TROJAN TR CRYPT XPACK GEN ENCORE.....
foenickss
-
foenickss -
foenickss -
Bonjour,
je n arrive pas a me debarasser de ce trojan...
je dois desinfecter mon pc de toutes manieres ùais peut etre est il la raison de ma latence in game ds cod4 et 6
j ai bien vu qu il y a de nombreux post a ce sujet mais a chaque fois il faut le rapport hijackthis..
je suppose donc que la soluce est tres dependante du rapport que voici pour moi:
M:\WINDOWS\system32\lsass.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\svchost.exe
M:\WINDOWS\System32\svchost.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\spoolsv.exe
M:\Program Files\Avira\AntiVir Desktop\sched.exe
M:\WINDOWS\Explorer.EXE
M:\Program Files\Avira\AntiVir Desktop\avgnt.exe
M:\WINDOWS\system32\RunDll32.exe
M:\Program Files\Logitech\G-series Software\LGDCore.exe
M:\Program Files\Logitech\G-series Software\LCDMon.exe
M:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
M:\WINDOWS\system32\ctfmon.exe
M:\Program Files\Windows Live\Messenger\msnmsgr.exe
M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
M:\Program Files\Logitech\SetPoint\SetPoint.exe
M:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
M:\Program Files\Avira\AntiVir Desktop\avguard.exe
M:\Program Files\Java\jre6\bin\jqs.exe
M:\WINDOWS\system32\PnkBstrA.exe
M:\Program Files\Windows Live\Contacts\wlcomm.exe
M:\Program Files\Steam\steam.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - M:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - M:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - M:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - M:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] M:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] M:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avgnt] "M:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Launch LGDCore] "M:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "M:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] M:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "M:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = M:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = M:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - M:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - M:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - M:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - M:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - M:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - M:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - M:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - M:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - M:\Program Files\WinPcap\rpcapd.exe
je n arrive pas a me debarasser de ce trojan...
je dois desinfecter mon pc de toutes manieres ùais peut etre est il la raison de ma latence in game ds cod4 et 6
j ai bien vu qu il y a de nombreux post a ce sujet mais a chaque fois il faut le rapport hijackthis..
je suppose donc que la soluce est tres dependante du rapport que voici pour moi:
M:\WINDOWS\system32\lsass.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\svchost.exe
M:\WINDOWS\System32\svchost.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\spoolsv.exe
M:\Program Files\Avira\AntiVir Desktop\sched.exe
M:\WINDOWS\Explorer.EXE
M:\Program Files\Avira\AntiVir Desktop\avgnt.exe
M:\WINDOWS\system32\RunDll32.exe
M:\Program Files\Logitech\G-series Software\LGDCore.exe
M:\Program Files\Logitech\G-series Software\LCDMon.exe
M:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
M:\WINDOWS\system32\ctfmon.exe
M:\Program Files\Windows Live\Messenger\msnmsgr.exe
M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
M:\Program Files\Logitech\SetPoint\SetPoint.exe
M:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
M:\Program Files\Avira\AntiVir Desktop\avguard.exe
M:\Program Files\Java\jre6\bin\jqs.exe
M:\WINDOWS\system32\PnkBstrA.exe
M:\Program Files\Windows Live\Contacts\wlcomm.exe
M:\Program Files\Steam\steam.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - M:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - M:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - M:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - M:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] M:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] M:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avgnt] "M:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Launch LGDCore] "M:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "M:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] M:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "M:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = M:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = M:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - M:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - M:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - M:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - M:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - M:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - M:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - M:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - M:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - M:\Program Files\WinPcap\rpcapd.exe
A voir également:
- TROJAN TR CRYPT XPACK GEN ENCORE.....
- Trojan sms-par google ✓ - Forum Virus
- True crypt - Télécharger - Chiffrement
- Sennheiser tr 4200 problème - Forum Casque et écouteurs
- Trojan gen 2 ✓ - Forum Antivirus
- Trojan remover - Télécharger - Antivirus & Antimalwares
4 réponses
voici le rapport qd hijack est renomme en ccm:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:40, on 18/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
M:\WINDOWS\System32\smss.exe
M:\WINDOWS\system32\winlogon.exe
M:\WINDOWS\system32\services.exe
M:\WINDOWS\system32\lsass.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\svchost.exe
M:\WINDOWS\System32\svchost.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\spoolsv.exe
M:\Program Files\Avira\AntiVir Desktop\sched.exe
M:\WINDOWS\Explorer.EXE
M:\Program Files\Avira\AntiVir Desktop\avgnt.exe
M:\WINDOWS\system32\RunDll32.exe
M:\Program Files\Logitech\G-series Software\LGDCore.exe
M:\Program Files\Logitech\G-series Software\LCDMon.exe
M:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
M:\WINDOWS\system32\ctfmon.exe
M:\Program Files\Windows Live\Messenger\msnmsgr.exe
M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
M:\Program Files\Logitech\SetPoint\SetPoint.exe
M:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
M:\Program Files\Avira\AntiVir Desktop\avguard.exe
M:\Program Files\Java\jre6\bin\jqs.exe
M:\WINDOWS\system32\PnkBstrA.exe
M:\Program Files\Windows Live\Contacts\wlcomm.exe
M:\Program Files\Steam\steam.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - M:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - M:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - M:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - M:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] M:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] M:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avgnt] "M:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Launch LGDCore] "M:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "M:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] M:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "M:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = M:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = M:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - M:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - M:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - M:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - M:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - M:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - M:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - M:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - M:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - M:\Program Files\WinPcap\rpcapd.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:40, on 18/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
M:\WINDOWS\System32\smss.exe
M:\WINDOWS\system32\winlogon.exe
M:\WINDOWS\system32\services.exe
M:\WINDOWS\system32\lsass.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\svchost.exe
M:\WINDOWS\System32\svchost.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\spoolsv.exe
M:\Program Files\Avira\AntiVir Desktop\sched.exe
M:\WINDOWS\Explorer.EXE
M:\Program Files\Avira\AntiVir Desktop\avgnt.exe
M:\WINDOWS\system32\RunDll32.exe
M:\Program Files\Logitech\G-series Software\LGDCore.exe
M:\Program Files\Logitech\G-series Software\LCDMon.exe
M:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
M:\WINDOWS\system32\ctfmon.exe
M:\Program Files\Windows Live\Messenger\msnmsgr.exe
M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
M:\Program Files\Logitech\SetPoint\SetPoint.exe
M:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
M:\Program Files\Avira\AntiVir Desktop\avguard.exe
M:\Program Files\Java\jre6\bin\jqs.exe
M:\WINDOWS\system32\PnkBstrA.exe
M:\Program Files\Windows Live\Contacts\wlcomm.exe
M:\Program Files\Steam\steam.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Internet Explorer\iexplore.exe
M:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - M:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - M:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - M:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - M:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] M:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] M:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avgnt] "M:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Launch LGDCore] "M:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "M:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] M:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "M:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] M:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = M:\Program Files\Fichiers communs\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = M:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - M:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - M:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0893AC4C-3455-4E55-80F2-21264F43F6C7}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - M:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - M:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - M:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - M:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - M:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PnkBstrA - Unknown owner - M:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - M:\Program Files\WinPcap\rpcapd.exe
http://www.cijoint.fr/cjlink.php?file=cj200911/cijcQs06J6.txt
http://www.cijoint.fr/cjlink.php?file=cj200911/cijuAhuZJU.txt
voici les lien info..puis log des rapport rsit
http://www.cijoint.fr/cjlink.php?file=cj200911/cijuAhuZJU.txt
voici les lien info..puis log des rapport rsit
voici un rapport usbfix
############################## | UsbFix V6.054 |
User : Propriétaire (Administrateurs) # ADMIN-F9C5A3AA5
Update on 17/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 17:45:12 | 18/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 48,83 Go (30,11 Go free) # NTFS
D:\ -> Disque fixe local # 116,21 Go (57,02 Go free) [FTP116Go] # NTFS
E:\ -> Disque fixe local # 298,09 Go (271,31 Go free) [stock300Go] # NTFS
F:\ -> Disque fixe local # 184,05 Go (151,76 Go free) [TRAVAIL EN COURS 183Go] # NTFS
G:\ -> Disque fixe local # 116,67 Go (12,4 Go free) [stock 116Go] # NTFS
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
L:\ -> Disque CD-ROM # 44,16 Mo (0 Mo free) [LGKS_1_02_218] # CDFS
M:\ -> Disque fixe local # 139,73 Go (116,17 Go free) # NTFS
############################## | Processus actifs |
M:\WINDOWS\System32\smss.exe 852
M:\WINDOWS\system32\csrss.exe 924
M:\WINDOWS\system32\winlogon.exe 956
M:\WINDOWS\system32\services.exe 1004
M:\WINDOWS\system32\lsass.exe 1016
M:\WINDOWS\system32\Ati2evxx.exe 1204
M:\WINDOWS\system32\svchost.exe 1224
M:\WINDOWS\system32\svchost.exe 1292
M:\WINDOWS\System32\svchost.exe 1420
M:\WINDOWS\system32\svchost.exe 1548
M:\WINDOWS\system32\svchost.exe 1636
M:\WINDOWS\system32\Ati2evxx.exe 1756
M:\WINDOWS\system32\spoolsv.exe 1776
M:\Program Files\Avira\AntiVir Desktop\sched.exe 1888
M:\WINDOWS\system32\svchost.exe 2024
M:\WINDOWS\Explorer.EXE 516
M:\Program Files\Avira\AntiVir Desktop\avgnt.exe 692
M:\WINDOWS\system32\RunDll32.exe 716
M:\Program Files\Logitech\G-series Software\LGDCore.exe 776
M:\Program Files\Logitech\G-series Software\LCDMon.exe 788
M:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe 832
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 888
M:\WINDOWS\system32\ctfmon.exe 1084
M:\Program Files\Windows Live\Messenger\msnmsgr.exe 1068
M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe 1244
M:\Program Files\Logitech\SetPoint\SetPoint.exe 1384
M:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE 1480
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 2020
M:\Program Files\Avira\AntiVir Desktop\avguard.exe 872
M:\Program Files\Java\jre6\bin\jqs.exe 1396
M:\WINDOWS\system32\PnkBstrA.exe 1656
M:\WINDOWS\system32\wdfmgr.exe 2124
M:\WINDOWS\System32\alg.exe 3024
M:\Program Files\Windows Live\Contacts\wlcomm.exe 3736
M:\Program Files\Steam\steam.exe 3708
M:\Program Files\Internet Explorer\iexplore.exe 2412
M:\Program Files\Internet Explorer\iexplore.exe 3844
M:\Program Files\Internet Explorer\iexplore.exe 736
M:\Program Files\Internet Explorer\iexplore.exe 2452
M:\Program Files\Internet Explorer\iexplore.exe 3396
M:\Program Files\Internet Explorer\iexplore.exe 456
M:\WINDOWS\system32\wbem\wmiprvse.exe 3332
################## | Fichiers # Dossiers infectieux |
L:\autorun.inf
################## | Registre # Clés infectieuses |
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\L
Shell\AutoRun\command =L:\start.exe
HKCU\..\..\Explorer\MountPoints2\{ad8376bb-bd73-11de-b186-806d6172696f}
Shell\AutoRun\command =L:\start.exe
################## | Cracks / Keygens / Serials |
"E:\logiciel\Auslogics BoostSpeed 4.0.0.65 Incl. Serial-TSRh [JAN-25-08].rar"
-> contain : boost-speed-setup.exe
"E:\logiciel\nero7demo\Ahead.Nero.v7.0.5.4.Premium.Edition.Incl.Keygen-ORiON.rar"
-> contain : Ahead.Nero.v7.0.5.4.Premium.Edition.Incl.Keygen-ORiON\Nero-7.0.5.4_deu_no_yt.exe
############################## | UsbFix V6.054 |
User : Propriétaire (Administrateurs) # ADMIN-F9C5A3AA5
Update on 17/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 17:45:12 | 18/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 48,83 Go (30,11 Go free) # NTFS
D:\ -> Disque fixe local # 116,21 Go (57,02 Go free) [FTP116Go] # NTFS
E:\ -> Disque fixe local # 298,09 Go (271,31 Go free) [stock300Go] # NTFS
F:\ -> Disque fixe local # 184,05 Go (151,76 Go free) [TRAVAIL EN COURS 183Go] # NTFS
G:\ -> Disque fixe local # 116,67 Go (12,4 Go free) [stock 116Go] # NTFS
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
L:\ -> Disque CD-ROM # 44,16 Mo (0 Mo free) [LGKS_1_02_218] # CDFS
M:\ -> Disque fixe local # 139,73 Go (116,17 Go free) # NTFS
############################## | Processus actifs |
M:\WINDOWS\System32\smss.exe 852
M:\WINDOWS\system32\csrss.exe 924
M:\WINDOWS\system32\winlogon.exe 956
M:\WINDOWS\system32\services.exe 1004
M:\WINDOWS\system32\lsass.exe 1016
M:\WINDOWS\system32\Ati2evxx.exe 1204
M:\WINDOWS\system32\svchost.exe 1224
M:\WINDOWS\system32\svchost.exe 1292
M:\WINDOWS\System32\svchost.exe 1420
M:\WINDOWS\system32\svchost.exe 1548
M:\WINDOWS\system32\svchost.exe 1636
M:\WINDOWS\system32\Ati2evxx.exe 1756
M:\WINDOWS\system32\spoolsv.exe 1776
M:\Program Files\Avira\AntiVir Desktop\sched.exe 1888
M:\WINDOWS\system32\svchost.exe 2024
M:\WINDOWS\Explorer.EXE 516
M:\Program Files\Avira\AntiVir Desktop\avgnt.exe 692
M:\WINDOWS\system32\RunDll32.exe 716
M:\Program Files\Logitech\G-series Software\LGDCore.exe 776
M:\Program Files\Logitech\G-series Software\LCDMon.exe 788
M:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe 832
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 888
M:\WINDOWS\system32\ctfmon.exe 1084
M:\Program Files\Windows Live\Messenger\msnmsgr.exe 1068
M:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe 1244
M:\Program Files\Logitech\SetPoint\SetPoint.exe 1384
M:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE 1480
M:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 2020
M:\Program Files\Avira\AntiVir Desktop\avguard.exe 872
M:\Program Files\Java\jre6\bin\jqs.exe 1396
M:\WINDOWS\system32\PnkBstrA.exe 1656
M:\WINDOWS\system32\wdfmgr.exe 2124
M:\WINDOWS\System32\alg.exe 3024
M:\Program Files\Windows Live\Contacts\wlcomm.exe 3736
M:\Program Files\Steam\steam.exe 3708
M:\Program Files\Internet Explorer\iexplore.exe 2412
M:\Program Files\Internet Explorer\iexplore.exe 3844
M:\Program Files\Internet Explorer\iexplore.exe 736
M:\Program Files\Internet Explorer\iexplore.exe 2452
M:\Program Files\Internet Explorer\iexplore.exe 3396
M:\Program Files\Internet Explorer\iexplore.exe 456
M:\WINDOWS\system32\wbem\wmiprvse.exe 3332
################## | Fichiers # Dossiers infectieux |
L:\autorun.inf
################## | Registre # Clés infectieuses |
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\L
Shell\AutoRun\command =L:\start.exe
HKCU\..\..\Explorer\MountPoints2\{ad8376bb-bd73-11de-b186-806d6172696f}
Shell\AutoRun\command =L:\start.exe
################## | Cracks / Keygens / Serials |
"E:\logiciel\Auslogics BoostSpeed 4.0.0.65 Incl. Serial-TSRh [JAN-25-08].rar"
-> contain : boost-speed-setup.exe
"E:\logiciel\nero7demo\Ahead.Nero.v7.0.5.4.Premium.Edition.Incl.Keygen-ORiON.rar"
-> contain : Ahead.Nero.v7.0.5.4.Premium.Edition.Incl.Keygen-ORiON\Nero-7.0.5.4_deu_no_yt.exe
le rapport ad remover
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_C | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 16.11.2009 à 22:21
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:50:31, 18/11/2009 | Mode Normal | Option: SCAN
Exécuté de: M:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: ADMIN-F9C5A3AA5 | Utilisateur actuel: Propri‚taire
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://www.sfr.fr/kit/adsl/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
1243 Octet(s) - M:\Ad-Report-SCAN[1].log
.
1 Fichier(s) - M:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
53 Fichier(s) - M:\WINDOWS\Temp
.
0 Fichier(s) - M:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - M:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 17:51:00 | 18/11/2009 - SCAN[1]
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_C | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 16.11.2009 à 22:21
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:50:31, 18/11/2009 | Mode Normal | Option: SCAN
Exécuté de: M:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: ADMIN-F9C5A3AA5 | Utilisateur actuel: Propri‚taire
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://www.sfr.fr/kit/adsl/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
1243 Octet(s) - M:\Ad-Report-SCAN[1].log
.
1 Fichier(s) - M:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
53 Fichier(s) - M:\WINDOWS\Temp
.
0 Fichier(s) - M:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - M:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 17:51:00 | 18/11/2009 - SCAN[1]
.
============== E.O.F ==============
.
