infecté par srosa

[oGu]

non ya pas de google toolbar :

 

Si, il y avait des BHO dans le précédent rapport, et là il reste le service !

 

As-tu au moins "fixé" les lignes avec HijackThis?

 

Termine la procédure pour supprimer le service Google (celui intitulé gusvc) comme indiqué dans mon post précédent, puis viens me faire signe quand tu auras terminé.

 

Bon travail !

 

Ogu

[talkbox70]

voici le rapport hijackthis :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:48:56, on 13/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E9F2B50-DF18-4AE5-9E85-5DA1DD46FDB5}: NameServer = 81.22.90.29 82.101.136.29

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 6838 bytes

[oGu]

TOOLBAR SD

• Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
  ! Ne ferme pas la fenêtre lors de la suppression !
  Un rapport sera généré, poste son contenu ici.
   
  NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
  Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
  Tape explorer puis valide.
  

 

 

OTMOVEIT2

• Double clique sur OTMoveIt2.exe
  
• Sélectionne et copie les lignes ci-dessous
   

  C:\WINDOWS\system32\drivers\downld

   
   
  
• Dans OTMoveIt, fais un clic droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis "coller".
  
• Clic sur le bouton rouge MoveIt
  
• Si un fichier ou un dossier ne peut être déplacé immédiatement, il te sera demander de redémarrer ta machine pour finir l'exécution: si c'est le cas, clique sur "Yes"
  
• Copie et colle le rapport qu'il va te générer (il se trouve dans ce dossier : C:\_OTMoveIt\MovedFiles)
  

Modifié le 13 septembre 2008 par oGu

[talkbox70]

rapport toolbarSD :

 

 

 

-----------\\ ToolBar S&D 1.1.8 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.06GHz )

BIOS : Award Modular BIOS v6.00PG

USER : talkbox ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 080913-0] 4.8.1229 (Activated)

 

"C:\ToolBar SD" ( MAJ : 07-09-2008|12:20 )

Option : [2] ( 13/09/2008|23:11 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\Program Files\AskSBar\bar

Supprime! - C:\DOCUME~1\talkbox\Cookies\talkbox@rapidlibrary.powered-by.zango[1].txt

Supprime! - C:\Program Files\AskSBar

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="about:blank"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

C:\WINDOWS\system32\drivers\downld

==> BAGLE <==

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\talkbox\Bureau\Canopus.GrassValley.ProCoder.3.00.50\Crack

C:\DOCUME~1\talkbox\Bureau\Canopus.GrassValley.ProCoder.3.00.50\Crack\Setup.exe

C:\DOCUME~1\talkbox\Bureau\Canopus.GrassValley.ProCoder.3.00.50\Crack\_crk.txt

C:\DOCUME~1\talkbox\Bureau\torrents\applications\[[Demonoid.com]]-Alcohol_120_v1_9_7_Crack_5342698.3056.torrent

C:\DOCUME~1\talkbox\Favoris\jeux\Cracks P.url

C:\DOCUME~1\talkbox\Recent\Sonic Scenarist 3.0.0.96484 Professional with AC3 Encoder (full version)--- NO CRACK NEEDED.lnk

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 12/09/2008|18:49 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 13/09/2008|23:12 - Option : [2]

 

-----------\\ Fin du rapport a 23:12:32,90

[talkbox70]

rapport otmoveit2 :

 

C:\WINDOWS\system32\drivers\downld moved successfully.

 

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09132008_231709

 

rapport hijackthis :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:18:32, on 13/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E9F2B50-DF18-4AE5-9E85-5DA1DD46FDB5}: NameServer = 81.22.90.29 82.101.136.29

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 6423 bytes

[oGu]

Salut!

 

On poursuit??

 

 

IE 7

 

Il faut mettre Internet Explorer à jour, tu tournes encore avec la version 6 qui est le plus mauvais navigateur de la création au niveau sécuritaire!

Et ce, même si tu utilises Firefox, car certains logiciels utilisent encore IE (par xemple Windows Media Player), et les mises à jour XP se font via IE.

 

Pourquoi mettre à jour Internet Explorer (par Malekal)

 

Télécharge IE7 en cliquant sur l'image, puis installe-le:

 

 

 

 

 

 

 

Comme tu l'as signalé,[/b]Avast! est dépassé en ce moment (la preuve: il a attendu que le virus se soit installé sur ton PC avant de te prévenir, et il est incapable de le supprimer...), et nous avons l'habitude ici de le faire supprimer pour le remplacer par deux freewares d'excellente facture: Antivir (en anglais) ou AVG (en français). Pour t'en convaincre lis ce comparatif:

 

http://forum.malekal.com/viewtopic.php?f=45&t=11659

 

 

DESINSTALLER AVAST!

• Télécharge aswClear.exe sur ton bureau en cliquant sur cette image:
  
  
  
• Dans les réglages d'Avast! (à partir de la boule bleue en bas à droite), coche l'option "Désactiver le module self-defense d'avast!"
   
  
   
   
  
• Lance ensuite aswClear avec un double-clic
  
• Clique sur Uninstall
  
• Fais redémarrer l' ordinateur
  
• Efface aswClear.exe
  

 

 

INSTALLER ANTIVIR

 

 

• Télécharge Antivir en cliquant sur l'image:
   
  
   
  
• Installe-le
  
• Configure-le en suivant le tuto de Falkra
  

 

 

 

 

 

SCAN ANTIVIR

 

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Fais redémarrer ton ordinateur
  
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  
• Choisis ton compte habituel
  
• Connecte tes clés USB et disques externes.
  
• Puis lance un scan Antivir et supprime tout ce qu'il te trouve.
  
• Poste le rapport qu'Antivir va générer
  

 

Paramètre Antivir comme suit:

• Clique droit sur le parapluie->Configure
  
• Clique sur Expert mode->Scan:
  
• Là, coche:
  • All files
    
  • Additionnal Settings:tout cocher
    Clic sur scan +
    Action for concerning files:
    Cocher
    copie file to quarantine before action
    Primary action...................: repair => au cas ou ce serait un fichier système corrompu
    Secondary action.................: delete => s'il y a détection, autant supprimer. une sauvegarde sera dans la quarantaine
    

[talkbox70]

rapport antivir avira :

 

 

 

Avira AntiVir Personal

Report file date: lundi 15 septembre 2008 00:18

 

Scanning for 1613566 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: OBL-BCD5457F0A5

 

Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15

ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 22:12:21

ANTIVIR3.VDF : 7.0.6.155 18944 Bytes 14/09/2008 22:12:22

Engineversion : 8.1.1.28

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.70 319866 Bytes 14/09/2008 22:12:35

AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49

AERDL.DLL : 8.1.1.1 397683 Bytes 14/09/2008 22:12:33

AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35

AEOFFICE.DLL : 8.1.0.23 196987 Bytes 14/09/2008 22:12:31

AEHEUR.DLL : 8.1.0.51 1397111 Bytes 14/09/2008 22:12:30

AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48

AEGEN.DLL : 8.1.0.36 315764 Bytes 14/09/2008 22:12:25

AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21

AECORE.DLL : 8.1.1.11 172406 Bytes 14/09/2008 22:12:23

AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 14/09/2008 22:12:22

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:, E:, F:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 15 septembre 2008 00:18

 

Starting search for hidden objects.

'40001' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wscntfy.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned

Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned

Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned

Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'NBService.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'dslmon.exe' - '1' Module(s) have been scanned

Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned

Scan process 'PNXSERVR.exe' - '1' Module(s) have been scanned

Scan process 'winampa.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

36 processes with 36 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '54' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\talkbox\Local Settings\Temporary Internet Files\Content.IE5\MTWRUTOH\forum[1].htm

[DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus

[NOTE] A backup was created as '493f8f11.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b031dfa.qua' ( QUARANTINE )

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <VIDEO>

D:\outils DVD\nouveau pack de soft pour 2 en 1\ADOBE\adobe AFTER EFFECTS CS3\Crack\Keygen After Effects CS3\Keygen After Effects CS3.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.584 back-door program

[NOTE] A backup was created as '494692e6.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b7a1827.qua' ( QUARANTINE )

D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\Canopus.Procoder.3.05.06\Canopus.Procoder.3.05.06\Crack.exe

[DETECTION] Contains recognition pattern of the DR/Agent.xjc.30 dropper

[NOTE] A backup was created as '492e9385.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b1518ce.qua' ( QUARANTINE )

D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\DVD Remake Pro 3.4.1&3.5.3\DVD Remake Pro 3.5.3\DvdReMake Pro 3.5.3 Full.rar

[0] Archive type: RAR

--> ReMakeBUCKY\DvdReMake Pro.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon3.AROS back-door program

[NOTE] A backup was created as '4931938b.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b0a10ac.qua' ( QUARANTINE )

D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\DVDMaestro 2.9.2915a + Manual + Cinemaster Codec [DVD] [DVD] [DVD]\sx32w2.dll

[DETECTION] Is the TR/Agent.15872.A Trojan

[NOTE] A backup was created as '4900938f.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b3ae810.qua' ( QUARANTINE )

D:\System Volume Information\_restore{01C6FEE7-E7DF-4613-B945-F14C0AB6B809}\RP9\A0000519.exe

[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm

[NOTE] A backup was created as '48fd936b.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4ac4ef64.qua' ( QUARANTINE )

Begin scan in 'E:\' <UTILITAIRES & DIVERS>

E:\important save\PROJET KHEIMA\Ciel.Business.Plan.2006.v7.0.2.0.(DEMO+crack)\Ciel[1].Business.Plan.2006.v7.0.2.0.french_CRK-FFF\CracK-FFF.exe

[DETECTION] Contains HEUR/Crypted suspicious code

[NOTE] A backup was created as '492e93e7.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b14e868.qua' ( QUARANTINE )

E:\numerique\August_26,Tools_x550_650_3100_3200_3500\HTMLDOWN.dll

[DETECTION] Contains HEUR/Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] A backup was created as '491a93d3.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b22e7bc.qua' ( QUARANTINE )

E:\numerique\starsat sr 150\tools+for+starsat\tools for statsat\StarSatTool 550 650 3300 ( Transponder Updater ).rar

[0] Archive type: RAR

--> HTMLDOWN.dll

[DETECTION] Contains HEUR/Malware suspicious code

[NOTE] A backup was created as '492e9404.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b1417ad.qua' ( QUARANTINE )

E:\numerique\starsat sr 150\tools+for+starsat\tools for statsat\StarSatTool 550 650 3300 ( Transponder Updater )\HTMLDOWN.dll

[DETECTION] Contains HEUR/Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] A backup was created as '491a93e5.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b2110c6.qua' ( QUARANTINE )

E:\System Volume Information\_restore{01C6FEE7-E7DF-4613-B945-F14C0AB6B809}\RP21\A0003901.exe

[DETECTION] Is the TR/Dldr.Harnig.BE Trojan

[NOTE] A backup was created as '48fd9425.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4ac4e82e.qua' ( QUARANTINE )

E:\System Volume Information\_restore{01C6FEE7-E7DF-4613-B945-F14C0AB6B809}\RP8\A0000345.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '49936d9e.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '48fd9427.qua' ( QUARANTINE )

E:\utilitaire\utilitaires dvd\3D Button Creator Gold v1.0.InclCxRxK@ker-DES\keygen.exe

[DETECTION] Is the TR/Crypt.XDR.Gen Trojan

[NOTE] A backup was created as '49469494.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b7fe89d.qua' ( QUARANTINE )

E:\utilitaire\utilitaires dvd\Dvd Maestro 2.9.15 A Final\DVD Maestro 2.9.15.a FINAL\sx32w2.dll

[DETECTION] Is the TR/Agent.15872.A Trojan

[NOTE] A backup was created as '490094b2.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b3a171b.qua' ( QUARANTINE )

E:\utilitaire\utilitaires dvd\Dvd Maestro 2.9.15 A Final\DVD Maestro 2.9.15.a FINAL\CRACK\sxx.dll

[DETECTION] Is the TR/Agent.15872.B Trojan

[NOTE] A backup was created as '494594b2.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b7e1ffb.qua' ( QUARANTINE )

E:\utilitaire\utilitaires dvd\nouveaux logiciels video\ImgBurn_1.0.0.0_Fr.exe

[DETECTION] Is the TR/Ransom.A.5 Trojan

[NOTE] A backup was created as '493494aa.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b0de8a3.qua' ( QUARANTINE )

E:\utilitaire\utilitaires dvd\Slysoft la total\Slysoft la total\Clone CD 5.2.6.1 fr + patch\CloneCD.patch.exe

[DETECTION] Is the TR/Agent.76288.C Trojan

[NOTE] A backup was created as '493c94b7.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b071ff0.qua' ( QUARANTINE )

E:\utilitaire\utilitaires music\acid pro 4 + crack+patch fr\r-ap40fn.zip

[0] Archive type: ZIP

--> keygen.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] A backup was created as '492e94d1.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b17e8da.qua' ( QUARANTINE )

Begin scan in 'F:\' <R&B / HOUSE>

 

 

End of the scan: lundi 15 septembre 2008 00:56

Used time: 37:21 Minute(s)

 

The scan has been done completely.

 

9283 Scanning directories

233528 Files were scanned

14 viruses and/or unwanted programs were found

4 Files were classified as suspicious:

0 files were deleted

0 files were repaired

36 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

233508 Files not concerned

5545 Archives were scanned

2 Warnings

18 Notes

40001 Objects were scanned with rootkit scan

0 Hidden objects were found

[oGu]

Re!

 

Tu vois, tu avais de très nombreux virus présents dans des cracks, keygens, patches...J'en ai fait la liste:

 

D:\outils DVD\nouveau pack de soft pour 2 en 1\ADOBE\adobe AFTER EFFECTS CS3\Crack\Keygen After Effects CS3\Keygen After Effects CS3.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.584 back-door program

 

 

D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\Canopus.Procoder.3.05.06\Canopus.Procoder.3.05.06\Crack.exe

[DETECTION] Contains recognition pattern of the DR/Agent.xjc.30 dropper

 

 

 

D:\outils DVD\nouveau pack de soft pour 2 en 1\authoring\DVD Remake Pro 3.4.1&3.5.3\DVD Remake Pro 3.5.3\DvdReMake Pro 3.5.3 Full.rar

[0] Archive type: RAR

--> ReMakeBUCKY\DvdReMake Pro.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon3.AROS back-door program

 

 

 

 

E:\important save\PROJET KHEIMA\Ciel.Business.Plan.2006.v7.0.2.0.(DEMO+crack)\Ciel[1].Business.Plan.2006.v7.0.2.0.french_CRK-FFF\CracK-FFF.exe

[DETECTION] Contains HEUR/Crypted suspicious code

 

 

 

E:\utilitaire\utilitaires dvd\3D Button Creator Gold v1.0.InclCxRxK@ker-DES\keygen.exe

[DETECTION] Is the TR/Crypt.XDR.Gen Trojan

 

 

E:\utilitaire\utilitaires dvd\Dvd Maestro 2.9.15 A Final\DVD Maestro 2.9.15.a FINAL\sx32w2.dll

[DETECTION] Is the TR/Agent.15872.A Trojan

E:\utilitaire\utilitaires dvd\Dvd Maestro 2.9.15 A Final\DVD Maestro 2.9.15.a FINAL\CRACK\sxx.dll

[DETECTION] Is the TR/Agent.15872.B Trojan

 

 

E:\utilitaire\utilitaires dvd\Slysoft la total\Slysoft la total\Clone CD 5.2.6.1 fr + patch\CloneCD.patch.exe

[DETECTION] Is the TR/Agent.76288.C Trojan

 

 

E:\utilitaire\utilitaires music\acid pro 4 + crack+patch fr\r-ap40fn.zip

[0] Archive type: ZIP

--> keygen.exe

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

 

 

 

Je t'ai mis en rouge le nom du programme, en gras le type de crack, en vert le type de virus: des trojan, des backdoors, des fichiers cryptés, des droppers (+ le bagle qu'on a assassiné): la totale quoi! Loin de moi l'idée de faire de la morale anti-crack, c'est simplement que ces trucs-là sont des virus...Pour info, le backdoor permet une prise à distance de ton PC, les trojans sont des programmes malicieux cachés dans un autre programme et qui ouvrent des portes d'accès à ton PC exploitées par les pirates, les droppers enfin se chargent de télécharger des virus pour les installer à ton insu...

 

Il va sans dire que les logiciels que tu as crackés avec ces patches sont probablement piégés et infectés à leur tour: si j'étais toi je les désinstallerais au plus vite! Sinon tu t'exposes à de nouvelles infections, ou bien à la prise à distance de ta machine...

 

En voici la liste:

• Acid Pro
  
• Clone CD
  
• DVD Maestro
  
• 3D Button Creator
  
• DVD Remake
  
• Ciel Business Plan
  
• Canopus Reader
  
• Adobe CS3
  

 

Tu devrais pouvoir trouver des équivalents en gratuit, freewares, et softs open-source: jette un oei lici:

 

http://fr.wikipedia.org/wiki/Alternatives_...pri%C3%A9taires

 

 

 

-----------------------------------------------------------------------------------------------------------------------

 

 

Une fois les logiciels pré-cités désinstallés, il faut continuer le nettoyage:

 

 

NETTOYER LES POINTS DE RESTAURATION

• Aller dans le menu "Démarrer"
  
• Cliquer droit sur l'icone "Poste de travail"
  
• Dans l'onglet "Restauration du système", sélectionner "Désactiver la Restauration du système sur tous les lecteurs".
  
• Cliquer sur "Appliquer."
  
• Lorsque le message de confirmation apparaît, cliquer sur "Oui"
  
  
• Cliquer enfin sur "OK".
  
• Redémarrer
  
• Puis:
  
• Aller dans le menu "Démarrer"
  
• Cliquer droit sur l'icone "Poste de travail"
  
• Dans l'onglet "Restauration du système", décocher la case "Désactiver la Restauration du système sur tous les lecteurs".
  
• Cliquer sur "Appliquer."
  
• Lorsque le message de confirmation apparaît, cliquer sur "Oui"
  
  
• Cliquer enfin sur "OK".
  

 

 

 

 

EWIDO

Télécharge Ewido Micro-Scanner sur ton bureau en cliquant sur cette image:

 

 

• Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  
• Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  
• Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  
• Connecte tes clés USB et disques externes.
  
• Clique sur Start Scan et laisse l'outil travailler.
  
• Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
  
• Poste le dans ta prochaine réponse.
  

• Nb, ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.
  

 

 

 

MALWAREBYTES ' ANTI-MALWARE (MBAM)

 

Télécharge Malwarebytes' Anti-Malware en cliquant sur cette image:

 

 

• Installe-le puis lance-le
  
• Connecte tes clés USB et disques externes.
  
• Dans l'onglet "mise à jour", cliquer sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rend-toi dans l'onglet "Recherche"
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• Le scan se lance
  
• A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur "OK" pour poursuivre:
  
  

• Ferme tes navigateurs et clique en bas sur "Afficher les résultats"
  
• Si des malwares ont été détectés, leur liste s'affiche.
  En cliquant sur "Supprimer la sélection" , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine:
  
  

• MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le
  

 

 

 

HIJACKTHIS

 

Poste un nouveau rapport s'il te plaît! On a bientôt terminé^^!

Modifié le 15 septembre 2008 par oGu

[talkbox70]

voici le rapport EWIDO :

 

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: TrackingCookie.247realmedia

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@247realmedia[2].txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@2o7[1].txt

Risk: Medium

 

Name: TrackingCookie.Adition

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ad.adition[2].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ad.yieldmanager[2].txt

Risk: Medium

 

Name: TrackingCookie.Clickhype

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ad1.clickhype[1].txt

Risk: Medium

 

Name: TrackingCookie.Adbrite

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adbrite[2].txt

Risk: Medium

 

Name: TrackingCookie.Euroclick

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adopt.euroclick[2].txt

Risk: Medium

 

Name: TrackingCookie.Adrevolver

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adrevolver[3].txt

Risk: Medium

 

Name: TrackingCookie.Pointroll

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ads.pointroll[1].txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adtech[2].txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@advertising[1].txt

Risk: Medium

 

Name: TrackingCookie.Adviva

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@adviva[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@aimfar.solution.weborama[1].txt

Risk: Medium

 

Name: TrackingCookie.Atdmt

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@atdmt[2].txt

Risk: Medium

 

Name: TrackingCookie.Msn

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@auto.search.msn[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@banquepopulaire.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Bluestreak

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@bluestreak[1].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@bs.serving-sys[2].txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@casalemedia[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@cetelem.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Xhit

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@count.xhit[1].txt

Risk: Medium

 

Name: TrackingCookie.Doubleclick

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@doubleclick[1].txt

Risk: Medium

 

Name: TrackingCookie.Adrevolver

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@dynamic.media.adrevolver[1].txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ehg-cardomain.hitbox[1].txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ehg-fifa.hitbox[2].txt

Risk: Medium

 

Name: TrackingCookie.Estat

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@estat[1].txt

Risk: Medium

 

Name: TrackingCookie.Fastclick

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@fastclick[1].txt

Risk: Medium

 

Name: TrackingCookie.Comclick

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@fl01.ct2.comclick[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@fnacmagasin.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@guigoz.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@himedia.112.2o7[1].txt

Risk: Medium

 

Name: TrackingCookie.Gemius

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@hit.gemius[2].txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@hitbox[2].txt

Risk: Medium

 

Name: TrackingCookie.Hotlog

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@hotlog[1].txt

Risk: Medium

 

Name: TrackingCookie.Webtrends

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@m.webtrends[2].txt

Risk: Medium

 

Name: TrackingCookie.Adrevolver

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@media.adrevolver[1].txt

Risk: Medium

 

Name: TrackingCookie.Mediaplex

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@mediaplex[1].txt

Risk: Medium

 

Name: TrackingCookie.Overture

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@overture[1].txt

Risk: Medium

 

Name: TrackingCookie.Overture

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@perf.overture[1].txt

Risk: Medium

 

Name: TrackingCookie.Questionmarket

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@questionmarket[2].txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@revsci[1].txt

Risk: Medium

 

Name: TrackingCookie.Adjuggler

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@rotator.adjuggler[1].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@samsung.solution.weborama[2].txt

Risk: Medium

 

Name: TrackingCookie.Liveperson

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@server.iad.liveperson[1].txt

Risk: Medium

 

Name: TrackingCookie.Serving-sys

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@serving-sys[1].txt

Risk: Medium

 

Name: TrackingCookie.Smartadserver

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@smartadserver[2].txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@sonyeurope.112.2o7[1].txt

Risk: Medium

 

Name: TrackingCookie.Spylog

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@spylog[1].txt

Risk: Medium

 

Name: TrackingCookie.Netflame

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@ssl-hints.netflame[1].txt

Risk: Medium

 

Name: TrackingCookie.Dealtime

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@stat.dealtime[2].txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@statcounter[2].txt

Risk: Medium

 

Name: TrackingCookie.Statistik-gallup

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@statistik-gallup[1].txt

Risk: Medium

 

Name: TrackingCookie.Tacoda

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@tacoda[1].txt

Risk: Medium

 

Name: TrackingCookie.Tradedoubler

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@tradedoubler[1].txt

Risk: Medium

 

Name: TrackingCookie.Trafficmp

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@trafficmp[2].txt

Risk: Medium

 

Name: TrackingCookie.Tribalfusion

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@tribalfusion[2].txt

Risk: Medium

 

Name: TrackingCookie.Weborama

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@weborama[1].txt

Risk: Medium

 

Name: TrackingCookie.Yadro

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@yadro[2].txt

Risk: Medium

 

Name: TrackingCookie.Zedo

Path: C:\Documents and Settings\talkbox\Cookies\talkbox@zedo[2].txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: C:\QooBox\Quarantine\C\Documents and Settings\talkbox\Cookies\talkbox@ad.yieldmanager[2].txt.vir

Risk: Medium

 

Name: TrackingCookie.Bluestreak

Path: C:\QooBox\Quarantine\C\Documents and Settings\talkbox\Cookies\talkbox@bluestreak[2].txt.vir

Risk: Medium

 

 

 

rapport malwarebytes :

 

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1158

Windows 5.1.2600 Service Pack 2

 

16/09/2008 00:49:56

mbam-log-2008-09-16 (00-49-56).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)

Eléments examinés: 139563

Temps écoulé: 49 minute(s), 40 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 6

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\talkbox\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.

E:\utilitaire\utilitaires dvd\Sony Vegas 7 + DVD Architect 4\DVD Architect 4.0.125\Sony DVD Architect v4.0 Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

E:\utilitaire\utilitaires dvd\Sony Vegas 7 + DVD Architect 4\Vegas 7.0a\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

E:\utilitaire\utilitaires music\SoundForge 8 + patch FR + Keygen + Noise Reduction\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

E:\utilitaire\utilitaires music\Sony.ACID.Pro.v6.0.Incl.Keygen-SSG\keygen\keygen\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

E:\utilitaire\utilitaires music\Sony.Sound.Forge.v8.0b.Incl.Keygen-SSG\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

 

 

rapport hijackthis :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:52:06, on 16/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions

O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E9F2B50-DF18-4AE5-9E85-5DA1DD46FDB5}: NameServer = 81.22.90.29 82.101.136.29

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 7042 bytes

Modifié le 15 septembre 2008 par talkbox70

[oGu]

Re!

 

Malwarebyte's a détecté de nouveaux cracks infectieux, Ewido n'a mis à jour que des cookies traceurs sans danger: on va quand même s'en débarasser:

 

 

EWIDO

 

• Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  
• Connecte éventuellement tes clés USB et disques externes.
  
• Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  
• Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  
• Clique sur Start Scan et laisse l'outil travailler.
  
• Quand l'outil à fini, FERME TES NAVIGATEURS puis clique sur Remove infections
  

 

 

Je note aussi qu'il reste au démarrage un logiciel cracké (si j'en crois les cracks dont tu disposais):

 

C:\Program Files\Fichiers communs\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe

 

Si j'étais toi je le désinstallerai au plus vite, on ne sait jamais vraiment l'activité que mène un crack, surtout si ce logiciel se connecte.

 

 

Quand tu auras terminé tout ça, ta désinfection en tant que telle sera terminée: notes-tu encore des dysfonctionnements, alertes etc...??

 

Si tu le souhaites, on pourra terminer ensuite avec une sécurisation de ta machine.

 

A suivre!