager 1.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\RecoveryFIX_for_Outlook_4.05.01_With_Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\redfm_player_1.1b.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Rich_Editor_2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SceneWriter_Pro_3.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Secret_Of_The_Seven_Scrolls_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SlideMate_3.0_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Small_Business_Tracker_Deluxe_1.8.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SmartBee_3.10.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Smartstock 7.2.0 [Crack].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SophoS.Antivirus.V3.91.LINUX.Multilanguage-FeDEX.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Spellforce_The_Order_of_Dawn_v1.38_patch.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SSForge Business 1.24 Build 80123.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Submit_News_4.2_(Cracked).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Tech-Pro_POP3_Pal_1.13_(Key).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\The Bat! Home Edition 4.0.24.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\TigerII_WAP_Tools_1.0.1_Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\TimeRanger_1.6.2_build_89.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\UberNES_3.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Unreal_Tournament_2003_-_Egypt_Cube_deathmatch_map.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Unreal_Tournament_2003_-_New_Sounds_mod.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\VideoEdit Mobile ActiveX Control 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WebFetch_1.0_beta.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Web_Scraper_Lite_5.0.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WhoCalls_1.7.1_[Crack].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Winamp Playlist Manager Build 3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WinCleaner_AntiSpyware_5.58.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WinFax_Pro_Automator_for_Word_2.0_Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\World Cup Screensaver 1.02 Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WorldClock_4.0_Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\X'SqueezeMe_5.04.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\XSBar 3.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Your_Uninstaller!_2006_5.0.0.360.zip
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m"

»»»» Supression files in C:\DOCUME~1\Admin\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_3[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Deleted ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !


+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM


+- deleting files :

Deleted ! - C:\autorun.inf

--------------- [ Registry / Moutpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------
0
Virginie
15 nov. 2008 à 21:56
Voilà celui d Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:13, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.5.115.170:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{523B4409-EADB-43A4-87D2-021CE727303D}: NameServer = 217.169.242.2,217.169.242.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A8ABF5-2A8B-439F-934C-A88C763F81FA}: NameServer = 217.169.242.2 217.169.242.3
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
0
Réponse 6 / 15
Utilisateur anonyme
15 nov. 2008 à 22:02
Hi,

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Alut.
0
Réponse 7 / 15
Virginie
15 nov. 2008 à 22:10
Voilà le rapport :

F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------

START at: 22:08:40 | 15/11/2008
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
Internet Explorer: 6.0.2900.2180
OPTION: Scan
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Admin | PC: XPSP2-B08C5FE6A
BOOT MODE: Normal
DRIVE(S): C:\
~> Systemdrive: C:\

--------- [ PROCESSES ] ---------

\SystemRoot\System32\smss.exe [588]
\??\C:\WINDOWS\system32\csrss.exe [712]
\??\C:\WINDOWS\system32\winlogon.exe [736]
C:\WINDOWS\system32\services.exe [780]
C:\WINDOWS\system32\lsass.exe [792]
C:\WINDOWS\system32\svchost.exe [968]
C:\WINDOWS\system32\svchost.exe [1012]
C:\WINDOWS\System32\svchost.exe [1152]
C:\WINDOWS\system32\svchost.exe [1224]
C:\WINDOWS\system32\spoolsv.exe [1548]
C:\WINDOWS\system32\svchost.exe [1720]
C:\Program Files\Java\jre6\bin\jqs.exe [1764]
C:\WINDOWS\system32\lxcrcoms.exe [1792]
C:\Program Files\CDBurnerXP\NMSAccessU.exe [1832]
C:\WINDOWS\system32\nvsvc32.exe [1848]
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [1868]
C:\WINDOWS\system32\svchost.exe [1968]
C:\WINDOWS\system32\wdfmgr.exe [1980]
C:\WINDOWS\System32\alg.exe [648]
C:\WINDOWS\system32\wuauclt.exe [1288]
C:\WINDOWS\Explorer.EXE [268]
C:\Program Files\Java\jre6\bin\jusched.exe [2032]
C:\WINDOWS\system32\RunDll32.exe [844]
C:\WINDOWS\system32\rundll32.exe [920]
C:\WINDOWS\system32\NOTEPAD.EXE [1116]

---------------------------- [~> 25]


+---------------------------------------------------------------------------+
+------------------------------- SERVICES FOUND
+---------------------------------------------------------------------------+


+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS FOUND
+---------------------------------------------------------------------------+

"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS FOUND
+---------------------------------------------------------------------------+

[14/09/2008 19:03|d--------] C:\Program Files\EoRezo
[10/09/2008 19:23|d--------] C:\Program Files\Everest Poker
[14/09/2008 19:03|d--------] C:\Documents and Settings\Admin\Application Data\EoRezo


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\ey98bw4f.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.1 ~~~~

Start Page : "https://fr.yahoo.com/"

+----------+


+---------------------------------------------------------------------------+


+---------- Added scan ...

+-----[HKLM\...\Run]

LXCRCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
nwiz REG_SZ nwiz.exe /install
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
CmPCIaudio REG_SZ RunDll32 CMICNFG3.cpl,CMICtrlWnd
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

+-----[HKCU\...\Run]

Google Update REG_SZ "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://www.lo.st

+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 88 lines ]
+---------------------------------------------------------------------------+

[ END at: 22:08:53 | 15/11/2008 ] - [ Time elapsed: 13.1 seconds ]
0
Réponse 8 / 15
Utilisateur anonyme
15 nov. 2008 à 22:17
Hi,

! Déconnectes toi et fermes toutes applications en cours !

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

Alut.
0
Réponse 9 / 15
Virginie
15 nov. 2008 à 22:21
Voilà le premier rapport :

F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------

START at: 22:19:18 | 15/11/2008
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
Internet Explorer: 6.0.2900.2180
OPTION: Clean
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Admin | PC: XPSP2-B08C5FE6A
BOOT MODE: Normal
DRIVE(S): C:\
~> Systemdrive: C:\

--------- [ PROCESSES ] ---------

\SystemRoot\System32\smss.exe [588]
\??\C:\WINDOWS\system32\csrss.exe [712]
\??\C:\WINDOWS\system32\winlogon.exe [736]
C:\WINDOWS\system32\services.exe [780]
C:\WINDOWS\system32\lsass.exe [792]
C:\WINDOWS\system32\svchost.exe [976]
C:\WINDOWS\system32\svchost.exe [1020]
C:\WINDOWS\System32\svchost.exe [1164]
C:\WINDOWS\system32\svchost.exe [1228]
C:\WINDOWS\system32\spoolsv.exe [1464]
C:\WINDOWS\Explorer.EXE [1776]
C:\Program Files\Java\jre6\bin\jusched.exe [1864]
C:\WINDOWS\system32\RunDll32.exe [1900]
C:\WINDOWS\system32\rundll32.exe [1920]
C:\WINDOWS\system32\svchost.exe [1584]
C:\Program Files\Java\jre6\bin\jqs.exe [1648]
C:\WINDOWS\system32\lxcrcoms.exe [1700]
C:\Program Files\CDBurnerXP\NMSAccessU.exe [1612]
C:\WINDOWS\system32\nvsvc32.exe [1576]
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [1960]
C:\WINDOWS\system32\svchost.exe [1996]
C:\WINDOWS\system32\wdfmgr.exe [132]
C:\WINDOWS\System32\alg.exe [940]
C:\WINDOWS\system32\wuauclt.exe [3948]
C:\WINDOWS\system32\wbem\wmiprvse.exe [2112]

---------------------------- [~> 25]


+---------------------------------------------------------------------------+
+------------------------------- SERVICES DELETED
+---------------------------------------------------------------------------+


+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS DELETED
+---------------------------------------------------------------------------+

"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS DELETED
+---------------------------------------------------------------------------+

[14/09/2008 19:03|d--------] C:\Program Files\EoRezo
[10/09/2008 19:23|d--------] C:\Program Files\Everest Poker
[14/09/2008 19:03|d--------] C:\Documents and Settings\Admin\Application Data\EoRezo

(!) ---- Temp files deleted.

(!) ---- Recycle bin emptied in all drives.



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\ey98bw4f.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.1 ~~~~

Start Page : "https://fr.yahoo.com/"

+----------+



+---------- Added scan ...

+-----[HKLM\...\Run]

LXCRCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
nwiz REG_SZ nwiz.exe /install
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
CmPCIaudio REG_SZ RunDll32 CMICNFG3.cpl,CMICtrlWnd
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

+-----[HKCU\...\Run]

Google Update REG_SZ "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

+-----[HKLM\...\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+-----[HKCU\...\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 87 lines ]
+---------------------------------------------------------------------------+

[ END at: 22:20:19 | 15/11/2008 ] - [ Time elapsed: 60.3 seconds ]
0
Réponse 10 / 15
Virginie
15 nov. 2008 à 22:23
Voici celui d Hijackthis ( merce pour l astuce ! ) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:41, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.5.115.170:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{523B4409-EADB-43A4-87D2-021CE727303D}: NameServer = 217.169.242.2,217.169.242.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A8ABF5-2A8B-439F-934C-A88C763F81FA}: NameServer = 217.169.242.2 217.169.242.3
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
0
Réponse 11 / 15
Utilisateur anonyme
15 nov. 2008 à 22:25
Hi,

-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

- Mets le à jour

---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
0
Réponse 12 / 15
Virginie
15 nov. 2008 à 22:52
Voilà ce qu il m a trouvé :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1401
Windows 5.1.2600 Service Pack 2

15/11/2008 22:47:09
mbam-log-2008-11-15 (22-47-05).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 88393
Temps écoulé: 14 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 13 / 15
Utilisateur anonyme
15 nov. 2008 à 22:54
Hi,

C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.

Relance malwarebyte et clic sur l'onglet "quarantaine,et supprime cette dernière.

Ensuite tu refait un hijackthis.

Alut.
0
Virginie
15 nov. 2008 à 22:57
Voici le rapport demandé :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:56, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\K!TV\K!TV.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.5.115.170:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{523B4409-EADB-43A4-87D2-021CE727303D}: NameServer = 217.169.242.2,217.169.242.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A8ABF5-2A8B-439F-934C-A88C763F81FA}: NameServer = 217.169.242.2 217.169.242.3
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
0
Réponse 14 / 15
Utilisateur anonyme
15 nov. 2008 à 23:00
Hi,

C'est pas un windows légal?

Alut.



0
Virginie
15 nov. 2008 à 23:04
Euh non !
0
Réponse 15 / 15
Utilisateur anonyme
15 nov. 2008 à 23:10
Hi,

Je ne pense pas que je puisse continuer ............


Bonne soirée.

Alut.

0
Virginie
15 nov. 2008 à 23:11
Merci de l aide apportée !!

Virginie
0

Discussions similaires

Rav antivirus
cavalier33 -
cavalier33 -

2 réponses
Anti-virus qui s'installe tout seul...
Lo_fadoli -
Beuq -

7 réponses
Rav antivirus trouve un virus mais...
sen -
balltrap34 -

11 réponses
Rav antivirus
la gribouille -
claire -

15 réponses
comment contourner le drm ?
flyblue -
flyblue -

2 réponses