A voir également:
- Plus aucune protection
- Sentinel protection installer - Télécharger - Antivirus & Antimalwares
- Rav endpoint protection ✓ - Forum Virus
- Protection cellule excel - Guide
- Vous devez activer la protection du système sur ce lecteur - Forum Windows
- Contourner protection drm captvty - Forum TV & Vidéo
15 réponses
Utilisateur anonyme
15 nov. 2008 à 21:26
15 nov. 2008 à 21:26
Hi,
1- Télécharges- FindyKill de Chiquitine29 :
FindyKill de Chiquitine29
->-Enregistres le sur ton bureau et pas ailleurs !
-!! Déconnectes toi et fermes toute applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Cliques sur "-FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
-Notes importantes :
* si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .
--> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...
Une fois terminé, postes le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
1- Télécharges- FindyKill de Chiquitine29 :
FindyKill de Chiquitine29
->-Enregistres le sur ton bureau et pas ailleurs !
-!! Déconnectes toi et fermes toute applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Cliques sur "-FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
-Notes importantes :
* si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .
--> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...
Une fois terminé, postes le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
AlainBE
Messages postés
249
Date d'inscription
dimanche 9 décembre 2007
Statut
Membre
Dernière intervention
13 juillet 2012
30
15 nov. 2008 à 21:24
15 nov. 2008 à 21:24
Bonsoir Virgine,
Quelles étaient tes protections habituelles?
Quelles étaient tes protections habituelles?
vrille1
Messages postés
489
Date d'inscription
samedi 15 novembre 2008
Statut
Membre
Dernière intervention
14 novembre 2009
12
15 nov. 2008 à 21:25
15 nov. 2008 à 21:25
salut regarde deja si dans ta barre de bureau en bas a gauche si ton antivirus et activer si il ne l'est pas il y auras un x dessus
Utilisateur anonyme
15 nov. 2008 à 21:43
15 nov. 2008 à 21:43
Hi,
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
BAGLE.
Vire tout t'es cracks,sinon cela recommencera.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
télécharge hijackthis
-> enregistre la cible sous .... "le bureau"
-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation
-> Clique sur Install ensuite sur "I Accept"
-> Clique sur" Do a scan system and save log file"
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
->Tuto hijackthis(Merci à Balltrap34)
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
BAGLE.
Vire tout t'es cracks,sinon cela recommencera.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*
télécharge hijackthis
-> enregistre la cible sous .... "le bureau"
-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation
-> Clique sur Install ensuite sur "I Accept"
-> Clique sur" Do a scan system and save log file"
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
->Tuto hijackthis(Merci à Balltrap34)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici déjà le premier rapport :
----------------- FindyKill V4.700 ------------------
* User : Admin - XPSP2-B08C5FE6A
* executed from : C:\Program Files\FindyKill
* Update on 13/11/08 par Chiquitine29
* Start at 21:49:02 the 15/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LogonUI.EXE
C:\WINDOWS\system32\userinit.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\169500.EXE-26E66438.pf
Deleted ! - C:\WINDOWS\prefetch\181312.EXE-1B624D9D.pf
Deleted ! - C:\WINDOWS\prefetch\197921.EXE-37063310.pf
Deleted ! - C:\WINDOWS\prefetch\207562.EXE-08C501C0.pf
Deleted ! - C:\WINDOWS\prefetch\215171.EXE-245A053D.pf
Deleted ! - C:\WINDOWS\prefetch\217953.EXE-154685D7.pf
Deleted ! - C:\WINDOWS\prefetch\224406.EXE-3518837C.pf
Deleted ! - C:\WINDOWS\prefetch\338359.EXE-17849BE2.pf
Deleted ! - C:\WINDOWS\prefetch\363281.EXE-16C30D63.pf
Deleted ! - C:\WINDOWS\prefetch\491125.EXE-0371B6B9.pf
Deleted ! - C:\WINDOWS\prefetch\504328.EXE-24B3ABC2.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-1808CC41.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Supression files in C:\WINDOWS\system32
Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression files in C:\WINDOWS\system32\drivers
Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\169500.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\182640.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\183750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\188421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\190000.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\193203.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\197921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\207562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\212187.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\215171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\217953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\225421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\231546.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\236968.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\299796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\340953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\359937.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\385234.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\491125.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\498843.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\509421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\570062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\579718.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"
»»»» Supression files in C:\Documents and Settings\Admin\Application Data
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\12Ghosts Clip .27.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\156-215 - Check Point Security Administration NGX (156-215.1) Practice Test Questions 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\@PROMT_English-Russian_Express_Translator_7.0_(Key).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Actual_Worktime_2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Adsense_Notifier_0.8.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Affiliate_Pro_2.2_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ALTools Lunar Zodiac Dragon Wallpaper 2005 (Key+Serial).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Anti-Spy.Info adware remover 1.7.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Antispyware_5.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Auction_Tender_6.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Avex DVD to Zune Video Suite 4.5 Build 02.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Avisynth Batch Scripter 0.5.2.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Barcode_Alpha_1.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Binary_Vortex_4.2_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ByteWedge 2.2 (build 1397) [Patch].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\CapitalGain_1.2.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Casino_Verite_Pai_Gow_Poker_1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ChordWizard Gold 2.01a.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\CoffeeCup_PixConverter_4.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Collective_News_Wire_Service_1.0_(Key+Serial).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ContactKeeper 1.4.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\CSCryptoX_1.32_[KeyGen].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\DelayPack_1.2.1_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Deskman_SE_7.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\EasyBurn 4.0.0.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\eBay_Widget_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Extended_Password_Generator_1.5.1.628.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Fatsondo 1.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FlashPlayerControl_.NET_2.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Flash_File_Recovery_2.2_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FlexTouch_3.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FrameServer 2.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FuzzyDupes_2007_5.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GALtoDB 3.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Geniecommands_1.01.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Ghost Forest Screen Saver 2 1.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Girly 0.0.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GotVoice 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Gplex Crawler 2.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Graphite Clock 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Gravity Deluxe 1.01.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GSGlossary 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GS_SLEEP_1.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\HiFi MP3 WAV Converter 3.00.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\honestech Easy Video Editor 2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\HtmlSnap_ActiveX_Control_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\IE Quick Start.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Image_Size_2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ImTOO_Audio_Encoder_2.1.64.0727.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Incredimail Email Address Extractor Pro 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\InfGadget 3.007a.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Internet Lock 5.1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ionReader Pro 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Jaiva-Dharma_1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Join (Merge, Combine) Multiple (or Two) Image Files Into One Software 7.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\jRestaurant_3.0.0_[Patch].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Just Watching 2.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Kate's Video Converter 2.8.4.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Kerio.Winroute.Firewall.6.0.0.With.Mcafee.Multilanguage.With.Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Keyboard_Tweaker_2.3_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\LeAN OVER 2.7.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Letterman_Spam_Control_Pro_3.5_build_281.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\LifePreserver 2.3.0.54.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MagicSRF_AutoCAD_&_BricsCAD_Surface_Area_Manager_4.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Magic_DVD_Creator_8.0.1.18_[Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Material_Safety_Viewer_1.0_(Patch).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Miami Toolbar 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MIDCNTIN 1.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MiM_Lite_A_(Eng)_1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MM3-ProxySwitch_2007.20.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Model_Analyzer_for_Excel_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Monet Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MP3_BR_Imager_1.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MP3_Tools_for_Windows_2.1_(Key).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MrSwing Messenger 1.2.3.143.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MyNapster 3.4.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MythusCDRipper_2.0_(Key+Serial).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Naevius_Directory_Watcher_1.0_[Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\NetSecrets_[e-mail]_2.4_(With_Crack).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\NewsBliss_2.2.10.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\nod32 20050614.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\NoteZ_1.1.52.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\novaPDF_Pro_5.2_Build_229_[Cracked].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\No_Fuss_Screenshot_1.6.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\OpenX for Oracle 7i, 8i 2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\OraSphere_Query_Master_1.4.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Oxigen ASP Dropdown 1.0 build 0.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\PC_Sound_Recorder_and_Editor_WMA_1.05_Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Perl_Builder_2k.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Piano ChordZ 4.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\PopupNukerPro_2005_1.0.10.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\PostCard Maker 1.0.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\protalentPERFORMER_Deluxe_1.95.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ProxyList_Grabber_1.1.10.3_Key.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Qedoc_Quiz_Maker_1.60.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Rapid_Screen_Capture_2.1_(Crack).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Real Estate Manager 1.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\RecoveryFIX_for_Outlook_4.05.01_With_Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\redfm_player_1.1b.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Rich_Editor_2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SceneWriter_Pro_3.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Secret_Of_The_Seven_Scrolls_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SlideMate_3.0_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Small_Business_Tracker_Deluxe_1.8.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SmartBee_3.10.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Smartstock 7.2.0 [Crack].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SophoS.Antivirus.V3.91.LINUX.Multilanguage-FeDEX.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Spellforce_The_Order_of_Dawn_v1.38_patch.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SSForge Business 1.24 Build 80123.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Submit_News_4.2_(Cracked).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Tech-Pro_POP3_Pal_1.13_(Key).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\The Bat! Home Edition 4.0.24.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\TigerII_WAP_Tools_1.0.1_Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\TimeRanger_1.6.2_build_89.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\UberNES_3.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Unreal_Tournament_2003_-_Egypt_Cube_deathmatch_map.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Unreal_Tournament_2003_-_New_Sounds_mod.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\VideoEdit Mobile ActiveX Control 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WebFetch_1.0_beta.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Web_Scraper_Lite_5.0.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WhoCalls_1.7.1_[Crack].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Winamp Playlist Manager Build 3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WinCleaner_AntiSpyware_5.58.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WinFax_Pro_Automator_for_Word_2.0_Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\World Cup Screensaver 1.02 Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WorldClock_4.0_Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\X'SqueezeMe_5.04.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\XSBar 3.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Your_Uninstaller!_2006_5.0.0.360.zip
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m"
»»»» Supression files in C:\DOCUME~1\Admin\LOCALS~1\Temp
»»»» Supression files in C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_3[1].jpg
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Deleted ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\MuleAppData
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM
+- deleting files :
Deleted ! - C:\autorun.inf
--------------- [ Registry / Moutpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
----------------- FindyKill V4.700 ------------------
* User : Admin - XPSP2-B08C5FE6A
* executed from : C:\Program Files\FindyKill
* Update on 13/11/08 par Chiquitine29
* Start at 21:49:02 the 15/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LogonUI.EXE
C:\WINDOWS\system32\userinit.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\169500.EXE-26E66438.pf
Deleted ! - C:\WINDOWS\prefetch\181312.EXE-1B624D9D.pf
Deleted ! - C:\WINDOWS\prefetch\197921.EXE-37063310.pf
Deleted ! - C:\WINDOWS\prefetch\207562.EXE-08C501C0.pf
Deleted ! - C:\WINDOWS\prefetch\215171.EXE-245A053D.pf
Deleted ! - C:\WINDOWS\prefetch\217953.EXE-154685D7.pf
Deleted ! - C:\WINDOWS\prefetch\224406.EXE-3518837C.pf
Deleted ! - C:\WINDOWS\prefetch\338359.EXE-17849BE2.pf
Deleted ! - C:\WINDOWS\prefetch\363281.EXE-16C30D63.pf
Deleted ! - C:\WINDOWS\prefetch\491125.EXE-0371B6B9.pf
Deleted ! - C:\WINDOWS\prefetch\504328.EXE-24B3ABC2.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-1808CC41.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Supression files in C:\WINDOWS\system32
Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression files in C:\WINDOWS\system32\drivers
Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\169500.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\182640.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\183750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\188421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\190000.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\193203.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\197921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\207562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\212187.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\215171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\217953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\225421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\231546.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\236968.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\299796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\340953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\359937.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\385234.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\491125.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\498843.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\509421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\570062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\579718.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"
»»»» Supression files in C:\Documents and Settings\Admin\Application Data
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\12Ghosts Clip .27.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\156-215 - Check Point Security Administration NGX (156-215.1) Practice Test Questions 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\@PROMT_English-Russian_Express_Translator_7.0_(Key).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Actual_Worktime_2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Adsense_Notifier_0.8.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Affiliate_Pro_2.2_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ALTools Lunar Zodiac Dragon Wallpaper 2005 (Key+Serial).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Anti-Spy.Info adware remover 1.7.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Antispyware_5.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Auction_Tender_6.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Avex DVD to Zune Video Suite 4.5 Build 02.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Avisynth Batch Scripter 0.5.2.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Barcode_Alpha_1.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Binary_Vortex_4.2_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ByteWedge 2.2 (build 1397) [Patch].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\CapitalGain_1.2.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Casino_Verite_Pai_Gow_Poker_1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ChordWizard Gold 2.01a.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\CoffeeCup_PixConverter_4.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Collective_News_Wire_Service_1.0_(Key+Serial).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ContactKeeper 1.4.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\CSCryptoX_1.32_[KeyGen].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\DelayPack_1.2.1_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Deskman_SE_7.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\EasyBurn 4.0.0.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\eBay_Widget_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Extended_Password_Generator_1.5.1.628.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Fatsondo 1.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FlashPlayerControl_.NET_2.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Flash_File_Recovery_2.2_Key+Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FlexTouch_3.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FrameServer 2.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\FuzzyDupes_2007_5.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GALtoDB 3.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Geniecommands_1.01.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Ghost Forest Screen Saver 2 1.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Girly 0.0.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GotVoice 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Gplex Crawler 2.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Graphite Clock 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Gravity Deluxe 1.01.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GSGlossary 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\GS_SLEEP_1.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\HiFi MP3 WAV Converter 3.00.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\honestech Easy Video Editor 2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\HtmlSnap_ActiveX_Control_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\IE Quick Start.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Image_Size_2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ImTOO_Audio_Encoder_2.1.64.0727.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Incredimail Email Address Extractor Pro 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\InfGadget 3.007a.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Internet Lock 5.1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ionReader Pro 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Jaiva-Dharma_1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Join (Merge, Combine) Multiple (or Two) Image Files Into One Software 7.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\jRestaurant_3.0.0_[Patch].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Just Watching 2.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Kate's Video Converter 2.8.4.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Kerio.Winroute.Firewall.6.0.0.With.Mcafee.Multilanguage.With.Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Keyboard_Tweaker_2.3_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\LeAN OVER 2.7.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Letterman_Spam_Control_Pro_3.5_build_281.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\LifePreserver 2.3.0.54.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MagicSRF_AutoCAD_&_BricsCAD_Surface_Area_Manager_4.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Magic_DVD_Creator_8.0.1.18_[Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Material_Safety_Viewer_1.0_(Patch).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Miami Toolbar 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MIDCNTIN 1.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MiM_Lite_A_(Eng)_1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MM3-ProxySwitch_2007.20.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Model_Analyzer_for_Excel_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Monet Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MP3_BR_Imager_1.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MP3_Tools_for_Windows_2.1_(Key).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MrSwing Messenger 1.2.3.143.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MyNapster 3.4.3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\MythusCDRipper_2.0_(Key+Serial).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Naevius_Directory_Watcher_1.0_[Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\NetSecrets_[e-mail]_2.4_(With_Crack).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\NewsBliss_2.2.10.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\nod32 20050614.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\NoteZ_1.1.52.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\novaPDF_Pro_5.2_Build_229_[Cracked].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\No_Fuss_Screenshot_1.6.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\OpenX for Oracle 7i, 8i 2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\OraSphere_Query_Master_1.4.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Oxigen ASP Dropdown 1.0 build 0.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\PC_Sound_Recorder_and_Editor_WMA_1.05_Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Perl_Builder_2k.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Piano ChordZ 4.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\PopupNukerPro_2005_1.0.10.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\PostCard Maker 1.0.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\protalentPERFORMER_Deluxe_1.95.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\ProxyList_Grabber_1.1.10.3_Key.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Qedoc_Quiz_Maker_1.60.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Rapid_Screen_Capture_2.1_(Crack).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Real Estate Manager 1.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\RecoveryFIX_for_Outlook_4.05.01_With_Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\redfm_player_1.1b.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Rich_Editor_2.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SceneWriter_Pro_3.5.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Secret_Of_The_Seven_Scrolls_1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SlideMate_3.0_[Key+Serial].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Small_Business_Tracker_Deluxe_1.8.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SmartBee_3.10.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Smartstock 7.2.0 [Crack].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SophoS.Antivirus.V3.91.LINUX.Multilanguage-FeDEX.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Spellforce_The_Order_of_Dawn_v1.38_patch.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\SSForge Business 1.24 Build 80123.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Submit_News_4.2_(Cracked).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Tech-Pro_POP3_Pal_1.13_(Key).zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\The Bat! Home Edition 4.0.24.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\TigerII_WAP_Tools_1.0.1_Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\TimeRanger_1.6.2_build_89.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\UberNES_3.1.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Unreal_Tournament_2003_-_Egypt_Cube_deathmatch_map.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Unreal_Tournament_2003_-_New_Sounds_mod.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\VideoEdit Mobile ActiveX Control 1.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WebFetch_1.0_beta.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Web_Scraper_Lite_5.0.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WhoCalls_1.7.1_[Crack].zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Winamp Playlist Manager Build 3.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WinCleaner_AntiSpyware_5.58.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WinFax_Pro_Automator_for_Word_2.0_Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\World Cup Screensaver 1.02 Serial.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\WorldClock_4.0_Crack.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\X'SqueezeMe_5.04.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\XSBar 3.0.zip
Deleted ! - C:\Documents and Settings\Admin\Application Data\m\shared\Your_Uninstaller!_2006_5.0.0.360.zip
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Admin\Application Data\m"
»»»» Supression files in C:\DOCUME~1\Admin\LOCALS~1\Temp
»»»» Supression files in C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_3[1].jpg
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Deleted ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\MuleAppData
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM
+- deleting files :
Deleted ! - C:\autorun.inf
--------------- [ Registry / Moutpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
Voilà celui d Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:13, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.5.115.170:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{523B4409-EADB-43A4-87D2-021CE727303D}: NameServer = 217.169.242.2,217.169.242.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A8ABF5-2A8B-439F-934C-A88C763F81FA}: NameServer = 217.169.242.2 217.169.242.3
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:13, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.5.115.170:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{523B4409-EADB-43A4-87D2-021CE727303D}: NameServer = 217.169.242.2,217.169.242.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A8ABF5-2A8B-439F-934C-A88C763F81FA}: NameServer = 217.169.242.2 217.169.242.3
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
Utilisateur anonyme
15 nov. 2008 à 22:02
15 nov. 2008 à 22:02
Hi,
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Alut.
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Alut.
Voilà le rapport :
F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------
START at: 22:08:40 | 15/11/2008
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
Internet Explorer: 6.0.2900.2180
OPTION: Scan
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Admin | PC: XPSP2-B08C5FE6A
BOOT MODE: Normal
DRIVE(S): C:\
~> Systemdrive: C:\
--------- [ PROCESSES ] ---------
\SystemRoot\System32\smss.exe [588]
\??\C:\WINDOWS\system32\csrss.exe [712]
\??\C:\WINDOWS\system32\winlogon.exe [736]
C:\WINDOWS\system32\services.exe [780]
C:\WINDOWS\system32\lsass.exe [792]
C:\WINDOWS\system32\svchost.exe [968]
C:\WINDOWS\system32\svchost.exe [1012]
C:\WINDOWS\System32\svchost.exe [1152]
C:\WINDOWS\system32\svchost.exe [1224]
C:\WINDOWS\system32\spoolsv.exe [1548]
C:\WINDOWS\system32\svchost.exe [1720]
C:\Program Files\Java\jre6\bin\jqs.exe [1764]
C:\WINDOWS\system32\lxcrcoms.exe [1792]
C:\Program Files\CDBurnerXP\NMSAccessU.exe [1832]
C:\WINDOWS\system32\nvsvc32.exe [1848]
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [1868]
C:\WINDOWS\system32\svchost.exe [1968]
C:\WINDOWS\system32\wdfmgr.exe [1980]
C:\WINDOWS\System32\alg.exe [648]
C:\WINDOWS\system32\wuauclt.exe [1288]
C:\WINDOWS\Explorer.EXE [268]
C:\Program Files\Java\jre6\bin\jusched.exe [2032]
C:\WINDOWS\system32\RunDll32.exe [844]
C:\WINDOWS\system32\rundll32.exe [920]
C:\WINDOWS\system32\NOTEPAD.EXE [1116]
---------------------------- [~> 25]
+---------------------------------------------------------------------------+
+------------------------------- SERVICES FOUND
+---------------------------------------------------------------------------+
+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS FOUND
+---------------------------------------------------------------------------+
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS FOUND
+---------------------------------------------------------------------------+
[14/09/2008 19:03|d--------] C:\Program Files\EoRezo
[10/09/2008 19:23|d--------] C:\Program Files\Everest Poker
[14/09/2008 19:03|d--------] C:\Documents and Settings\Admin\Application Data\EoRezo
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\ey98bw4f.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.1 ~~~~
Start Page : "https://fr.yahoo.com/"
+----------+
+---------------------------------------------------------------------------+
+---------- Added scan ...
+-----[HKLM\...\Run]
LXCRCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
nwiz REG_SZ nwiz.exe /install
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
CmPCIaudio REG_SZ RunDll32 CMICNFG3.cpl,CMICtrlWnd
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
+-----[HKCU\...\Run]
Google Update REG_SZ "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
+-----[HKLM\...\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
+-----[HKCU\...\Internet Explorer\MAIN]
Start Page : hxxp://www.lo.st
+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 88 lines ]
+---------------------------------------------------------------------------+
[ END at: 22:08:53 | 15/11/2008 ] - [ Time elapsed: 13.1 seconds ]
F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------
START at: 22:08:40 | 15/11/2008
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
Internet Explorer: 6.0.2900.2180
OPTION: Scan
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Admin | PC: XPSP2-B08C5FE6A
BOOT MODE: Normal
DRIVE(S): C:\
~> Systemdrive: C:\
--------- [ PROCESSES ] ---------
\SystemRoot\System32\smss.exe [588]
\??\C:\WINDOWS\system32\csrss.exe [712]
\??\C:\WINDOWS\system32\winlogon.exe [736]
C:\WINDOWS\system32\services.exe [780]
C:\WINDOWS\system32\lsass.exe [792]
C:\WINDOWS\system32\svchost.exe [968]
C:\WINDOWS\system32\svchost.exe [1012]
C:\WINDOWS\System32\svchost.exe [1152]
C:\WINDOWS\system32\svchost.exe [1224]
C:\WINDOWS\system32\spoolsv.exe [1548]
C:\WINDOWS\system32\svchost.exe [1720]
C:\Program Files\Java\jre6\bin\jqs.exe [1764]
C:\WINDOWS\system32\lxcrcoms.exe [1792]
C:\Program Files\CDBurnerXP\NMSAccessU.exe [1832]
C:\WINDOWS\system32\nvsvc32.exe [1848]
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [1868]
C:\WINDOWS\system32\svchost.exe [1968]
C:\WINDOWS\system32\wdfmgr.exe [1980]
C:\WINDOWS\System32\alg.exe [648]
C:\WINDOWS\system32\wuauclt.exe [1288]
C:\WINDOWS\Explorer.EXE [268]
C:\Program Files\Java\jre6\bin\jusched.exe [2032]
C:\WINDOWS\system32\RunDll32.exe [844]
C:\WINDOWS\system32\rundll32.exe [920]
C:\WINDOWS\system32\NOTEPAD.EXE [1116]
---------------------------- [~> 25]
+---------------------------------------------------------------------------+
+------------------------------- SERVICES FOUND
+---------------------------------------------------------------------------+
+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS FOUND
+---------------------------------------------------------------------------+
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS FOUND
+---------------------------------------------------------------------------+
[14/09/2008 19:03|d--------] C:\Program Files\EoRezo
[10/09/2008 19:23|d--------] C:\Program Files\Everest Poker
[14/09/2008 19:03|d--------] C:\Documents and Settings\Admin\Application Data\EoRezo
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\ey98bw4f.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.1 ~~~~
Start Page : "https://fr.yahoo.com/"
+----------+
+---------------------------------------------------------------------------+
+---------- Added scan ...
+-----[HKLM\...\Run]
LXCRCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
nwiz REG_SZ nwiz.exe /install
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
CmPCIaudio REG_SZ RunDll32 CMICNFG3.cpl,CMICtrlWnd
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
+-----[HKCU\...\Run]
Google Update REG_SZ "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
+-----[HKLM\...\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
+-----[HKCU\...\Internet Explorer\MAIN]
Start Page : hxxp://www.lo.st
+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 88 lines ]
+---------------------------------------------------------------------------+
[ END at: 22:08:53 | 15/11/2008 ] - [ Time elapsed: 13.1 seconds ]
Utilisateur anonyme
15 nov. 2008 à 22:17
15 nov. 2008 à 22:17
Hi,
! Déconnectes toi et fermes toutes applications en cours !
* Relances "Ad-remover" : au menu principal choisi l'option "B" .
--> le programme va travailler ...
* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
Alut.
! Déconnectes toi et fermes toutes applications en cours !
* Relances "Ad-remover" : au menu principal choisi l'option "B" .
--> le programme va travailler ...
* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
Alut.
Voilà le premier rapport :
F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------
START at: 22:19:18 | 15/11/2008
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
Internet Explorer: 6.0.2900.2180
OPTION: Clean
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Admin | PC: XPSP2-B08C5FE6A
BOOT MODE: Normal
DRIVE(S): C:\
~> Systemdrive: C:\
--------- [ PROCESSES ] ---------
\SystemRoot\System32\smss.exe [588]
\??\C:\WINDOWS\system32\csrss.exe [712]
\??\C:\WINDOWS\system32\winlogon.exe [736]
C:\WINDOWS\system32\services.exe [780]
C:\WINDOWS\system32\lsass.exe [792]
C:\WINDOWS\system32\svchost.exe [976]
C:\WINDOWS\system32\svchost.exe [1020]
C:\WINDOWS\System32\svchost.exe [1164]
C:\WINDOWS\system32\svchost.exe [1228]
C:\WINDOWS\system32\spoolsv.exe [1464]
C:\WINDOWS\Explorer.EXE [1776]
C:\Program Files\Java\jre6\bin\jusched.exe [1864]
C:\WINDOWS\system32\RunDll32.exe [1900]
C:\WINDOWS\system32\rundll32.exe [1920]
C:\WINDOWS\system32\svchost.exe [1584]
C:\Program Files\Java\jre6\bin\jqs.exe [1648]
C:\WINDOWS\system32\lxcrcoms.exe [1700]
C:\Program Files\CDBurnerXP\NMSAccessU.exe [1612]
C:\WINDOWS\system32\nvsvc32.exe [1576]
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [1960]
C:\WINDOWS\system32\svchost.exe [1996]
C:\WINDOWS\system32\wdfmgr.exe [132]
C:\WINDOWS\System32\alg.exe [940]
C:\WINDOWS\system32\wuauclt.exe [3948]
C:\WINDOWS\system32\wbem\wmiprvse.exe [2112]
---------------------------- [~> 25]
+---------------------------------------------------------------------------+
+------------------------------- SERVICES DELETED
+---------------------------------------------------------------------------+
+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS DELETED
+---------------------------------------------------------------------------+
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS DELETED
+---------------------------------------------------------------------------+
[14/09/2008 19:03|d--------] C:\Program Files\EoRezo
[10/09/2008 19:23|d--------] C:\Program Files\Everest Poker
[14/09/2008 19:03|d--------] C:\Documents and Settings\Admin\Application Data\EoRezo
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\ey98bw4f.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.1 ~~~~
Start Page : "https://fr.yahoo.com/"
+----------+
+---------- Added scan ...
+-----[HKLM\...\Run]
LXCRCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
nwiz REG_SZ nwiz.exe /install
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
CmPCIaudio REG_SZ RunDll32 CMICNFG3.cpl,CMICtrlWnd
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
+-----[HKCU\...\Run]
Google Update REG_SZ "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
+-----[HKLM\...\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+-----[HKCU\...\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 87 lines ]
+---------------------------------------------------------------------------+
[ END at: 22:20:19 | 15/11/2008 ] - [ Time elapsed: 60.3 seconds ]
F --------- Logfile of AD-Remover 1.0.3.3 by C_XX ---------
START at: 22:19:18 | 15/11/2008
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
Internet Explorer: 6.0.2900.2180
OPTION: Clean
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Admin | PC: XPSP2-B08C5FE6A
BOOT MODE: Normal
DRIVE(S): C:\
~> Systemdrive: C:\
--------- [ PROCESSES ] ---------
\SystemRoot\System32\smss.exe [588]
\??\C:\WINDOWS\system32\csrss.exe [712]
\??\C:\WINDOWS\system32\winlogon.exe [736]
C:\WINDOWS\system32\services.exe [780]
C:\WINDOWS\system32\lsass.exe [792]
C:\WINDOWS\system32\svchost.exe [976]
C:\WINDOWS\system32\svchost.exe [1020]
C:\WINDOWS\System32\svchost.exe [1164]
C:\WINDOWS\system32\svchost.exe [1228]
C:\WINDOWS\system32\spoolsv.exe [1464]
C:\WINDOWS\Explorer.EXE [1776]
C:\Program Files\Java\jre6\bin\jusched.exe [1864]
C:\WINDOWS\system32\RunDll32.exe [1900]
C:\WINDOWS\system32\rundll32.exe [1920]
C:\WINDOWS\system32\svchost.exe [1584]
C:\Program Files\Java\jre6\bin\jqs.exe [1648]
C:\WINDOWS\system32\lxcrcoms.exe [1700]
C:\Program Files\CDBurnerXP\NMSAccessU.exe [1612]
C:\WINDOWS\system32\nvsvc32.exe [1576]
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [1960]
C:\WINDOWS\system32\svchost.exe [1996]
C:\WINDOWS\system32\wdfmgr.exe [132]
C:\WINDOWS\System32\alg.exe [940]
C:\WINDOWS\system32\wuauclt.exe [3948]
C:\WINDOWS\system32\wbem\wmiprvse.exe [2112]
---------------------------- [~> 25]
+---------------------------------------------------------------------------+
+------------------------------- SERVICES DELETED
+---------------------------------------------------------------------------+
+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS DELETED
+---------------------------------------------------------------------------+
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS DELETED
+---------------------------------------------------------------------------+
[14/09/2008 19:03|d--------] C:\Program Files\EoRezo
[10/09/2008 19:23|d--------] C:\Program Files\Everest Poker
[14/09/2008 19:03|d--------] C:\Documents and Settings\Admin\Application Data\EoRezo
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\ey98bw4f.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.1 ~~~~
Start Page : "https://fr.yahoo.com/"
+----------+
+---------- Added scan ...
+-----[HKLM\...\Run]
LXCRCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
nwiz REG_SZ nwiz.exe /install
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
CmPCIaudio REG_SZ RunDll32 CMICNFG3.cpl,CMICtrlWnd
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
+-----[HKCU\...\Run]
Google Update REG_SZ "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
+-----[HKLM\...\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+-----[HKCU\...\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+---------------------------------------------------------------------------+
+------------------------------- [ EOF - 87 lines ]
+---------------------------------------------------------------------------+
[ END at: 22:20:19 | 15/11/2008 ] - [ Time elapsed: 60.3 seconds ]
Voici celui d Hijackthis ( merce pour l astuce ! ) :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:41, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.5.115.170:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{523B4409-EADB-43A4-87D2-021CE727303D}: NameServer = 217.169.242.2,217.169.242.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A8ABF5-2A8B-439F-934C-A88C763F81FA}: NameServer = 217.169.242.2 217.169.242.3
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:41, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.5.115.170:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{523B4409-EADB-43A4-87D2-021CE727303D}: NameServer = 217.169.242.2,217.169.242.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A8ABF5-2A8B-439F-934C-A88C763F81FA}: NameServer = 217.169.242.2 217.169.242.3
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
Utilisateur anonyme
15 nov. 2008 à 22:25
15 nov. 2008 à 22:25
Hi,
-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
- Mets le à jour
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
- Mets le à jour
---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher
- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Voilà ce qu il m a trouvé :
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1401
Windows 5.1.2600 Service Pack 2
15/11/2008 22:47:09
mbam-log-2008-11-15 (22-47-05).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 88393
Temps écoulé: 14 minute(s), 33 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1401
Windows 5.1.2600 Service Pack 2
15/11/2008 22:47:09
mbam-log-2008-11-15 (22-47-05).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 88393
Temps écoulé: 14 minute(s), 33 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Utilisateur anonyme
15 nov. 2008 à 22:54
15 nov. 2008 à 22:54
Hi,
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.
Relance malwarebyte et clic sur l'onglet "quarantaine,et supprime cette dernière.
Ensuite tu refait un hijackthis.
Alut.
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.
Relance malwarebyte et clic sur l'onglet "quarantaine,et supprime cette dernière.
Ensuite tu refait un hijackthis.
Alut.
Voici le rapport demandé :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:56, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\K!TV\K!TV.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.5.115.170:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{523B4409-EADB-43A4-87D2-021CE727303D}: NameServer = 217.169.242.2,217.169.242.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A8ABF5-2A8B-439F-934C-A88C763F81FA}: NameServer = 217.169.242.2 217.169.242.3
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:56, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\K!TV\K!TV.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.5.115.170:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SACert Class - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - C:\WINDOWS\system32\SoftAheadCert.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - D:\Program Files\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{523B4409-EADB-43A4-87D2-021CE727303D}: NameServer = 217.169.242.2,217.169.242.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0A8ABF5-2A8B-439F-934C-A88C763F81FA}: NameServer = 217.169.242.2 217.169.242.3
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
Utilisateur anonyme
15 nov. 2008 à 23:10
15 nov. 2008 à 23:10
Hi,
Je ne pense pas que je puisse continuer ............
Bonne soirée.
Alut.
Je ne pense pas que je puisse continuer ............
Bonne soirée.
Alut.
15 nov. 2008 à 21:34
Voilà le rapport demandé :
----------------- FindyKill V4.700 ------------------
* User : Admin - XPSP2-B08C5FE6A
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 13/11/08 par Chiquitine29
* Recherche effectuée à 21:30:46 le 15/11/2008
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\169500.EXE-26E66438.pf
Found ! - C:\WINDOWS\prefetch\215171.EXE-245A053D.pf
Found ! - C:\WINDOWS\prefetch\217953.EXE-154685D7.pf
Found ! - C:\WINDOWS\prefetch\224406.EXE-3518837C.pf
Found ! - C:\WINDOWS\prefetch\338359.EXE-17849BE2.pf
Found ! - C:\WINDOWS\prefetch\363281.EXE-16C30D63.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-1808CC41.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [15/11/2008 21:16] - C:\WINDOWS\system32\mdelk.exe
Found ! [15/11/2008 21:16] - C:\WINDOWS\system32\wintems.exe
Found ! [15/11/2008 21:28] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Found ! [15/11/2008 21:27] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [15/11/2008 21:27] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [09/01/2006 06:03] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [15/11/2008 21:29] - "C:\WINDOWS\system32\drivers\downld"
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\169500.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\182640.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\183750.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\193203.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\194078.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\215171.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\217953.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\225421.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\236968.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\299796.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\340953.exe
Found ! [15/11/2008 21:29] C:\WINDOWS\system32\drivers\downld\359937.exe
»»»» Presence des fichiers dans C:\Documents and Settings\Admin\Application Data
Found ! [15/11/2008 21:16] - "C:\Documents and Settings\Admin\Application Data\m\flec006.exe"
Found ! [15/11/2008 21:16] - "C:\Documents and Settings\Admin\Application Data\m\list.oct"
Found ! [15/11/2008 21:17] - "C:\Documents and Settings\Admin\Application Data\m\data.oct"
Found ! [15/11/2008 21:17] - "C:\Documents and Settings\Admin\Application Data\m\srvlist.oct"
Found ! [15/11/2008 21:17] - "C:\Documents and Settings\Admin\Application Data\m\shared"
Found ! [15/11/2008 21:17] - "C:\Documents and Settings\Admin\Application Data\m"
»»»» Presence des fichiers dans C:\DOCUME~1\Admin\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\B6UM6BM5\b64[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_1[2].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_2[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GTYRO5MF\b64_3[2].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64[2].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\JF5QWKZN\b64_2[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_1[1].jpg
Found ! - C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\UMIRHA37\b64_3[1].jpg
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
nwiz REG_SZ nwiz.exe /install
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
CmPCIaudio REG_SZ RunDll32 CMICNFG3.cpl,CMICtrlWnd
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Google Update REG_SZ "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1482476501-926492609-725345543-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur de CD-ROM
+- Contenu de l'autorun : C:\autorun.inf
[autorun]
icon=vista.ico
+- presence des fichiers :
Found ! [15/04/2007 11:57][---hs----] - C:\autorun.inf
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------