Sujet Précédent Sujet Suivant

Rapport hijackthis

cbs77380 Messages postés 7 Statut Membre -  
J_O_J_O Messages postés 1730 Statut Membre -
Bonjour a tous voila mon rapport hijackthis mon ordi as t-il quelque chose qui va pas ??

Merci pour vos futur reponses ..... .Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:14, on 14/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Setup] "C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Betway\Casino\casinogame.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Betway\Poker\MPPoker.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\virus98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Crazy Vegas Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\crazyvegasMPP\MPPoker.exe (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
A voir également:

10 réponses

Réponse 1 / 10
J_O_J_O Messages postés 1730 Statut Membre 92
 
Salut ^^ infection lop que tu-a ! désactive L'UAC de vista stp :: http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac#1 via le panneau de configuration

Télécharge LopSD.exe sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Clique-droit sur le raccourci LopSD présent sur le Bureau et choisis "Exécuter en tant qu'administrateur" pour lancer LopSD.

Choisis la langue F pour Français puis valide par Entrée.

Choisis l'option Recherche en saisissant 1 puis valide par Entrée
.
* Patiente jusqu'à la fin du scan
* Poste le rapport généré qui se trouve ici => (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide
0
cbs77380
 
merci a toi je m'occupe de tous sa et vous tient au courant
0
Réponse 2 / 10
J_O_J_O Messages postés 1730 Statut Membre 92
 
de rien ::)) j'attend
0
cbs77380
 
me revoici et vous poste le rapport LOP S&D

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3200+ )
BIOS : BIOS Date: 09/06/05 17:29:38 Ver: 08.00.12
USER : virus98 ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:45 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:73 Go (Free:73 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 14/11/2008|14:53 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[27/06/2008|16:35] C:\Users\virus98\AppData\Local\Adobe
[27/06/2008|13:21] C:\Users\virus98\AppData\Local\Application Data
[03/11/2008|20:55] C:\Users\virus98\AppData\Local\BingoCafe
[12/11/2008|18:19] C:\Users\virus98\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[15/07/2008|11:43] C:\Users\virus98\AppData\Local\eMule
[04/07/2008|16:30] C:\Users\virus98\AppData\Local\GDIPFONTCACHEV1.DAT
[20/07/2008|18:57] C:\Users\virus98\AppData\Local\Google
[27/06/2008|13:21] C:\Users\virus98\AppData\Local\Historique
[14/11/2008|14:45] C:\Users\virus98\AppData\Local\IconCache.db
[04/07/2008|16:37] C:\Users\virus98\AppData\Local\Microsoft
[25/10/2008|11:08] C:\Users\virus98\AppData\Local\Microsoft Games
[05/11/2008|22:14] C:\Users\virus98\AppData\Local\PokerStars
[14/11/2008|14:50] C:\Users\virus98\AppData\Local\Temp
[27/06/2008|13:21] C:\Users\virus98\AppData\Local\Temporary Internet Files
[27/06/2008|13:30] C:\Users\virus98\AppData\Local\Toshiba
[27/06/2008|16:34] C:\Users\virus98\AppData\Local\VirtualStore
[18/07/2008|11:36] C:\Users\virus98\AppData\Local\Yahoo!_Inc

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[14/11/2008 14:47][--ah-----] C:\Windows\tasks\SA.DAT
[14/11/2008 14:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[27/06/2008|16:43] C:\ProgramData\Adobe
[02/11/2006|14:02] C:\ProgramData\Application Data
[27/06/2008|13:15] C:\ProgramData\Bureau
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[15/07/2008|11:43] C:\ProgramData\eMule
[27/06/2008|13:15] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[14/11/2008|11:18] C:\ProgramData\Google
[14/11/2008|11:14] C:\ProgramData\Google Updater
[27/06/2008|13:15] C:\ProgramData\Menu D‚marrer
[14/07/2008|08:38] C:\ProgramData\MGS
[13/07/2008|20:51] C:\ProgramData\Microgaming
[01/06/2007|11:06] C:\ProgramData\Microsoft
[27/06/2008|13:15] C:\ProgramData\ModŠles
[14/11/2008|14:48] C:\ProgramData\Sony Ericsson
[02/11/2006|14:02] C:\ProgramData\Start Menu
[30/06/2008|21:42] C:\ProgramData\Symantec
[02/11/2006|14:02] C:\ProgramData\Templates
[01/06/2007|09:59] C:\ProgramData\Toshiba
[27/06/2008|13:28] C:\ProgramData\ToshibaEurope
[14/11/2008|11:13] C:\ProgramData\Ulead Systems
[27/06/2008|19:45] C:\ProgramData\WLInstaller
[14/11/2008|11:41] C:\ProgramData\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files

[15/10/2008|18:11] C:\Program Files\Adobe
[01/06/2007|09:35] C:\Program Files\Analog Devices
[01/06/2007|09:40] C:\Program Files\ATK Hotkey
[13/07/2008|23:46] C:\Program Files\Bluetooth Remote Control
[05/11/2008|22:26] C:\Program Files\bwin
[14/11/2008|11:38] C:\Program Files\Common Files
[15/07/2008|11:43] C:\Program Files\eMule
[27/06/2008|13:15] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[23/10/2008|19:46] C:\Program Files\Gimp-2.0
[14/11/2008|11:18] C:\Program Files\Google
[01/06/2007|10:14] C:\Program Files\IDM
[17/07/2008|16:31] C:\Program Files\IMVU
[13/11/2008|13:30] C:\Program Files\ImvuTools2
[13/11/2008|13:33] C:\Program Files\ImvuTools3
[14/11/2008|11:11] C:\Program Files\InstallShield Installation Information
[01/06/2007|09:30] C:\Program Files\Intel
[16/10/2008|15:59] C:\Program Files\Internet Explorer
[01/06/2007|09:29] C:\Program Files\Java
[01/06/2007|09:36] C:\Program Files\ltmoh
[07/07/2008|22:41] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[02/11/2006|13:42] C:\Program Files\Movie Maker
[02/11/2006|13:37] C:\Program Files\MSBuild
[02/11/2006|13:37] C:\Program Files\MSN
[01/06/2007|09:02] C:\Program Files\MSXML 4.0
[30/06/2008|11:12] C:\Program Files\MySpace
[28/10/2008|20:54] C:\Program Files\PokerStars
[17/07/2008|10:48] C:\Program Files\Real
[01/06/2007|09:52] C:\Program Files\Realtek
[14/11/2008|11:20] C:\Program Files\Red Kings Poker
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[13/11/2008|16:00] C:\Program Files\Simulateur de conduite 3D Demo
[14/11/2008|11:39] C:\Program Files\Sony Ericsson
[01/06/2007|09:37] C:\Program Files\Synaptics
[13/11/2008|22:06] C:\Program Files\ThriXXX
[01/06/2007|11:03] C:\Program Files\TOSHIBA
[14/11/2008|11:47] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[27/06/2008|22:35] C:\Program Files\VideoLAN
[08/07/2008|02:48] C:\Program Files\Windows Calendar
[02/11/2006|13:42] C:\Program Files\Windows Collaboration
[01/06/2007|09:26] C:\Program Files\Windows Defender
[02/11/2006|13:42] C:\Program Files\Windows Journal
[27/06/2008|19:54] C:\Program Files\Windows Live
[16/10/2008|15:59] C:\Program Files\Windows Mail
[01/06/2007|09:45] C:\Program Files\Windows Media Components
[08/07/2008|02:48] C:\Program Files\Windows Media Player
[27/06/2008|13:15] C:\Program Files\Windows NT
[02/11/2006|13:42] C:\Program Files\Windows Photo Gallery
[08/07/2008|02:48] C:\Program Files\Windows Sidebar
[17/07/2008|12:18] C:\Program Files\WinRAR
[14/11/2008|11:41] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[27/06/2008|16:43] C:\Program Files\Common Files\Adobe
[01/06/2007|09:46] C:\Program Files\Common Files\InstallShield
[01/06/2007|09:29] C:\Program Files\Common Files\Java
[14/11/2008|11:19] C:\Program Files\Common Files\microsoft shared
[17/07/2008|10:48] C:\Program Files\Common Files\Real
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[30/06/2008|21:42] C:\Program Files\Common Files\Symantec Shared
[08/07/2008|02:48] C:\Program Files\Common Files\System
[14/11/2008|11:38] C:\Program Files\Common Files\Teleca Shared
[01/06/2007|10:00] C:\Program Files\Common Files\Toshiba Shared
[14/11/2008|11:13] C:\Program Files\Common Files\Ulead Systems
[27/06/2008|19:54] C:\Program Files\Common Files\WindowsLiveInstaller
[17/07/2008|10:48] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 55 Processes )

iexplore.exe ~ [PID:2272]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\virus98\AppData\Local\Temp\nsj3E62.tmp
C:\Users\virus98\AppData\Roaming\MICROS~1\Windows\Cookies\virus98@advertising[2].txt
C:\Users\virus98\AppData\Roaming\MICROS~1\Windows\Cookies\virus98@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 14:53:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\virus98\AppData\Local\BingoCafe\ASSETS11\BACKBMPS\QG_Slots_crack_BG.00000310.gif
C:\Users\virus98\AppData\Local\BingoCafe\ASSETS11\BTNBMPS\QG_CrackTheSafe.00000439.gif
C:\Users\virus98\AppData\Roaming\Microsoft\Windows\Cookies\Low\virus98@gogocracks.ifrance[2].txt
C:\Users\virus98\Downloads\eMule\Incoming\(pcgame xxx) 3D-Sex.Villa [ThriXXX] + Crack [Adult-Game].rar
C:\Users\virus98\Downloads\eMule\Incoming\3D sex villa password and username (full game crack).txt


[F:98][D:8]-> C:\Users\virus98\AppData\Local\Temp
[F:1702][D:1]-> C:\Users\virus98\AppData\Roaming\MICROS~1\Windows\Cookies
[F:194][D:4]-> C:\Users\virus98\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:6][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 14/11/2008|14:56 - Option : [1]

--------------------\\ Fin du rapport a 14:56:14
[ UAC => 1 ]
0
Réponse 3 / 10
J_O_J_O Messages postés 1730 Statut Membre 92
 
Alors maintenant referme tous t'es programmes encore une fois,relance lopS&D et choisi l'option 2 ! a la fin du nettoyage redonne le nouveau rapport stp !

Et supprime c'est crack xD sinon rebelote tu sera reinfectée =s :::

C:\Users\virus98\AppData\Local\BingoCafe\ASSETS11\BACKBMPS\QG_Slots_crack_BG.00000310.gif
C:\Users\virus98\AppData\Local\BingoCafe\ASSETS11\BTNBMPS\QG_CrackTheSafe.00000439.gif
C:\Users\virus98\AppData\Roaming\Microsoft\Windows\Cookies\Low\virus98@gogocracks.ifrance[2].txt
C:\Users\virus98\Downloads\eMule\Incoming\(pcgame xxx) 3D-Sex.Villa [ThriXXX] + Crack [Adult-Game].rar
C:\Users\virus98\Downloads\eMule\Incoming\3D sex villa password and username (full game crack).txt
0
cbs77380
 
ok ok voici rapport option 2 ......et encore merci


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3200+ )
BIOS : BIOS Date: 09/06/05 17:29:38 Ver: 08.00.12
USER : virus98 ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:45 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:73 Go (Free:73 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 14/11/2008|15:12 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\virus98\AppData\Local\Temp\nsj3E62.tmp
Supprime! - C:\Users\virus98\AppData\Roaming\MICROS~1\Windows\Cookies\virus98@advertising[2].txt
Supprime! - C:\Users\virus98\AppData\Roaming\MICROS~1\Windows\Cookies\virus98@adopt.euroclick[2].txt
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[27/06/2008|16:35] C:\Users\virus98\AppData\Local\Adobe
[27/06/2008|13:21] C:\Users\virus98\AppData\Local\Application Data
[03/11/2008|20:55] C:\Users\virus98\AppData\Local\BingoCafe
[12/11/2008|18:19] C:\Users\virus98\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[15/07/2008|11:43] C:\Users\virus98\AppData\Local\eMule
[04/07/2008|16:30] C:\Users\virus98\AppData\Local\GDIPFONTCACHEV1.DAT
[20/07/2008|18:57] C:\Users\virus98\AppData\Local\Google
[27/06/2008|13:21] C:\Users\virus98\AppData\Local\Historique
[14/11/2008|14:45] C:\Users\virus98\AppData\Local\IconCache.db
[04/07/2008|16:37] C:\Users\virus98\AppData\Local\Microsoft
[25/10/2008|11:08] C:\Users\virus98\AppData\Local\Microsoft Games
[05/11/2008|22:14] C:\Users\virus98\AppData\Local\PokerStars
[14/11/2008|15:12] C:\Users\virus98\AppData\Local\Temp
[27/06/2008|13:21] C:\Users\virus98\AppData\Local\Temporary Internet Files
[27/06/2008|13:30] C:\Users\virus98\AppData\Local\Toshiba
[27/06/2008|16:34] C:\Users\virus98\AppData\Local\VirtualStore
[18/07/2008|11:36] C:\Users\virus98\AppData\Local\Yahoo!_Inc

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[14/11/2008 14:47][--ah-----] C:\Windows\tasks\SA.DAT
[14/11/2008 14:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[27/06/2008|16:43] C:\ProgramData\Adobe
[02/11/2006|14:02] C:\ProgramData\Application Data
[27/06/2008|13:15] C:\ProgramData\Bureau
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[15/07/2008|11:43] C:\ProgramData\eMule
[27/06/2008|13:15] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[14/11/2008|11:18] C:\ProgramData\Google
[14/11/2008|11:14] C:\ProgramData\Google Updater
[27/06/2008|13:15] C:\ProgramData\Menu D‚marrer
[14/07/2008|08:38] C:\ProgramData\MGS
[13/07/2008|20:51] C:\ProgramData\Microgaming
[01/06/2007|11:06] C:\ProgramData\Microsoft
[27/06/2008|13:15] C:\ProgramData\ModŠles
[14/11/2008|14:48] C:\ProgramData\Sony Ericsson
[02/11/2006|14:02] C:\ProgramData\Start Menu
[30/06/2008|21:42] C:\ProgramData\Symantec
[02/11/2006|14:02] C:\ProgramData\Templates
[01/06/2007|09:59] C:\ProgramData\Toshiba
[27/06/2008|13:28] C:\ProgramData\ToshibaEurope
[14/11/2008|11:13] C:\ProgramData\Ulead Systems
[27/06/2008|19:45] C:\ProgramData\WLInstaller
[14/11/2008|11:41] C:\ProgramData\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files

[15/10/2008|18:11] C:\Program Files\Adobe
[01/06/2007|09:35] C:\Program Files\Analog Devices
[01/06/2007|09:40] C:\Program Files\ATK Hotkey
[13/07/2008|23:46] C:\Program Files\Bluetooth Remote Control
[05/11/2008|22:26] C:\Program Files\bwin
[14/11/2008|11:38] C:\Program Files\Common Files
[15/07/2008|11:43] C:\Program Files\eMule
[27/06/2008|13:15] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[23/10/2008|19:46] C:\Program Files\Gimp-2.0
[14/11/2008|11:18] C:\Program Files\Google
[01/06/2007|10:14] C:\Program Files\IDM
[17/07/2008|16:31] C:\Program Files\IMVU
[13/11/2008|13:30] C:\Program Files\ImvuTools2
[13/11/2008|13:33] C:\Program Files\ImvuTools3
[14/11/2008|11:11] C:\Program Files\InstallShield Installation Information
[01/06/2007|09:30] C:\Program Files\Intel
[16/10/2008|15:59] C:\Program Files\Internet Explorer
[01/06/2007|09:29] C:\Program Files\Java
[01/06/2007|09:36] C:\Program Files\ltmoh
[07/07/2008|22:41] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[02/11/2006|13:42] C:\Program Files\Movie Maker
[02/11/2006|13:37] C:\Program Files\MSBuild
[02/11/2006|13:37] C:\Program Files\MSN
[01/06/2007|09:02] C:\Program Files\MSXML 4.0
[30/06/2008|11:12] C:\Program Files\MySpace
[28/10/2008|20:54] C:\Program Files\PokerStars
[17/07/2008|10:48] C:\Program Files\Real
[01/06/2007|09:52] C:\Program Files\Realtek
[14/11/2008|11:20] C:\Program Files\Red Kings Poker
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[13/11/2008|16:00] C:\Program Files\Simulateur de conduite 3D Demo
[14/11/2008|11:39] C:\Program Files\Sony Ericsson
[01/06/2007|09:37] C:\Program Files\Synaptics
[13/11/2008|22:06] C:\Program Files\ThriXXX
[01/06/2007|11:03] C:\Program Files\TOSHIBA
[14/11/2008|11:47] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[27/06/2008|22:35] C:\Program Files\VideoLAN
[08/07/2008|02:48] C:\Program Files\Windows Calendar
[02/11/2006|13:42] C:\Program Files\Windows Collaboration
[01/06/2007|09:26] C:\Program Files\Windows Defender
[02/11/2006|13:42] C:\Program Files\Windows Journal
[27/06/2008|19:54] C:\Program Files\Windows Live
[16/10/2008|15:59] C:\Program Files\Windows Mail
[01/06/2007|09:45] C:\Program Files\Windows Media Components
[08/07/2008|02:48] C:\Program Files\Windows Media Player
[27/06/2008|13:15] C:\Program Files\Windows NT
[02/11/2006|13:42] C:\Program Files\Windows Photo Gallery
[08/07/2008|02:48] C:\Program Files\Windows Sidebar
[17/07/2008|12:18] C:\Program Files\WinRAR
[14/11/2008|11:41] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[27/06/2008|16:43] C:\Program Files\Common Files\Adobe
[01/06/2007|09:46] C:\Program Files\Common Files\InstallShield
[01/06/2007|09:29] C:\Program Files\Common Files\Java
[14/11/2008|11:19] C:\Program Files\Common Files\microsoft shared
[17/07/2008|10:48] C:\Program Files\Common Files\Real
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[30/06/2008|21:42] C:\Program Files\Common Files\Symantec Shared
[08/07/2008|02:48] C:\Program Files\Common Files\System
[14/11/2008|11:38] C:\Program Files\Common Files\Teleca Shared
[01/06/2007|10:00] C:\Program Files\Common Files\Toshiba Shared
[14/11/2008|11:13] C:\Program Files\Common Files\Ulead Systems
[27/06/2008|19:54] C:\Program Files\Common Files\WindowsLiveInstaller
[17/07/2008|10:48] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 52 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 15:12:34
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\virus98\AppData\Local\BingoCafe\ASSETS11\BACKBMPS\QG_Slots_crack_BG.00000310.gif
C:\Users\virus98\AppData\Local\BingoCafe\ASSETS11\BTNBMPS\QG_CrackTheSafe.00000439.gif
C:\Users\virus98\AppData\Roaming\Microsoft\Windows\Cookies\Low\virus98@gogocracks.ifrance[2].txt
C:\Users\virus98\Downloads\eMule\Incoming\(pcgame xxx) 3D-Sex.Villa [ThriXXX] + Crack [Adult-Game].rar
C:\Users\virus98\Downloads\eMule\Incoming\3D sex villa password and username (full game crack).txt


[F:97][D:7]-> C:\Users\virus98\AppData\Local\Temp
[F:1701][D:1]-> C:\Users\virus98\AppData\Roaming\MICROS~1\Windows\Cookies
[F:269][D:4]-> C:\Users\virus98\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:6][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 14/11/2008|14:56 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 14/11/2008|15:13 - Option : [2]

--------------------\\ Fin du rapport a 15:13:57
[ UAC => 1 ]
0
cbs77380 > cbs77380
 
ok et la je viens de supprimer les cracks donc l'ordi et correct maintenant ?
0
Réponse 4 / 10
J_O_J_O Messages postés 1730 Statut Membre 92
 
de rien^^ fait ceci ::: oui .. Télécharge et installe Malwarebyte's Anti-Malware:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

*met le a jours !!
*redémarre en mode sans échec ! (tapote la touche f8 ou f5 au démarrage du pc et choisi ta session habituel)
*ouvre malwaresbyte's ! et scan avec (execute un scan complet !)
*a la fin tout ce qui trouvera tu supprimera :)
*a la fin un rapport sera généré garde le et poste le ici

*Télécharge et installe CCleaner https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html ( à l'installation, pense à DÉCOCHER l'installation de Yahoo toolbar !!!).

*Lance CCleaner
Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Relance le nettoyage une deuxième fois.

*Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

*(garde ce logiciel et utilise le régulièrement).
0
cbs77380 Messages postés 7 Statut Membre
 
rapport malwarebytes

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1397
Windows 6.0.6000

14/11/2008 19:27:24
mbam-log-2008-11-14 (19-27-24).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 158969
Temps écoulé: 26 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} (Adware.ISTBar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
cbs77380 Messages postés 7 Statut Membre > cbs77380 Messages postés 7 Statut Membre
 
ccleaner je pensse que mai,tenant c'est bon si oui bah merci beaucoup pour ton aide :)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
J_O_J_O Messages postés 1730 Statut Membre 92
 
;) Voila qui est fait poste un nouveau rapport hijackthis stp ... et ensuite sa sera fini ^^
0
cbs
 
voila le rapport et c'est le bon :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:14, on 14/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Setup] "C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Betway\Casino\casinogame.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Betway\Poker\MPPoker.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\virus98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Crazy Vegas Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\crazyvegasMPP\MPPoker.exe (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
0
Réponse 6 / 10
dine77380
 
UP
0
Réponse 7 / 10
J_O_J_O Messages postés 1730 Statut Membre 92
 
Rebonjour :) la tu ma posté le meme hijackthis .. (tu ma fait galérer 10min à comprendre pk y'avais tjr l'infection lop xD) donc réouvre hijack fait un scan et poste le rapport stp !
0
cbs77380
 
desolé voici le dernier

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:14, on 14/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Setup] "C:\Windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe" /startup
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Betway\Casino\casinogame.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Betway\Poker\MPPoker.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\virus98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Crazy Vegas Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\crazyvegasMPP\MPPoker.exe (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
0
cbs77380
 
bizarre j'ai encore l'impression c le meme pourtant je viens de refaire le scan
0
Réponse 8 / 10
J_O_J_O Messages postés 1730 Statut Membre 92
 
mdr ! nan c'est pas le bon ! supprime tous t'es rapports hjt ! Et relance hijackthis la premiere option (le bloc note s'ouvre fait un copider coller ici !
0
cbs77380 Messages postés 7 Statut Membre
 
j'ai du desinstaller et reinstaller car sa marchais plus bizarre mais bon voici le DERNIER lol




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:03, on 15/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Betway\Casino\casinogame.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Betway\Poker\MPPoker.exe
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - https://www.ebay.fr (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - https://www.amazon.fr/exec/obidos/subst/home/home.html/262-6263521-6325360?_encoding=UTF8&link_code=hom&tag=Toshibafrbholink-21 (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\virus98\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Crazy Vegas Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\crazyvegasMPP\MPPoker.exe (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
0
Réponse 9 / 10
dine77380
 
uo
0
Réponse 10 / 10
J_O_J_O Messages postés 1730 Statut Membre 92
 
^^ merci :: fait ceci ::: teélacharge navilog ! : http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm

*ferme tout t'es programmes désactive ton antivirus..
*désactive l'UAC si c'est pas déjà fait ..
*ouvre navilog .. fait l'option 1 stp !
*poste la rapport navilog ici .
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses