pb avast bis

Question

Bonjour,
g un gro pb.lorsque je lance avast.ca me dit ke ce n est pa une application win32 valide.je sui alor venu sur ce site et une personne m a envoyer un lien pour lui faire parvenr un rapport d erreurs msje n arrive pa a ouvrir le lien comment faire alor ?

Destrio5 · Answer

Salut,

--> Télécharge FindyKill (par Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 1 (Recherche).

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Destrio5 · Answer

Double-clique sur le raccourci en forme de clés.

casillas · Answer

je  n arrive pa a envoyer le rapport

Destrio5 · Answer

Dans ce cas-là, peux-tu me l'uploader ?

---> Uploader un fichier sur Mediafire :
&#9679; Rends-toi sur ce lien : https://www.mediafire.com/
&#9679; Clique en haut sur Upload files To Media fire. Choisis ensuite I want to upload without an account.
&#9679; Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur ouvrir.
&#9679; Clique ensuite sur Upload.
&#9679; A droite de l'écran, choisis : upload to a new folder. Laisse le nom par défaut (= la date).
&#9679; Valide et laisse l'upload se faire.
&#9679; Clique sur View uploaded file et copie-moi l'url (= le lien) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.

casillas · Answer

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\WINDOWS\system32\ICO.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
D:\Program Files\EoRezo\EoEngine.exe
D:\Documents and Settings\casillas\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Neuf\Media Center\MediaCenter.exe
D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe
D:\documents and settings\casillas\local settings\application data\moogqiw.exe
D:\Documents and Settings\casillas\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
D:\Documents and Settings\casillas\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Neuf\Media Center\httpd\httpd.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Neuf\Media Center\httpd\httpd.exe
D:\WINDOWS\system32\Pelmiced.exe
D:\DOCUME~1\casillas\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\Windows Live\Toolbar\wltuser.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
 
--------------- [ Processus infectieux stoppés ] ----------------  
 

"D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe"  (168)

 
--------------- [ Fichiers/Dossiers infectieux ] ----------------  
 
 
»»»» Presence des fichiers dans D: 
 
 
»»»» Presence des fichiers dans D:\WINDOWS 
 
 
»»»» Presence des fichiers dans D:\WINDOWS\Prefetch 
 
Found ! - D:\WINDOWS\prefetch\917546.EXE-00070486.pf 
Found ! - D:\WINDOWS\prefetch\93562.EXE-1413D9CD.pf 
Found ! - D:\WINDOWS\prefetch\FLEC006.EXE-13B7718B.pf 
Found ! - D:\WINDOWS\prefetch\MDELK.EXE-3B00332D.pf 
Found ! - D:\WINDOWS\prefetch\WINTEMS.EXE-2B1270B6.pf 
 
»»»» Presence des fichiers dans D:\WINDOWS\system32 
 
Found ! [14/01/2009 16:06] - D:\WINDOWS\system32\mdelk.exe 
Found ! [14/01/2009 16:06] - D:\WINDOWS\system32\wintems.exe 
Found ! [14/01/2009 16:08] - D:\WINDOWS\system32\ban_list.txt 
 
»»»» Presence des fichiers dans D:\WINDOWS\system32\drivers 
 
 
»»»» Presence des fichiers dans D:\Documents and Settings\casillas\Application Data 
 
Found ! [14/01/2009 12:03] - "D:\Documents and Settings\casillas\Application Data\m\flec006.exe" 
Found ! [14/01/2009 12:04] - "D:\Documents and Settings\casillas\Application Data\m\list.oct" 
Found ! [14/01/2009 12:04] - "D:\Documents and Settings\casillas\Application Data\m\data.oct" 
Found ! [14/01/2009 12:04] - "D:\Documents and Settings\casillas\Application Data\m\srvlist.oct" 
Found ! [14/01/2009 16:09] - "D:\Documents and Settings\casillas\Application Data\m\shared" 
Found ! [09/01/2009 01:38] - "D:\Documents and Settings\casillas\Application Data\m" 
Found ! [08/01/2009 21:10] - "D:\Documents and Settings\casillas\Application Data\drivers" 
Found ! [14/01/2009 16:06] - "D:\Documents and Settings\casillas\Application Data\drivers\srosa.sys" 
Found ! [14/01/2009 16:05] - "D:\Documents and Settings\casillas\Application Data\drivers\srosa2.sys" 
Found ! [13/06/2006 10:06] - "D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe" 
Found ! [14/01/2009 16:25] - "D:\Documents and Settings\casillas\Application Data\drivers\downld" 
 
»»»» Presence des fichiers dans D:\DOCUME~1\casillas\LOCALS~1\Temp

Destrio5 · Answer

Le rapport n'est pas complet.

http://www.commentcamarche.net/forum/affich 10494324 pb avast bis?#5

casillas · Answer

je n ai ke ca il te manquerai koi?

----------------- FindyKill V4.711 ------------------

* User : casillas - GUIGUI-003324DA
* Emplacement : D:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 16:35:16 le 14/01/2009
* Windows XP - Internet Explorer 7.0.5730.13
 
((((((((((((((((( *** Recherche *** ))))))))))))))))))  
 
 
--------------- [ Processus actifs ] ----------------  
 

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\WINDOWS\system32\ICO.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
D:\Program Files\EoRezo\EoEngine.exe
D:\Documents and Settings\casillas\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Neuf\Media Center\MediaCenter.exe
D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe
D:\documents and settings\casillas\local settings\application data\moogqiw.exe
D:\Documents and Settings\casillas\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
D:\Documents and Settings\casillas\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Neuf\Media Center\httpd\httpd.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Neuf\Media Center\httpd\httpd.exe
D:\WINDOWS\system32\Pelmiced.exe
D:\DOCUME~1\casillas\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\Windows Live\Toolbar\wltuser.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
 
--------------- [ Processus infectieux stoppés ] ----------------  
 

"D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe"  (168)

 
--------------- [ Fichiers/Dossiers infectieux ] ----------------  
 
 
»»»» Presence des fichiers dans D: 
 
 
»»»» Presence des fichiers dans D:\WINDOWS 
 
 
»»»» Presence des fichiers dans D:\WINDOWS\Prefetch 
 
Found ! - D:\WINDOWS\prefetch\917546.EXE-00070486.pf 
Found ! - D:\WINDOWS\prefetch\93562.EXE-1413D9CD.pf 
Found ! - D:\WINDOWS\prefetch\FLEC006.EXE-13B7718B.pf 
Found ! - D:\WINDOWS\prefetch\MDELK.EXE-3B00332D.pf 
Found ! - D:\WINDOWS\prefetch\WINTEMS.EXE-2B1270B6.pf 
 
»»»» Presence des fichiers dans D:\WINDOWS\system32 
 
Found ! [14/01/2009 16:06] - D:\WINDOWS\system32\mdelk.exe 
Found ! [14/01/2009 16:06] - D:\WINDOWS\system32\wintems.exe 
Found ! [14/01/2009 16:08] - D:\WINDOWS\system32\ban_list.txt 
 
»»»» Presence des fichiers dans D:\WINDOWS\system32\drivers 
 
 
»»»» Presence des fichiers dans D:\Documents and Settings\casillas\Application Data 
 
Found ! [14/01/2009 12:03] - "D:\Documents and Settings\casillas\Application Data\m\flec006.exe" 
Found ! [14/01/2009 12:04] - "D:\Documents and Settings\casillas\Application Data\m\list.oct" 
Found ! [14/01/2009 12:04] - "D:\Documents and Settings\casillas\Application Data\m\data.oct" 
Found ! [14/01/2009 12:04] - "D:\Documents and Settings\casillas\Application Data\m\srvlist.oct" 
Found ! [14/01/2009 16:09] - "D:\Documents and Settings\casillas\Application Data\m\shared" 
Found ! [09/01/2009 01:38] - "D:\Documents and Settings\casillas\Application Data\m" 
Found ! [08/01/2009 21:10] - "D:\Documents and Settings\casillas\Application Data\drivers" 
Found ! [14/01/2009 16:06] - "D:\Documents and Settings\casillas\Application Data\drivers\srosa.sys" 
Found ! [14/01/2009 16:05] - "D:\Documents and Settings\casillas\Application Data\drivers\srosa2.sys" 
Found ! [13/06/2006 10:06] - "D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe" 
Found ! [14/01/2009 16:25] - "D:\Documents and Settings\casillas\Application Data\drivers\downld" 
 
»»»» Presence des fichiers dans D:\DOCUME~1\casillas\LOCALS~1\Temp

Destrio5 · Answer

--> Supprime le fichier qui t'a infecté.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

casillas · Answer

desole du tp ke ca a mis 

----------------- FindyKill V4.711 ------------------

* User : casillas - GUIGUI-003324DA
* executed from : D:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 17:21:25 the 14/01/2009
* Windows XP - Internet Explorer 7.0.5730.13
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\logonui.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\userinit.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\svchost.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in D: 
 
 
»»»» Supression files in D:\WINDOWS 
 
 
»»»» Supression files in D:\WINDOWS\Prefetch 
 
Deleted ! - D:\WINDOWS\prefetch\231062.EXE-0685641F.pf 
 
»»»» Supression files in D:\WINDOWS\system32 
 
 
»»»» Supression files in D:\WINDOWS\system32\drivers 
 
 
»»»» Supression files in D:\Documents and Settings\casillas\Application Data 
 
Deleted ! - "D:\Documents and Settings\casillas\Application Data\drivers\srosa.sys"  
Deleted ! - "D:\Documents and Settings\casillas\Application Data\drivers\srosa2.sys"  
Deleted ! - "D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe"  
Deleted ! - "D:\Documents and Settings\casillas\Application Data\drivers\downld"  
Deleted ! - "D:\Documents and Settings\casillas\Application Data\drivers"  
 
»»»» Supression files in D:\DOCUME~1\casillas\LOCALS~1\Temp 
 
 
»»»» Supression files in D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5 
 
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\1CM8CYW1\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\1CM8CYW1\b64_3[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\1CM8CYW1\file[1].txt    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\1CM8CYW1\servernames[1].htm    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64_1[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64_1[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64_1[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64_2[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64_2[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64_2[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64_2[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\b64_3[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\file[1].txt    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\file[2].txt    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\2V7O2X9W\servernames[1].htm    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64[6].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64[7].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64[8].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[10].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[11].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[6].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[7].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[8].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_1[9].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_2[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_2[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_2[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_2[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_2[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_3[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_3[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_3[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_3[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_3[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_3[6].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\b64_3[7].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\mxd[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\mxd[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\mxd[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64[6].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64[7].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64[8].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_1[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_1[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_1[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_1[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_1[6].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_2[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_2[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_2[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_2[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_3[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_3[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_3[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_3[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_3[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\b64_5[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\mxd[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\mxd[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\mxd[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\DRD02J05\mxd[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_1[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_1[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_1[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_1[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_1[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_1[6].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_1[7].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_1[8].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_1[9].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_2[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_2[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_2[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_2[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_2[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_2[6].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_3[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_3[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_3[3].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_3[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_3[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_3[6].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\b64_3[7].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\mxd[1].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\mxd[2].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\mxd[4].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\mxd[5].jpg    
Deleted ! - D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\OJ8OGWYU\servernames[1].htm    
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_CURRENT_USER\Software\bisoft   
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4   
Deleted ! - HKEY_CURRENT_USER\Software\FirtR   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe   
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-261478967-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro   
Deleted ! - HKEY_USERS\S-1-5-21-1220945662-261478967-725345543-1004\Software\FFC   
 
--------------- [ States / Restarting of services ] ---------------- 
 
+- Safe boot mode restored ! 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

Ndisuio - Type of startup  = 3 
 
EapHost - Type of startup  = 2 
 
Ip6Fw - Type of startup  = 2 
 
SharedAccess - Type of startup  = 2 
 
wuauserv - Type of startup  = 2 
 
wscsvc - Type of startup  = 2 
 
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

 
+- deleting files : 
 
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
 
 -> Not found ! 
 
 
--------------- [ Searching Other Infections ] ----------------  
 
 
Références de comparaison Bagle MD5 :

d8a9e541edae327d4fd34bcd80d34eac  D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe 

Suspect ! - d8a9e541edae327d4fd34bcd80d34eac  D:\Program Files\CCleaner\CCleaner.exe  
 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
 
 
---------------- ! End of report ! ------------------

Destrio5 · Answer

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes
explorer.exe 

:files 
D:\Program Files\CCleaner\CCleaner.exe 

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Destrio5 · Answer

---> Réinstalle les applications qui ont été infectées (Antivirus...).

---> Puis fais ceci :

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

casillas · Answer

Error: Unable to interpret in the current context! Error: Unable to interpret in the current context! ========== FILES ========== D:\Program Files\CCleaner\CCleaner.exe moved successfully. ========== COMMANDS ========== File delete failed. D:\DOCUME~1\casillas\LOCALS~1\Temp\RtkBtMnt.exe scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. D:\WINDOWS emp\Perflib_Perfdata_5dc.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01142009_175857 Files moved on Reboot... D:\DOCUME~1\casillas\LOCALS~1\Temp\RtkBtMnt.exe moved successfully. File move failed. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File D:\WINDOWS emp\Perflib_Perfdata_5dc.dat not found! Logfile of random's system information tool 1.05 (written by random/random) Run by casillas at 2009-01-14 18:14:58 Microsoft Windows XP Édition familiale Service Pack 3 System drive D: has 2 GB (19%) free of 10 GB Total RAM: 2038 MB (76% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:16:10, on 14/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\RTHDCPL.EXE D:\Program Files\Java\jre6\bin\jusched.exe D:\Program Files\Neuf\Kit\WiFi\9wifi.exe D:\WINDOWS\system32\ICO.EXE D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE D:\Program Files\EoRezo\EoEngine.exe D:\Documents and Settings\casillas\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Picasa2\PicasaMediaDetector.exe D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Neuf\Media Center\MediaCenter.exe D:\Documents and Settings\casillas\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe D:\Documents and Settings\casillas\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe D:\DOCUME~1\casillas\LOCALS~1\Temp\RtkBtMnt.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Windows Live\Toolbar\wltuser.exe D:\WINDOWS\system32\Pelmiced.exe D:\Documents and Settings\casillas\Local Settings\Temporary Internet Files\Content.IE5\ANMBT0BX\RSIT[1].exe D:\Program Files rend micro\casillas.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - D:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe" O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus D68 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [EoEngine] "D:\Program Files\EoRezo\EoEngine.exe" O4 - HKLM\..\Run: [SoftwareHelper] D:\Documents and Settings\casillas\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Neuf Media Center] "D:\Program Files\Neuf\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [qgmay] "d:\documents and settings\casillas\local settings\application data\qgmay.exe" qgmay O4 - HKCU\..\Run: [drvsyskit] D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe O4 - HKCU\..\Run: [german.exe] D:\WINDOWS\system32\wintems.exe O4 - HKCU\..\Run: [mule_st_key] D:\Documents and Settings\casillas\Application Data\m\flec006.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = D:\Documents and Settings\casillas\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/... O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe

Destrio5 · Answer

Il y a encore du nettoyage à faire.

--> Désinstalle EoEngine.

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

casillas · Answer

-------------- UsbFix V2.414 ---------------

* User : casillas - GUIGUI-003324DA
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 18:29:21 le 14/01/2009
* Windows Xp - Internet Explorer 7.0.5730.13

--------------- [ Processus actifs ] ----------------

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\logonui.exe
D:\WINDOWS\system32\userinit.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

I: - Lecteur fixe

+- Contenu de l'autorun : E:\autorun.inf

[autorun]
OPEN=setupSNK.exe
ICON=\SMRTNTKY\fcw.ico
ACTION=Assistant Réseau sans fil

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[10/12/2006 11:34][--a------] C:\autoexec.bat
[05/08/2004 14:00][-rahs----] C:\NTDETECT.COM
[07/06/2008 21:30][---hs----] C:\boot.ini
[11/12/2008 18:49][--a------] C:\log_lobby.txt
[11/12/2008 18:49][--a------] C:\log_lobby_dumper.txt
[18/09/2006 22:43][--a------] C:\config.sys
[18/09/2006 22:43][--a------] C:\IO.SYS
[18/09/2006 22:43][--a------] C:\MSDOS.SYS
[18/09/2006 22:43][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

+- Listing des fichiers présents :

[14/01/2009 17:24][--a------] D:\FindyKill.txt
[14/01/2009 17:24][--a------] D:\UsbFix.txt
[][] D:\pagefile.sys

--------------- [ Lecteur E ] ----------------

E: - Lecteur fixe

+- Listing des fichiers présents :

[13/04/2008 19:34][--a------] E:\setupSNK.exe
[10/09/2008 18:26][---hs----] E:\desktop.ini
[14/01/2009 17:35][--a------] E:\AUTORUN.INF

--------------- [ Lecteur I ] ----------------

I: - Lecteur fixe

+- Listing des fichiers présents :

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://actus.sfr.fr"
"Start Page"="http://y.lo.st"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ccleaner="D:\Program Files\CCleaner\CCleaner.exe" /AUTO
ctfmon.exe=D:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer=D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Picasa Media Detector=D:\Program Files\Picasa2\PicasaMediaDetector.exe
MSMSGS="D:\Program Files\Messenger\msmsgs.exe" /background
Neuf Media Center="D:\Program Files\Neuf\Media Center\MediaCenter.exe"
qgmay="d:\documents and settings\casillas\local settings\application data\qgmay.exe" qgmay
drvsyskit=D:\Documents and Settings\casillas\Application Data\drivers\winupgro.exe
german.exe=D:\WINDOWS\system32\wintems.exe
mule_st_key=D:\Documents and Settings\casillas\Application Data\m\flec006.exe
moogqiw="d:\documents and settings\casillas\local settings\application data\moogqiw.exe" moogqiw

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
SunJavaUpdateSched="D:\Program Files\Java\jre6\bin\jusched.exe"
Autoconfigurateur WiFi Neuf="D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
Mouse Suite 98 Daemon=ICO.EXE
Adobe Reader Speed Launcher="D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
EPSON Stylus D68 Series=D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
EoEngine=
SoftwareHelper=D:\Documents and Settings\casillas\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f79e518-34df-11dd-b561-806d6172696f}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d81753dc-48ea-11dd-a174-001e4c623f8a}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de23a974-802a-11dd-a1b5-001e4c623f8a}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [14/01/2009 17:35][--a------] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[10/12/2006 11:34][--a------] C:\autoexec.bat
[05/08/2004 14:00][-rahs----] C:\NTDETECT.COM
[07/06/2008 21:30][---hs----] C:\boot.ini
[13/04/2008 19:34][--a------] E:\setupSNK.exe
[10/09/2008 18:26][---hs----] E:\desktop.ini

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
E:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
I:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

Destrio5 · Answer

&#9679; Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

&#9679; Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
&#9679; Double-clique sur l'icône Ad-remover située sur ton Bureau.
&#9679; Au menu principal, choisis l'option "A".
&#9679; Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

casillas · Answer

------ Logfile of AD-Remover 1.0.9.0 | ONLY XP/VISTA -------

Updated by C_XX on 14/01/2009 at 18:00

START AT: 18:39:56 | Mer 14/01/2009 | Microsoft® Windows XP™  SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Scan | EXECUTED FROM: D:\Program Files\Ad-remover\AD-Remover.bat
PC: GUIGUI-003324DA | USER: casillas ( Current user is an administrator)
DRIVE(S): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
- E:\  (File System: NTFS)
System Drive: D:\
Windows Directory: D:\WINDOWS\
System Directory: D:\WINDOWS\system32\

--- RUNNING PROCESSES: 43

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

.
HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionun\EoEngine
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionun\SoftwareHelper
.
D:\Documents and Settings\casillas\Application Data\EoRezo
D:\Documents and Settings\casillas\Application Data\EoRezo\cache
D:\Documents and Settings\casillas\Application Data\EoRezo\cmhost.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\ConfMedia.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\ConfMedia.cyp.old
D:\Documents and Settings\casillas\Application Data\EoRezo\db
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop
D:\Documents and Settings\casillas\Application Data\EoRezo\eoStats
D:\Documents and Settings\casillas\Application Data\EoRezo\host.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate
D:\Documents and Settings\casillas\Application Data\EoRezo\user.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\db\cat.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\config.xml
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\eoDesktop.html
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\userConfig.xml
D:\Documents and Settings\casillas\Application Data\EoRezo\eoStats\eoStats.txt
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\unins000.dat
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\unins000.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\user_config.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp
D:\Documents and Settings\casillas\Cookies\casillas@eorezo[1].txt
D:\Documents and Settings\casillas\Cookies\casillas@soft.eorezo[2].txt

+--------------------| Everest Casino/Everest Poker Elements found :

.
.
D:\Program Files\Everest Poker
D:\Program Files\Everest Poker\data
D:\Program Files\Everest Poker\data\shared
D:\Program Files\Everest Poker\data\startup
D:\Program Files\Everest Poker\data\shared\fr
D:\Program Files\Everest Poker\data\shared\shared
D:\Program Files\Everest Poker\data\shared\fr\country.txt
D:\Program Files\Everest Poker\data\shared\fr\language.txt
D:\Program Files\Everest Poker\data\shared\fr\ordinal.txt
D:\Program Files\Everest Poker\data\shared\shared\bitmaps
D:\Program Files\Everest Poker\data\shared\shared\sounds
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art
D:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
D:\Program Files\Everest Poker\data\startup\shared
D:\Program Files\Everest Poker\data\startup\shared\bitmaps
D:\Program Files\Everest Poker\data\startup\shared\icons
D:\Program Files\Everest Poker\data\startup\shared\sounds
D:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
D:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
D:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker\Everest Poker.lnk
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker\Uninstall Everest Poker.lnk

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..
vdy2h9s.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine:  "Live Search"
* Browser Search Selected Engine:  "Live Search"
* Browser Search Default Url:  "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* Browser Startup HomePage:  "http://y.lo.st"

.
FOUND - user_pref("browser.startup.homepage", "http://y.lo.st");

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://y.lo.st

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~5662 bytes] - "D:\AD-report-Scan-14.01.2009.log"

END AT: 18:40:19 | 14/01/2009 - Time elapsed: 23.6 seconds 

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 104 lines ]
+---------------------------------------------------------------------------+

Destrio5 · Answer

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

&#9679; Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

&#9679; Coche "A" à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

&#9679; Puis choisis S, le programme va travailler.

&#9679; Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\

casillas · Answer

------ Logfile of AD-Remover 1.0.9.0 | ONLY XP/VISTA -------

Updated by C_XX on 14/01/2009 at 18:00

START AT: 18:39:56 | Mer 14/01/2009 | Microsoft® Windows XP™  SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Scan | EXECUTED FROM: D:\Program Files\Ad-remover\AD-Remover.bat
PC: GUIGUI-003324DA | USER: casillas ( Current user is an administrator)
DRIVE(S): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
- E:\  (File System: NTFS)
System Drive: D:\
Windows Directory: D:\WINDOWS\
System Directory: D:\WINDOWS\system32\

--- RUNNING PROCESSES: 43

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

.
HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionun\EoEngine
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionun\SoftwareHelper
.
D:\Documents and Settings\casillas\Application Data\EoRezo
D:\Documents and Settings\casillas\Application Data\EoRezo\cache
D:\Documents and Settings\casillas\Application Data\EoRezo\cmhost.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\ConfMedia.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\ConfMedia.cyp.old
D:\Documents and Settings\casillas\Application Data\EoRezo\db
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop
D:\Documents and Settings\casillas\Application Data\EoRezo\eoStats
D:\Documents and Settings\casillas\Application Data\EoRezo\host.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate
D:\Documents and Settings\casillas\Application Data\EoRezo\user.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\db\cat.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\config.xml
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\eoDesktop.html
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\userConfig.xml
D:\Documents and Settings\casillas\Application Data\EoRezo\eoStats\eoStats.txt
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\unins000.dat
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\unins000.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\user_config.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp
D:\Documents and Settings\casillas\Cookies\casillas@eorezo[1].txt
D:\Documents and Settings\casillas\Cookies\casillas@soft.eorezo[2].txt

+--------------------| Everest Casino/Everest Poker Elements found :

.
.
D:\Program Files\Everest Poker
D:\Program Files\Everest Poker\data
D:\Program Files\Everest Poker\data\shared
D:\Program Files\Everest Poker\data\startup
D:\Program Files\Everest Poker\data\shared\fr
D:\Program Files\Everest Poker\data\shared\shared
D:\Program Files\Everest Poker\data\shared\fr\country.txt
D:\Program Files\Everest Poker\data\shared\fr\language.txt
D:\Program Files\Everest Poker\data\shared\fr\ordinal.txt
D:\Program Files\Everest Poker\data\shared\shared\bitmaps
D:\Program Files\Everest Poker\data\shared\shared\sounds
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art
D:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
D:\Program Files\Everest Poker\data\startup\shared
D:\Program Files\Everest Poker\data\startup\shared\bitmaps
D:\Program Files\Everest Poker\data\startup\shared\icons
D:\Program Files\Everest Poker\data\startup\shared\sounds
D:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
D:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
D:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker\Everest Poker.lnk
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker\Uninstall Everest Poker.lnk

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..
vdy2h9s.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine:  "Live Search"
* Browser Search Selected Engine:  "Live Search"
* Browser Search Default Url:  "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* Browser Startup HomePage:  "http://y.lo.st"

.
FOUND - user_pref("browser.startup.homepage", "http://y.lo.st");

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://y.lo.st

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~5662 bytes] - "D:\AD-report-Scan-14.01.2009.log"

END AT: 18:40:19 | 14/01/2009 - Time elapsed: 23.6 seconds 

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 104 lines ]
+---------------------------------------------------------------------------+

------ Logfile of AD-Remover 1.0.9.0 | ONLY XP/VISTA -------

Updated by C_XX on 14/01/2009 at 18:00

START AT: 18:39:56 | Mer 14/01/2009 | Microsoft® Windows XP™  SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Scan | EXECUTED FROM: D:\Program Files\Ad-remover\AD-Remover.bat
PC: GUIGUI-003324DA | USER: casillas ( Current user is an administrator)
DRIVE(S): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
- E:\  (File System: NTFS)
System Drive: D:\
Windows Directory: D:\WINDOWS\
System Directory: D:\WINDOWS\system32\

--- RUNNING PROCESSES: 43

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

.
HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionun\EoEngine
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionun\SoftwareHelper
.
D:\Documents and Settings\casillas\Application Data\EoRezo
D:\Documents and Settings\casillas\Application Data\EoRezo\cache
D:\Documents and Settings\casillas\Application Data\EoRezo\cmhost.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\ConfMedia.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\ConfMedia.cyp.old
D:\Documents and Settings\casillas\Application Data\EoRezo\db
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop
D:\Documents and Settings\casillas\Application Data\EoRezo\eoStats
D:\Documents and Settings\casillas\Application Data\EoRezo\host.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate
D:\Documents and Settings\casillas\Application Data\EoRezo\user.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\db\cat.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\config.xml
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\eoDesktop.html
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\userConfig.xml
D:\Documents and Settings\casillas\Application Data\EoRezo\eoStats\eoStats.txt
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\unins000.dat
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\unins000.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\user_config.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp
D:\Documents and Settings\casillas\Cookies\casillas@eorezo[1].txt
D:\Documents and Settings\casillas\Cookies\casillas@soft.eorezo[2].txt

+--------------------| Everest Casino/Everest Poker Elements found :

.
.
D:\Program Files\Everest Poker
D:\Program Files\Everest Poker\data
D:\Program Files\Everest Poker\data\shared
D:\Program Files\Everest Poker\data\startup
D:\Program Files\Everest Poker\data\shared\fr
D:\Program Files\Everest Poker\data\shared\shared
D:\Program Files\Everest Poker\data\shared\fr\country.txt
D:\Program Files\Everest Poker\data\shared\fr\language.txt
D:\Program Files\Everest Poker\data\shared\fr\ordinal.txt
D:\Program Files\Everest Poker\data\shared\shared\bitmaps
D:\Program Files\Everest Poker\data\shared\shared\sounds
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art
D:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
D:\Program Files\Everest Poker\data\startup\shared
D:\Program Files\Everest Poker\data\startup\shared\bitmaps
D:\Program Files\Everest Poker\data\startup\shared\icons
D:\Program Files\Everest Poker\data\startup\shared\sounds
D:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
D:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
D:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker\Everest Poker.lnk
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker\Uninstall Everest Poker.lnk

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..
vdy2h9s.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine:  "Live Search"
* Browser Search Selected Engine:  "Live Search"
* Browser Search Default Url:  "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* Browser Startup HomePage:  "http://y.lo.st"

.
FOUND - user_pref("browser.startup.homepage", "http://y.lo.st");

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://y.lo.st

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~5662 bytes] - "D:\AD-report-Scan-14.01.2009.log"

END AT: 18:40:19 | 14/01/2009 - Time elapsed: 23.6 seconds 

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 104 lines ]
+---------------------------------------------------------------------------+

------ Logfile of AD-Remover 1.0.9.0 | ONLY XP/VISTA -------

Updated by C_XX on 14/01/2009 at 18:00

START AT: 18:39:56 | Mer 14/01/2009 | Microsoft® Windows XP™  SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Scan | EXECUTED FROM: D:\Program Files\Ad-remover\AD-Remover.bat
PC: GUIGUI-003324DA | USER: casillas ( Current user is an administrator)
DRIVE(S): 
- C:\  (File System: NTFS)
- D:\  (File System: NTFS)
- E:\  (File System: NTFS)
System Drive: D:\
Windows Directory: D:\WINDOWS\
System Directory: D:\WINDOWS\system32\

--- RUNNING PROCESSES: 43

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

.
HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionun\EoEngine
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionun\SoftwareHelper
.
D:\Documents and Settings\casillas\Application Data\EoRezo
D:\Documents and Settings\casillas\Application Data\EoRezo\cache
D:\Documents and Settings\casillas\Application Data\EoRezo\cmhost.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\ConfMedia.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\ConfMedia.cyp.old
D:\Documents and Settings\casillas\Application Data\EoRezo\db
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop
D:\Documents and Settings\casillas\Application Data\EoRezo\eoStats
D:\Documents and Settings\casillas\Application Data\EoRezo\host.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate
D:\Documents and Settings\casillas\Application Data\EoRezo\user.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\db\cat.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\config.xml
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\eoDesktop.html
D:\Documents and Settings\casillas\Application Data\EoRezo\eoDesktop\userConfig.xml
D:\Documents and Settings\casillas\Application Data\EoRezo\eoStats\eoStats.txt
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\unins000.dat
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\unins000.exe
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\user_config.cyp
D:\Documents and Settings\casillas\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp
D:\Documents and Settings\casillas\Cookies\casillas@eorezo[1].txt
D:\Documents and Settings\casillas\Cookies\casillas@soft.eorezo[2].txt

+--------------------| Everest Casino/Everest Poker Elements found :

.
.
D:\Program Files\Everest Poker
D:\Program Files\Everest Poker\data
D:\Program Files\Everest Poker\data\shared
D:\Program Files\Everest Poker\data\startup
D:\Program Files\Everest Poker\data\shared\fr
D:\Program Files\Everest Poker\data\shared\shared
D:\Program Files\Everest Poker\data\shared\fr\country.txt
D:\Program Files\Everest Poker\data\shared\fr\language.txt
D:\Program Files\Everest Poker\data\shared\fr\ordinal.txt
D:\Program Files\Everest Poker\data\shared\shared\bitmaps
D:\Program Files\Everest Poker\data\shared\shared\sounds
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art
D:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art
D:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg
D:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg
D:\Program Files\Everest Poker\data\startup\shared
D:\Program Files\Everest Poker\data\startup\shared\bitmaps
D:\Program Files\Everest Poker\data\startup\shared\icons
D:\Program Files\Everest Poker\data\startup\shared\sounds
D:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
D:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico
D:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker\Everest Poker.lnk
D:\Documents and Settings\All Users\MENUDM~1\PROGRA~1\Everest Poker\Uninstall Everest Poker.lnk

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..
vdy2h9s.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine:  "Live Search"
* Browser Search Selected Engine:  "Live Search"
* Browser Search Default Url:  "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* Browser Startup HomePage:  "http://y.lo.st"

.
FOUND - user_pref("browser.startup.homepage", "http://y.lo.st");

+---------------------------------------------------------------------------+


~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://y.lo.st

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~5662 bytes] - "D:\AD-report-Scan-14.01.2009.log"

END AT: 18:40:19 | 14/01/2009 - Time elapsed: 23.6 seconds 

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 104 lines ]
+---------------------------------------------------------------------------+

Destrio5 · Answer

Ce n'est pas bon, c'est le rapport de l'option A.

casillas · Answer

ca me donne ke ces deux rapports ou sinon la page adremover reste ouverte et ya 4 fichiers;je peu pa cliquer dessus

Destrio5 · Answer

Tu as fait l'option B ?

casillas · Answer

oui je pense 
l option B c bien clean?c ski ya de marquer

Destrio5 · Answer

Le rapport que tu m'as posté, c'est le rapport de l'option A.

Destrio5 · Answer

---> Désinstalle AD-Remover.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Pb avast bis

24 réponses

Votre réponse

Discussions similaires

Newsletters