Troyano que se repite en bucle
Resuelto
Djief
-
benurrr Mensajes publicados 9766 Estado Colaborador de seguridad -
benurrr Mensajes publicados 9766 Estado Colaborador de seguridad -
Hola,
Bueno, entonces he leído algunos mensajes y he intentado arreglar yo mismo el problema, pero no funcionó :/ así que instalé AntiVir y recibo una alerta repetitiva (https://imageshack.com/ siempre lo mismo, también instalé Rav y SpywareBlaster.
Aquí está mi informe de HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16, on 2008-10-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\OEM03Mon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Jean-François\Desktop\rav.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Gravures\Fraps 2.8.3 + crack\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Installer) - http://t1.battlefield-heroes.com/patcher/westpatcher.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 8936 bytes
Merci d'avance :)
Bueno, entonces he leído algunos mensajes y he intentado arreglar yo mismo el problema, pero no funcionó :/ así que instalé AntiVir y recibo una alerta repetitiva (https://imageshack.com/ siempre lo mismo, también instalé Rav y SpywareBlaster.
Aquí está mi informe de HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16, on 2008-10-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\OEM03Mon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Jean-François\Desktop\rav.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\WINDOWS\OEM03Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Gravures\Fraps 2.8.3 + crack\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Installer) - http://t1.battlefield-heroes.com/patcher/westpatcher.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
--
End of file - 8936 bytes
Merci d'avance :)
Configuration: Windows XP Safari 525.13
10 respuestas
-
-
hola Haz un clic derecho en este enlace: http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe Guardar destino (del enlace) como... y guárdalo en tu escritorio. Luego haz doble clic en navilog1.exe para iniciar la instalación. Una vez que la instalación termine, el fix se ejecutará automáticamente. (De no ser así, haz doble clic en el acceso directo Navilog1 presente en el escritorio). Déjate guiar. En el menú principal, elige 1 y valida. (no hagas la opción 2, 3 o 4 sin nuestra opinión/acuerdo) Espera hasta el mensaje: *** Análisis Terminado el ..... *** Pulsa una tecla como se solicita, el bloc de notas se abrirá. Copia y pega la totalidad en una respuesta. Cierra el bloc de notas. El informe también se guarda en la raíz del disco (fixnavi.txt) -- Por falta de curiosidad podemos morir ignorantes; eres libre de pensar que eres C.., pero no de pensar que eres libre... gracias a australene13
-
-
Hola,
Gracias por responderme, lo aprecio mucho. Aquí está el informe.
Search Navipromo versión 3.6.6 iniciado el 2008-10-09 a las 8:29:40,26
!!! Atención, ¡este informe puede indicar archivos/programas legítimos!!!
!!! Publica este informe en el foro para que sea analizado !!!
!!! No inicies la parte de desinfección sin la opinión de un especialista !!!
Herramienta ejecutada desde C:\Program Files\navilog1
Sesión actual: "Jean-François"
Actualizado el 29.09.2008 a las 17:30 por IL-MAFIOSO
Microsoft Windows XP [Versión 5.1.2600]
Internet Explorer: 7.0.5730.13
Sistema de archivos: NTFS
Búsqueda ejecutada en modo normal
*** Búsqueda de programas instalados ***
*** Búsqueda de carpetas en "C:\WINDOWS" ***
*** Búsqueda de carpetas en "C:\Program Files" ***
*** Búsqueda de carpetas en "C:\Documents and Settings\All Users\startm~1\programs" ***
*** Búsqueda de carpetas en "C:\Documents and Settings\All Users\startm~1" ***
*** Búsqueda de carpetas en "c:\docume~1\alluse~1\applic~1" ***
*** Búsqueda de carpetas en "C:\Documents and Settings\Jean-François\applic~1" ***
*** Búsqueda de carpetas en "C:\DOCUME~1\JEAN-F~2\applic~1" ***
*** Búsqueda de carpetas en "C:\Documents and Settings\Jean-François\locals~1\applic~1" ***
*** Búsqueda de carpetas en "C:\DOCUME~1\JEAN-F~2\locals~1\applic~1" ***
*** Búsqueda de carpetas en "C:\Documents and Settings\Jean-François\startm~1\programs" ***
*** Búsqueda con Catchme-rootkit/stealth malware detector por gmer ***
para más información: http://www.gmer.net
*** Búsqueda con GenericNaviSearch ***
!!! Todos estos resultados pueden revelar archivos legítimos !!!
!!! Es imprescindible verificar antes de cualquier eliminación manual !!!
* Búsqueda en "C:\WINDOWS\system32" *
* Búsqueda en "C:\Documents and Settings\Jean-François\locals~1\applic~1" *
* Búsqueda en "C:\DOCUME~1\JEAN-F~2\locals~1\applic~1" *
*** Búsqueda de archivos ***
*** Búsqueda de claves específicas en el Registro ***
*** Módulo de Búsqueda complementario ***
(Búsqueda de archivos específicos)
1)Búsqueda de nuevos archivos Instant Access :
2)Búsqueda Heurística :
* En "C:\WINDOWS\system32" :
* En "C:\Documents and Settings\Jean-François\locals~1\applic~1" :
* En "C:\DOCUME~1\JEAN-F~2\locals~1\applic~1" :
3)Búsqueda de Certificados :
Certificado Egroup ausente !
Certificado Electronic-Group ausente !
Certificado Montorgueil ausente !
Certificado OOO-Favorit ausente !
Certificado Sunny-Day-Design-Ltd ausente !
4)Búsqueda de archivos conocidos :
*** Análisis terminado el 2008-10-09 a las 8:33:23,18 ***-
re
coter navilog c'est propre
Télécharge LOP S&D d'Eric71 ici https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )
( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
--
Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
mais C.. de penser que tu es libre...merci a australe13
-
-
Aquí está el informe la hora indicada es 13:18. es que soy quebequense
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : BIOS Date: 03/15/04 22:33:44 Ver: 08.00.09
USER : Jean-François ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 74 Go Free : 13 Go
D:\ (Local Disk) - NTFS - Total : 74 Go Free : 15 Go
E:\ (CD o DVD)
F:\ (CD o DVD)
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 2008-10-09|13:16 )
--------------------\\ Listing des dossiers dans APPLIC~1
[2008-03-18|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-05-06|00:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
[2008-07-07|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-01-01|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-10-08|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2007-09-29|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[2008-01-17|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CCP
[2008-06-13|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA games
[2007-09-29|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2007-09-29|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2008-09-18|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-09-29|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
[2008-03-26|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
[2008-04-29|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[2007-11-05|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[2008-10-08|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-06-28|06:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-06-03|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2007-09-29|19:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-03-26|13:44] C:\DOCUME~1\JEAN-F~2\APPLIC~1\PACE Anti-Piracy
[2008-02-18|10:30] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Adobe
[2007-11-17|17:50] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Apple Computer
[2008-10-08|13:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Azureus
[2008-08-11|15:10] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Creative
[2008-09-24|16:31] C:\DOCUME~1\JEAN-F~1\APPLIC~1\dvdcss
[2008-04-07|09:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\foobar2000
[2008-05-04|05:47] C:\DOCUME~1\JEAN-F~1\APPLIC~1\GarageGames
[2007-11-18|15:27] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Help
[2007-09-29|20:00] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Identities
[2008-08-04|22:03] C:\DOCUME~1\JEAN-F~1\APPLIC~1\InstallShield
[2008-08-04|12:12] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Logitech
[2007-09-30|02:44] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Macromedia
[2007-09-30|00:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Media Player Classic
[2007-11-18|15:16] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Microsoft
[2007-12-02|17:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Miranda
[2008-07-25|09:03] C:\DOCUME~1\JEAN-F~1\APPLIC~1\mIRC
[2008-06-28|05:49] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Mozilla
[2007-10-17|22:40] C:\DOCUME~1\JEAN-F~1\APPLIC~1\OpenOffice.org2
[2008-03-26|13:21] C:\DOCUME~1\JEAN-F~1\APPLIC~1\PACE Anti-Piracy
[2008-05-03|04:47] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Real
[2008-08-11|15:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Reallusion
[2008-01-26|14:45] C:\DOCUME~1\JEAN-F~1\APPLIC~1\SecuROM
[2008-10-09|03:39] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Skype
[2008-09-10|05:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\SPORE
[2007-10-22|23:43] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Sun
[2008-08-11|15:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\tmp
[2007-10-28|21:30] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Ventrilo
[2007-12-15|05:00] C:\DOCUME~1\JEAN-F~1\APPLIC~1\vlc
[2008-01-21|11:48] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Warsow
[2007-12-26|20:02] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Webcammax
[2007-09-30|00:08] C:\DOCUME~1\JEAN-F~1\APPLIC~1\WinRAR
[2008-10-08|23:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[2007-09-29|19:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2007-09-29|19:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[2008-10-09 10:14][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2008-10-06 21:54][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-10-09 08:26][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-04 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[2008-03-18|10:58] C:\Program Files\Adobe
[2008-10-08|13:02] C:\Program Files\Alwil Software
[2008-07-07|06:29] C:\Program Files\Apple Software Update
[2008-03-04|06:22] C:\Program Files\Audacity
[2008-10-08|13:58] C:\Program Files\Avira
[2008-07-02|11:40] C:\Program Files\Azureus
[2007-11-26|02:27] C:\Program Files\CCleaner
[2007-11-18|03:09] C:\Program Files\Codec Pack - All In 1
[2008-10-09|03:50] C:\Program Files\Common Files
[2007-09-29|19:52] C:\Program Files\ComPlus Applications
[2008-08-11|15:06] C:\Program Files\Creative
[2008-08-11|15:01] C:\Program Files\Creative Live! Cam
[2008-01-25|14:29] C:\Program Files\DefilerPak
[2008-08-11|15:01] C:\Program Files\DELL
[2008-01-31|16:57] C:\Program Files\DivX
[2008-05-25|02:29] C:\Program Files\EA games
[2008-09-07|10:55] C:\Program Files\Electronic Arts
[2008-03-04|06:16] C:\Program Files\HooTech
[2008-02-18|17:49] C:\Program Files\Illustrate
[2008-10-06|03:33] C:\Program Files\InstallShield Installation Information
[2008-08-14|05:41] C:\Program Files\Internet Explorer
[2008-07-07|06:26] C:\Program Files\iPod
[2008-07-07|06:27] C:\Program Files\iTunes
[2008-05-09|05:31] C:\Program Files\Java
[2008-08-04|12:09] C:\Program Files\Logitech
[2008-10-08|20:49] C:\Program Files\Messenger
[2008-09-18|05:31] C:\Program Files\Microsoft
[2007-11-17|23:28] C:\Program Files\Microsoft ActiveSync
[2008-06-04|03:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2007-09-29|19:55] C:\Program Files\microsoft frontpage
[2007-12-02|19:07] C:\Program Files\Microsoft Office
[2008-08-19|03:01] C:\Program Files\Microsoft Silverlight
[2007-11-17|23:28] C:\Program Files\Microsoft.NET
[2008-07-25|09:02] C:\Program Files\mIRC
[2008-10-08|20:33] C:\Program Files\Movie Maker
[2007-12-02|19:07] C:\Program Files\MSECache
[2007-09-29|19:51] C:\Program Files\MSN
[2007-09-29|19:51] C:\Program Files\MSN Gaming Zone
[2007-11-11|05:55] C:\Program Files\MSXML 4.0
[2008-10-09|08:33] C:\Program Files\Navilog1
[2008-10-08|20:29] C:\Program Files\NetMeeting
[2007-09-29|19:52] C:\Program Files\Online Services
[2007-11-20|02:12] C:\Program Files\OpenOffice.org 2.3
[2008-10-08|20:49] C:\Program Files\Outlook Express
[2008-06-04|12:11] C:\Program Files\PokerStars.NET
[2008-07-07|06:25] C:\Program Files\QuickTime
[2008-04-29|16:46] C:\Program Files\Real Alternative
[2007-11-08|02:01] C:\Program Files\Skype
[2008-10-08|20:40] C:\Program Files\SpywareBlaster
[2008-10-08|22:05] C:\Program Files\Trend Micro
[2007-09-29|20:00] C:\Program Files\Uninstall Information
[2008-05-03|21:17] C:\Program Files\Ventrilo
[2007-12-15|04:28] C:\Program Files\VideoLAN
[2008-05-09|05:10] C:\Program Files\WebcamMax
[2008-09-18|05:32] C:\Program Files\Windows Live
[2008-04-07|13:35] C:\Program Files\Windows Media Connect 2
[2008-10-08|20:29] C:\Program Files\Windows Media Player
[2008-10-08|20:29] C:\Program Files\Windows NT
[2008-03-26|13:21] C:\Program Files\WindowsUpdate
[2007-09-30|00:15] C:\Program Files\WinRAR
[2007-09-29|19:55] C:\Program Files\xerox
[2007-11-21|19:53] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[2008-03-18|10:58] C:\Program Files\Common Files\Adobe
[2008-07-07|06:23] C:\Program Files\Common Files\Apple
[2008-07-08|09:05] C:\Program Files\Common Files\Blizzard Entertainment
[2008-08-11|15:05] C:\Program Files\Common Files\Creative
[2007-11-17|23:28] C:\Program Files\Common Files\DESIGNER
[2008-03-26|09:18] C:\Program Files\Common Files\InstallShield
[2007-10-22|23:42] C:\Program Files\Common Files\Java
[2007-12-05|03:11] C:\Program Files\Common Files\LogiShrd
[2008-08-04|22:04] C:\Program Files\Common Files\Logitech
[2008-09-18|05:31] C:\Program Files\Common Files\Microsoft Shared
[2007-09-29|19:53] C:\Program Files\Common Files\MSSoap
[2007-09-29|14:10] C:\Program Files\Common Files\ODBC
[2008-03-26|13:21] C:\Program Files\Common Files\PACE Anti-Piracy
[2008-10-07|09:40] C:\Program Files\Common Files\plugin
[2008-08-11|15:06] C:\Program Files\Common Files\Reallusion
[2007-09-29|19:53] C:\Program Files\Common Files\Services
[2007-11-05|00:07] C:\Program Files\Common Files\Skype
[2007-09-29|14:10] C:\Program Files\Common Files\SpeechEngines
[2008-10-08|20:29] C:\Program Files\Common Files\System
[2008-09-18|05:28] C:\Program Files\Common Files\Windows Live
[2008-06-03|04:35] C:\Program Files\Common Files\WindowsLiveInstaller
[2008-05-03|21:17] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 47 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@advertising[2].txt
C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@advertising[3].txt
C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[1].txt
C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[2].txt
C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[3].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 13:17:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:10][D:2]-> C:\DOCUME~1\JEAN-F~1\LOCALS~1\Temp
[F:399][D:1]-> C:\DOCUME~1\JEAN-F~1\Cookies
[F:219][D:4]-> C:\DOCUME~1\JEAN-F~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 2008-10-09|13:18 - Option : [1]
--------------------\\ Fin du rapport a 13:18:19-
Reactivación LOP S&D de Eric71 Elige esta vez la Opción 3 ( Eliminación ) No cierres la ventana durante la eliminación ! Publica el informe generado (que también está aquí C:\lopR.txt) -- Por Falta de Curiosidad Corremos Peligro de Morir Ignorantes; eres libre de pensar que eres C.., pero C.. piensa que eres libre... gracias a australe13
-
-
He hecho lo que dijiste, luego reinicié y estoy haciendo un escaneo con AntiVir y por ahora no me sale ninguna alerta de detección repetitiva. Sin embargo, tengo 2 avisos que se muestran actualmente (al 10%)
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : BIOS Date: 03/15/04 22:33:44 Ver: 08.00.09
USER : Jean-François ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 74 Go Free : 13 Go
D:\ (Local Disk) - NTFS - Total : 74 Go Free : 15 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [3] ( 2008-10-09|15:12 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@advertising[2].txt
Supprime! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@advertising[3].txt
Supprime! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[1].txt
Supprime! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\JEAN-F~1\Cookies\jean-françois@adopt.euroclick[3].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[2008-03-18|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-05-06|00:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
[2008-07-07|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-01-01|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-10-08|13:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2007-09-29|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[2008-01-17|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CCP
[2008-06-13|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EA games
[2007-09-29|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[2007-09-29|22:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[2008-09-18|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-09-29|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
[2008-03-26|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
[2008-04-29|16:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[2007-11-05|00:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[2008-10-08|21:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-06-28|06:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-06-03|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2007-09-29|19:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-03-26|13:44] C:\DOCUME~1\JEAN-F~2\APPLIC~1\PACE Anti-Piracy
[2008-02-18|10:30] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Adobe
[2007-11-17|17:50] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Apple Computer
[2008-10-08|13:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Azureus
[2008-08-11|15:10] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Creative
[2008-09-24|16:31] C:\DOCUME~1\JEAN-F~1\APPLIC~1\dvdcss
[2008-04-07|09:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\foobar2000
[2008-05-04|05:47] C:\DOCUME~1\JEAN-F~1\APPLIC~1\GarageGames
[2007-11-18|15:27] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Help
[2007-09-29|20:00] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Identities
[2008-08-04|22:03] C:\DOCUME~1\JEAN-F~1\APPLIC~1\InstallShield
[2008-08-04|12:12] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Logitech
[2007-09-30|02:44] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Macromedia
[2007-09-30|00:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Media Player Classic
[2007-11-18|15:16] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Microsoft
[2007-12-02|17:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Miranda
[2008-07-25|09:03] C:\DOCUME~1\JEAN-F~1\APPLIC~1\mIRC
[2008-06-28|05:49] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Mozilla
[2007-10-17|22:40] C:\DOCUME~1\JEAN-F~1\APPLIC~1\OpenOffice.org2
[2008-03-26|13:21] C:\DOCUME~1\JEAN-F~1\APPLIC~1\PACE Anti-Piracy
[2008-05-03|04:47] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Real
[2008-08-11|15:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Reallusion
[2008-01-26|14:45] C:\DOCUME~1\JEAN-F~1\APPLIC~1\SecuROM
[2008-10-09|03:39] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Skype
[2008-09-10|05:52] C:\DOCUME~1\JEAN-F~1\APPLIC~1\SPORE
[2007-10-22|23:43] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Sun
[2008-08-11|15:11] C:\DOCUME~1\JEAN-F~1\APPLIC~1\tmp
[2007-10-28|21:30] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Ventrilo
[2007-12-15|04:28] C:\DOCUME~1\JEAN-F~1\APPLIC~1\vlc
[2008-01-21|11:48] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Warsow
[2007-12-26|20:02] C:\DOCUME~1\JEAN-F~1\APPLIC~1\Webcammax
[2007-09-30|00:08] C:\DOCUME~1\JEAN-F~1\APPLIC~1\WinRAR
[2008-10-08|23:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[2007-09-29|19:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2007-09-29|19:55] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[2008-10-09 14:50][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2008-10-06 21:54][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-10-09 08:26][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-04 08:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[2008-03-18|10:58] C:\Program Files\Adobe
[2008-10-08|13:02] C:\Program Files\Alwil Software
... (reste identique)-
descarga malwarebytes http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
al instalar verifica que la actualización y lanzar el programa y el escaneo completo estén bien marcados
Una vez actualizado, el programa se iniciará; haz clic en la pestaña de configuración y marca la casilla: "Detener Internet Explorer durante la desinfección".
Al final del escaneo haz clic en Ver resultados
Eliminación de los elementos detectados >>> haz clic en Eliminar la selección o eliminar todo
Si se te solicita reiniciar >>> haz clic en "Yes"
Y publica el informe generado
y esperando una respuesta puedes volver a hacer un escaneo de malwarebytes pero en modo seguro porque es mucho más eficaz
cómo iniciar en modo seguro aquí tutorial http://www.infos-du-net.com/forum/272325-11-tuto-demarrer-mode-echec
guardas el informe generado para poder encontrarlo y publicas el nuevo informe
--
Por falta de curiosidad podríamos morir ignorantes; tú eres libre de pensar que eres C..,
pero C.. de pensar que tú eres libre...gracias a australe13
-
-
Informe. Es un buen augurio :). Volveré en modo seguro.
Malwarebytes' Anti-Malware 1.28
Versión de la base de datos: 1248
Windows 5.1.2600 Service Pack 3
2008-10-09 16:54:38
mbam-log-2008-10-09 (16-54-38).txt
Tipo de exploración: Exploración completa (C:\|D:\|)
Elementos examinados: 123179
Tiempo transcurrido: 36 minuto(s), 23 segundo(s)
Proceso(es) de memoria infectado(s): 0
Módulo(s) de memoria infectado(s): 0
Clave(s) del Registro infectada(s): 0
Valor(es) del Registro infectado(s): 0
Elemento(s) de datos del Registro infectado(s): 0
Directorio(s) infectado(s): 0
Archivo(s) infectado(s): 0
Proceso(es) de memoria infectado(s):
(Ningún elemento dañino detectado)
Módulo(s) de memoria infectado(s):
(Ningún elemento dañino detectado)
Clave(s) del Registro infectada(s):
(Ningún elemento dañino detectado)
Valor(es) del Registro infectada(s):
(Ningún elemento dañino detectado)
Elemento(s) de datos del Registro infectado(s):
(Ningún elemento dañino detectado)
Directorio(s) infectado(s):
(Ningún elemento dañino detectado)
Archivo(s) infectado(s):
(Ningún elemento dañino detectado) -
Disculpa por no haber respondido antes, he estado muy ocupado. Bien, he intentado muchas veces entrar en modo seguro y no funciona, hago F8 eligiendo bien el modo seguro y cada vez cuando mi ordenador llega a Windows está en modo normal. No entiendo nada.
Además esta mañana abrí mi ordenador y AntiVir encontró algo más que volvía en bucle pero no era el mismo troyano.
detected in file 'C:\WINDOWS\system32\KcrnaDrv.dll.
Action performed: Delete file
y aparece la respuesta
Error message: Action failed for file: C:\WINDOWS\system32\KcrnaDrv.dll
Error code: [0x00000005 - Access is denied.]
pero cuando ocurrió tuve que irme y apagué mi PC. Cuando volví hice un escaneo completo con AntiVir y Malwarebytes y no encontró nada en absoluto.-
hola rr
Descarga FindyKill en tu escritorio:
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Inicia la instalación con los parámetros por defecto
--> Haz doble clic en el acceso directo FindyKill en tu escritorio
--> En el menú principal, elige la opción 1 (Búsqueda)
--> Publica el informe FindyKill.txt
Nota: el informe FindyKill.txt se guarda en la raíz del disco
--
Por Falta de Curiosidad Corremos el Riesgo de Morir Ignorantes; Tienes la libertad de pensar que eres C..,
pero C.. de pensar que eres libre... gracias a australe13
-
-
----------------- FindyKill V4.005 ------------------
* User : Jean-François - DJIEFP
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 11/10/08 par Chiquitine29
* Recherche effectuée à 3:51:51 le 2008-10-13
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\WINDOWS\OEM03Mon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\av g nt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Jean-François\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\JEAN-F~1\LOCALS~1\Temp
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper REG_SZ CTHELPER.EXE
CTxfiHlp REG_SZ CTXFIHLP.EXE
LogitechCommunicationsManager REG_SZ "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
LVCOMSX REG_SZ "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
OEM03Mon.exe REG_SZ C:\WINDOWS\OEM03Mon.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Google Update REG_SZ "C:\Documents and Settings\Jean-François\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
--------------- [ Registre / Clés infecteuses ] ----------------
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 Demande=3 Désactivé=4 ]
Ndisuio - Type de démarrage = 3
EapHost - Type de démarrage = 3
Ip6Fw - Type de démarrage = 3
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
wscsvc - Type de démarrage = 2
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Fixed Drive
D: - Fixed Drive
+- presence des fichiers :
--------------- [ Registre / Moutpoint2 ] ----------------
-> Recherche négative.
------------------- ! Fin du rapport ! ---------------------
1) Descarga SDFix de AndyManchesta
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe en tu Escritorio.
Haz doble clic en SDFix.exe y elige Install. La herramienta se extraerá en la raíz de la unidad del sistema (por lo general C:\)
No la toques por ahora.
2) Reinicia en modo seguro
3) SDFix
* Abre la carpeta SDFix que acaba de crearse en el directorio C:\ y haz doble clic en RunThis.bat para lanzar el script.
* Pulsa Y para comenzar el proceso de limpieza.
* Eliminará los servicios y las entradas del Registro de ciertos troyanos encontrados y luego te pedirá que pulses una tecla para reiniciar.
* Pulsa una tecla para reiniciar el PC.
* Tu sistema tardará más en reiniciar de lo habitual porque la herramienta continuará ejecutándose y eliminará archivos.
* Después de cargar el Escritorio, la herramienta terminará su trabajo y mostrará Finished.
* Pulsa una tecla para terminar la ejecución del script y cargar los iconos de tu Escritorio.
· Una vez mostrados los iconos del Escritorio, el informe de SDFix se abrirá en la pantalla y también se almacenará en la carpeta SDFix con el nombre Report.txt.
rien sur ton rapport findykill
--
Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que eres C..,
mais C.. de penser que ‑tu eres libre...merci a australé13
-
-
Bon j'ai finalement réussi à démarrer en mode sans échec j'en ai profité pour faire un scan avec malwarebytes, AntiVir qui n'ont rien trouvé
et voici le rapport SDFix
SDFix: Version 1.235
Run by Administrator on 2008-10-13 at 13:49
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 14:01:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:203b5c71
"s2"=dword:87640094
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Utilitaires\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,a1,42,cc,4c,57,bd,b1,0b,c8,e9,82,26,ad,99,10,a5,6b,cb,a1,e1,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,90,34,b1,c2,81,91,46,5e,08,28,93,da,44,11,93,54,c6,..
"khjeh"=hex:3a,0a,27,71,85,df,e9,a6,e8,d4,f3,7b,e1,25,c4,04,16,77,11,47,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:11,95,22,53,05,69,34,3c,78,fd,fe,c3,2c,a1,77,8f,ea,65,23,8c,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Utilitaires\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,a1,42,cc,4c,57,bd,b1,0b,c8,e9,82,26,ad,99,10,a5,6b,cb,a1,e1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,90,34,b1,c2,81,91,46,5e,08,28,93,da,44,11,93,54,c6,..
"khjeh"=hex:0d,39,7c,c6,12,e4,04,22,9b,4c,c9,d3,39,46,b6,10,f6,4d,33,5e,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,32,4c,a5,8f,41,a6,5f,aa,c9,53,c9,5d,c8,c1,ca,71,49,1a,3c,71,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="D:\Utilitaires\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,a1,42,cc,4c,57,bd,b1,0b,c8,e9,82,26,ad,99,10,a5,6b,cb,a1,e1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,90,34,b1,c2,81,91,46,5e,08,28,93,da,44,11,93,54,c6,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\counter-strike source\\hl2.exe"="D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\Jeux\\Steam\\Steam.exe"="D:\\Jeux\\Steam\\Steam.exe:*:Enabled:Steam"
"D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\half-life 2 deathmatch\\hl2.exe"="D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\team fortress 2\\hl2.exe"="D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"D:\\Jeux\\TetriNET\\TETRINET.EXE"="D:\\Jeux\\TetriNET\\TETRINET.EXE:*:Enabled:TETRINET"
"D:\\Jeux\\World of Warcraft\\BackgroundDownloader.exe"="D:\\Jeux\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\source sdk base\\hl2.exe"="D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\source sdk base\\hl2.exe:*:Enabled:hl2"
"D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\half-life\\hl.exe"="D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Jeux\\Warsow\\warsow_x86.exe"="D:\\Jeux\\Warsow\\warsow_x86.exe:*:Enabled:Warsow"
"D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\day of defeat source\\hl2.exe"="D:\\Jeux\\Steam\\steamapps\\fightmybrain@hotmail.com\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\\Jeux\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="D:\\Jeux\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\\Jeux\\Combat Arms\\CombatArms.exe"="D:\\Jeux\\Combat Arms\\CombatArms.exe:*:Enabled:CombatArms.exe"
"D:\\Jeux\\Combat Arms\\Engine.exe"="D:\\Jeux\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"D:\\Jeux\\Combat Arms\\NMService.exe"="D:\\Jeux\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\\Jeux\\Combat Arms\\CombatArms.exe"="D:\\Jeux\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\\Jeux\\Combat Arms\\Engine.exe"="D:\\Jeux\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
Remaining Files :
Files with Hidden Attributes :
Sun 18 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 29 Sep 2008 5,931 ...HR --- "C:\Documents and Settings\Jean-François\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished! -
-
Cierra todas las aplicaciones en curso y luego descarga ToolsCleaner2 en tu Escritorio.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Haz doble clic en ToolsCleaner2.exe >
Buscar
y en Eliminación
Nota: tu escritorio va a desaparecer, es normal. Si no aparece al final del escaneo, realiza la siguiente maniobra:
CTRL+ALT+DEL para abrir el Administrador de tareas.
Luego ve a la pestaña “Procesos”. Haz clic en la esquina superior izquierda en Archivos y elige “Ejecutar”
Escribe explorer.exe y valida. Eso hará que vuelva a aparecer el Escritorio
--
Por falta de curiosidad podemos morir ignorantes; eres libre de pensar que eres C..,
pero C.. de pensar que eres libre...gracias a austriale13
-
-
-
eliminas findykill por paneles de configuración y añadidos y eliminar programas
puedes publicar el informe toolscleaner para ver si no hubo error de eliminación
y tollscleaner lo suprimes haciendo un clic derecho
-------------------------------
y terminas con ccleaner lo mantienes igual que malwarbyte te serán útiles y haz escaneos frecuentemente
vas a descargar Ccleaner http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
no instales la barra de yahoo
abre "Ccleaner" ve a la pestaña "Opción" luego "Avanzado" y desmarca "Borrar solo archivos, del carpeta temp de Windows, más antiguos que 48 horas."
Luego ve a la pestaña "Limpiador" haz "Analizar" y luego "Ejecutar la limpieza".
Luego ve a la pestaña "Registro" y haz "Buscar errores" y "Reparar los errores seleccionados"
Lo vuelves a hacer todo 4-5 veces (la limpieza y el registro).
Luego permanece en "Ccleaner" y ve a "Opción" y luego "Propiedad" y marca "Limpiar automáticamente el ordenador al inicio".
aquí guía de uso para ccleaner
https://www.malekal.com/tutoriel-ccleaner/
Por Falta de Curiosidad Podemos Morir Ignorantes; Eres libre de pensar que eres C..,
pero C.. de pensar que eres libre... gracias a australe13
-