Security alert dans barre d'outils T__T - Page 2

Précédent
  • 1
  • 2
  1. clownface Messages postés 1490 Statut Membre 73
     
    il n'y avait que ça ??
    repostes un log hijackthis
    0
  2. LaBelette76140 Messages postés 113 Statut Membre 5
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:03:03, on 16/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    0
  3. clownface Messages postés 1490 Statut Membre 73
     
    télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Redémarre en mode sans échec,de préférence par f8 au démarrage:
    https://docs.microsoft.com/en-us/

    Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.

    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre des trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie sur une touche pour redémarrer le PC.

    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

    Après le chargement du Bureau,l'outil terminera son travail et affichera "Finished".
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

    Les icônes du Bureau affichées,le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.

    0
  4. LaBelette76140 Messages postés 113 Statut Membre 5
     
    slt

    SDFix: Version 1.109

    Run by Romain on 17/10/2007 at 13:26

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\Romain\Bureau\SDFix

    Safe Mode:
    Checking Services:

    C:\WINDOWS\system32\Microsoft\backup.ftp Found
    C:\WINDOWS\system32\Microsoft\backup.tftp Found

    Checking files:

    Genuine:
    C:\WINDOWS\system32\Microsoft\backup.ftp
    C:\WINDOWS\system32\Microsoft\backup.tftp

    Dummy:
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\tftp.exe
    C:\WINDOWS\system32\dllcache\tftp.exe

    Files copied to SDFix\Backups

    Restoring files if backups are found

    Final Check:

    Genuine:
    C:\WINDOWS\system32\Microsoft\backup.ftp
    C:\WINDOWS\system32\Microsoft\backup.tftp
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\tftp.exe
    C:\WINDOWS\system32\dllcache\ftp.exe
    C:\WINDOWS\system32\dllcache\tftp.exe

    Dummy:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
    C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted

    Folder C:\Program Files\Fichiers communs\Carlson - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Documents and Settings\\Romain\\Bureau\\Tbot\\Turbo Crack 1.0.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Tbot\\Turbo Crack 1.0.exe:*:Enabled:Turbo Crack 1.0"
    "C:\\Documents and Settings\\Romain\\Bureau\\Tbot\\Tbot0527\\Turbo Crack 1.0.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Tbot\\Tbot0527\\Turbo Crack 1.0.exe:*:Enabled:Turbo Crack 1.0"
    "C:\\Documents and Settings\\Romain\\Bureau\\NuBot_v\\NuBot v.0003\\nuBot[0.003].exe"="C:\\Documents and Settings\\Romain\\Bureau\\NuBot_v\\NuBot v.0003\\nuBot[0.003].exe:*:Enabled:nuBot[0.003]"
    "C:\\Documents and Settings\\Romain\\Bureau\\nuBot\\nuBotv4.0.12.exe"="C:\\Documents and Settings\\Romain\\Bureau\\nuBot\\nuBotv4.0.12.exe:*:Enabled:nuBotv4.0.12"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Jeux\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Jeux\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Jeux\\EA GAMES\\Battlefield 2\\BF2VoipServer_w32ded.exe"="C:\\Jeux\\EA GAMES\\Battlefield 2\\BF2VoipServer_w32ded.exe:*:Enabled:BF2VoipServer_w32ded"
    "C:\\Jeux\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe"="C:\\Jeux\\EA GAMES\\Battlefield 2\\BF2VoipServer.exe:*:Enabled:BF2VoipServer"
    "C:\\Jeux\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Jeux\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:bfvietnam"
    "C:\\Documents and Settings\\Romain\\Bureau\\Tbot\\Tbot0527\\Turbo Crack 2.0.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Tbot\\Tbot0527\\Turbo Crack 2.0.exe:*:Enabled:Turbo Crack 2.0"
    "C:\\Jeux\\Counter-Strike 1.6\\hl.exe"="C:\\Jeux\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\\Documents and Settings\\Romain\\Bureau\\Turbo Crack 2.0\\Tbot0527\\Turbo Crack 2.0.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Turbo Crack 2.0\\Tbot0527\\Turbo Crack 2.0.exe:*:Enabled:Turbo Crack 2.0"
    "C:\\Documents and Settings\\Romain\\Bureau\\Tbot0527\\Turbo Crack 2.0.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Tbot0527\\Turbo Crack 2.0.exe:*:Enabled:Turbo Crack 2.0"
    "C:\\Documents and Settings\\Romain\\Bureau\\Tbot0527\\Turbo Crack 1.0.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Tbot0527\\Turbo Crack 1.0.exe:*:Enabled:Turbo Crack 1.0"
    "C:\\Jeux\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"="C:\\Jeux\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe:*:Enabled:bf2_w32ded"
    "C:\\Documents and Settings\\Romain\\Bureau\\tbot\\Turbo Crack 2.0\\Tbot0527\\Turbo Crack 2.0.exe"="C:\\Documents and Settings\\Romain\\Bureau\\tbot\\Turbo Crack 2.0\\Tbot0527\\Turbo Crack 2.0.exe:*:Enabled:Turbo Crack 2.0"
    "C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
    "C:\\Jeux\\Test Drive Unlimited\\TestDriveUnlimited.exe"="C:\\Jeux\\Test Drive Unlimited\\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
    "C:\\Documents and Settings\\Romain\\Bureau\\Turbo Crack 2.0.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Turbo Crack 2.0.exe:*:Enabled:Turbo Crack 2.0"
    "C:\\Documents and Settings\\Romain\\Bureau\\SRO\\bots\\nuBot\\nuBotv4.0.12.exe"="C:\\Documents and Settings\\Romain\\Bureau\\SRO\\bots\\nuBot\\nuBotv4.0.12.exe:*:Enabled:nuBotv4.0.12"
    "C:\\Documents and Settings\\Romain\\Bureau\\SRO\\nuBot\\nuBotv4.0.12.exe"="C:\\Documents and Settings\\Romain\\Bureau\\SRO\\nuBot\\nuBotv4.0.12.exe:*:Enabled:nuBotv4.0.12"
    "C:\\Jeux\\Silkroad\\sro_client.exe"="C:\\Jeux\\Silkroad\\sro_client.exe:*:Enabled:sro_client"
    "C:\\Documents and Settings\\Romain\\Bureau\\srobot\\srobot.exe"="C:\\Documents and Settings\\Romain\\Bureau\\srobot\\srobot.exe:*:Enabled:HookSrv"
    "C:\\Documents and Settings\\Romain\\Bureau\\srobot\\Chesmod V0.2alpha\\Chesmod.exe"="C:\\Documents and Settings\\Romain\\Bureau\\srobot\\Chesmod V0.2alpha\\Chesmod.exe:*:Enabled:Chesmod"
    "C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nsf192.tmp\\utorrent.exe"="C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nsf192.tmp\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nsw2F2.tmp\\utorrent.exe"="C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nsw2F2.tmp\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nsg324.tmp\\utorrent.exe"="C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nsg324.tmp\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nsm416.tmp\\utorrent.exe"="C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nsm416.tmp\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nso4.tmp\\utorrent.exe"="C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nso4.tmp\\utorrent.exe:*:Enabled:æTorrent"
    "C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nseC.tmp\\utorrent.exe"="C:\\Documents and Settings\\Romain\\Local Settings\\Temp\\nseC.tmp\\utorrent.exe:*:Enabled:utorrent"
    "C:\\Jeux\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"="C:\\Jeux\\Lost Planet Extreme Condition\\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9"
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\\Documents and Settings\\Romain\\Bureau\\HaxCr4x 3.3.exe"="C:\\Documents and Settings\\Romain\\Bureau\\HaxCr4x 3.3.exe:*:Enabled:HaxCr4x 3.3"
    "C:\\Jeux\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Jeux\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
    "C:\\Program Files\\ubi.com\\Core\\GS4.exe"="C:\\Program Files\\ubi.com\\Core\\GS4.exe:*:Enabled:ubi.com Game Service"
    "C:\\Jeux\\Lock On\\LockOn.exe"="C:\\Jeux\\Lock On\\LockOn.exe:*:Enabled:LOCK ON"
    "C:\\Documents and Settings\\Romain\\Bureau\\tcrack12_4.exe"="C:\\Documents and Settings\\Romain\\Bureau\\tcrack12_4.exe:*:Enabled: "
    "C:\\Documents and Settings\\Romain\\Bureau\\tbot\\tcrack12_4.exe"="C:\\Documents and Settings\\Romain\\Bureau\\tbot\\tcrack12_4.exe:*:Enabled: "
    "C:\\Jeux\\Age of Empires III\\age3.exe"="C:\\Jeux\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
    "C:\\Jeux\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Jeux\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
    "C:\\Jeux\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Jeux\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
    "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
    "C:\\Jeux\\Silkroad\\SilkErrSender.exe"="C:\\Jeux\\Silkroad\\SilkErrSender.exe:*:Enabled:FTPSender MFC ?? ????"
    "C:\\Documents and Settings\\Romain\\Bureau\\scrack3_171.exe"="C:\\Documents and Settings\\Romain\\Bureau\\scrack3_171.exe:*:Enabled:scrack3_171"
    "C:\\Jeux\\EA GAMES\\Battlefield 2142\\BF2142.exe"="C:\\Jeux\\EA GAMES\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
    "C:\\Documents and Settings\\Romain\\Bureau\\tbot2\\tcrack12_4.exe"="C:\\Documents and Settings\\Romain\\Bureau\\tbot2\\tcrack12_4.exe:*:Enabled: "
    "C:\\Jeux\\Steam\\SteamApps\\gladiator760\\the ship dedicated server\\srcds.exe"="C:\\Jeux\\Steam\\SteamApps\\gladiator760\\the ship dedicated server\\srcds.exe:*:Enabled:srcds"
    "C:\\Jeux\\Steam\\SteamApps\\gladiator26\\counter-strike source\\hl2.exe"="C:\\Jeux\\Steam\\SteamApps\\gladiator26\\counter-strike source\\hl2.exe:*:Enabled:hl2"
    "C:\\Jeux\\Ghost Recon Advanced Warfighter\\graw.exe"="C:\\Jeux\\Ghost Recon Advanced Warfighter\\graw.exe:*:Enabled:graw"
    "C:\\Documents and Settings\\Romain\\Bureau\\TbotSroBot0919\\server.exe"="C:\\Documents and Settings\\Romain\\Bureau\\TbotSroBot0919\\server.exe:*:Enabled:server"
    "C:\\Documents and Settings\\Romain\\Bureau\\tbot\\server.exe"="C:\\Documents and Settings\\Romain\\Bureau\\tbot\\server.exe:*:Enabled:server"
    "C:\\Documents and Settings\\Romain\\Bureau\\Revbot\\MultiSocket.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Revbot\\MultiSocket.exe:*:Enabled:MultiSocket"
    "C:\\Documents and Settings\\Romain\\Bureau\\Revbot\\nuConnector3a.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Revbot\\nuConnector3a.exe:*:Enabled:nuConnector3a"
    "C:\\Jeux\\FEARCombat\\fpupdate.exe"="C:\\Jeux\\FEARCombat\\fpupdate.exe:*:Enabled:fpupdate"
    "C:\\Jeux\\FEARCombat\\FEARMP.exe"="C:\\Jeux\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
    "C:\\WINDOWS\\LBTWiz.exe"="C:\\WINDOWS\\LBTWiz.exe:*:Enabled:LBTWiz"
    "C:\\DOCUME~1\\Romain\\LOCALS~1\\Temp\\win20.tmp.exe"="C:\\DOCUME~1\\Romain\\LOCALS~1\\Temp\\win20.tmp.exe:*:Enabled:win20.tmp"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Jeux\\Steam\\Steam.exe"="C:\\Jeux\\Steam\\Steam.exe:*:Enabled:Steam"
    "C:\\Documents and Settings\\Romain\\Bureau\\Tbot 1009 J@Ck PoT\\TBotSro1009\\server.exe"="C:\\Documents and Settings\\Romain\\Bureau\\Tbot 1009 J@Ck PoT\\TBotSro1009\\server.exe:*:Enabled:server"
    "C:\\Documents and Settings\\Romain\\Bureau\\tbot1009\\server.exe"="C:\\Documents and Settings\\Romain\\Bureau\\tbot1009\\server.exe:*:Enabled:server"
    "C:\\Jeux\\Silkroad\\tbot1009\\server.exe"="C:\\Jeux\\Silkroad\\tbot1009\\server.exe:*:Enabled:server"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\Romain\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Tue 3 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 7 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d03f71700772ecd1d20bacc33c473cd5\BIT7B.tmp"
    Thu 28 Jun 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d3e2cd1aa350dfdef90c91dfc8e90f2d\BIT13.tmp"

    Finished!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. LaBelette76140 Messages postés 113 Statut Membre 5
     
    up
    0
  7. clownface Messages postés 1490 Statut Membre 73
     
    bonsoir,

    repostes un hijackthis
    0
  8. LaBelette76140 Messages postés 113 Statut Membre 5
     
    lu superman,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:13:37, on 17/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgNtfs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    0
  9. clownface Messages postés 1490 Statut Membre 73
     
    voilà qui est beaucoup mieux :)

    coches et fixes cette ligne :
    O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)

    et installes toi un vrai parefeu : securite le parefeu de windows xp (pour info et liens necessaires)

    0
  10. LaBelette76140 Messages postés 113 Statut Membre 5
     
    content de te l'entendre dire^^

    j'ai donc opté pour kerio ,ca ne pose pas de problème qu'il fonctionne avec avast pro ? (je ne pense pas ,mais bon on sait jamais^^)
    0
  11. clownface Messages postés 1490 Statut Membre 73
     
    non ça ne pose pas de problème.
    0
  12. LaBelette76140 Messages postés 113 Statut Membre 5
     
    youpiiii bon voilà on a finit^^

    je te remercie beaucoup !!!
    0
Précédent
  • 1
  • 2