Sujet Précédent Sujet Suivant

Un virus qui neutralise Avast

Résolu/Fermé
dandyboy - 29 déc. 2008 à 19:48
 Artas - 2 janv. 2009 à 23:13
Bonjour,

J'ai téléchargé un programme censé etre en licence libre.

Je récupère donc mon dossier compressé contenant :

- 1 fichier .exe
- 1 fichier .dll
- 1 fichier .info

Je clic sur le .exe s'ouvre alors une fenêtre avec une barre d'état indiquant la progression de l'installation, surpris par le truc qui n'a rien à voir avec le programme que je souhaitais obtenir je ferme la fenêtre. (il était noté en haut de la fenêtre que ce programme est un logiciel de lecture pour boites noires d'avions - que toutes utilisations non autorisées est formellement interdite - en anglais - il y avait même des menus déroulant permettant de choisir le type d'avion...).

Plutôt effrayé je veux supprimer le dossier. Impossible, programme protégé ou en cour d'utilisation.

Du coup je change les extensions des fichier .exe et .dll en ---> .txt et ensuite j'arrive a supprimer le dossier complet.

A ce moment là, mon pc ferme tous les programmes et redémarre tout seul.

Lors du redémarrage, message d'alerte d'avast (version familiale) disant qu'un programme l'empêche de s'exécuter, progressivement je vois les applications avast se désactiver une à une puis avast fini par être totalement neutralisé.

J'obtiens maintenant un message d'erreur lorsque je souhaite lancer avast - application win32 non valide -

J'ai tenté de réparer - mettre à jour - désinstaller et réinstaller avast, rien à faire. A chaque redémarrage avast n'est plus valide.

De plus, impossible de lancer windows en mode sans echec !

Vous avez des idées avant que je lance un gros formatage ?.
A voir également:

88 réponses

Réponse 1 / 88
Utilisateur anonyme
29 déc. 2008 à 19:51
J'essaierais de desinstallr avast et d'installer antivir, qui est mieux, et tout aussi gratuit, a mon gout.
1
Réponse 2 / 88
dandyboy
29 déc. 2008 à 21:21
j'ai lancé le prog de suppression de logiciel malveillant intégré a windows ---> résultat ----> bloqué au bout de 24 secondes et 570 fichiers analysés !

Il est mignon ce virus on dirait !
1
Réponse 3 / 88
Marilyn.Manson Messages postés 2772 Date d'inscription dimanche 4 mai 2008 Statut Membre Dernière intervention 18 décembre 2010 161
29 déc. 2008 à 19:50
C'est pas bien de télécharger des cracks...

Poste un Log Hijackthis
0
dandyboy
29 déc. 2008 à 20:12
J'y crois pas ! installation hijacks - meme message d'erreur que pour avast, application non valide ! ! !
0
Réponse 4 / 88
dandyboy
29 déc. 2008 à 20:03
"Poste un Log" ------------> hein ?

Merci, je vais d'abord essayer avec Hijacks on verra bien.

Merci !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 88
dandyboy
29 déc. 2008 à 20:22
UP ! à l'aide ! c'est quoi ce virus de fou ?

Hijacks neutralisé également - application win32 non valide juste après l'avoir installé !
0
Marilyn.Manson Messages postés 2772 Date d'inscription dimanche 4 mai 2008 Statut Membre Dernière intervention 18 décembre 2010 161
29 déc. 2008 à 20:48
Renomme hijackthis en Monjack
0
Réponse 6 / 88
dandyboy
29 déc. 2008 à 20:56
idem ! le temps que j'accède au dossier contenant l'exe hijack et que je le renomme l'icone devient instable et le programme est corrompu
0
Réponse 7 / 88
raphael.1996@hotmail.fr Messages postés 43 Date d'inscription samedi 19 juillet 2008 Statut Membre Dernière intervention 22 octobre 2009 1
29 déc. 2008 à 21:09
c ma fait pareil regarde si tu as toujour le centre de securite et qu'il né pas inactif
peu etre plus tard mais ton disque dur va devenir en amovible et tu aras acces refuser et apres t'es vraiment dans la bou tu neras l'acces a rien sa va aller petit a petit
essaiye d'aller sur excuter et tape mrt /F
un scan va aparetre
0
Réponse 8 / 88
dandyboy
29 déc. 2008 à 21:13
Impossible d'accèder au pare-feu windows via le centre de sécurité ....

Clairement : est ce que je commence a transférer tous les fichier sur le second DD pour pouvoir formater ?
0
Réponse 9 / 88
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
29 déc. 2008 à 21:17
Salut,
La sauvegarde est toujours un geste de prudence et d'assurance ! Même si tu ne formatera pas vaux mieux.
J'ai trouvé ceci qui pourrait t'aider : https://www.micro-astuce.com/depannage/acces-refuse.php
0
Réponse 10 / 88
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
29 déc. 2008 à 21:29
Ah mais j'avais pas vu Win32 non valide le message d'erreur !
Ok t'es infecté par bagle, virus choppé par le P2P en essayant de télécharger un crack !
Commence par virer tes cracks pour être bien désinfecté et ne pas revenir 2 semaines après la désinfection.

On commence la désinfection :

Télécharge FindyKill (Merci à Chiquitine29 !!)
= = = = >>> En cliquant ici <<< = = = =

Fais un clic droit sur le lien, Enregistrer la cible sous (Internet Explorer) ou Enregistrer la cible du lien sous (Firefox) …
Choisis d’enregistrer le fichier sur le bureau.

Double clique sur FindyKill.exe
Choisis l’option 1 (Recherche)
Un rapport va s’ouvrir, poste le dans ta prochaine réponse.

Note :
Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt)
0
Réponse 11 / 88
dandyboy
29 déc. 2008 à 21:40
ok,voilà ce que ça donne

https://www.casimages.com/i/081229094236384272929616.jpg.html

merci pour ton aide
0
Réponse 12 / 88
dandyboy
29 déc. 2008 à 21:41
----------------- FindyKill V4.710 ------------------

* User : benjamin - SKETCH
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 21:33:41 le 29/12/2008
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Documents and Settings\benjamin\Application Data\drivers\winupgro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\mrt.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Documents and Settings\benjamin\Application Data\drivers\winupgro.exe" (1476)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\151250.EXE-11024698.pf
Found ! - C:\WINDOWS\prefetch\172921.EXE-29944310.pf
Found ! - C:\WINDOWS\prefetch\336921.EXE-1A304FEB.pf
Found ! - C:\WINDOWS\prefetch\373578.EXE-18F8DF66.pf
Found ! - C:\WINDOWS\prefetch\458593.EXE-03E2EE1D.pf
Found ! - C:\WINDOWS\prefetch\481531.EXE-2B2A4078.pf
Found ! - C:\WINDOWS\prefetch\504406.EXE-3788F8C4.pf
Found ! - C:\WINDOWS\prefetch\530968.EXE-04163613.pf
Found ! - C:\WINDOWS\prefetch\552828.EXE-3AB48961.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-04E94016.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-006CDE43.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-199179D9.pf
Found ! - C:\WINDOWS\Prefetch\INSTALL_CRACK.EXE-199179D9.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [29/12/2008 18:38] - C:\WINDOWS\system32\mdelk.exe
Found ! [29/12/2008 18:38] - C:\WINDOWS\system32\wintems.exe
Found ! [29/12/2008 20:39] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\benjamin\Application Data

Found ! [29/12/2008 17:51] - "C:\Documents and Settings\benjamin\Application Data\m\flec006.exe"
Found ! [29/12/2008 17:51] - "C:\Documents and Settings\benjamin\Application Data\m\list.oct"
Found ! [29/12/2008 17:51] - "C:\Documents and Settings\benjamin\Application Data\m\data.oct"
Found ! [29/12/2008 17:51] - "C:\Documents and Settings\benjamin\Application Data\m\srvlist.oct"
Found ! [29/12/2008 18:41] - "C:\Documents and Settings\benjamin\Application Data\m\shared"
Found ! [29/12/2008 17:51] - "C:\Documents and Settings\benjamin\Application Data\m"
Found ! [29/12/2008 17:20] - "C:\Documents and Settings\benjamin\Application Data\drivers"
Found ! [29/12/2008 18:36] - "C:\Documents and Settings\benjamin\Application Data\drivers\srosa.sys"
Found ! [29/12/2008 18:36] - "C:\Documents and Settings\benjamin\Application Data\drivers\srosa2.sys"
Found ! [04/05/2004 05:09] - "C:\Documents and Settings\benjamin\Application Data\drivers\winupgro.exe"
Found ! [29/12/2008 18:45] - "C:\Documents and Settings\benjamin\Application Data\drivers\downld"
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\144875.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\146234.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\151250.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\164140.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\165265.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\165296.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\172921.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\173515.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\174546.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\174968.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\196625.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\197718.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\198187.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\336921.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\373578.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\387703.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\392031.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\407734.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\409265.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\409859.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\410750.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\413250.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\415078.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\428406.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\429515.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\446640.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\446843.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\448328.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\448640.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\448890.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\452156.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\458593.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\474343.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\475328.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\475734.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\481468.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\481531.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\482625.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\483328.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\509453.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\510578.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\511234.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\524359.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\525906.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\525984.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\526250.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\526843.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\526875.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\545078.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\545953.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\546125.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\552828.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\573875.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\576296.exe
Found ! [29/12/2008 18:45] - C:\Documents and Settings\benjamin\Application Data\drivers\downld\576718.exe

»»»» Presence des fichiers dans C:\DOCUME~1\benjamin\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5

Found ! [23/11/2008 15:17] - C:\Documents and Settings\benjamin\Local Settings\Application Data\HP\Digital Imaging\Vault\87b640f7_453553.jpg
Found ! [29/12/2008 18:44] - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\65ENS1UZ\b64_1[1].jpg
Found ! [29/12/2008 17:54] - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\65ENS1UZ\b64_2[1].jpg
Found ! [29/12/2008 17:48] - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\65ENS1UZ\b64_3[1].jpg
Found ! [29/12/2008 18:38] - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\65ENS1UZ\b64_3[2].jpg
Found ! [29/12/2008 18:42] - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\GPQ389IN\b64[1].jpg
Found ! [29/12/2008 17:51] - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\OHKY4TPV\b64[1].jpg
Found ! [29/12/2008 18:44] - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\OHKY4TPV\b64_2[1].jpg
Found ! [29/12/2008 17:53] - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\W9ANOD2F\b64_1[1].jpg
Found ! [29/12/2008 17:32] - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\W9ANOD2F\b64_3[1].jpg
Found ! [16/02/2008 20:31] - C:\Documents and Settings\benjamin\Mes documents\Ma musique\lots\AlbumArt_{C68FEB55-1E5A-47E1-B649-A3F9CEEDBCA0}_Large.jpg
Found ! [16/02/2008 20:31] - C:\Documents and Settings\benjamin\Mes documents\Ma musique\lots\AlbumArt_{C68FEB55-1E5A-47E1-B649-A3F9CEEDBCA0}_Small.jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
BitTorrent DNA="C:\Program Files\DNA\btdna.exe"
Sony Ericsson PC Suite="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
High Definition Audio Property Page Shortcut=HDAShCut.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
ATICCC="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
LFAgent=
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
avast!=C:\Avast\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\btdna]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hpqptc08]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1005\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1005\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1005\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1005\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1005\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1005\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

SharedAccess - Type de démarrage = 2

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 13 / 88
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
29 déc. 2008 à 21:43
Nettoyage :

--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l’option 2 (Suppression)


/!\ Il y aura deux redémarrages, laisse travailler l’outil jusqu’à l’apparition du message "nettoyage effectué" /!\

/!\ Ne te sert pas du pc durant la suppression, ton bureau ne sera pas accessible, c’est normal ! /!\</gras>

= = = = >>> Ensuite poste le rapport FindyKill.txt <<< = = = =

Notes :
* Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\ FindyKill.txt)
* Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide
0
Réponse 14 / 88
dandyboy
29 déc. 2008 à 22:00
----------------- FindyKill V4.710 ------------------

* User : benjamin - SKETCH
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 21:53:05 the 29/12/2008
* Windows XP - Internet Explorer 6.0.2900.2180


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\rundll32.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\151250.EXE-11024698.pf
Deleted ! - C:\WINDOWS\prefetch\172921.EXE-29944310.pf
Deleted ! - C:\WINDOWS\prefetch\336921.EXE-1A304FEB.pf
Deleted ! - C:\WINDOWS\prefetch\373578.EXE-18F8DF66.pf
Deleted ! - C:\WINDOWS\prefetch\458593.EXE-03E2EE1D.pf
Deleted ! - C:\WINDOWS\prefetch\481531.EXE-2B2A4078.pf
Deleted ! - C:\WINDOWS\prefetch\504406.EXE-3788F8C4.pf
Deleted ! - C:\WINDOWS\prefetch\530968.EXE-04163613.pf
Deleted ! - C:\WINDOWS\prefetch\552828.EXE-3AB48961.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-04E94016.pf
Deleted ! - C:\WINDOWS\prefetch\INSTALL_CRACK.EXE-199179D9.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-006CDE43.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys

»»»» Supression files in C:\Documents and Settings\benjamin\Application Data

Deleted ! - "C:\Documents and Settings\benjamin\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\1a MS Access Password Recovery 6.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\3D Interstellar Voyager 1.3.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\3Dfm 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\4Musics AVI to MP3 Converter 4.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\70-272 - Supporting Users and Troubleshooting Desktop Applications Practice Test Questions 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\A Personal Diet Fitness Manager 1.7.3.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\ABViewer 6.3.0.27.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\AceaXe Plus 1.6.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Adv. Encryption Pro Plug-In for Win Explorer 4.0.5.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Advanced Phonebook 2.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Aigo Video to 3GP Converter 2.0.15.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\AlertPay Flash Button Creator 1.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\ARRL International DX Network Log 2.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Atrise ToHTML 2.2.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Audio Converter Mixer 3.1.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\AutoSurf 2.1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\AVG.7.0.Full.Edition.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\avg.anti.spyware.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Avoid Internet Disconnection 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Axoio HexStudio 5.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\BBC Radio 7 Player 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Blue Water Screen Saver 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Body Mass Assessor 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Breath 1.3.3.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Brightfilter 2008 2.0.0.9.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Bugs! 2.0.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\CAD Import .NET for Compact Framework 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\CF Project Cleaner 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\clamwin.antivirus.0.83.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Code 39 Barcode Premium Package 1.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Context File Information 8.02.1601.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Convert It - Unit Conversion Tool 1.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Curious Beeps 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\CZ-Doc2Htm 3.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\David Borenaz Screensaver.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Displaying 104001 - 106000 of 107598.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Driver Signature Enforcement Overrider 1.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\EdgeDesk 4.03.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Ennea Gramma 1.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Excellence Html Compress 2.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Farsight Icons 2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Fast Edit 4.0.11.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Field Day Log System 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Fileusage 2.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Flawless Look 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\FolderMagic 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\foo g15lcd 0.3a.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Forum Proxy Leecher 1.10.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Frame Photo Editor 3.0.2.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Grafitti AIM Expression 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\HammerHead Rhythm Station 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\httpZip 3.8.8.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Icon Viewer 3.51.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\IM Video Image Capture 4.0.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\ImageForge Master Edition 3.60.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\IncrediFlash Intro and Banner Studio 1.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\InTranslate 0.1.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\iOrgSoft WMA Converter 1.6.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\IPScanner 1.90.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\ITLocus Charting 1.4.15.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\IView Inventory Manager 3.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\iView MediaPro 3.1.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Kentico Compare SQL 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\KinTools 0.2.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\LinkProver 2.1d.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\LLCryptoLib 1.8.1024.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Lotto Assistant RSA Edition 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Magic Video Capture 7.0.0.181.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Magicbit DVD to DivX Converter 6.4.10.1106.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Magneto Software Internet Controls Pack 1.0.0.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Mani II Screen Saver 1.0.8.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Mapdraw Deed Plotter 6.20.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\MaxChat 2006 2.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\MaxLister 2.41.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Mcafee.Personal.Firewall.2005-In.Italiano-.Craccato^Werit^.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\MessagePoint Standard Edition 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Milliliter Converter 1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Moyea Video to iPhone Converter 1.2.1.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\MP3 Slicer 1.0.1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Mute 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\NCTVideoConverter ActiveX DLL v.2.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Network Event Viewer 8.0.0.67.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Notebook Report Writer 2.3.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Numerology Explorer 2.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Online Store Kit 3.0 Lite 3.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Opell DVD to Apple TV Converter 2.3.4.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Origin Webminer 1.5.686.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Panda.Antivirus.+.Firewall.2007el.mejor.con.crak.y.multilenguaje.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Panda_Antivirus_+_Firewall_2007_7.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\PC MACLAN 9.0.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\PDF Snake 4.14.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\PhotosLog 6.3.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\PocketLearn Viewer 1.00.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Portable Audio Tagging Tools 3.0.1.1079.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\ProductNet 2.98.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\ProStockMaster 1.5.5.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Protect Folder Plus 2.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Question Writer 3.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Raw Copy 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Recovery Toolbox for Outlook Express Password 1.1.7.17.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Remote Software Installation Utility 2008.3.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\ReplaceStr 1.01.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\RER DVD to AVI Converter 3.5.1.1128.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Right Hairstyle For Your Face Shape 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\RM WAV Converter 1.10.7.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\SectorSpyXP 2.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\SecuExpress 2.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Serandom Screensaver Manager 2.0.4.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\SharePoint Form Validation 1.1.1114.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Snappy Fax Archive Manager 1.7.1.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Spherical Screensaver 1.01.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Steam Gage 1.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Stylish Clock 1.5.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Tadpole Auction Watcher 1.0.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\taskTome 1.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\The Job Log 3.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\The LION 90.7fm 1.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\The Report King for Reception 6.1.3.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\UniFox 1.3.9.1.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\VideoWDMControl 2.2.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Vista icon set 1.7.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Website Toolbox Pro 1.0.6.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Windows Live Tools November 2007 CTP 0.1.0.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\WinLock 7.0.zip
Deleted ! - C:\Documents and Settings\benjamin\Application Data\m\shared\Yahoo! Fantasy Standings 1.3.2.zip
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\m"
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\drivers\winupgro.exe"
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\144875.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\146234.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\151250.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\164140.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\165265.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\165296.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\172921.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\173515.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\174546.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\174968.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\196625.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\197718.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\198187.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\336921.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\373578.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\387703.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\392031.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\407734.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\409265.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\409859.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\410750.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\413250.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\415078.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\428406.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\429515.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\446640.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\446843.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\448328.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\448640.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\448890.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\452156.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\458593.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\474343.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\475328.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\475734.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\481468.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\481531.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\482625.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\483328.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\509453.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\510578.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\511234.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\524359.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\525906.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\525984.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\526250.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\526843.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\526875.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\545078.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\545953.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\546125.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\552828.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\573875.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\576296.exe
Deleted ! - C:\Documents and Settings\benjamin\Application Data\drivers\downld\576718.exe
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\benjamin\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\benjamin\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Application Data\HP\Digital Imaging\Vault\87b640f7_453553.jpg
Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\65ENS1UZ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\65ENS1UZ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\65ENS1UZ\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\65ENS1UZ\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\GPQ389IN\b64[1].jpg
Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\OHKY4TPV\b64[1].jpg
Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\OHKY4TPV\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\W9ANOD2F\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\benjamin\Local Settings\Temporary Internet Files\Content.IE5\W9ANOD2F\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\benjamin\Mes documents\Ma musique\lots\AlbumArt_{C68FEB55-1E5A-47E1-B649-A3F9CEEDBCA0}_Large.jpg
Deleted ! - C:\Documents and Settings\benjamin\Mes documents\Ma musique\lots\AlbumArt_{C68FEB55-1E5A-47E1-B649-A3F9CEEDBCA0}_Small.jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1005\Software\Local AppWizard-Generated Applications\install_crack
Deleted ! - HKEY_USERS\S-1-5-21-823518204-412668190-839522115-1005\Software\Local AppWizard-Generated Applications\winupgro

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !


+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\benjamin\Recent\install_crack.txt.lnk


---------------- ! End of report ! ------------------
0
Réponse 15 / 88
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
29 déc. 2008 à 22:02
Très bien.

- Télécharge HijackThis Version 2.02 :
= = = = >>> En cliquant ici <<< = = = =

- Enregistre HJTInstall.exe sur ton bureau.
- Fais un double-clic (gauche) sur HJTInstall.exe afin de lancer l’installation
- Clique sur Install ensuite sur « I Accept »
- Clique sur « Do a scan system and save log file »
- Le bloc-notes s’ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
0
Réponse 16 / 88
dandyboy
29 déc. 2008 à 22:05
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:51, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\Avast\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\benjamin\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\benjamin\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?145ccd87f3a04f28ba7838e04a638431
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?145ccd87f3a04f28ba7838e04a638431
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EA61A8A-CCD0-4067-907E-CD6BD2F896B4}: NameServer = 84.103.237.145 86.64.145.145
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 17 / 88
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
29 déc. 2008 à 22:10
Télécharges ToolBar S&D ( de Eric_71 )
= = = = >>> En cliquant ici <<< = = = =

Tuto si besoin en cliquant ICI

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipulation !!
* Double-cliques sur l’exécutable pour lancer l’outil
* Une fois fait, tape F pour sélectionner le Français
* Choisis l’option 1 (Recherche) et tape sur Entrée.
* Une fois le scan finit, un rapport va apparaître au format .txt.
* Copie-colle l’intégralité de son contenu dans ta prochaine réponse ...
Note :
Le rapport est sauvegardé ici : C:\TB.txt
0
Réponse 18 / 88
dandyboy
29 déc. 2008 à 22:16
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Award Modular BIOS v6.00PG
USER : benjamin ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:186 Go (Free:106 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:7 Go (Free:7 Go)
F:\ (Local Disk)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 29/12/2008|22:14 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\08C58092
C:\Program Files\AskBarDis\bar\Cache\08C5863F.bin
C:\Program Files\AskBarDis\bar\Cache\08C58B60.bin
C:\Program Files\AskBarDis\bar\Cache\08C58E2E.bin
C:\Program Files\AskBarDis\bar\Cache\08C5916A.bin
C:\Program Files\AskBarDis\bar\Cache\08C59449.bin
C:\Program Files\AskBarDis\bar\Cache\08C5961E.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm

-----------\\ Extensions

(benjamin) - {888d99e7-e8b5-46a3-851e-1ec45da1e644} => reloadevery
(benjamin) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

(jean-louis) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.ask.com/?o=101764&l=dis"
"Search Page"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
"Search Bar"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="https://actus.sfr.fr"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\benjamin\Recent\install_crack.txt.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 29/12/2008|22:14 - Option : [1]

-----------\\ Fin du rapport a 22:14:45,70
0
Réponse 19 / 88
crapoulou Messages postés 28160 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 7 999
29 déc. 2008 à 22:20
Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipulation !!

Relance Toolbar-S&D en double-cliquant sur le raccourci.
* Tape l’option 2 (Nettoyage) puis tapes sur Entrée.
Notes :
Ne touche à rien lors de la suppression !
Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d’un nouveau rapport Hijackthis pour analyse ...
0
Réponse 20 / 88
dandyboy
29 déc. 2008 à 22:24
Rapport TB----------------------------------------------------------


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Award Modular BIOS v6.00PG
USER : benjamin ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:186 Go (Free:106 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:7 Go (Free:7 Go)
F:\ (Local Disk)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 29/12/2008|22:22 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(benjamin) - {888d99e7-e8b5-46a3-851e-1ec45da1e644} => reloadevery
(benjamin) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

(jean-louis) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.ask.com/?o=101764&l=dis"
"Search Page"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
"Search Bar"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="https://actus.sfr.fr"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\benjamin\Recent\install_crack.txt.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 29/12/2008|22:14 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 29/12/2008|22:22 - Option : [2]

-----------\\ Fin du rapport a 22:22:50,92
0

Discussions similaires

Prélèvement dri Avast software
Ml -
dadout -

2 réponses
message intempestifs d'avast : une menace a été détectée
ed62945077 -
Malekal_morte- -

3 réponses
arnaque par DRI AVAST
chlrd24 -
crooner76 -

8 réponses
DRI Avast software
Franoise -
Panth33ra -

20 réponses
arnaque de avast prelevement sans autorisation
petit -
Brijoue -

14 réponses