systelm infecté par des pub

Question

Bonjour,
voila moi mon system est infecté par de nombreuse pub ( bcp de CiD: , ainsi que les message votre system est infecté telecharger ce logiciel etc ... ) c est assez penible si quelqu un peux m aidé se serai sympa .
merci d avance .

Utilisateur anonyme · Answer

Scan ton pc avec Hijackthis et poste un rapport

gil le fantom · Answer

salut 

tu as fais un doublon
http://www.commentcamarche.net/forum/affich 7249027 system infecte par des pubs

on continu ici

rova · Answer

merci de m aidé , voila ce que sa ma mis :


   -----------------------[  Lop S&D 4.2.1-9  XP/Vista  ]---------------------

   [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
   [ USER : rova ] [ "C:\Lop SD" ] [ Selection : 1 ]
   [ 05/07/2008 | 15:14:26,88 ] [ PC : PC-DE-ROVA ]
   [ MAJ : 01-07-2008 | 00:25 ]
   [ UAC => 0 ]
 
   -------------[ Listing des dossiers dans Roaming ]------------  

   [03/05/2008|12:20] C:\Usersova\AppData\Roaming\Adobe\Linguistics
   [03/05/2008|12:20] C:\Usersova\AppData\Roaming\Adobe\Acrobat
   [24/04/2008|22:38] C:\Usersova\AppData\Roaming\Adobe\Flash Player

   [10/05/2008|11:17] C:\Usersova\AppData\Roaming\Ahead\Nero Burning ROM
   [05/05/2008|13:08] C:\Usersova\AppData\Roaming\Ahead\NeroVision

   [04/07/2008|16:30] C:\Usersova\AppData\Roaming\Apple Computer\iTunes
   [24/04/2008|23:59] C:\Usersova\AppData\Roaming\Apple Computer\QuickTime

   [24/04/2008|21:43] C:\Usersova\AppData\Roaming\BitTorrent\data
   [24/04/2008|21:42] C:\Usersova\AppData\Roaming\BitTorrent\locale

   [05/05/2008|16:43] C:\Usersova\AppData\Roaming\CyberLink\MediaCache
   [24/04/2008|22:43] C:\Usersova\AppData\Roaming\CyberLink\PowerDVD
   [24/04/2008|22:43] C:\Usersova\AppData\Roaming\CyberLink\PowerCinema


   [05/05/2008|09:39] C:\Usersova\AppData\Roaming\DivX\DivX Codec


   [25/05/2008|20:52] C:\Usersova\AppData\Roaming\dvdcss\PROMESSES_OMBRE-0000000000000000-0bcf1ffdfa

   [14/06/2008|15:00] C:\Usersova\AppData\Roaming\Google\Local Search History
   [08/05/2008|12:05] C:\Usersova\AppData\Roaming\Google\GoogleEarth

   [24/04/2008|20:18] C:\Usersova\AppData\Roaming\Identities\{83F71157-7495-4601-8EDC-C78BED552D83}

   [24/04/2008|20:28] C:\Usersova\AppData\Roaming\InstallShield\ISEngine12.0

   [24/04/2008|22:38] C:\Usersova\AppData\Roaming\Macromedia\Flash Player


   [03/07/2008|20:18] C:\Usersova\AppData\Roaming\Microsoft\MSN Messenger
   [30/06/2008|14:00] C:\Usersova\AppData\Roaming\Microsoft\Windows Photo Gallery
   [08/06/2008|14:22] C:\Usersova\AppData\Roaming\Microsoft\CLR Security Config
   [02/06/2008|18:28] C:\Usersova\AppData\Roaming\Microsoft\Speech
   [23/05/2008|17:46] C:\Usersova\AppData\Roaming\Microsoft\Windows
   [20/05/2008|14:25] C:\Usersova\AppData\Roaming\Microsoft\HTML Help
   [03/05/2008|19:49] C:\Usersova\AppData\Roaming\Microsoft\Internet Explorer
   [03/05/2008|11:09] C:\Usersova\AppData\Roaming\Microsoft\IdentityCRL
   [25/04/2008|20:20] C:\Usersova\AppData\Roaming\Microsoft\Crypto
   [24/04/2008|22:29] C:\Usersova\AppData\Roaming\Microsoft\MMC
   [24/04/2008|20:19] C:\Usersova\AppData\Roaming\Microsoft\SystemCertificates
   [24/04/2008|20:18] C:\Usersova\AppData\Roaming\Microsoft\Protect
   [24/04/2008|20:18] C:\Usersova\AppData\Roaming\Microsoft\Credentials

   [22/06/2008|18:11] C:\Usersova\AppData\Roaming\Mozilla\Extensions
   [22/06/2008|18:11] C:\Usersova\AppData\Roaming\Mozilla\Firefox

   [16/06/2008|17:44] C:\Usersova\AppData\Roaming\Nero\Nero8

   [25/05/2008|16:44] C:\Usersova\AppData\Roaming\Panasonic\phdb


   [22/06/2008|19:06] C:\Usersova\AppData\Roaming\Propellerhead Software\Reason


   [10/06/2008|21:30] C:\Usersova\AppData\Roaming\SecondLife\logs
   [10/06/2008|21:30] C:\Usersova\AppData\Roaming\SecondLife\cache
   [10/06/2008|20:34] C:\Usersova\AppData\Roaming\SecondLife\browser_profile
   [17/05/2008|10:25] C:\Usersova\AppData\Roaming\SecondLifeova_zapatero
   [17/05/2008|10:20] C:\Usersova\AppData\Roaming\SecondLife\user_settings
   [08/05/2008|11:06] C:\Usersova\AppData\Roaming\SecondLifeova_landau
   [01/05/2008|16:51] C:\Usersova\AppData\Roaming\SecondLife\landau_rova
   [01/05/2008|16:45] C:\Usersova\AppData\Roaming\SecondLife\preiz_rova
   [01/05/2008|16:37] C:\Usersova\AppData\Roaming\SecondLifeova_v
   [01/05/2008|16:36] C:\Usersova\AppData\Roaming\SecondLifeova_preiz



   [02/05/2008|12:21] C:\Usersova\AppData\Roaming\vlc\cache

   [01/07/2008|22:17] C:\Usersova\AppData\Roaming\VoipBusterova-zaragoza
 
   ----------------[ Tâches planifiées dans C:\Windows	asks ]---------------

   [05/07/2008 15:10][--ah-----] C:\Windows	asks\User_Feed_Synchronization-{E51154A7-ABD4-4CBB-8755-2B0EF0E031C6}.job
   [27/06/2008 15:30][--a------] C:\Windows	asks\Norton Security Scan.job
   [05/07/2008 15:14][--ah-----] C:\Windows	asks\SA.DAT
   [05/07/2008 15:13][--a------] C:\Windows	asks\SCHEDLGU.TXT
  
   ------[ Listing des dossiers dans C:\ProgramData ]------
   
   [16/06/2008|10:42] C:\ProgramData\.zreglib
   [03/05/2008|12:19] C:\ProgramData\Adobe
   [23/05/2008|16:04] C:\ProgramData\Agendis
   [23/05/2008|16:04] C:\ProgramData\AgId.cjr
   [05/05/2008|09:34] C:\ProgramData\Ahead
   [01/06/2008|17:18] C:\ProgramData\Apple
   [01/06/2008|17:22] C:\ProgramData\Apple Computer
   [02/11/2006|15:02] C:\ProgramData\Application Data 
   [22/06/2008|16:02] C:\ProgramData\Boldbirdregs
   [24/04/2008|20:17] C:\ProgramData\Bureau 
   [25/06/2008|21:24] C:\ProgramData\BVRP Software
   [25/05/2008|22:31] C:\ProgramData\Compt.cjr
   [28/04/2008|20:53] C:\ProgramData\CyberLink
   [02/11/2006|15:02] C:\ProgramData\Desktop 
   [02/11/2006|15:02] C:\ProgramData\Documents 
   [16/06/2008|10:42] C:\ProgramData\Elaborate Bytes
   [24/04/2008|22:28] C:\ProgramData\eMule
   [24/04/2008|20:17] C:\ProgramData\Favoris 
   [02/11/2006|15:02] C:\ProgramData\Favorites 
   [25/04/2008|20:03] C:\ProgramData\Google
   [05/07/2008|13:23] C:\ProgramData\Google Updater
   [22/06/2008|16:02] C:\ProgramData\Hold Trust Amok Mode
   [22/06/2008|16:02] C:\ProgramData\License data ford.iqtm6
   [24/04/2008|20:17] C:\ProgramData\Menu D‚marrer 
   [25/04/2008|09:19] C:\ProgramData\Messenger Plus!
   [24/04/2008|20:09] C:\ProgramData\Microsoft
   [24/04/2008|20:17] C:\ProgramData\ModŠles 
   [22/06/2008|18:22] C:\ProgramData\Nero
   [16/06/2008|17:51] C:\ProgramData\NVIDIA
   [22/06/2008|19:06] C:\ProgramData\Propellerhead Software
   [02/11/2006|15:02] C:\ProgramData\Start Menu 
   [06/06/2008|15:04] C:\ProgramData\Symantec
   [02/11/2006|15:02] C:\ProgramData\Templates 
   [22/06/2008|16:01] C:\ProgramData\TimeBendBend.3urovo
   [22/06/2008|16:01] C:\ProgramData\TimeBendBend.3xmudn
   [02/06/2008|18:33] C:\ProgramData\TimeBendBend.81nfj68
   [24/04/2008|22:37] C:\ProgramData\TimeBendBend.bd0jy76
   [29/04/2008|01:19] C:\ProgramData\TimeBendBend.tnimwm
   [24/04/2008|23:58] C:\ProgramData\Ubisoft
   [01/06/2008|16:53] C:\ProgramData\WLInstaller
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [05/07/2008|14:47] C:\Program Files\Adobe
   [23/05/2008|16:02] C:\Program Files\Agendis
   [24/04/2008|21:13] C:\Program Files\Alwil Software
   [16/06/2008|17:35] C:\Program Files\Apple Software Update
   [08/05/2008|22:13] C:\Program Files\AviSynth 2.5
   [02/05/2008|12:50] C:\Program Files\BitTorrent
   [01/06/2008|17:21] C:\Program Files\Bonjour
   [13/06/2008|09:16] C:\Program Files\Circle Developement
   [22/06/2008|18:22] C:\Program Files\Common Files
   [24/04/2008|22:40] C:\Program Files\CyberLink
   [24/04/2008|23:40] C:\Program Files\desktop.ini
   [08/06/2008|14:22] C:\Program Files\Disc2Phone
   [07/06/2008|22:05] C:\Program Files\DivX
   [02/05/2008|12:48] C:\Program Files\DNA
   [10/06/2008|13:40] C:\Program Files\DVD Decrypter
   [16/06/2008|10:36] C:\Program Files\Elaborate Bytes
   [19/05/2008|15:38] C:\Program Files\eMule
   [08/05/2008|22:12] C:\Program Files\eRightSoft
   [11/06/2008|17:06] C:\Program Files\Everest Casino
   [10/06/2008|20:12] C:\Program Files\Everest Poker
   [24/04/2008|20:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [08/05/2008|11:21] C:\Program Files\Google
   [25/06/2008|21:24] C:\Program Files\InstallShield Installation Information
   [16/06/2008|17:30] C:\Program Files\Intel Corporation
   [08/06/2008|14:19] C:\Program Files\Internet Explorer
   [01/06/2008|17:22] C:\Program Files\iPod
   [01/06/2008|17:22] C:\Program Files\iTunes
   [25/04/2008|20:02] C:\Program Files\Java
   [01/05/2008|15:29] C:\Program Files\LeVillage3d
   [22/06/2008|18:13] C:\Program Files\MagicDisc
   [24/04/2008|22:37] C:\Program Files\Messenger Plus! Live
   [02/11/2006|14:37] C:\Program Files\Microsoft Games
   [24/04/2008|23:34] C:\Program Files\Movie Maker
   [22/06/2008|18:11] C:\Program Files\Mozilla Firefox
   [02/11/2006|14:37] C:\Program Files\MSBuild
   [25/04/2008|22:23] C:\Program Files\MSXML 4.0
   [16/06/2008|11:17] C:\Program Files\Nero
   [27/06/2008|15:00] C:\Program Files\Norton Security Scan
   [24/04/2008|23:00] C:\Program Files\Panasonic
   [28/05/2008|08:03] C:\Program Files\Pense-bete
   [28/04/2008|10:46] C:\Program Files\Picasa2
   [22/06/2008|19:05] C:\Program Files\Propellerhead
   [16/06/2008|17:38] C:\Program Files\QuickTime
   [22/06/2008|15:45] C:\Program Files\QuickZip4
   [02/11/2006|14:37] C:\Program Files\Reference Assemblies
   [16/05/2008|18:44] C:\Program Files\Script Font Trial
   [17/05/2008|10:21] C:\Program Files\SecondLife
   [22/06/2008|19:01] C:\Program Files\Smart Projects
   [15/06/2008|16:33] C:\Program Files\Sony
   [15/06/2008|16:33] C:\Program Files\Sony Setup
   [25/04/2008|20:03] C:\Program Files\SystemRequirementsLab
   [25/06/2008|20:21] C:\Program Files\Trend Micro
   [24/04/2008|23:48] C:\Program Files\Ubisoft
   [02/11/2006|15:01] C:\Program Files\Uninstall Information
   [23/05/2008|17:33] C:\Program Files\uTorrent
   [24/04/2008|20:36] C:\Program Files\VIA
   [02/05/2008|12:21] C:\Program Files\VideoLAN
   [28/06/2008|20:09] C:\Program Files\VirtualDJ
   [01/07/2008|22:15] C:\Program Files\VoipBuster.com
   [24/04/2008|23:34] C:\Program Files\Windows Calendar
   [24/04/2008|23:34] C:\Program Files\Windows Collaboration
   [24/04/2008|23:34] C:\Program Files\Windows Defender
   [24/04/2008|23:34] C:\Program Files\Windows Journal
   [01/06/2008|16:46] C:\Program Files\Windows Live
   [12/06/2008|12:51] C:\Program Files\Windows Mail
   [24/04/2008|23:34] C:\Program Files\Windows Media Player
   [24/04/2008|20:17] C:\Program Files\Windows NT
   [24/04/2008|23:34] C:\Program Files\Windows Photo Gallery
   [24/04/2008|23:34] C:\Program Files\Windows Sidebar
   [22/06/2008|18:51] C:\Program Files\WinISO
  
   ------[ Listing des dossiers dans C:\Program Files\Common Files ]------
   
   [03/05/2008|12:18] C:\Program Files\Common Files\Adobe
   [01/06/2008|17:18] C:\Program Files\Common Files\Apple
   [24/04/2008|22:39] C:\Program Files\Common Files\InstallShield
   [25/04/2008|20:01] C:\Program Files\Common Files\Java
   [19/05/2008|16:54] C:\Program Files\Common Files\microsoft shared
   [19/05/2008|17:05] C:\Program Files\Common Files\Motorola Shared
   [30/04/2008|13:20] C:\Program Files\Common Files\PX Storage Engine
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [12/06/2008|11:59] C:\Program Files\Common Files\SupportSoft
   [28/06/2008|14:01] C:\Program Files\Common Files\Symantec Shared
   [24/04/2008|23:34] C:\Program Files\Common Files\System
   [24/04/2008|21:37] C:\Program Files\Common Files\WindowsLiveInstaller

   ---------------------------[ Process ]--------------------------

   ... 60

   iexplore.exe ~ [2700]
   iexplore.exe ~ [2724]

   ----------------------[ Recherche avec S_Lop ]---------------------

   C:\ProgramData\License data ford.iqtm6
   C:\ProgramData\License data ford.iqtm6
   C:\Usersova\AppData\Local\Temp\bisD558.exe
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   C:\ProgramData\Hold Trust Amok Mode
   C:\ProgramData\Hold Trust Amok Mode\Mags curb.exe
   C:\Program Files\Circle Developement
   C:\Windows\Prefetch\MAGS CURB.EXE-4C39DC8E.pf
   C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@www.adserver5[1].txt
   C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@partygaming.122.2o7[1].txt
   C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@partypoker[2].txt
 
   ----------------------[ Verification du Registre ]----------------------

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "Amok Mode Dupe Platform"="\"C:\ProgramData\License data ford.iqtm6\""

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-07-05 15:14:56
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------

   C:\Windows\system32
vs2.inf
   [b]! EGDACCESS !/b
 
   => C:\Usersova\DOCUME~1\important
ero 8.x-keygen.exe
   => C:\Usersova\Music\Rim-K-Famille_Nombreuse-FR-2007-BY-JOE14\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
   => C:\Usersova\AppData\Local\Temp\clonedvdv3.6.1.0keygenembrace.zip
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\keygen.lnk
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Nero 8.1.1.0 Ultra Edition +  KEYGEN.lnk
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Nero 8.1.1.0 Ultra Edition + KEYGEN.lnk
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Reason 4 + Keygen + Patch RPS.lnk
   => C:\Usersova\AppData\Roaming\uTorrent\Nero 8.1.1.0 Ultra Edition +  KEYGEN.torrent
   => C:\Usersova\AppData\Roaming\uTorrent\Reason 4 + Keygen + Patch RPS.torrent
   => C:\Usersova\Desktopeason\Reason 4 + Keygen + Patch RPS - Raccourci.lnk
   => C:\Usersova\Documents\important
ero 8.x-keygen.exe
   => C:\Usersova\Downloads\Nero 8.1.1.0 Ultra Edition +  KEYGEN
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS
   => C:\Usersova\Downloads\Nero 8.1.1.0 Ultra Edition +  KEYGEN\files.nfo
   => C:\Usersova\Downloads\Nero 8.1.1.0 Ultra Edition +  KEYGEN\Nero 8.1.1.0 Ultra Edition + KEYGEN.rar
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason 4 Full DVD.iso
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason 4 Full DVD.uif
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason4 Keygen.zip
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason4 RpsPatch.zip
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Torrent downloaded from Demonoid.com.txt


   [F:2141][D:195]-> C:\Usersova\AppData\Local\Temp
   [F:437][D:1]-> C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:1137][D:6]-> C:\Usersova\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:61][D:5]-> C:\$Recycle.Bin

   [ UAC => 1 ]

   --------------------[ Fin du rapport a 15:16:57,43  ]----------------------

Utilisateur anonyme · Answer

=> C:\Usersova\DOCUME~1\important
ero 8.x-keygen.exe
=> C:\Usersova\AppData\Local\Temp\clonedvdv3.6.1.0keygenembrace.zip
=> C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\keygen.lnk
=> C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Nero 8.1.1.0 Ultra Edition + KEYGEN.lnk
=> C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Nero 8.1.1.0 Ultra Edition + KEYGEN.lnk
=> C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Reason 4 + Keygen + Patch RPS.lnk
=> C:\Usersova\AppData\Roaming\uTorrent\Nero 8.1.1.0 Ultra Edition + KEYGEN.torrent
=> C:\Usersova\AppData\Roaming\uTorrent\Reason 4 + Keygen + Patch RPS.torrent
=> C:\Usersova\Desktopeason\Reason 4 + Keygen + Patch RPS - Raccourci.lnk
=> C:\Usersova\Documents\important
ero 8.x-keygen.exe
=> C:\Usersova\Downloads\Nero 8.1.1.0 Ultra Edition + KEYGEN
=> C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS
=> C:\Usersova\Downloads\Nero 8.1.1.0 Ultra Edition + KEYGEN\files.nfo
=> C:\Usersova\Downloads\Nero 8.1.1.0 Ultra Edition + KEYGEN\Nero 8.1.1.0 Ultra Edition + KEYGEN.rar
=> C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason 4 Full DVD.iso
=> C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason 4 Full DVD.uif
=> C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason4 Keygen.zip
=> C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason4 RpsPatch.zip
=> C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Torrent downloaded from Demonoid.com.txt 
Sa c'est vraiment chercher les problèmes __' installer un keygen c'est pas croyable :P

c'est souvent des virus...

gil le fantom · Answer

déja supprime tout tes crack comme Homerjaysimpson ta montré



Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

- Va dans démarrer puis panneau de configuration 
- Double Clique sur l'icône "Comptes d'utilisateurs" 
- Clique ensuite sur désactiver et valide.

Relance Lop S&D 


* Choisis cette fois ci l'Option 2 (Suppression) 
* Ne ferme pas la fenêtre lors de la suppression ! 
* Poste le rapport généré (C:\lopR.txt) 


(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

rova · Answer

voila :
   -----------------------[  Lop S&D 4.2.1-9  XP/Vista  ]---------------------

   [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
   [ USER : rova ] [ "C:\Lop SD" ] [ Selection : 2 ]
   [ 05/07/2008 | 15:36:16,95 ] [ PC : PC-DE-ROVA ]
   [ MAJ : 01-07-2008 | 00:25 ]
   [ UAC => 0 ]


   \\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

   Echec   ! - C:\ProgramData\Hold Trust Amok Mode\Mags curb.exe
   Supprime! - C:\Windows\Prefetch\MAGS CURB.EXE-4C39DC8E.pf 
   Supprime! - C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@www.adserver5[1].txt 
   Supprime! - C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@partygaming.122.2o7[1].txt 
   Supprime! - C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@partypoker[2].txt 
   Supprime! - C:\ProgramData\License data ford.iqtm6
   Supprime! - C:\Usersova\AppData\Local\Temp\bisD558.exe
   Echec   ! - C:\ProgramData\Hold Trust Amok Mode
   Supprime! - C:\Program Files\Circle Developement
   RestaurÚ! - Fichier Hosts

   \\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////
 
   Echec   ! - C:\ProgramData\Hold Trust Amok Mode\Mags curb.exe
   Echec   ! - C:\ProgramData\Hold Trust Amok Mode
 
   //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\ 

 
   -------------[ Listing des dossiers dans Roaming ]------------  

   [03/05/2008|12:20] C:\Usersova\AppData\Roaming\Adobe\Linguistics
   [03/05/2008|12:20] C:\Usersova\AppData\Roaming\Adobe\Acrobat
   [24/04/2008|22:38] C:\Usersova\AppData\Roaming\Adobe\Flash Player

   [10/05/2008|11:17] C:\Usersova\AppData\Roaming\Ahead\Nero Burning ROM
   [05/05/2008|13:08] C:\Usersova\AppData\Roaming\Ahead\NeroVision

   [04/07/2008|16:30] C:\Usersova\AppData\Roaming\Apple Computer\iTunes
   [24/04/2008|23:59] C:\Usersova\AppData\Roaming\Apple Computer\QuickTime

   [24/04/2008|21:43] C:\Usersova\AppData\Roaming\BitTorrent\data
   [24/04/2008|21:42] C:\Usersova\AppData\Roaming\BitTorrent\locale

   [05/05/2008|16:43] C:\Usersova\AppData\Roaming\CyberLink\MediaCache
   [24/04/2008|22:43] C:\Usersova\AppData\Roaming\CyberLink\PowerDVD
   [24/04/2008|22:43] C:\Usersova\AppData\Roaming\CyberLink\PowerCinema


   [05/05/2008|09:39] C:\Usersova\AppData\Roaming\DivX\DivX Codec


   [25/05/2008|20:52] C:\Usersova\AppData\Roaming\dvdcss\PROMESSES_OMBRE-0000000000000000-0bcf1ffdfa

   [14/06/2008|15:00] C:\Usersova\AppData\Roaming\Google\Local Search History
   [08/05/2008|12:05] C:\Usersova\AppData\Roaming\Google\GoogleEarth

   [24/04/2008|20:18] C:\Usersova\AppData\Roaming\Identities\{83F71157-7495-4601-8EDC-C78BED552D83}

   [24/04/2008|20:28] C:\Usersova\AppData\Roaming\InstallShield\ISEngine12.0

   [24/04/2008|22:38] C:\Usersova\AppData\Roaming\Macromedia\Flash Player


   [03/07/2008|20:18] C:\Usersova\AppData\Roaming\Microsoft\MSN Messenger
   [30/06/2008|14:00] C:\Usersova\AppData\Roaming\Microsoft\Windows Photo Gallery
   [08/06/2008|14:22] C:\Usersova\AppData\Roaming\Microsoft\CLR Security Config
   [02/06/2008|18:28] C:\Usersova\AppData\Roaming\Microsoft\Speech
   [23/05/2008|17:46] C:\Usersova\AppData\Roaming\Microsoft\Windows
   [20/05/2008|14:25] C:\Usersova\AppData\Roaming\Microsoft\HTML Help
   [03/05/2008|19:49] C:\Usersova\AppData\Roaming\Microsoft\Internet Explorer
   [03/05/2008|11:09] C:\Usersova\AppData\Roaming\Microsoft\IdentityCRL
   [25/04/2008|20:20] C:\Usersova\AppData\Roaming\Microsoft\Crypto
   [24/04/2008|22:29] C:\Usersova\AppData\Roaming\Microsoft\MMC
   [24/04/2008|20:19] C:\Usersova\AppData\Roaming\Microsoft\SystemCertificates
   [24/04/2008|20:18] C:\Usersova\AppData\Roaming\Microsoft\Protect
   [24/04/2008|20:18] C:\Usersova\AppData\Roaming\Microsoft\Credentials

   [22/06/2008|18:11] C:\Usersova\AppData\Roaming\Mozilla\Extensions
   [22/06/2008|18:11] C:\Usersova\AppData\Roaming\Mozilla\Firefox

   [16/06/2008|17:44] C:\Usersova\AppData\Roaming\Nero\Nero8

   [25/05/2008|16:44] C:\Usersova\AppData\Roaming\Panasonic\phdb


   [22/06/2008|19:06] C:\Usersova\AppData\Roaming\Propellerhead Software\Reason


   [10/06/2008|21:30] C:\Usersova\AppData\Roaming\SecondLife\logs
   [10/06/2008|21:30] C:\Usersova\AppData\Roaming\SecondLife\cache
   [10/06/2008|20:34] C:\Usersova\AppData\Roaming\SecondLife\browser_profile
   [17/05/2008|10:25] C:\Usersova\AppData\Roaming\SecondLifeova_zapatero
   [17/05/2008|10:20] C:\Usersova\AppData\Roaming\SecondLife\user_settings
   [08/05/2008|11:06] C:\Usersova\AppData\Roaming\SecondLifeova_landau
   [01/05/2008|16:51] C:\Usersova\AppData\Roaming\SecondLife\landau_rova
   [01/05/2008|16:45] C:\Usersova\AppData\Roaming\SecondLife\preiz_rova
   [01/05/2008|16:37] C:\Usersova\AppData\Roaming\SecondLifeova_v
   [01/05/2008|16:36] C:\Usersova\AppData\Roaming\SecondLifeova_preiz



   [02/05/2008|12:21] C:\Usersova\AppData\Roaming\vlc\cache

   [01/07/2008|22:17] C:\Usersova\AppData\Roaming\VoipBusterova-zaragoza
 
   ----------------[ Tâches planifiées dans C:\Windows	asks ]---------------

   [05/07/2008 15:29][--ah-----] C:\Windows	asks\User_Feed_Synchronization-{E51154A7-ABD4-4CBB-8755-2B0EF0E031C6}.job
   [27/06/2008 15:30][--a------] C:\Windows	asks\Norton Security Scan.job
   [05/07/2008 15:35][--ah-----] C:\Windows	asks\SA.DAT
   [05/07/2008 15:34][--a------] C:\Windows	asks\SCHEDLGU.TXT
  
   ------[ Listing des dossiers dans C:\ProgramData ]------
   
   [16/06/2008|10:42] C:\ProgramData\.zreglib
   [03/05/2008|12:19] C:\ProgramData\Adobe
   [23/05/2008|16:04] C:\ProgramData\Agendis
   [23/05/2008|16:04] C:\ProgramData\AgId.cjr
   [05/05/2008|09:34] C:\ProgramData\Ahead
   [01/06/2008|17:18] C:\ProgramData\Apple
   [01/06/2008|17:22] C:\ProgramData\Apple Computer
   [02/11/2006|15:02] C:\ProgramData\Application Data 
   [22/06/2008|16:02] C:\ProgramData\Boldbirdregs
   [24/04/2008|20:17] C:\ProgramData\Bureau 
   [25/06/2008|21:24] C:\ProgramData\BVRP Software
   [25/05/2008|22:31] C:\ProgramData\Compt.cjr
   [28/04/2008|20:53] C:\ProgramData\CyberLink
   [02/11/2006|15:02] C:\ProgramData\Desktop 
   [02/11/2006|15:02] C:\ProgramData\Documents 
   [16/06/2008|10:42] C:\ProgramData\Elaborate Bytes
   [24/04/2008|22:28] C:\ProgramData\eMule
   [24/04/2008|20:17] C:\ProgramData\Favoris 
   [02/11/2006|15:02] C:\ProgramData\Favorites 
   [25/04/2008|20:03] C:\ProgramData\Google
   [05/07/2008|13:23] C:\ProgramData\Google Updater
   [22/06/2008|16:02] C:\ProgramData\Hold Trust Amok Mode
   [24/04/2008|20:17] C:\ProgramData\Menu D‚marrer 
   [25/04/2008|09:19] C:\ProgramData\Messenger Plus!
   [24/04/2008|20:09] C:\ProgramData\Microsoft
   [24/04/2008|20:17] C:\ProgramData\ModŠles 
   [22/06/2008|18:22] C:\ProgramData\Nero
   [16/06/2008|17:51] C:\ProgramData\NVIDIA
   [22/06/2008|19:06] C:\ProgramData\Propellerhead Software
   [02/11/2006|15:02] C:\ProgramData\Start Menu 
   [06/06/2008|15:04] C:\ProgramData\Symantec
   [02/11/2006|15:02] C:\ProgramData\Templates 
   [22/06/2008|16:01] C:\ProgramData\TimeBendBend.3urovo
   [22/06/2008|16:01] C:\ProgramData\TimeBendBend.3xmudn
   [02/06/2008|18:33] C:\ProgramData\TimeBendBend.81nfj68
   [24/04/2008|22:37] C:\ProgramData\TimeBendBend.bd0jy76
   [29/04/2008|01:19] C:\ProgramData\TimeBendBend.tnimwm
   [24/04/2008|23:58] C:\ProgramData\Ubisoft
   [01/06/2008|16:53] C:\ProgramData\WLInstaller
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [05/07/2008|14:47] C:\Program Files\Adobe
   [23/05/2008|16:02] C:\Program Files\Agendis
   [24/04/2008|21:13] C:\Program Files\Alwil Software
   [16/06/2008|17:35] C:\Program Files\Apple Software Update
   [08/05/2008|22:13] C:\Program Files\AviSynth 2.5
   [02/05/2008|12:50] C:\Program Files\BitTorrent
   [01/06/2008|17:21] C:\Program Files\Bonjour
   [22/06/2008|18:22] C:\Program Files\Common Files
   [24/04/2008|22:40] C:\Program Files\CyberLink
   [24/04/2008|23:40] C:\Program Files\desktop.ini
   [08/06/2008|14:22] C:\Program Files\Disc2Phone
   [07/06/2008|22:05] C:\Program Files\DivX
   [02/05/2008|12:48] C:\Program Files\DNA
   [10/06/2008|13:40] C:\Program Files\DVD Decrypter
   [16/06/2008|10:36] C:\Program Files\Elaborate Bytes
   [19/05/2008|15:38] C:\Program Files\eMule
   [08/05/2008|22:12] C:\Program Files\eRightSoft
   [11/06/2008|17:06] C:\Program Files\Everest Casino
   [10/06/2008|20:12] C:\Program Files\Everest Poker
   [24/04/2008|20:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [08/05/2008|11:21] C:\Program Files\Google
   [25/06/2008|21:24] C:\Program Files\InstallShield Installation Information
   [16/06/2008|17:30] C:\Program Files\Intel Corporation
   [08/06/2008|14:19] C:\Program Files\Internet Explorer
   [01/06/2008|17:22] C:\Program Files\iPod
   [01/06/2008|17:22] C:\Program Files\iTunes
   [25/04/2008|20:02] C:\Program Files\Java
   [01/05/2008|15:29] C:\Program Files\LeVillage3d
   [22/06/2008|18:13] C:\Program Files\MagicDisc
   [24/04/2008|22:37] C:\Program Files\Messenger Plus! Live
   [02/11/2006|14:37] C:\Program Files\Microsoft Games
   [24/04/2008|23:34] C:\Program Files\Movie Maker
   [05/07/2008|15:24] C:\Program Files\Mozilla Firefox
   [02/11/2006|14:37] C:\Program Files\MSBuild
   [25/04/2008|22:23] C:\Program Files\MSXML 4.0
   [16/06/2008|11:17] C:\Program Files\Nero
   [27/06/2008|15:00] C:\Program Files\Norton Security Scan
   [24/04/2008|23:00] C:\Program Files\Panasonic
   [28/05/2008|08:03] C:\Program Files\Pense-bete
   [28/04/2008|10:46] C:\Program Files\Picasa2
   [22/06/2008|19:05] C:\Program Files\Propellerhead
   [16/06/2008|17:38] C:\Program Files\QuickTime
   [22/06/2008|15:45] C:\Program Files\QuickZip4
   [02/11/2006|14:37] C:\Program Files\Reference Assemblies
   [16/05/2008|18:44] C:\Program Files\Script Font Trial
   [17/05/2008|10:21] C:\Program Files\SecondLife
   [22/06/2008|19:01] C:\Program Files\Smart Projects
   [15/06/2008|16:33] C:\Program Files\Sony
   [15/06/2008|16:33] C:\Program Files\Sony Setup
   [25/04/2008|20:03] C:\Program Files\SystemRequirementsLab
   [25/06/2008|20:21] C:\Program Files\Trend Micro
   [24/04/2008|23:48] C:\Program Files\Ubisoft
   [02/11/2006|15:01] C:\Program Files\Uninstall Information
   [23/05/2008|17:33] C:\Program Files\uTorrent
   [24/04/2008|20:36] C:\Program Files\VIA
   [02/05/2008|12:21] C:\Program Files\VideoLAN
   [28/06/2008|20:09] C:\Program Files\VirtualDJ
   [01/07/2008|22:15] C:\Program Files\VoipBuster.com
   [24/04/2008|23:34] C:\Program Files\Windows Calendar
   [24/04/2008|23:34] C:\Program Files\Windows Collaboration
   [24/04/2008|23:34] C:\Program Files\Windows Defender
   [24/04/2008|23:34] C:\Program Files\Windows Journal
   [01/06/2008|16:46] C:\Program Files\Windows Live
   [12/06/2008|12:51] C:\Program Files\Windows Mail
   [24/04/2008|23:34] C:\Program Files\Windows Media Player
   [24/04/2008|20:17] C:\Program Files\Windows NT
   [24/04/2008|23:34] C:\Program Files\Windows Photo Gallery
   [24/04/2008|23:34] C:\Program Files\Windows Sidebar
   [22/06/2008|18:51] C:\Program Files\WinISO
  
   ------[ Listing des dossiers dans C:\Program Files\Common Files ]------
   
   [03/05/2008|12:18] C:\Program Files\Common Files\Adobe
   [01/06/2008|17:18] C:\Program Files\Common Files\Apple
   [24/04/2008|22:39] C:\Program Files\Common Files\InstallShield
   [25/04/2008|20:01] C:\Program Files\Common Files\Java
   [19/05/2008|16:54] C:\Program Files\Common Files\microsoft shared
   [19/05/2008|17:05] C:\Program Files\Common Files\Motorola Shared
   [30/04/2008|13:20] C:\Program Files\Common Files\PX Storage Engine
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [12/06/2008|11:59] C:\Program Files\Common Files\SupportSoft
   [28/06/2008|14:01] C:\Program Files\Common Files\Symantec Shared
   [24/04/2008|23:34] C:\Program Files\Common Files\System
   [24/04/2008|21:37] C:\Program Files\Common Files\WindowsLiveInstaller

   ---------------------------[ Process ]--------------------------

   ... 63

   ... OK !

   ----------------------[ Recherche avec S_Lop ]---------------------

   Aucun fichier / dossier Lop trouvé ! 
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   C:\ProgramData\Hold Trust Amok Mode
   C:\ProgramData\Hold Trust Amok Mode\Mags curb.exe
 
   ----------------------[ Verification du Registre ]----------------------

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
   ..... OK !

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-07-05 15:36:46
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------

   C:\Windows\system32
vs2.inf
   [b]! EGDACCESS !/b
 
   => C:\Usersova\Music\Rim-K-Famille_Nombreuse-FR-2007-BY-JOE14\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
   => C:\Usersova\AppData\Local\Temp\clonedvdv3.6.1.0keygenembrace.zip
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\keygen.lnk
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Nero 8.1.1.0 Ultra Edition +  KEYGEN.lnk
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Nero 8.1.1.0 Ultra Edition + KEYGEN.lnk
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Reason 4 + Keygen + Patch RPS.lnk
   => C:\Usersova\AppData\Roaming\uTorrent\Nero 8.1.1.0 Ultra Edition +  KEYGEN.torrent
   => C:\Usersova\AppData\Roaming\uTorrent\Reason 4 + Keygen + Patch RPS.torrent
   => C:\Usersova\Desktopeason\Reason 4 + Keygen + Patch RPS - Raccourci.lnk
   => C:\Usersova\Downloads\Nero 8.1.1.0 Ultra Edition +  KEYGEN
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS
   => C:\Usersova\Downloads\Nero 8.1.1.0 Ultra Edition +  KEYGEN\files.nfo
   => C:\Usersova\Downloads\Nero 8.1.1.0 Ultra Edition +  KEYGEN\Nero 8.1.1.0 Ultra Edition + KEYGEN.rar
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason 4 Full DVD.iso
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason 4 Full DVD.uif
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason4 Keygen.zip
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Reason4 RpsPatch.zip
   => C:\Usersova\Downloads\Reason 4 + Keygen + Patch RPS\Torrent downloaded from Demonoid.com.txt


   [F:2140][D:195]-> C:\Usersova\AppData\Local\Temp
   [F:440][D:1]-> C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:1352][D:6]-> C:\Usersova\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:69][D:5]-> C:\$Recycle.Bin

   [ UAC => 1 ]

   --------------------[ Fin du rapport a 15:37:30,57  ]----------------------

Utilisateur anonyme · Answer

Et Ne télécharge plus de crack car tu risque de détruire ton pc.

rova · Answer

sa c clair je n avais pas idée des problems que sa m attirait .
merci beaucoup en tt cas pour votre aide a tout les deux , donc la tout est remis en n ordre ?

gil le fantom · Answer

c'est pas terminer
 mais je doit m'absenter
Homerjaysimpson peut tu continuer stp
je reviendrai plus tard

a tout a l'heure

Utilisateur anonyme · Answer

Normalement oui.

poste un log hijackthis pour être sur.

gil le fantom · Answer

il reste des infections homer

à plus tard

rova · Answer

ok je fais sa et je te l envois

rova · Answer

lol je c pas si sa marche mais en tout cas c est ce que sa ma mis :) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:51, on 05/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bitsjunk] "C:\ProgramData\TimeBendBend.3xmudn"
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

rova · Answer

en tout cas pour l isntant j ai plus de pub .

Utilisateur anonyme · Answer

Supprime ces lignes (Fix Checked)

4 - HKCU\..\Run: [bitsjunk] "C:\ProgramData\TimeBendBend.3xmudn"

rova · Answer

voila je l ai fais pour etre sur j ai refais un scan , apres peux tu me dire si c est ok et ce que je ne dois plus faire ou faire pour ne plus avoir c est probleme a part les crack que je c deja merci pr tout  :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:18, on 05/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bitsjunk] "C:\ProgramData\TimeBendBend.3xmudn"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Utilisateur anonyme · Answer

O4 - HKCU\..\Run: [bitsjunk] "C:\ProgramData\TimeBendBend.3xmudn"

y est toujours.

rova-zaragoza · Answer

voila le nouveaux scan pour se que tu me demandes de suprimé il me dit aucun n element trouvé , et maitenant j ai a nouveaux des pubs qui reaparesse :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:18, on 05/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bitsjunk] "C:\ProgramData\TimeBendBend.3xmudn"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Utilisateur anonyme · Answer

http://www.commentcamarche.net/faq/sujet 5996 comment bloquer les fenetres cid

sa devrait t'aider

rova · Answer

merci pour le lien mais se n est plus des pubs cid qui apparaisse c est plutot des pseudo logiciel a telecharger pour suprimé mes dossiers infecté evidamment je ne clique pas dessus . si tu ne c pas m aidé a ce sujet la un grand merci de m avoir aidé pour le reste

gil le fantom · Answer

c'est pas fini

tu télécharge OTMoveIt2(de Old_Timer) sur le Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe 

Double clique sur OTMoveIt2.exe pour le lancer. 
Copie la liste de fichier ou de dossier qui se trouve en gras ci-dessous, 
et coller-la dans le cadre de gauche de OTMoveIt : 
Paste List of Files/Folders to be moved. 

C:\ProgramData\Hold Trust Amok Mode 
C:\ProgramData\Hold Trust Amok Mode\Mags curb.exe

Clique sur MoveIt! pour lancer la suppression. 
Le résultat apparaîtra dans le cadre Results. 
Clique sur Exit pour fermer. 

Il sera peut-être demander de redémarrer le pc pour achever la suppression. 
Si c'est le cas accepter par Yes. 


--> Poster le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles 
(contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)

rova · Answer

otmoveit2 :

File/Folder C:\ProgramData\Hold Trust Amok Mode not found.
File/Folder C:\ProgramData\Hold Trust Amok Mode\Mags curb.exe not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07052008_192948

gil le fantom · Answer

peut tu me refaire Lop S&D.exe option 1 stp

rova · Answer

voila :


   -----------------------[  Lop S&D 4.2.1-9  XP/Vista  ]---------------------

   [ Windows 'Longhorn' (NT 6.0) Workstation Build 6001, Service Pack 1 ]
   [ USER : rova ] [ "C:\Lop SD" ] [ Selection : 1 ]
   [ 05/07/2008 | 19:43:25,88 ] [ PC : PC-DE-ROVA ]
   [ MAJ : 01-07-2008 | 00:25 ]
   [ UAC => 0 ]
 
   -------------[ Listing des dossiers dans Roaming ]------------  

   [03/05/2008|12:20] C:\Usersova\AppData\Roaming\Adobe\Linguistics
   [03/05/2008|12:20] C:\Usersova\AppData\Roaming\Adobe\Acrobat
   [24/04/2008|22:38] C:\Usersova\AppData\Roaming\Adobe\Flash Player

   [10/05/2008|11:17] C:\Usersova\AppData\Roaming\Ahead\Nero Burning ROM
   [05/05/2008|13:08] C:\Usersova\AppData\Roaming\Ahead\NeroVision

   [04/07/2008|16:30] C:\Usersova\AppData\Roaming\Apple Computer\iTunes
   [24/04/2008|23:59] C:\Usersova\AppData\Roaming\Apple Computer\QuickTime

   [24/04/2008|21:43] C:\Usersova\AppData\Roaming\BitTorrent\data
   [24/04/2008|21:42] C:\Usersova\AppData\Roaming\BitTorrent\locale

   [05/05/2008|16:43] C:\Usersova\AppData\Roaming\CyberLink\MediaCache
   [24/04/2008|22:43] C:\Usersova\AppData\Roaming\CyberLink\PowerDVD
   [24/04/2008|22:43] C:\Usersova\AppData\Roaming\CyberLink\PowerCinema


   [05/05/2008|09:39] C:\Usersova\AppData\Roaming\DivX\DivX Codec


   [25/05/2008|20:52] C:\Usersova\AppData\Roaming\dvdcss\PROMESSES_OMBRE-0000000000000000-0bcf1ffdfa

   [14/06/2008|15:00] C:\Usersova\AppData\Roaming\Google\Local Search History
   [08/05/2008|12:05] C:\Usersova\AppData\Roaming\Google\GoogleEarth

   [24/04/2008|20:18] C:\Usersova\AppData\Roaming\Identities\{83F71157-7495-4601-8EDC-C78BED552D83}

   [24/04/2008|20:28] C:\Usersova\AppData\Roaming\InstallShield\ISEngine12.0

   [24/04/2008|22:38] C:\Usersova\AppData\Roaming\Macromedia\Flash Player

   [05/07/2008|18:39] C:\Usersova\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware


   [05/07/2008|19:41] C:\Usersova\AppData\Roaming\Microsoft\Windows Photo Gallery
   [03/07/2008|20:18] C:\Usersova\AppData\Roaming\Microsoft\MSN Messenger
   [08/06/2008|14:22] C:\Usersova\AppData\Roaming\Microsoft\CLR Security Config
   [02/06/2008|18:28] C:\Usersova\AppData\Roaming\Microsoft\Speech
   [23/05/2008|17:46] C:\Usersova\AppData\Roaming\Microsoft\Windows
   [20/05/2008|14:25] C:\Usersova\AppData\Roaming\Microsoft\HTML Help
   [03/05/2008|19:49] C:\Usersova\AppData\Roaming\Microsoft\Internet Explorer
   [03/05/2008|11:09] C:\Usersova\AppData\Roaming\Microsoft\IdentityCRL
   [25/04/2008|20:20] C:\Usersova\AppData\Roaming\Microsoft\Crypto
   [24/04/2008|22:29] C:\Usersova\AppData\Roaming\Microsoft\MMC
   [24/04/2008|20:19] C:\Usersova\AppData\Roaming\Microsoft\SystemCertificates
   [24/04/2008|20:18] C:\Usersova\AppData\Roaming\Microsoft\Protect
   [24/04/2008|20:18] C:\Usersova\AppData\Roaming\Microsoft\Credentials

   [22/06/2008|18:11] C:\Usersova\AppData\Roaming\Mozilla\Extensions
   [22/06/2008|18:11] C:\Usersova\AppData\Roaming\Mozilla\Firefox

   [16/06/2008|17:44] C:\Usersova\AppData\Roaming\Nero\Nero8

   [25/05/2008|16:44] C:\Usersova\AppData\Roaming\Panasonic\phdb


   [22/06/2008|19:06] C:\Usersova\AppData\Roaming\Propellerhead Software\Reason


   [10/06/2008|21:30] C:\Usersova\AppData\Roaming\SecondLife\logs
   [10/06/2008|21:30] C:\Usersova\AppData\Roaming\SecondLife\cache
   [10/06/2008|20:34] C:\Usersova\AppData\Roaming\SecondLife\browser_profile
   [17/05/2008|10:25] C:\Usersova\AppData\Roaming\SecondLifeova_zapatero
   [17/05/2008|10:20] C:\Usersova\AppData\Roaming\SecondLife\user_settings
   [08/05/2008|11:06] C:\Usersova\AppData\Roaming\SecondLifeova_landau
   [01/05/2008|16:51] C:\Usersova\AppData\Roaming\SecondLife\landau_rova
   [01/05/2008|16:45] C:\Usersova\AppData\Roaming\SecondLife\preiz_rova
   [01/05/2008|16:37] C:\Usersova\AppData\Roaming\SecondLifeova_v
   [01/05/2008|16:36] C:\Usersova\AppData\Roaming\SecondLifeova_preiz

   [05/07/2008|17:13] C:\Usersova\AppData\Roaming\Spyware Terminator\Reports



   [02/05/2008|12:21] C:\Usersova\AppData\Roaming\vlc\cache

   [01/07/2008|22:17] C:\Usersova\AppData\Roaming\VoipBusterova-zaragoza
 
   ----------------[ Tâches planifiées dans C:\Windows	asks ]---------------

   [05/07/2008 19:40][--ah-----] C:\Windows	asks\User_Feed_Synchronization-{E51154A7-ABD4-4CBB-8755-2B0EF0E031C6}.job
   [27/06/2008 15:30][--a------] C:\Windows	asks\Norton Security Scan.job
   [05/07/2008 19:22][--ah-----] C:\Windows	asks\SA.DAT
   [05/07/2008 18:40][--a------] C:\Windows	asks\SCHEDLGU.TXT
  
   ------[ Listing des dossiers dans C:\ProgramData ]------
   
   [16/06/2008|10:42] C:\ProgramData\.zreglib
   [03/05/2008|12:19] C:\ProgramData\Adobe
   [23/05/2008|16:04] C:\ProgramData\Agendis
   [23/05/2008|16:04] C:\ProgramData\AgId.cjr
   [05/05/2008|09:34] C:\ProgramData\Ahead
   [01/06/2008|17:18] C:\ProgramData\Apple
   [01/06/2008|17:22] C:\ProgramData\Apple Computer
   [02/11/2006|15:02] C:\ProgramData\Application Data 
   [22/06/2008|16:02] C:\ProgramData\Boldbirdregs
   [24/04/2008|20:17] C:\ProgramData\Bureau 
   [25/06/2008|21:24] C:\ProgramData\BVRP Software
   [25/05/2008|22:31] C:\ProgramData\Compt.cjr
   [28/04/2008|20:53] C:\ProgramData\CyberLink
   [02/11/2006|15:02] C:\ProgramData\Desktop 
   [02/11/2006|15:02] C:\ProgramData\Documents 
   [16/06/2008|10:42] C:\ProgramData\Elaborate Bytes
   [24/04/2008|22:28] C:\ProgramData\eMule
   [24/04/2008|20:17] C:\ProgramData\Favoris 
   [02/11/2006|15:02] C:\ProgramData\Favorites 
   [25/04/2008|20:03] C:\ProgramData\Google
   [05/07/2008|13:23] C:\ProgramData\Google Updater
   [05/07/2008|18:39] C:\ProgramData\Malwarebytes
   [24/04/2008|20:17] C:\ProgramData\Menu D‚marrer 
   [25/04/2008|09:19] C:\ProgramData\Messenger Plus!
   [24/04/2008|20:09] C:\ProgramData\Microsoft
   [24/04/2008|20:17] C:\ProgramData\ModŠles 
   [22/06/2008|18:22] C:\ProgramData\Nero
   [16/06/2008|17:51] C:\ProgramData\NVIDIA
   [22/06/2008|19:06] C:\ProgramData\Propellerhead Software
   [05/07/2008|17:13] C:\ProgramData\Spyware Terminator
   [02/11/2006|15:02] C:\ProgramData\Start Menu 
   [06/06/2008|15:04] C:\ProgramData\Symantec
   [02/11/2006|15:02] C:\ProgramData\Templates 
   [24/04/2008|23:58] C:\ProgramData\Ubisoft
   [01/06/2008|16:53] C:\ProgramData\WLInstaller
 
   ---------------[ Listing des dossiers dans C:\Program Files ]--------------
 
   [05/07/2008|14:47] C:\Program Files\Adobe
   [23/05/2008|16:02] C:\Program Files\Agendis
   [24/04/2008|21:13] C:\Program Files\Alwil Software
   [16/06/2008|17:35] C:\Program Files\Apple Software Update
   [08/05/2008|22:13] C:\Program Files\AviSynth 2.5
   [02/05/2008|12:50] C:\Program Files\BitTorrent
   [01/06/2008|17:21] C:\Program Files\Bonjour
   [22/06/2008|18:22] C:\Program Files\Common Files
   [24/04/2008|22:40] C:\Program Files\CyberLink
   [24/04/2008|23:40] C:\Program Files\desktop.ini
   [08/06/2008|14:22] C:\Program Files\Disc2Phone
   [07/06/2008|22:05] C:\Program Files\DivX
   [02/05/2008|12:48] C:\Program Files\DNA
   [10/06/2008|13:40] C:\Program Files\DVD Decrypter
   [05/07/2008|17:24] C:\Program Files\Elaborate Bytes
   [19/05/2008|15:38] C:\Program Files\eMule
   [08/05/2008|22:12] C:\Program Files\eRightSoft
   [11/06/2008|17:06] C:\Program Files\Everest Casino
   [10/06/2008|20:12] C:\Program Files\Everest Poker
   [24/04/2008|20:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [08/05/2008|11:21] C:\Program Files\Google
   [25/06/2008|21:24] C:\Program Files\InstallShield Installation Information
   [16/06/2008|17:30] C:\Program Files\Intel Corporation
   [08/06/2008|14:19] C:\Program Files\Internet Explorer
   [01/06/2008|17:22] C:\Program Files\iPod
   [01/06/2008|17:22] C:\Program Files\iTunes
   [25/04/2008|20:02] C:\Program Files\Java
   [01/05/2008|15:29] C:\Program Files\LeVillage3d
   [22/06/2008|18:13] C:\Program Files\MagicDisc
   [05/07/2008|18:39] C:\Program Files\Malwarebytes' Anti-Malware
   [24/04/2008|22:37] C:\Program Files\Messenger Plus! Live
   [02/11/2006|14:37] C:\Program Files\Microsoft Games
   [24/04/2008|23:34] C:\Program Files\Movie Maker
   [05/07/2008|19:41] C:\Program Files\Mozilla Firefox
   [02/11/2006|14:37] C:\Program Files\MSBuild
   [25/04/2008|22:23] C:\Program Files\MSXML 4.0
   [05/07/2008|18:23] C:\Program Files\Navilog1
   [16/06/2008|11:17] C:\Program Files\Nero
   [27/06/2008|15:00] C:\Program Files\Norton Security Scan
   [24/04/2008|23:00] C:\Program Files\Panasonic
   [28/05/2008|08:03] C:\Program Files\Pense-bete
   [28/04/2008|10:46] C:\Program Files\Picasa2
   [22/06/2008|19:05] C:\Program Files\Propellerhead
   [16/06/2008|17:38] C:\Program Files\QuickTime
   [22/06/2008|15:45] C:\Program Files\QuickZip4
   [02/11/2006|14:37] C:\Program Files\Reference Assemblies
   [16/05/2008|18:44] C:\Program Files\Script Font Trial
   [17/05/2008|10:21] C:\Program Files\SecondLife
   [22/06/2008|19:01] C:\Program Files\Smart Projects
   [15/06/2008|16:33] C:\Program Files\Sony
   [15/06/2008|16:33] C:\Program Files\Sony Setup
   [05/07/2008|17:13] C:\Program Files\Spyware Terminator
   [25/04/2008|20:03] C:\Program Files\SystemRequirementsLab
   [25/06/2008|20:21] C:\Program Files\Trend Micro
   [24/04/2008|23:48] C:\Program Files\Ubisoft
   [02/11/2006|15:01] C:\Program Files\Uninstall Information
   [23/05/2008|17:33] C:\Program Files\uTorrent
   [24/04/2008|20:36] C:\Program Files\VIA
   [02/05/2008|12:21] C:\Program Files\VideoLAN
   [28/06/2008|20:09] C:\Program Files\VirtualDJ
   [01/07/2008|22:15] C:\Program Files\VoipBuster.com
   [24/04/2008|23:34] C:\Program Files\Windows Calendar
   [24/04/2008|23:34] C:\Program Files\Windows Collaboration
   [24/04/2008|23:34] C:\Program Files\Windows Defender
   [24/04/2008|23:34] C:\Program Files\Windows Journal
   [01/06/2008|16:46] C:\Program Files\Windows Live
   [12/06/2008|12:51] C:\Program Files\Windows Mail
   [24/04/2008|23:34] C:\Program Files\Windows Media Player
   [24/04/2008|20:17] C:\Program Files\Windows NT
   [24/04/2008|23:34] C:\Program Files\Windows Photo Gallery
   [24/04/2008|23:34] C:\Program Files\Windows Sidebar
   [22/06/2008|18:51] C:\Program Files\WinISO
  
   ------[ Listing des dossiers dans C:\Program Files\Common Files ]------
   
   [03/05/2008|12:18] C:\Program Files\Common Files\Adobe
   [01/06/2008|17:18] C:\Program Files\Common Files\Apple
   [24/04/2008|22:39] C:\Program Files\Common Files\InstallShield
   [25/04/2008|20:01] C:\Program Files\Common Files\Java
   [19/05/2008|16:54] C:\Program Files\Common Files\microsoft shared
   [19/05/2008|17:05] C:\Program Files\Common Files\Motorola Shared
   [30/04/2008|13:20] C:\Program Files\Common Files\PX Storage Engine
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [12/06/2008|11:59] C:\Program Files\Common Files\SupportSoft
   [28/06/2008|14:01] C:\Program Files\Common Files\Symantec Shared
   [24/04/2008|23:34] C:\Program Files\Common Files\System
   [24/04/2008|21:37] C:\Program Files\Common Files\WindowsLiveInstaller

   ---------------------------[ Process ]--------------------------

   ... 60

   iexplore.exe ~ [972]

   ----------------------[ Recherche avec S_Lop ]---------------------

   Aucun fichier / dossier Lop trouvé ! 
 
   -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

   C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@adin.bigpoint[2].txt
   C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@bigpoint[1].txt
   C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@fr1.seafight.bigpoint[1].txt
   C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookiesova@fr1.seafight.bigpoint[1].txt
 
   ----------------------[ Verification du Registre ]----------------------
 
   ..... OK !

   --------------------[ Verification du fichier Hosts ]---------------------

   Fichier Hosts PROPRE


   ----------------[ Recherche de fichiers avec Catchme ]-----------------
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-07-05 19:43:47
   Windows 6.0.6001 Service Pack 1 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------[ Recherche d'autres infections ]---------------------

   => C:\Usersova\Music\Rim-K-Famille_Nombreuse-FR-2007-BY-JOE14\11-rim-k-pilotes_crack_musik_feat._hamza.mp3
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\keygen.lnk
   => C:\Usersova\AppData\Roaming\Microsoft\Windows\Recent\Reason 4 + Keygen + Patch RPS.lnk
   => C:\Usersova\AppData\Roaming\uTorrent\Nero 8.1.1.0 Ultra Edition +  KEYGEN.torrent


   [F:15][D:3]-> C:\Usersova\AppData\Local\Temp
   [F:465][D:1]-> C:\Usersova\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:925][D:5]-> C:\Usersova\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:45][D:3]-> C:\$Recycle.Bin

   [ UAC => 1 ]

   --------------------[ Fin du rapport a 19:44:10,53  ]----------------------

gil le fantom · Answer

Relance Lop S&D 


* Choisis cette fois ci l'Option 2 (Suppression) 
* Ne ferme pas la fenêtre lors de la suppression ! 
* Poste le rapport généré (C:\lopR.txt) 

et supprime ça 
=> C:\Users\rova\Music\Rim-K-Famille_Nombreuse-FR-2007-BY-JOE14\11-rim-k-pilotes_crack_musik_­feat._hamza.mp3 
=> C:\Users\rova\AppData\Roaming\Microsoft\Windows\Recent\keygen.lnk 
=> C:\Users\rova\AppData\Roaming\Microsoft\Windows\Recent\Reason 4 + Keygen + Patch RPS.lnk 
=> C:\Users\rova\AppData\Roaming\uTorrent\Nero 8.1.1.0 Ultra Edition + KEYGEN.torrent

gil le fantom · Answer

tu vas dans le menu Démarrer 
tu clique sur panneau de configuration 
tu choisi le module ajout/suppression de programmes 
tu désinstalle messenger plus!ou simplement le sponsor

rova · Answer

il est infecté aussi ?

Systelm infecté par des pub

27 réponses

Votre réponse

Discussions similaires

Newsletters