Sujet Précédent Sujet Suivant

NTSB investigators flights recorder

Fermé
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 - 17 janv. 2009 à 23:37
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 - 20 janv. 2009 à 10:20
Bonjour,
j'ai le même problème que :

AnToiinee, le samedi 3 janvier 2009 à 17:44:43
Bonjour,
Voila j'ai un problème avec mon ordinateur au démarrage "NTBS investigators flight recorder (black box) analyser" s'affiche j'ai tout essaye Elibagla, Malwarebytes, mon anti virus ne marche plus et je ne peux plus en installer un autre, mon ordinateur rame et je n'arrive pas a accéder au mode sans échec impossible j'ai ce probleme depuis hier et j'ai regardé dans les autres sujets, ou on a éxpliqué qu'il fallait utiliser le logiciel FindyKill mais quand j'analyse il me dise no matching processus not found, et voila le premier scan :

pour gagné du temps je suis passé au Findykill de chiquitine 29 option 2 (ci-dessous le rapport)
ensuite j'ai réussi à re-installer Ccleaner mais malheureusement pour très peu de temps
j'ai juste eu le temps de faire :

▶ Lance-le. Va dans "Options" puis "Avancé",
▶ Tu décoches la case "Effacer uniquement les fichiers etc...".
▶ Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage.
▶ Tu vas dans "Registre", tu fais "Chercher des erreurs".
Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
▶ Un tuto ( aide )

le problème persiste re-apparition de la fenetre "NTBS investigators flight recorder (black box) analyser".
Impossible de relancer Ccleaner et surtout impossible d'installer un antivirus.
Que dois je faire SVP aider moi.

Désolé d'être aussi bref
Vous remerciant


----------------- FindyKill V4.712 ------------------

* User : Polo - APOLOSIO
* executed from : C:\Program Files\FindyKill
* Update on 14/01/09 par Chiquitine29
* Start at 17:05:47 the 17/01/2009
* Windows XP - Internet Explorer 7.0.5730.11


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

»»»» Supression files in C:\WINDOWS\system32

Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Polo\Application Data

Not deleted !! - "C:\Documents and Settings\Polo\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\1Z0-007 Oracle OCP DBA9i Introduction to Oracle9i
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\360Voice Desktop 4.02.2a.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\3D Grapher 1.21.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\3D Tropical Island Screen Saver 1.0b.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Actualizacion.Mcafee.De.Por.Vida.updated-fixed.01-2007.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Alice DVD to H.264 MP4 Converter 5.38.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Ambages 001.000.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AMORTSC 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AnimatedCamero ScreenMate 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AppCompactor 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Atomic Word Password Recovery 1.50.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Attachments Processor for Outlook 4.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Australian Landscapes 09 Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Auto-Talk 4.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AWT Font Shower 2.7 Build 9228.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Background Buddy Pro 3.05.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Big Clock 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Black Steel 1.2.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\BMW E39 Screensaver 1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Calvary of Albuquerque 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Chilkat Zip C++ Library -.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Christmas Textures 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Classic Menu for Excel 3.5.0.113.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\COM Explorer 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Coollector 2.28.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\CopyShell 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\CPU Led Indicator 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Crack.Panda.Platinum.Internet.Security.2005.v9.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Dark Super 1.0.4.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Delete FXP Files 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Directory Synchronizer 0.3 Build 226.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\DX 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Easy Text To HTML Converter 3.0.0.057.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Eset.NOD32.Antivirus.Administrator.Edition.v2.50.16.PROPER-DVT.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Eva Mendes Screensaver1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Find Toolbar Tweaks 2.0.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Font Viewer 2.00.382.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Free System Tweaker 4.5.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\FreeNetEnumerator 1.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Freewind SQL Converter 1.8.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Gimao Browser 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Glossword 1.8.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\GoodOk DVD Ripper 5.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\HTML Template Browser 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Humanclock 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IBFireBackup 2.6.0.76.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\icecream 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IceLand 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\ID AntiPopup 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\iMiser Web Organizer 3.1 SR1 Build 1075.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Ivan Video to 3GP + DVD to 3GP 1.11.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IWEB Dashboard 1.0.0.40.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Java HTTP Client 2.5.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Jokes Screen Saver 2.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Jovem Pan AM 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\K2xMon 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Kaufman Launch Cleaner 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\KingConvert For Coby PMP-3522 4.0.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\LingvoSoft FlashCards English German 1.5.07.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\LvG Spellcheck 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MacAfee.Virusscan.-.8.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MailChecker 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Maximus CD Player 3.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mayweed Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mcafee.Viruscan.Enterprise-2004.8.0I.16-07-2004.Ilimitado.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Microsoft Agent Network Chat 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mister Wong Toolbar 1.1.8a.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Morning Glory 1.0.14.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MouseaWay 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Movie to GIF Converter 2.20.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MyBusinessCatalog Gold 6.4.0.18.87.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MySQL Delete (Remove) Duplicate Entries Software 7.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NetFilter SDK 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NetMac 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\New Chronicles Of Rebecca 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NewPlay 4 Audio Full Edition 4.05.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nod32_2.51.30_ita.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nod32_by_soft-best.net.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nokia Gps Route 66 Mobile 2007 [Mapas de Espa¤a y Portugal].zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Norton.AntiVirus.2004.LiveUpdate.to.2090.by.Xp.for.EWS.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Noted 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NotePad SX 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\OBJ Export for SolidWorks 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Obsidian Menu 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Omniquad Surfwall - Enterprise Manager 2.882.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Opera Christmas Widget! 1.6.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\OSPC
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Paragon CD-ROM Emulator Network 3.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Paste MSDN URL 1.0.2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\pdf2picture 6.5.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Pepys Personal Edition 1.0.2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Phoebus 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Photo2Web Publisher 1.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Privacy Inspector 2.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Qdeo 1.0 Beta.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\QDQ Search 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\QRCode 2D Barcode ActiveX 3.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\RE
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Registry Accelerator 5.1.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Reverb Rack R-ii 2.6.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Sam's Interactive Reader 1.10.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Scalable Fabric 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SetBrowser 1.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SharePoint Vista Sidebar Gadget Preview 0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Shuffle Radio Tuner 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Shutdown System Manager 1.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Sony Vegas Movie Studio Platinum 9.0b Build 85.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\soul cage screensaver 01.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\StreamAware 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Super MIDI Scripter 0.830.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Symantec.Norton.Ghost.2006.v10.Retail.+.Crack.+.Code.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Telepen Barcode Font 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Trailfire 1.5.12010.2584.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Trojan.Lodear Removal Tool 1.3.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TTHmachine 1.02 beta.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TurboFTP 6.00 Build 712.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TV Set 1.0.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Twins File Merger 3.86.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Video and Music to iPod Converter 4.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\VisualHash 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Wav to MP3 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Web Pictures Downloader 2.0 SR 100.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Window Magician 1.1.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Winguard Popup Remover 1.17.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\WordBanker English-Croatian 6.4.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\xSync File Synchronizer 2.0.26.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\XtraTools 2008 1.7.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Zero-X BeatQuantizer 1.52.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\[Antivirus].Panda.Platinium.Internet.Security.(2009).zip
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\Polo\Application Data\m"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\drivers\srosa2.sys"
Not deleted !! - "C:\Documents and Settings\Polo\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Polo\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\Polo\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64[3].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\file[1].txt
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\6TEJSM4O\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\VQU82VKM\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\VQU82VKM\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\file[1].txt
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\VQU82VKM\mxd[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !


+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur de CD-ROM

M: - Lecteur fixe


+- deleting files :

Not deleted !! - F:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------
A voir également:

53 réponses

Réponse 1 / 53
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 01:16
Fallait-il redemarer le pc après avoir désinstaller ???

voici le nouveau rapport



----------------- FindyKill V4.713 ------------------

* User : Polo - APOLOSIO
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/01/09 par Chiquitine29
* Recherche effectuée à 1:12:08 le 18/01/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0330Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Found ! [17/01/2009 22:16] - "C:\Avenger"

»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Polo\Application Data

Found ! [17/01/2009 22:26] - "C:\Documents and Settings\Polo\Application Data\m\flec006.exe"
Found ! [18/01/2009 00:14] - "C:\Documents and Settings\Polo\Application Data\m\list.oct"
Found ! [18/01/2009 00:14] - "C:\Documents and Settings\Polo\Application Data\m\data.oct"
Found ! [18/01/2009 00:14] - "C:\Documents and Settings\Polo\Application Data\m\srvlist.oct"
Found ! [18/01/2009 01:05] - "C:\Documents and Settings\Polo\Application Data\m\shared"
Found ! [18/01/2009 00:14] - "C:\Documents and Settings\Polo\Application Data\m"
Found ! [18/01/2009 00:05] - "C:\Documents and Settings\Polo\Application Data\drivers"
Found ! [17/01/2009 22:16] - "C:\Documents and Settings\Polo\Application Data\drivers\wfsintwq.sys"

»»»» Presence des fichiers dans C:\DOCUME~1\Polo\LOCALS~1\Temp


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
LightScribe Control Panel=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
Google Update="C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
InvisibloRun="C:\Program Files\Invisiblo\invisiblo.exe" -norun
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
V0330Mon.exe=C:\WINDOWS\V0330Mon.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=


--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\MuleAppData
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
1
Réponse 2 / 53
Utilisateur anonyme
17 janv. 2009 à 23:38
Salut,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 00:18
Voici le rapport
Est-ce bon ???? :-s


ComboFix 09-01-17.03 - Polo 2009-01-18 0:01:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1600 [GMT 1:00]
Lancé depuis: c:\documents and settings\Polo\Bureau\C-Fix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Polo\Application Data\drivers\winupgro.exe
c:\documents and settings\Polo\Favoris\Videos.url
c:\documents and settings\Polo\Menu Démarrer\Programmes\Videos.url
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\[u]0/u001F1EC
c:\program files\Need2Find\bar\Cache\[u]0/u001F71C
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\SuperCopier2\SuperCopier2.exe
c:\windows\pack.epk
c:\windows\Readme.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\stera.log
c:\windows\system32\ucgezsn.dat
c:\windows\system32\ucgezsn_navup.dat
c:\windows\system32\windrv.exe
c:\windows\system32\wintems.exe
c:\documents and settings\Polo\Application Data\m . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Legacy_SROSA
-------\Service_oreans32


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 ))))))))))))))))))))))))))))))))))))
.

2009-01-17 22:51 . 2009-01-17 22:51 <REP> d-------- c:\program files\CCleaner
2009-01-17 22:26 . 2009-01-17 22:46 <REP> d--h----- c:\documents and settings\Polo\Application Data\m
2009-01-17 19:37 . 2009-01-17 19:37 <REP> d-------- c:\documents and settings\Polo\Application Data\AVGTOOLBAR
2009-01-17 19:32 . 2009-01-17 19:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 19:32 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 19:32 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 01:40 . 2009-01-17 01:40 <REP> d-------- C:\rsit
2009-01-17 01:40 . 2009-01-17 18:16 <REP> d-------- c:\program files\trend micro
2009-01-16 21:32 . 2009-01-16 21:32 <REP> d-------- c:\program files\PeerGuardian2
2009-01-16 11:25 . 2009-01-17 22:49 <REP> d-------- c:\program files\FindyKill
2009-01-16 10:40 . 2009-01-16 10:40 <REP> d-------- C:\!KillBox
2009-01-15 22:48 . 2009-01-18 00:05 <REP> d--h----- c:\documents and settings\Polo\Application Data\drivers
2009-01-15 16:26 . 2008-11-19 09:41 16,640 --a------ c:\windows\system32\drivers\WsAudioDevice_383.sys
2009-01-15 16:25 . 2009-01-15 16:25 <REP> d-------- c:\program files\WinPcap
2008-12-31 14:17 . 2008-12-31 14:17 268 --ah----- C:\sqmdata16.sqm
2008-12-20 10:18 . 2008-12-20 10:18 <REP> d-------- c:\program files\SAGEM
2008-12-20 10:15 . 2008-12-20 10:15 <REP> d-------- c:\program files\Inventel
2008-12-19 22:57 . 2005-07-13 16:37 260,608 --a------ c:\windows\system32\drivers\WlanUZXP.sys
2008-12-19 16:24 . 2008-12-19 16:24 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-19 16:20 . 2008-12-19 16:20 278,528 --a------ c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-12-19 09:08 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-19 09:08 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-19 09:08 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-18 23:44 . 2008-12-18 23:44 <REP> d-------- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 23:07 --------- d-----w c:\program files\Symantec
2009-01-17 23:06 --------- d-----w c:\program files\Invisiblo
2009-01-17 23:02 --------- d-----w c:\program files\SuperCopier2
2009-01-17 19:16 15,360 ----a-w c:\windows\system32\dllcache\register.exe
2009-01-16 22:44 --------- d-----w c:\program files\eMule
2009-01-16 08:52 --------- d-----w c:\program files\Norton Security Scan
2009-01-15 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-11 10:59 --------- d-----w c:\program files\Vivre à Rennes 2005-2006
2009-01-10 12:27 --------- d-----w c:\program files\IDA
2009-01-10 12:26 --------- d-----w c:\program files\Macromedia
2008-12-20 09:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-11 09:24 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\U3
2008-12-08 00:09 --------- d-----w c:\program files\QuickMediaConverter
2008-12-07 20:17 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-07 15:44 --------- d-----w c:\program files\AVSMedia
2008-12-07 13:20 --------- d-----w c:\program files\AVS4YOU
2008-12-07 13:06 --------- d-----w c:\program files\Exact Audio Copy
2008-12-07 13:06 --------- d-----w c:\program files\eToro
2008-12-07 10:14 --------- d-----w c:\documents and settings\Polo\Application Data\AVS4YOU
2008-12-07 10:14 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-07 10:07 --------- d-----w c:\program files\VirtualDubMOD
2008-11-30 14:43 --------- d-----w c:\documents and settings\Polo\Application Data\U3
2008-11-29 22:58 --------- d-----w c:\documents and settings\Polo\Application Data\MP-Manager
2008-11-25 14:04 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\ACD Systems
2008-11-25 14:01 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\vlc
2008-11-23 15:27 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\Internet Download Accelerator
2008-11-23 15:21 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\GRETECH
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2007-08-02 04:53 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-11-19 07:46 56 --sh--r c:\windows\system32\78C97AF31E.sys
2008-08-22 23:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"Google Update"="c:\documents and settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InvisibloRun"="c:\program files\Invisiblo\invisiblo.exe" [2007-08-12 193024]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-02 1836544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 226224]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Polo\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.e\[u]0/uA???

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Polo\\Application Data\\m\\flec006.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [1979-12-31 16640]
R4 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2005-10-24 8864]
R4 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2005-10-24 8864]
R4 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2005-10-24 8864]
S3 256985c0-1617-47c0-9e3f-1f8fcfea5a48;256985c0-1617-47c0-9e3f-1f8fcfea5a48;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 33918970-d085-4969-96d1-ff6806ced7f1;33918970-d085-4969-96d1-ff6806ced7f1;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 521fa7ec-8579-4088-bd56-4af0f067284e;521fa7ec-8579-4088-bd56-4af0f067284e;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 558808e4-482e-4707-a336-41b385f24119;558808e4-482e-4707-a336-41b385f24119;\??\k:\player\cds300.dll --> k:\player\cds300.dll [?]
S3 ac6c26d0-6201-45b9-b71e-e8c22fe5da44;ac6c26d0-6201-45b9-b71e-e8c22fe5da44;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 eae7037d-5969-4644-bf0a-dae3e2b7753d;eae7037d-5969-4644-bf0a-dae3e2b7753d;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys [2007-09-13 42436]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2008-12-19 260608]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-11-02 157696]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-01-15 16640]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - SROSA
*Deregistered* - srosa

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31d3d165-9b4e-11db-8f86-00016cd6f1e5}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33019205-2d34-11dc-908b-00016cd6f1e5}]
\Shell\AutoRun\command - K:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34015fdf-cd9e-11db-8fc8-00016cd6f1e5}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f232abd-bde8-11dd-938e-00016cd6f1e5}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34827b4-cc7b-11dd-93a9-00016cd6f1e5}]
\Shell\AutoRun\command - K:\ClickMe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68334855-1302535486-174330245-1007.job
- c:\documents and settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-14 00:10]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-SuperCopier2.exe - c:\program files\SuperCopier2\SuperCopier2.exe


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.wanadoo.fr
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download ALL with IDA - c:\program files\IDA\idaieall.htm
IE: Download with IDA - c:\program files\IDA\idaie.htm
FF - ProfilePath - c:\documents and settings\Polo\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Polo\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 00:06:15
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

c:\documents and settings\Polo\Application Data\m\flec006.exe [3832] 0x892ED240

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\documents and settings\Polo\Application Data\drivers\wfsintwq.sys 121548 bytes executable
c:\documents and settings\Polo\Application Data\Symantec\Shared
c:\documents and settings\Polo\Application Data\Symantec\Shared\MyProfile.UserProfile 1409 bytes
c:\documents and settings\Polo\Application Data\Symantec\Shared\Sessions
c:\documents and settings\Polo\Application Data\Symantec\Shared\Sessions\20051024193359125.liveReg 13251 bytes
c:\documents and settings\Polo\Application Data\Symantec\Shared\Sessions\20061219200910093.liveReg 13252 bytes
c:\documents and settings\Polo\Application Data\m\flec006.exe 94996 bytes executable

Scan terminé avec succès
Fichiers cachés: 7

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="c:\\Documents and Settings\\Polo\\Application Data\\drivers\\winupgro.exe"
"german.exe"="c:\\WINDOWS\\system32\\wintems.exe"
"mule_st_key"="c:\\Documents and Settings\\Polo\\Application Data\\m\\flec006.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]
"ImagePath"="\??\c:\documents and settings\Polo\Application Data\drivers\wfsintwq.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6713125-0D53-7642-9ADD-1544DBC24BD9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"fadbninegngp"=hex:66,61,6a,65,67,6c,61,6d,6a,6b,61,6c,00,00
"jadbninefndkbmkbiffn"=hex:61,61,00,00
"kadbninelmeopidmbfjeao"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe
.
**************************************************************************
.
Heure de fin: 2009-01-18 0:09:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-17 23:09:35

Avant-CF: 32 050 921 472 octets libres
Après-CF: 32,392,155,136 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

277 --- E O F --- 2009-01-14 21:30:28
0
Réponse 3 / 53
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
17 janv. 2009 à 23:44
Waouuu !!!

très rapide pour répondre
je teste et je vous confirme.

Merci.
0
Réponse 4 / 53
Utilisateur anonyme
18 janv. 2009 à 00:21
Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:files
c:\documents and settings\polo\application data\drivers\winupgro.exe
c:\program files\need2find\bar\1.bin\partner.dat
c:\program files\need2find\bar\cache\files.ini
c:\windows\system32\mdelk.exe
c:\windows\system32\ucgezsn_navup.dat
c:\windows\system32\wintems.exe
c:\documents and settings\polo\application data\m\flec006.exe

:commands
[purity]
[emptytemp]
[reboot]



---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 00:35
Le voici



========== FILES ==========
File/Folder c:\documents and settings\polo\application data\drivers\winupgro.exe not found.
File/Folder c:\program files\need2find\bar\1.bin\partner.dat not found.
File/Folder c:\program files\need2find\bar\cache\files.ini not found.
File/Folder c:\windows\system32\mdelk.exe not found.
File/Folder c:\windows\system32\ucgezsn_navup.dat not found.
File/Folder c:\windows\system32\wintems.exe not found.
File move failed. c:\documents and settings\polo\application data\m\flec006.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_jEeQIgTwbbqAtqi4px7w scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_002806

Files moved on Reboot...
File move failed. c:\documents and settings\polo\application data\m\flec006.exe scheduled to be moved on reboot.
File C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_jEeQIgTwbbqAtqi4px7w not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ moved successfully.
File C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ not found!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 53
Utilisateur anonyme
18 janv. 2009 à 00:36
Re,

Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

Mets le à jour

▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

▶ clique sur Rechercher

▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.


Tutoriel pour MalwareByte's
0
Réponse 6 / 53
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 00:45
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1663
Windows 5.1.2600 Service Pack 3

17/01/2009 22:14:13
mbam-log-2009-01-17 (22-14-13).txt

Type de recherche: Examen complet (C:\|D:\|F:\|M:\|)
Eléments examinés: 197936
Temps écoulé: 2 hour(s), 9 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Polo\Application Data\m (Trojan.Agent) -> Delete on reboot.

Fichier(s) infecté(s):
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Polo\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
0
Réponse 7 / 53
Utilisateur anonyme
18 janv. 2009 à 00:47
Re,


Tu redémarre ton pc mais avant sa tu fait ce qui suit dans l'ordre.

Télécharge toolscleaner sur ton Bureau :

toolscleaner

* Double-clique sur ToolsCleaner2.exe et laisse le travailler

* Clique sur Recherche et laisse le scan se terminer.

* Clique sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 8 / 53
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 01:02
Voici les 2 rapports :



[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\avenger: trouvé !
C:\!Killbox: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Polo\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Polo\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Polo\Bureau\FindyKill.txt: trouvé !
C:\Documents and Settings\Polo\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Polo\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\Polo\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Program Files\trend micro\HijackThis: trouvé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Polo\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Polo\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\Polo\Bureau\FindyKill.txt: supprimé !
C:\Documents and Settings\Polo\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Polo\Bureau\Rsit.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\avenger: ERREUR DE SUPPRESSION !!
C:\!Killbox: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Polo\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\trend micro\HijackThis: supprimé !




xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



----------------- FindyKill V4.712 ------------------

* User : Polo - APOLOSIO
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 14/01/09 par Chiquitine29
* Recherche effectuée à 0:58:21 le 18/01/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0330Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Polo\Application Data

Found ! [17/01/2009 22:26] - "C:\Documents and Settings\Polo\Application Data\m\flec006.exe"
Found ! [18/01/2009 00:14] - "C:\Documents and Settings\Polo\Application Data\m\list.oct"
Found ! [18/01/2009 00:14] - "C:\Documents and Settings\Polo\Application Data\m\data.oct"
Found ! [18/01/2009 00:14] - "C:\Documents and Settings\Polo\Application Data\m\srvlist.oct"
Found ! [18/01/2009 00:35] - "C:\Documents and Settings\Polo\Application Data\m\shared"
Found ! [18/01/2009 00:14] - "C:\Documents and Settings\Polo\Application Data\m"
Found ! [18/01/2009 00:05] - "C:\Documents and Settings\Polo\Application Data\drivers"

»»»» Presence des fichiers dans C:\DOCUME~1\Polo\LOCALS~1\Temp


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
LightScribe Control Panel=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
Google Update="C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
InvisibloRun="C:\Program Files\Invisiblo\invisiblo.exe" -norun
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
V0330Mon.exe=C:\WINDOWS\V0330Mon.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=


--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\MuleAppData
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 9 / 53
Utilisateur anonyme
18 janv. 2009 à 01:07
Re,

Désinstalle le cette version et fait avec ce lien.

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
0
Réponse 10 / 53
Utilisateur anonyme
18 janv. 2009 à 01:17
Re,

OKi

Findykill de chiquitine29 option 2:

▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

▶ Double-clique sur le raccourci FindyKill sur ton bureau

▶ Au menu principal, choisisl'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

▶ Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 11 / 53
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 01:31
le voici




----------------- FindyKill V4.713 ------------------

* User : Polo - APOLOSIO
* Executed from : C:\Program Files\FindyKill
* Update on 17/01/09 by Chiquitine29
* Start at 1:24:27 the 18/01/2009
* Windows XP - Internet Explorer 7.0.5730.11


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - C:\Avenger\flec006.exe
Deleted ! - C:\Avenger\wintems.exe
Deleted ! - "C:\Avenger"

»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Polo\Application Data

Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\!Easy ScreenSaver Studio 4.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\4Media iPhone Video Converter 5.1.17.1128.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\A+ Printer Monitor 3.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Acubix PicoBackup for Outlook Express 2.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Advantis Credit Union Mortgage Rates 1.6.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AFELO 6.8.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AIM Buddy Tunes 0.0.0.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AIRMail SDK 2009.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AirScanner.Mobile.AntiVirus.Pro.v2.91.PPC.(Free).zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Ali Landry 39 Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Amadis 3GP Video Converter 3.7.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\antivirus.free.avg.7.1.oficial.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AVI To MP3 Converter 1.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Bid-n-Invoice Mobile Wash 2.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\BIFUR 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Blogger API ActiveX 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\BPM Midi Calculator 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Buttons Toolbar Icons.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Capture-A-ScreenShot 1.03.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Chat Labradors Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\ChGrabber 1.01A.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Chocolate and Cocoa Recipes and Home Made Candies 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\ChromaPIX 1.6.17.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Community Server Gallery Plugin 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Cool DVD to iPhone MPEG4 Ripper 5.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Craig's Text-to-HTML Converter 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Creatures Icons 2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Ctalk 1.0.22.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Cucku Backup 1.21.30208.889.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\CustomFrame 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Dacris Benchmark 5.0 Build 5005.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\DB Schema Difftective 1.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\DialogSedan 3.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\DomAPIX Memory Profiler 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\EasyAccounting 1.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Eggstra Toolbar 1.5.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Evening Meditation 3D Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\File Comparer 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\FLAV FLV to MP3 Converter 2.58.15.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\FlyFlashPlayer 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Fox Magic Audio Recorder 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Free Quick Reference Pack 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Freebking Bentley Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\G-Lock Email Processor 1.98.700.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\GMail Desktop Studio 1.2.0.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Golf Tracker for Excel 1.3b.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Groovy backgrounds 24.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Guitar Scales Method 1.0.25.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\HideIE 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\HJ Install 3.5.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\HotRecorder for Music 1.0.12.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\HotRez 1.02.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\HTML IMG SRC TAGS GENERATOR 1.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Icons 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IDAutomation MICR Check Design Application 6.8.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Import Export 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Income Property Book 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Intel Active Monitor 1.2.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Internet Watcher 2000 1.9c.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IrregularVerbs 0.0.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\JCOM Password Manager 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\JM Calendar 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Karat Font PostScript 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Kaspersky.Anti-Virus.6.0.303.working.CRACK!!!.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\KKopy 1.05.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Kommaker 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Language Identification 4.1.5.57.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\LinkPopular 2.5 Build 0619.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mastery Pro 1.4.6.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MB Free Zodiac Astrology 1.60.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\McAfee.VirusScan.8.0.Full.with.crack.Multilanguage.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\McAfee.WebShield.SMTP.v4.5.MR2.Final.==.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Media Office 3.5.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MindIT! 3.30.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MoreAmp 0.1.22.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MovKit Zune Video Converter 3.0.5 Build 20080522.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MSU Old Cinema Filter 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Net Send Message 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NetShell 2.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nod32.Antivirus.v2.000.6.Incl.Crack-Core-Pleasuredome101.[L1oNetwork.[wnet.co.il].Net].zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nod32_Antivirus_2.51.8_XP_WinServer2003.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NotAgain 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NTFSearch 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\olive tree screensaver 01.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\OmniFolders 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Outlook Express Easy Backup 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Panda.Active.Scan.Pro.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Panda_Antivirus_Titanium_2005_v4.00.00_Fixed_www.crack.cd_.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Papierkorb 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\PC Registry Cleaner 2.0.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Periodic Table Flash Cards 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\PocketPC Battery Monitor 1.0.19.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Point Motivator 1.07.01.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Portable PopMan 1.3.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Portable Splitter and Merger 5.5.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\PowerPoint to Flash 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Private Post Outlook 4.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Productivity Analyzer 1.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\ProxyList Grabber 1.1.10.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Radiant Clock Screensaver 2.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Reflect Writer 1.1.5.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\RegAlyzer 1.6.0.12.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Registry Power Cleaner 2006.4.9.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\ResxEditor 1.20.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SavePicNoAsk PRO 2.1.11.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Send IP 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SL Regex Builder 2.05.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Snow Desktop 2.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Softstunt Audio Converter 4.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Sophos.Antivirus.v4.13.Multilingual.WinNT2kXP2k3.Retail-ARN.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Spam Blocker For Web Forms 1.11.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Spam Protector 2003.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SWiSH Guide 1.0 build 20070201.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Symantec.AntiVirus.Corporate.v10.1.5.5000.Client==.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Symantec.Norton.Todo.En.Uno.2006.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SyncPad 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TConverter 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Text & Image Overlay Filter 1.0.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TrackStudio Enterprise 3.5.14.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\USB Vault 1.02.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Video Batch Converter 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Vista Start Menu Emulator Nightly Build 1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Wallpapers_for_mobile_up_by_WarezMan.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Webpage Guard 2.36.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Widget Tracker 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Winlibre 0.3.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Words 3.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\X-Clipview 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\XCA 0.6.4.zip
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\Polo\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

M: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

5d641d5e744ad9aca087e8dae68e7822 C:\Avenger\wintems.exe


--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------
0
Réponse 12 / 53
Utilisateur anonyme
18 janv. 2009 à 01:32
Re,

▶ Télécharge hijackthis

▶ Enregistre la cible sous .... "le bureau"

▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

▶ Clique sur Install ensuite sur "I Accept"

▶ Clique sur" Do a scan system and save log file"

▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

▶ Tuto hijackthis(Merci à Balltrap34)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 01:35
Encore un rapport


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:34:21, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InvisibloRun] "C:\Program Files\Invisiblo\invisiblo.exe" -norun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (file missing)
0
Réponse 13 / 53
Utilisateur anonyme
18 janv. 2009 à 01:36
Re,

▶ Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours/!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 01:44
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------

Updated by C_XX on 17/01/2009 at 12:00

Start at: 1:41:41 | 18/01/2009 | Microsoft® Windows XP™ SP3 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: APOLOSIO | User: Polo ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- M:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 27

+--------------------| Boonty/Boonty Games Elements Found :

.
.

+--------------------| Eorezo Elements Found :

.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\Polo\Application Data\EoRezo
C:\Documents and Settings\Polo\Application Data\EoRezo\cache
C:\Documents and Settings\Polo\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\Polo\Application Data\EoRezo\ConfMedia.cyp.old
C:\Documents and Settings\Polo\Application Data\EoRezo\db
C:\Documents and Settings\Polo\Application Data\EoRezo\EoClock.cfg
C:\Documents and Settings\Polo\Application Data\EoRezo\EoClockVal.cfg
C:\Documents and Settings\Polo\Application Data\EoRezo\EoClockVal_2AAB2F6.cfg
C:\Documents and Settings\Polo\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\Polo\Application Data\EoRezo\EoNet.cfg
C:\Documents and Settings\Polo\Application Data\EoRezo\eoStats
C:\Documents and Settings\Polo\Application Data\EoRezo\EoWeather.cfg
C:\Documents and Settings\Polo\Application Data\EoRezo\EoWeatherVal_02EC282.cfg
C:\Documents and Settings\Polo\Application Data\EoRezo\host.cyp
C:\Documents and Settings\Polo\Application Data\EoRezo\towns.cfg
C:\Documents and Settings\Polo\Application Data\EoRezo\user.cyp
C:\Documents and Settings\Polo\Application Data\EoRezo\db\1.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\10.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\11.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\12.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\13.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\14.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\16.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\17.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\18.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\19.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\2.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\3.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\33.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\4.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\5.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\6.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\7.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\8.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\9.txt
C:\Documents and Settings\Polo\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\Polo\Application Data\EoRezo\db\cat.nfo
C:\Documents and Settings\Polo\Application Data\EoRezo\eoDesktop\config.xml
C:\Documents and Settings\Polo\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\Polo\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\Polo\Application Data\EoRezo\eoStats\eoStats.txt

+--------------------| Everest Casino/Everest Poker Elements Found :

.
.

+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :

.
.

+--------------------| It's TV Elements Found :

HKCU\SOFTWARE\ItsLabel
.
C:\Documents and Settings\Polo\Application Data\ItsLabel
C:\Documents and Settings\Polo\Application Data\ItsLabel\ItsTV
C:\Documents and Settings\Polo\Application Data\ItsLabel\ItsTV\itsTV.xml
C:\Documents and Settings\Polo\Application Data\ItsLabel\ItsTV\version.xml

+--------------------| Sweetim Elements Found :

.
.

+--------------------| Added Scan :


+---------- SCANNING PREFS.JS ... ( # Mozilla user preferences )

..\cpg2ve8g.default\prefs.js :

~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~

* BROWSER SEARCH DEFAULT ENGINE: "Winamp Search"
* BROWSER SEARCH SELECTED ENGINE: "Winamp Search"
* BROWSER SEARCH DEFAULT URL: "http://slirsredirect.search.aol.com/..."
* BROWSER STARTUP HOMEPAGE: "https://www.orange.fr/portail"

.

+---------------------------------------------------------------------------+


~~~~ INTERNET EXPLORER VERSION 7.0.5730.11 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://www.wanadoo.fr

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~5329 BYTES] - "C:\AD-REPORT-SCAN-18.01.2009.LOG"

End at: 1:42:12 | 18/01/2009 - Time elapsed: 30.8 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 99 Lines ]
+---------------------------------------------------------------------------+
0
Réponse 14 / 53
Utilisateur anonyme
18 janv. 2009 à 01:46
Re,

/!\ Déconnectes toi et fermes toutes applications en cours /!\

▶ Relances "Ad-remover" : au menu principal choisi l'option "B" .

http://apu.mabul.org/up/apu/2008/11/19/img-221318q2g03.jpg

Il faut taper un chiffre et valider systématiquement celui-ci par ENTREE.

▶ Ensuite coche:

EoRezo
It's TV

▶ Puis "S"

▶ le programme va travailler ...

▶ Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 02:02
le rapport AD-REPORT + un nouvel Hijackthis



------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------

Updated by C_XX on 17/01/2009 at 12:00

*** LIMITED TO ***

Eorezo
It's TV

******************

Start at: 1:56:54 | 18/01/2009 | Microsoft® Windows XP™ SP3 (V5.1.2600)
Boot mode: Normal
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: APOLOSIO | User: Polo ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- M:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 26

(!) ---- IE start pages reset

+--------------------| Eorezo Elements Deleted :

.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\Polo\Application Data\EoRezo

+--------------------| It's TV Elements Deleted :

HKCU\SOFTWARE\ItsLabel
.
C:\Documents and Settings\Polo\Application Data\ItsLabel

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| Added Scan :


+---------- SCANNING PREFS.JS ... ( # MOZILLA USER PREFERENCES )

..\cpg2ve8g.default\prefs.js :

~~~~ MOZILLA FIREFOX VERSION 3.0.5 ~~~~

* BROWSER SEARCH DEFAULT ENGINE: "Winamp Search"
* BROWSER SEARCH SELECTED ENGINE: "Winamp Search"
* BROWSER SEARCH DEFAULT URL: "http://slirsredirect.search.aol.com/..."
* BROWSER STARTUP HOMEPAGE: "https://www.orange.fr/portail"

.

+---------------------------------------------------------------------------+


~~~~ INTERNET EXPLORER VERSION 7.0.5730.11 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~2284 BYTES] - "C:\AD-REPORT-CLEAN-18.01.2009.LOG"
[~5661 BYTES] - "C:\AD-REPORT-SCAN-18.01.2009.LOG"

End at: 1:57:20 | 18/01/2009 - Time elapsed: 25.1 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 51 Lines ]
+---------------------------------------------------------------------------+




xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:59:29, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InvisibloRun] "C:\Program Files\Invisiblo\invisiblo.exe" -norun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (file missing)
0
Réponse 15 / 53
Utilisateur anonyme
18 janv. 2009 à 02:07
Re,

Redémarre ton pc et fait ce qui suit ensuite:

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 02:13
Les 2 rapports




Logfile of random's system information tool 1.05 (written by random/random)
Run by Polo at 2009-01-18 02:09:41
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 31 GB (26%) free of 117 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:09:42, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Polo\Bureau\RSIT.exe
C:\Program Files\trend micro\HijackThis\Polo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InvisibloRun] "C:\Program Files\Invisiblo\invisiblo.exe" -norun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (file missing)
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 02:20
allo
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 02:35
Voici les rapports :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Polo at 2009-01-18 02:32:41
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 31 GB (26%) free of 117 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:32:45, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Polo\Bureau\RSIT.exe
C:\Program Files\trend micro\HijackThis\Polo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InvisibloRun] "C:\Program Files\Invisiblo\invisiblo.exe" -norun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (file missing)
0
Réponse 16 / 53
Utilisateur anonyme
18 janv. 2009 à 02:33
Re,

Deux secondes.

tuas trois antivirus d'installer.

Supprime deux antivirus de ton choix.

Ensuite recherche ce fichier=>c:\documents and settings\polo\application data\m\flec006.exe

Supoprime le manuellement et vide ta corbeille et redémarre ton pc et refait un log avec rsit.

merci
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 02:53
J'en ai aucun d'anti-virus installer
et malheureusement impossible de choper ce fichier manuellement. il est introuvable
0
Réponse 17 / 53
Utilisateur anonyme
18 janv. 2009 à 02:39
Re,

Voir le poste 23.

A++
0
Réponse 18 / 53
Utilisateur anonyme
18 janv. 2009 à 02:45
Re,

Si tu ne trouve pas le fichier:

Désinstalle findykill et fait ce qui suit:

▶ Rends toi sur ce site :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
▶ tout en bas de cette page tu trouveras un outil
à télécharger,clique sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)
▶ installe ce fichier sur le Bureau.
▶ ensuite double-clic sur Elibagla.exe
▶ laisse la case "eliminar ficheros automaticamente" coché
▶ clique sur"explorar"
▶ laisse-le travailler

▶ Redémarre en mode sans échec,

*Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).

▶ relance 2 fois elibagla

▶ redémarre en mode normal

▶ poste le rapport final qui sera dans c:\infosat.txt
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 03:21
Sun Jan 18 02:57:13 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Jan 18 02:57:39 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 8646
Nº Total de Ficheros: 85584
Nº de Ficheros Analizados: 14445
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Jan 18 03:08:39 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Jan 18 03:08:47 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 8646
Nº Total de Ficheros: 85582
Nº de Ficheros Analizados: 14445
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 03:40
Sun Jan 18 02:57:13 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Jan 18 02:57:39 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 8646
Nº Total de Ficheros: 85584
Nº de Ficheros Analizados: 14445
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Jan 18 03:08:39 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Jan 18 03:08:47 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 8646
Nº Total de Ficheros: 85582
Nº de Ficheros Analizados: 14445
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 03:41
JE SUPPOSE QUE CA COMMENCE A ETRE BON ?!?!
0
Réponse 19 / 53
Utilisateur anonyme
18 janv. 2009 à 02:57
Re,


Bizarre tout sa.

Bon fait le poste 26
0
apolosio Messages postés 56 Date d'inscription samedi 17 janvier 2009 Statut Membre Dernière intervention 21 janvier 2009 1
18 janv. 2009 à 03:22
?????
?????
?????
0
Réponse 20 / 53
Utilisateur anonyme
18 janv. 2009 à 03:26
Re,

Fait la même manipulation que pour combofix tout a l'heure avec ce lien=>clic ici

Le fichier et killbeagle.

merci
0