Spyware qui veule pas s'auter
hakirus
Messages postés
9
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
j'ai des putain de spyware qui veule pas s'auter j'ai un bon fire wall qui l'es bloc meme pas.. jai un bon anti virus qui les détect pas et j'ai 3 bon anti-spyware qui fond que dale avec c'est problem .. alors j'aimerais vraiment si quelqu'un pourais m'aider.. j'ai plein de logiciel au moin 70 et je veut pas formater.. apres avoir cleaner mon pc de tous ca je vais installer nortonghost pour faire un backup de mon pc clean .. (pourier vous me recomender un logiciel pour voir si il y a des problem dans le disk dur.. j'ai des bluescreen des fois )
Merci d'avance
Merci d'avance
A voir également:
- Spyware qui veule pas s'auter
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Spyware terminator - Télécharger - Antivirus & Antimalwares
- Spyware blaster - Télécharger - Antivirus & Antimalwares
- Anti spyware gratuit - Télécharger - Antivirus & Antimalwares
- Anti spyware - Télécharger - Antivirus & Antimalwares
6 réponses
Salut,
Télécharge HijackThis:
Téléchargement de HijackThis
Installe le dans son propre dossier:
-clic droit sur le bureau, choisis "nouveau dossier" puis installe le dedans.
Lance le, clic sur "do a system scan and save logfile"
Puis copie et colle le rapport ici stp
Télécharge HijackThis:
Téléchargement de HijackThis
Installe le dans son propre dossier:
-clic droit sur le bureau, choisis "nouveau dossier" puis installe le dedans.
Lance le, clic sur "do a system scan and save logfile"
Puis copie et colle le rapport ici stp
ogfile of HijackThis v1.99.1
Scan saved at 16:31:16, on 2006-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Hakirus\Scanner.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.co.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(voila)
Scan saved at 16:31:16, on 2006-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Hakirus\Scanner.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.co.jp/_common/cab/NMStarterJP5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(voila)
Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système et colle le rapport ici stp
Ewido: (reste gratuit après la période d'essai)
Télécharger Ewido Security Suite
Puis:
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
A++
Ewido: (reste gratuit après la période d'essai)
Télécharger Ewido Security Suite
Puis:
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
A++
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:51:42 2006-09-12
+ Scan result:
C:\Documents and Settings\Haki\Cookies\haki@ad.adition[2].txt -> TrackingCookie.Adition : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
::Report end
Tuesday, September 12, 2006 7:15:55 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/09/2006
Kaspersky Anti-Virus database records: 209841
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 83203
Number of viruses found 1
Number of infected objects 1 / 0
Number of suspicious objects 0
Duration of the scan process 01:16:46
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\Haki\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Working\database_BEFC_DDDB_FCDD_8DD1\dfsr.db Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Working\database_BEFC_DDDB_FCDD_8DD1\fsr.log Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Working\database_BEFC_DDDB_FCDD_8DD1\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Working\database_BEFC_DDDB_FCDD_8DD1\tmp.edb Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Windows Live Contacts\Lord-Hakirus@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Windows Live Contacts\Lord-Hakirus@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\History\History.IE5\MSHist012006091220060913\index.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\Perflib_Perfdata_27c.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\Perflib_Perfdata_b30.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DF2D37.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DF2D81.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DF2DEF.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DFBE3A.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DFBE4B.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Haki\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Haki\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Haki\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{566856E3-9189-43A6-9950-749A08401E56}\RP123\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HAKIRUS.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd6253.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT04d45.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT04d48.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{566856E3-9189-43A6-9950-749A08401E56}\RP123\change.log Object is locked skipped
E:\System Volume Information\_restore{566856E3-9189-43A6-9950-749A08401E56}\RP35\A0016673.exe Infected: Trojan-Downloader.Win32.Small.dqf skipped
Scan process completed.
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 18:51:42 2006-09-12
+ Scan result:
C:\Documents and Settings\Haki\Cookies\haki@ad.adition[2].txt -> TrackingCookie.Adition : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Haki\Cookies\haki@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Haki\Local Settings\Temp\Cookies\haki@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
::Report end
Tuesday, September 12, 2006 7:15:55 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/09/2006
Kaspersky Anti-Virus database records: 209841
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 83203
Number of viruses found 1
Number of infected objects 1 / 0
Number of suspicious objects 0
Duration of the scan process 01:16:46
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\Haki\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Working\database_BEFC_DDDB_FCDD_8DD1\dfsr.db Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Working\database_BEFC_DDDB_FCDD_8DD1\fsr.log Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Working\database_BEFC_DDDB_FCDD_8DD1\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Messenger\lord-hakirus@hotmail.com\SharingMetadata\Working\database_BEFC_DDDB_FCDD_8DD1\tmp.edb Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Windows Live Contacts\Lord-Hakirus@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Application Data\Microsoft\Windows Live Contacts\Lord-Hakirus@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\History\History.IE5\MSHist012006091220060913\index.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\Perflib_Perfdata_27c.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\Perflib_Perfdata_b30.dat Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DF2D37.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DF2D81.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DF2DEF.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DFBE3A.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temp\~DFBE4B.tmp Object is locked skipped
C:\Documents and Settings\Haki\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Haki\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Haki\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Haki\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{566856E3-9189-43A6-9950-749A08401E56}\RP123\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HAKIRUS.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd6253.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT04d45.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT04d48.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{566856E3-9189-43A6-9950-749A08401E56}\RP123\change.log Object is locked skipped
E:\System Volume Information\_restore{566856E3-9189-43A6-9950-749A08401E56}\RP35\A0016673.exe Infected: Trojan-Downloader.Win32.Small.dqf skipped
Scan process completed.
Clic sur demarrer, poste de travail, C:, windows, Temp, supprime tout ce qui se trouve dans ce dossier si quelque chose résiste redemarre en mode sans echec et supprime tout.
puis fait ça:
Alors ceci; C:\System Volume Information\_restore(voir rapport kaspersky) indique que ta restauration du systeme etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du systeme"
¤ coches la case "desactiver la Restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ decoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créer si un jour tu décides tu pourra revenir en arriere à la date que tu l'as créer donc à ce jour; en fesant la marche arriére tu pourra remettre ton ordinateur à la date ou l'on à créer ce point de restauration mais tu perdra les modifications que tu aura faites entre deux.
Puis dis moi ou en est ton probléme
puis fait ça:
Alors ceci; C:\System Volume Information\_restore(voir rapport kaspersky) indique que ta restauration du systeme etait infecté ou est infecté, pour être sûr, nous allons créer un point propre.
Clic sur "demarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du systeme"
¤ coches la case "desactiver la Restauration du systéme sur tous les lecteurs", puis clic ur "appliquer"
¤ decoches la case et clic sur "appliquer" puis "ok".
Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:
Clic sur "demarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créer si un jour tu décides tu pourra revenir en arriere à la date que tu l'as créer donc à ce jour; en fesant la marche arriére tu pourra remettre ton ordinateur à la date ou l'on à créer ce point de restauration mais tu perdra les modifications que tu aura faites entre deux.
Puis dis moi ou en est ton probléme
EN fais depuis ce matin jarrétais pas d'avoir des bluescreen alors jai regarder lerreur et sur mon autre pc jai éét regarder ce que cétais un Rootkit asser puissant de nouvel génération mais je men t suis débarasser et non je peut pas crée de point de restauration car jai encore plein de pop up qui souvre Exam... winantivirus.. epass key.. des truc de porn.. (je vais meme pas sur des site de porn ) et jai un bon fire wall uptodate je voie pas comment je peut avoir été infection... m'enfin.. mon problem est pas résoler meme ailllen tous suprimer dans temps dans local setting.
Télécharges Blacklight et sauvegarde le sur ton bureau.
https://www.f-secure.com/en
Double cliques sur " blbeta.exe " et acceptes la licence; clic sur "Scan" puis "Next"
Un rapport, va se créer sur ton bureau "fslb-....."
Copies et colles le contenu de ce rapport ici.
Ne touche à rien d'autre!
https://www.f-secure.com/en
Double cliques sur " blbeta.exe " et acceptes la licence; clic sur "Scan" puis "Next"
Un rapport, va se créer sur ton bureau "fslb-....."
Copies et colles le contenu de ce rapport ici.
Ne touche à rien d'autre!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
(merci de maider en passent ^-^)
09/13/06 18:09:48 [Info]: BlackLight Engine 1.0.46 initialized
09/13/06 18:09:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/13/06 18:09:48 [Note]: 7019 4
09/13/06 18:09:48 [Note]: 7005 0
09/13/06 18:09:51 [Note]: 7006 0
09/13/06 18:09:51 [Note]: 7011 1592
09/13/06 18:09:51 [Note]: 7026 0
09/13/06 18:09:51 [Note]: 7026 0
09/13/06 18:09:51 [Note]: 7024 3
09/13/06 18:09:51 [Info]: Hidden process: C:\windows\system32\lmpysejg.exe
09/13/06 18:09:51 [Note]: FSRAW library version 1.7.1019
09/13/06 18:11:20 [Note]: 4013 10927
09/13/06 18:11:20 [Note]: 4020 14279 262144
09/13/06 18:11:20 [Note]: 4018 14279 262144
09/13/06 18:11:20 [Note]: 4013 10926
09/13/06 18:11:20 [Note]: 4020 14279 262144
09/13/06 18:11:20 [Note]: 4018 14279 262144
09/13/06 18:11:20 [Note]: 4013 10927
09/13/06 18:11:20 [Note]: 4020 14279 262144
09/13/06 18:11:20 [Note]: 4018 14279 262144
09/13/06 18:11:20 [Note]: 4013 10926
09/13/06 18:11:20 [Note]: 4020 14279 262144
09/13/06 18:11:20 [Note]: 4018 14279 262144
09/13/06 18:11:33 [Info]: Hidden file: c:\WINDOWS\Prefetch\LMPYSEJG.EXE-021C9060.pf
09/13/06 18:11:33 [Note]: 10002 1
09/13/06 18:11:38 [Info]: Hidden file: c:\WINDOWS\system32\lmpysejg.dat
09/13/06 18:11:38 [Note]: 10002 1
09/13/06 18:11:42 [Info]: Hidden file: C:\windows\system32\lmpysejg.exe
09/13/06 18:11:42 [Note]: 10002 1
09/13/06 18:11:44 [Info]: Hidden file: c:\WINDOWS\system32\lmpysejg_nav.dat
09/13/06 18:11:44 [Note]: 10002 1
09/13/06 18:11:45 [Info]: Hidden file: c:\WINDOWS\system32\lmpysejg_navps.dat
09/13/06 18:11:45 [Note]: 10002 1
09/13/06 18:11:46 [Note]: 4020 72 65536
09/13/06 18:11:46 [Note]: 4020 72 65536
09/13/06 18:11:46 [Note]: 4018 72 65536
09/13/06 18:12:39 [Note]: 7007 0
09/13/06 18:09:48 [Info]: BlackLight Engine 1.0.46 initialized
09/13/06 18:09:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/13/06 18:09:48 [Note]: 7019 4
09/13/06 18:09:48 [Note]: 7005 0
09/13/06 18:09:51 [Note]: 7006 0
09/13/06 18:09:51 [Note]: 7011 1592
09/13/06 18:09:51 [Note]: 7026 0
09/13/06 18:09:51 [Note]: 7026 0
09/13/06 18:09:51 [Note]: 7024 3
09/13/06 18:09:51 [Info]: Hidden process: C:\windows\system32\lmpysejg.exe
09/13/06 18:09:51 [Note]: FSRAW library version 1.7.1019
09/13/06 18:11:20 [Note]: 4013 10927
09/13/06 18:11:20 [Note]: 4020 14279 262144
09/13/06 18:11:20 [Note]: 4018 14279 262144
09/13/06 18:11:20 [Note]: 4013 10926
09/13/06 18:11:20 [Note]: 4020 14279 262144
09/13/06 18:11:20 [Note]: 4018 14279 262144
09/13/06 18:11:20 [Note]: 4013 10927
09/13/06 18:11:20 [Note]: 4020 14279 262144
09/13/06 18:11:20 [Note]: 4018 14279 262144
09/13/06 18:11:20 [Note]: 4013 10926
09/13/06 18:11:20 [Note]: 4020 14279 262144
09/13/06 18:11:20 [Note]: 4018 14279 262144
09/13/06 18:11:33 [Info]: Hidden file: c:\WINDOWS\Prefetch\LMPYSEJG.EXE-021C9060.pf
09/13/06 18:11:33 [Note]: 10002 1
09/13/06 18:11:38 [Info]: Hidden file: c:\WINDOWS\system32\lmpysejg.dat
09/13/06 18:11:38 [Note]: 10002 1
09/13/06 18:11:42 [Info]: Hidden file: C:\windows\system32\lmpysejg.exe
09/13/06 18:11:42 [Note]: 10002 1
09/13/06 18:11:44 [Info]: Hidden file: c:\WINDOWS\system32\lmpysejg_nav.dat
09/13/06 18:11:44 [Note]: 10002 1
09/13/06 18:11:45 [Info]: Hidden file: c:\WINDOWS\system32\lmpysejg_navps.dat
09/13/06 18:11:45 [Note]: 10002 1
09/13/06 18:11:46 [Note]: 4020 72 65536
09/13/06 18:11:46 [Note]: 4020 72 65536
09/13/06 18:11:46 [Note]: 4018 72 65536
09/13/06 18:12:39 [Note]: 7007 0
ah voila un suspect :D
Télécharge BruteForce Uninstaller ici:
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier sur le bureau par exemple, nomme le CCM, decompresse le fichier telechargé à l'interieur
Ensuite, télécharge EGDACCESS :
Fais un clic droit ici:
http://metallica.geekstogo.com/EGDACCESS.bfu et choisis
Enregistre le sur le bureau, puis mets le dans le dossier CCM que tu as créer, tu aura donc les deux fichiers BFU.exe et EGDACCESS.bfu à l'interieur de ce dossier CCM
----------
Lance "BruteForce Uninstaller" en cliquant sur BFU.exe
Clic sur le petit dossier jaune, et clique sur : EGDACCESS.bfu
Coches la case "Show lo"g after script ends
Clic sur Execute pour que le fix fasse son boulot
Attends que le message Complete script execution apparaîsse et clique sur OK.
Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le.
Clic Exit pour fermer le programme BFU.
Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence.
Clic sur Scan pour lancer l'analyse.
Une fois fait, selectionnes chaques fichiers trouvés et clic sur "RENAME"
Puis valide.
Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc.
------------------
Après le reboot du pc, les fichiers :
c:\WINDOWS\Prefetch\LMPYSEJG.EXE-021C9060.pf
c:\WINDOWS\system32\lmpysejg.dat
C:\windows\system32\lmpysejg.exe
c:\WINDOWS\system32\lmpysejg_nav.dat
c:\WINDOWS\system32\lmpysejg_navps.dat
devraient être visible et pouvoir être supprimés sans aucuns soucis.
Blacklight ne les supprimes pas, il les renommes simplement et il va falloir que tu les vires toi même:
Vas dans C:\Windows\system32\ recherches et effaces:
C:\Windows\system32\lmpysejg.dat.ren
c:\Windows\system32\lmpysejg.exe.ren
c:\WINDOWS\system32\lmpysejg_nav.dat.ren
c:\WINDOWS\system32\lmpysejg_navps.dat.ren
Une fois fait, poste le rapport de BFU que tu auras sauvegardé et un nouveau rapport de blacklight stp
Télécharge BruteForce Uninstaller ici:
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier sur le bureau par exemple, nomme le CCM, decompresse le fichier telechargé à l'interieur
Ensuite, télécharge EGDACCESS :
Fais un clic droit ici:
http://metallica.geekstogo.com/EGDACCESS.bfu et choisis
Enregistre le sur le bureau, puis mets le dans le dossier CCM que tu as créer, tu aura donc les deux fichiers BFU.exe et EGDACCESS.bfu à l'interieur de ce dossier CCM
----------
Lance "BruteForce Uninstaller" en cliquant sur BFU.exe
Clic sur le petit dossier jaune, et clique sur : EGDACCESS.bfu
Coches la case "Show lo"g after script ends
Clic sur Execute pour que le fix fasse son boulot
Attends que le message Complete script execution apparaîsse et clique sur OK.
Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le.
Clic Exit pour fermer le programme BFU.
Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence.
Clic sur Scan pour lancer l'analyse.
Une fois fait, selectionnes chaques fichiers trouvés et clic sur "RENAME"
Puis valide.
Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc.
------------------
Après le reboot du pc, les fichiers :
c:\WINDOWS\Prefetch\LMPYSEJG.EXE-021C9060.pf
c:\WINDOWS\system32\lmpysejg.dat
C:\windows\system32\lmpysejg.exe
c:\WINDOWS\system32\lmpysejg_nav.dat
c:\WINDOWS\system32\lmpysejg_navps.dat
devraient être visible et pouvoir être supprimés sans aucuns soucis.
Blacklight ne les supprimes pas, il les renommes simplement et il va falloir que tu les vires toi même:
Vas dans C:\Windows\system32\ recherches et effaces:
C:\Windows\system32\lmpysejg.dat.ren
c:\Windows\system32\lmpysejg.exe.ren
c:\WINDOWS\system32\lmpysejg_nav.dat.ren
c:\WINDOWS\system32\lmpysejg_navps.dat.ren
Une fois fait, poste le rapport de BFU que tu auras sauvegardé et un nouveau rapport de blacklight stp
BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 19:50:25, on 2006-09-13
Option Delete files to Recycle Bin: Yes
Failed: DllUnregister C:\WINDOWS\system32\MSWBM32.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MailSkinner\OESkinner.dll|1 (file not found)
Failed: FolderDelete C:\Program Files\dialpass (folder not found)
Failed: FolderDelete C:\Program Files\eghtmldialer (folder not found)
Failed: FolderDelete C:\Program Files\egroup (folder not found)
Failed: FolderDelete C:\Program Files\Instant Access (folder not found)
Failed: FolderDelete C:\Program Files\MailSkinner (folder not found)
Failed: FolderDelete C:\Program Files\GoRecord2 (folder not found)
Failed: FolderDelete C:\Program Files\GoAstro (folder not found)
Failed: FolderDelete C:\Program Files\SudoPlanet (folder not found)
Failed: FolderDelete C:\Program Files\WebMediaPlayer (folder not found)
Failed: DllUnregister C:\WINDOWS\mslagent\2_mslagent.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\navmpc\2_navmpc.dll|1 (file not found)
Failed: FolderDelete C:\WINDOWS\mslagent (folder not found)
Failed: FolderDelete C:\WINDOWS\navmpc (folder not found)
Failed: FolderDelete C:\WINDOWS\msskinner (folder not found)
Failed: FolderDelete C:\WINDOWS\wintrim (folder not found)
Failed: FolderDelete C:\WINDOWS\wincomp (folder not found)
Failed: FolderDelete C:\WINDOWS\winmgts (folder not found)
Failed: FolderDelete C:\WINDOWS\simcss (folder not found)
Failed: FolderDelete C:\WINDOWS\mc (folder not found)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\Perflib_Perfdata_5d4.dat (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF564E.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF565D.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF6A37.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF6A49.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF7259.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DFB156.tmp (operation failed)
Failed: FolderDelete C:\WINDOWS\Temp\tmp000071e6 (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT06c03.TMP (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT079cf.TMP (operation failed)
Script completed.
09/13/06 20:04:46 [Info]: BlackLight Engine 1.0.46 initialized
09/13/06 20:04:46 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/13/06 20:04:47 [Note]: 7019 4
09/13/06 20:04:47 [Note]: 7005 0
09/13/06 20:04:48 [Note]: 7006 0
09/13/06 20:04:48 [Note]: 7011 1592
09/13/06 20:04:48 [Note]: 7026 0
09/13/06 20:04:49 [Note]: 7026 0
09/13/06 20:04:52 [Note]: FSRAW library version 1.7.1019
09/13/06 20:05:42 [Note]: 7007 0
la je sais pas si le prob est régler ont vas voir ca ;)
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 19:50:25, on 2006-09-13
Option Delete files to Recycle Bin: Yes
Failed: DllUnregister C:\WINDOWS\system32\MSWBM32.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MailSkinner\OESkinner.dll|1 (file not found)
Failed: FolderDelete C:\Program Files\dialpass (folder not found)
Failed: FolderDelete C:\Program Files\eghtmldialer (folder not found)
Failed: FolderDelete C:\Program Files\egroup (folder not found)
Failed: FolderDelete C:\Program Files\Instant Access (folder not found)
Failed: FolderDelete C:\Program Files\MailSkinner (folder not found)
Failed: FolderDelete C:\Program Files\GoRecord2 (folder not found)
Failed: FolderDelete C:\Program Files\GoAstro (folder not found)
Failed: FolderDelete C:\Program Files\SudoPlanet (folder not found)
Failed: FolderDelete C:\Program Files\WebMediaPlayer (folder not found)
Failed: DllUnregister C:\WINDOWS\mslagent\2_mslagent.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\navmpc\2_navmpc.dll|1 (file not found)
Failed: FolderDelete C:\WINDOWS\mslagent (folder not found)
Failed: FolderDelete C:\WINDOWS\navmpc (folder not found)
Failed: FolderDelete C:\WINDOWS\msskinner (folder not found)
Failed: FolderDelete C:\WINDOWS\wintrim (folder not found)
Failed: FolderDelete C:\WINDOWS\wincomp (folder not found)
Failed: FolderDelete C:\WINDOWS\winmgts (folder not found)
Failed: FolderDelete C:\WINDOWS\simcss (folder not found)
Failed: FolderDelete C:\WINDOWS\mc (folder not found)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\Perflib_Perfdata_5d4.dat (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF564E.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF565D.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF6A37.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF6A49.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DF7259.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\Haki\LOCALS~1\Temp\~DFB156.tmp (operation failed)
Failed: FolderDelete C:\WINDOWS\Temp\tmp000071e6 (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT06c03.TMP (operation failed)
Failed: FileDelete C:\WINDOWS\Temp\ZLT079cf.TMP (operation failed)
Script completed.
09/13/06 20:04:46 [Info]: BlackLight Engine 1.0.46 initialized
09/13/06 20:04:46 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/13/06 20:04:47 [Note]: 7019 4
09/13/06 20:04:47 [Note]: 7005 0
09/13/06 20:04:48 [Note]: 7006 0
09/13/06 20:04:48 [Note]: 7011 1592
09/13/06 20:04:48 [Note]: 7026 0
09/13/06 20:04:49 [Note]: 7026 0
09/13/06 20:04:52 [Note]: FSRAW library version 1.7.1019
09/13/06 20:05:42 [Note]: 7007 0
la je sais pas si le prob est régler ont vas voir ca ;)
voila c'est mieux :-)
finis par ça:
Pour afficher tous les dossiers et fichiers cachés;
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
"
Coche:
¤ afficher les fichiers et dossiers cachés
Clic sur "appliquer" puis "ok"
---
Clic sur demarrer, poste de travail, C:, Windows, Temps, vide le dossier completement
Clic sur demarrer, poste de travail, C:, documents and settings, Haki, locals settings, et supprime tout
Si quelques chose venait à resister, utilise le mode sans echec et supprime tout
Tu m'en dira des nouvelles si ça va mieux :-)
finis par ça:
Pour afficher tous les dossiers et fichiers cachés;
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
"
Coche:
¤ afficher les fichiers et dossiers cachés
Clic sur "appliquer" puis "ok"
---
Clic sur demarrer, poste de travail, C:, Windows, Temps, vide le dossier completement
Clic sur demarrer, poste de travail, C:, documents and settings, Haki, locals settings, et supprime tout
Si quelques chose venait à resister, utilise le mode sans echec et supprime tout
Tu m'en dira des nouvelles si ça va mieux :-)
