Sujet Précédent Sujet Suivant

Infection winupgro

Résolu
Jeff25000 -  
 Utilisateur anonyme -
Bonjour,
Ben un peu comme les autres je suis victime de winupgro (je l'ai bien cherché en jouant avec une mule)
et je n'arrive pas a m'en débarasser.
Pouvez vous me donner un coup de main, merci d'avance.

Voici un rapport findykill

----------------- FindyKill V4.710 ------------------

* User : Jeff et Estelle - BOLE-DU-CHOMONT
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 16:31:17 le 01/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
H:\Install\EZSERVICE.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
H:\Install\Agent.exe
H:\Install\ASUS_IRAppl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\134093.EXE-0D37D764.pf
Found ! - C:\WINDOWS\prefetch\135796.EXE-1FF31220.pf
Found ! - C:\WINDOWS\prefetch\156109.EXE-2042B2EF.pf
Found ! - C:\WINDOWS\prefetch\15634671.EXE-3B3B6D76.pf
Found ! - C:\WINDOWS\prefetch\293562.EXE-01C601C4.pf
Found ! - C:\WINDOWS\prefetch\54406.EXE-3988A344.pf
Found ! - C:\WINDOWS\prefetch\61453.EXE-220E3A7D.pf
Found ! - C:\WINDOWS\prefetch\64796.EXE-12AA9531.pf
Found ! - C:\WINDOWS\prefetch\73937.EXE-38D508AE.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-1A7AE0C4.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [01/01/2009 16:02] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\Jeff et Estelle\Application Data

Found ! [31/12/2008 14:59] - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers"
Found ! [01/01/2009 16:19] - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\srosa.sys"
Found ! [01/01/2009 16:19] - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\srosa2.sys"
Found ! [02/10/2005 05:09] - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\winupgro.exe"
Found ! [01/01/2009 16:19] - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld"
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\114078.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\115828.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\116140.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\129546.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\130093.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\130125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\131421.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\131937.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\131953.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\134093.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\135796.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\155890.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\156109.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15629703.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15630031.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15634671.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\156640.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\156828.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15685562.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15686328.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15686656.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\156953.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\157140.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\161468.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\161843.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\163843.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\164156.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\166343.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\167375.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\167593.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\168453.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\173156.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\175343.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\175640.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\195671.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\197625.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\197656.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\201375.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\202156.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\207125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\207921.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\207953.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\211765.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\213125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\213562.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\214312.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\215187.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\215625.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\215734.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\217015.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\217515.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\218359.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\219187.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\219796.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\220890.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\222140.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\222578.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\223312.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\224031.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\224500.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\229156.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\234234.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\235093.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\235296.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\239953.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\240609.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\240921.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\251187.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\252281.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\252687.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\268453.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\271125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\271171.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\271578.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\285515.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\286812.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\287265.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\288000.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\288734.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\289171.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\293562.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\297125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\309156.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\309812.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\310125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\322328.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\323078.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\323484.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\332375.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\333000.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\345265.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\346390.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\346843.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\347687.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\348562.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\349015.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\368953.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\383718.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\384218.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\384281.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\48281.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\49031.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\49046.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\49859.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\49890.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\50265.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\50281.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\50359.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\51984.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\52421.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54109.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54140.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54218.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54406.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54484.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\55062.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\55156.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\55531.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\55546.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56109.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56203.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56250.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56562.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56609.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56906.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57015.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57421.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57437.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57484.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\58890.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\58953.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60375.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60437.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60703.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60812.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60953.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60968.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\61125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\61453.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\61953.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\61984.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\63109.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\63234.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\64718.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\64796.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\66125.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\70187.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\70500.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\70593.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\71265.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\72796.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\73171.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\73359.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\73671.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\73937.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\74562.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\74875.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\76312.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\77015.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\77062.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\77359.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\80203.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\80906.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\80937.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\81250.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\81468.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\81796.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\82031.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\82343.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\85000.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\85765.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\86078.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\86687.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\87453.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\87765.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\94937.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\95515.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\95843.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\96828.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\97515.exe
Found ! [01/01/2009 16:19] - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\97859.exe

»»»» Presence des fichiers dans C:\DOCUME~1\JEFFET~1\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\Jeff et Estelle\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
RTHDCPL=RTHDCPL.EXE
SoundMan=SOUNDMAN.EXE
AlcWzrd=ALCWZRD.EXE
Alcmtr=ALCMTR.EXE
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Persistence=C:\WINDOWS\system32\igfxpers.exe
EasyTuneVI=C:\Program Files\GIGABYTE\ET6\ETcall.exe
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
GBTUpd=C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
PCMService="C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
nwiz=nwiz.exe /install
OPSE reminder="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
OpwareSE2="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
PCTAVApp="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\ASUSTeKRCAppl]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\HViewer]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\InstallDriver]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Philips Intelligent Agent]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1644491937-1844237615-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1644491937-1844237615-725345543-1004\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1644491937-1844237615-725345543-1004\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1644491937-1844237615-725345543-1004\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

H: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

11 réponses

Réponse 1 / 11
Utilisateur anonyme
 
Salut ,

peux tu faire ceci avant de commencer a désinfecter ?

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de :

WINTEMS

- Type de recherche : sélectionne l'option 6 puis valide

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

et recommence avec : MDELK

ensuite :

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
/!\ A lire dans tons cas 1 : http://www.libellules.ch/...
/!\ A lire dans tons cas 2 : http://forum.malekal.com/ftopic893.php
/!\ A visionner : http://secuboxlabs.fr/archives/computertoday.html
0
Jeff25000
 
Merci pour ta réponse super rapide donc le rapport de la premiere recherche
01/01/2009 ---- 16:53:36,68

----------------------------------
§§§§§§ [WINTEMS] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

c:\Avenger\wintems.exe
c:\WINDOWS\Prefetch\WINTEMS.EXE-377E42D4.pf


*********************
[Même date]
*********************

[31/12/2008 ] --- REP ---> C:\Program Files\CCleaner
[31/12/2008 ] --- REP ---> C:\Program Files\Jaquette Express
[31/12/2008 ] ---> C:\WINDOWS\uninst.exe



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------



Puis de la seconde


01/01/2009 ---- 16:57:17,51

----------------------------------
§§§§§§ [MDELK] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

c:\WINDOWS\Prefetch\MDELK.EXE-0EF461CE.pf


*********************
[Même date]
*********************

[31/12/2008 ] --- REP ---> C:\Program Files\CCleaner
[31/12/2008 ] --- REP ---> C:\Program Files\Jaquette Express
[31/12/2008 ] ---> C:\WINDOWS\uninst.exe



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
jeff2500
 
Merci cela a marcher , j'ai essayer plusieur fois de rentrer le rapprot mais impossible, merci encore pour ton aide
0
Réponse 2 / 11
Utilisateur anonyme
 
merci pour les rapports , passe a la suite
0
Jeff25000
 
et bien lorsque j'execute la suite au debut tout se passe bien puis ensuite ecran bleu et il me dit que le fichier srora.sys pause probleme et que si le problème persiste consulter l'administrateur
0
Réponse 3 / 11
Utilisateur anonyme
 
ok réitere l opération stp srosa.sys c est le rookit infecteux
0
Jeff25000
 
Cette fois cela a fonctionné, je poste le rapport mais au cours du nettoyage il m'a marqué 2 clés impossibles à accéder est ce normal

Le rapport



----------------- FindyKill V4.710 ------------------

* User : Jeff et Estelle - BOLE-DU-CHOMONT
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 17:10:52 the 01/01/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\134093.EXE-0D37D764.pf
Deleted ! - C:\WINDOWS\prefetch\135796.EXE-1FF31220.pf
Deleted ! - C:\WINDOWS\prefetch\156109.EXE-2042B2EF.pf
Deleted ! - C:\WINDOWS\prefetch\15634671.EXE-3B3B6D76.pf
Deleted ! - C:\WINDOWS\prefetch\293562.EXE-01C601C4.pf
Deleted ! - C:\WINDOWS\prefetch\54406.EXE-3988A344.pf
Deleted ! - C:\WINDOWS\prefetch\61453.EXE-220E3A7D.pf
Deleted ! - C:\WINDOWS\prefetch\64796.EXE-12AA9531.pf
Deleted ! - C:\WINDOWS\prefetch\73937.EXE-38D508AE.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-1A7AE0C4.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys

»»»» Supression files in C:\Documents and Settings\Jeff et Estelle\Application Data

Deleted ! - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\winupgro.exe"
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\114078.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\115828.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\116140.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\129546.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\130093.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\130125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\131421.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\131937.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\131953.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\134093.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\135796.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\155890.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\156109.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15629703.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15630031.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15634671.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\156640.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\156828.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15685562.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15686328.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\15686656.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\156953.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\157140.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\161468.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\161843.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\163843.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\164156.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\166343.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\167375.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\167593.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\168453.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\173156.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\175343.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\175640.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\195671.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\197625.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\197656.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\201375.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\202156.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\207125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\207921.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\207953.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\211765.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\213125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\213562.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\214312.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\215187.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\215625.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\215734.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\217015.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\217515.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\218359.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\219187.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\219796.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\220890.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\222140.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\222578.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\223312.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\224031.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\224500.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\229156.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\234234.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\235093.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\235296.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\239953.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\240609.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\240921.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\251187.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\252281.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\252687.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\268453.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\271125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\271171.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\271578.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\285515.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\286812.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\287265.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\288000.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\288734.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\289171.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\293562.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\297125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\309156.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\309812.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\310125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\322328.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\323078.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\323484.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\332375.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\333000.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\345265.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\346390.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\346843.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\347687.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\348562.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\349015.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\368953.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\383718.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\384218.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\384281.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\48281.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\49031.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\49046.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\49859.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\49890.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\50265.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\50281.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\50359.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\51984.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\52421.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54109.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54140.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54218.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54406.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\54484.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\55062.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\55156.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\55531.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\55546.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56109.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56203.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56250.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56562.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56609.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\56906.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57015.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57421.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57437.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\57484.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\58890.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\58953.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60375.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60437.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60703.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60812.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60953.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\60968.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\61125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\61453.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\61953.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\61984.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\63109.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\63234.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\64718.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\64796.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\66125.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\70187.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\70500.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\70593.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\71265.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\72796.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\73171.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\73359.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\73671.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\73937.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\74562.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\74875.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\76312.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\77015.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\77062.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\77359.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\80203.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\80906.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\80937.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\81250.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\81468.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\81796.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\82031.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\82343.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\85000.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\85765.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\86078.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\86687.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\87453.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\87765.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\94937.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\95515.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\95843.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\96828.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\97515.exe
Deleted ! - C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld\97859.exe
Deleted ! - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Jeff et Estelle\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\JEFFET~1\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Jeff et Estelle\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-1644491937-1844237615-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !


+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

H: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------
0
jeff25000
 
Voila le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:03, on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\WINDOWS\System32\svchost.exe
H:\Install\EZSERVICE.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Install\Agent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Install\ASUS_IRAppl.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230718330860&h=ac7b22c5c46e41f7b95ed6fd26b306ab/&filename=jinstall-6u11-windows-i586-jc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: EZSERVICE - Unknown owner - H:\Install\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 4 / 11
Utilisateur anonyme
 
lol je vois ça

tu dois avoir dans ta liste de crack certains termes qui ne passe pas sur ccm

supprime tes cracks c est eux qui ont véhiculé l infection

Télécharge HijackThis (outils de diagnostic) ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> HijackThis

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
Utilisateur anonyme
 
re

il y a un bug sur le topic , attend l intervention d un modo stp ..
0
jeff25000
 
Voila le rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:03, on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\WINDOWS\System32\svchost.exe
H:\Install\EZSERVICE.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\system32\ctfmon.exe
H:\Install\Agent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Install\ASUS_IRAppl.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: EZSERVICE - Unknown owner - H:\Install\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 6 / 11
Utilisateur anonyme
 
Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt
0
jeff25000
 
voici le premier

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeff et Estelle at 2009-01-02 17:28:46
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 11 GB (37%) free of 31 GB
Total RAM: 3070 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:47, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\System32\svchost.exe
H:\Install\EZSERVICE.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
H:\Install\Agent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Install\ASUS_IRAppl.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\eMule\emule.exe
c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Jeff et Estelle\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeff et Estelle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230718330860&h=ac7b22c5c46e41f7b95ed6fd26b306ab/&filename=jinstall-6u11-windows-i586-jc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: EZSERVICE - Unknown owner - H:\Install\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
jeff25000
 
voici le premier

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeff et Estelle at 2009-01-02 17:28:46
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 11 GB (37%) free of 31 GB
Total RAM: 3070 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:47, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\GIGABYTE\ET6\GUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\System32\svchost.exe
H:\Install\EZSERVICE.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
H:\Install\Agent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\nvsvc32.exe
H:\Install\ASUS_IRAppl.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\eMule\emule.exe
c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Jeff et Estelle\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeff et Estelle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Jeff et Estelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230718330860&h=ac7b22c5c46e41f7b95ed6fd26b306ab/&filename=jinstall-6u11-windows-i586-jc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: EZSERVICE - Unknown owner - H:\Install\EZSERVICE.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 7 / 11
Utilisateur anonyme
 
ok

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\Avenger

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
"GEST"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

:commands
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite :

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0
jeff25000
 
Voila deja le rapport OTmoveit3

Je vais passer toolscleaner et je te poste le rapport


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Avenger\m-ren-283\shared moved successfully.
C:\Avenger\m-ren-283 moved successfully.
C:\Avenger\m-ren-194\shared moved successfully.
C:\Avenger\m-ren-194 moved successfully.
C:\Avenger\m\shared moved successfully.
C:\Avenger\m moved successfully.
C:\Avenger moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_158.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_564.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01022009_180430
0
Réponse 8 / 11
jeff25000
 
Puis voici le rapport de tcleanerencore merci pour ton aide
0
Réponse 9 / 11
jeff25000 Messages postés 4 Statut Membre
 
[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\FindyKill.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Jeff et Estelle\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Jeff et Estelle\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\_OTMoveIt\MovedFiles\01022009_180430\avenger: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\Jeff et Estelle\Bureau\OTMoveIt3.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Jeff et Estelle\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
Point de restauration crée !
Sauvegarde du registre crée !
0
Réponse 10 / 11
Utilisateur anonyme
 
ok^parfait , c est finit

@++
0
jeff25000 Messages postés 4 Statut Membre
 
Merci bcp et j'ai retenu la lecon plus de crack et de keygen

bye
0
Réponse 11 / 11
Utilisateur anonyme
 
-;)
0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses
Infection Bloom ?
ccm81 -
fabul -

8 réponses