Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Virus virtumonde, pc ralentit :(

jcarine

Par jcarine
dans Analyses et éradication malwares

 Partager

Messages recommandés

jcarine Member

jcarine

Posté(e)
  • Auteur
Posté(e)

jE METS Déjà les 2 rapports que j'ai:

VUNDOFIX

 

 

VundoFix V5.1.5

 

Checking Java version...

 

Java version is 1.5.0.6

 

Scan started at 19:22:55 23/07/2006

 

Listing files found while scanning....

 

C:\windows\system32\awtqnkh.dll

C:\windows\system32\vtsrr.dll

C:\windows\system32\rrstv.ini

C:\windows\system32\rrstv.bak1

C:\windows\system32\rrstv.bak2

C:\windows\system32\rrstv.ini2

C:\windows\system32\rrstv.tmp

C:\WINDOWS\system32\Drivers\DP.sys

 

Beginning removal...

 

The process smss.exe could not be stopped

Vundofix may not be able to delete some files that were found.

 

The process winlogon.exe could not be stopped

Vundofix may not be able to delete some files that were found.

 

The process explorer.exe was successfully stopped

 

The process iexplore.exe was successfully stopped

 

The process rundll32.exe was successfully stopped

 

Attempting to delete C:\windows\system32\awtqnkh.dll

C:\windows\system32\awtqnkh.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\vtsrr.dll

C:\windows\system32\vtsrr.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\rrstv.ini

C:\windows\system32\rrstv.ini Has been deleted!

 

Attempting to delete C:\windows\system32\rrstv.bak1

C:\windows\system32\rrstv.bak1 Has been deleted!

 

Attempting to delete C:\windows\system32\rrstv.bak2

C:\windows\system32\rrstv.bak2 Has been deleted!

 

Attempting to delete C:\windows\system32\rrstv.ini2

C:\windows\system32\rrstv.ini2 Has been deleted!

 

Attempting to delete C:\windows\system32\rrstv.tmp

C:\windows\system32\rrstv.tmp Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\Drivers\DP.sys

C:\WINDOWS\system32\Drivers\DP.sys Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

POUR CLEAN c'est bizarre, je n'ai que ça:

 

cript clean par Malekal_morte - http://www.malekal.com

 

*** SUPPRESSION DES FICHIERS

 

 

 

*** Suppressions de trojans/vers sur...

Lien vers le commentaire
Partager sur d’autres sites

jcarine Member

jcarine

Posté(e)
  • Auteur
Posté(e)

Le rapport Kapersky, pas génial du tout :P:

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, July 24, 2006 6:32:00 AM

Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 24/07/2006

Kaspersky Anti-Virus database records: 196888

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

 

Scan Statistics:

Total number of scanned objects: 95597

Number of viruses found: 14

Number of infected objects: 38 / 0

Number of suspicious objects: 10

Duration of the scan process: 06:20:43

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\jj\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\jj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\jj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\jj\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jj\Local Settings\Historique\History.IE5\MSHist012006072420060725\index.dat Object is locked skipped

C:\Documents and Settings\jj\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\jj\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\jj\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3ETRADC6\dfndrac_6[2].exe Infected: Trojan-Clicker.Win32.VB.nh skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe/data0010 Infected: Trojan.Win32.Zapchast.bl skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe/data0011/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe/data0011 Infected: Trojan-Dropper.Win32.VB.mz skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PYLQ174M\Mendoza1[1].exe NSIS: infected - 4 skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\ESET\infected\2LCYCCAA.NQF Infected: Trojan-Downloader.Win32.Adload.cu skipped

C:\Program Files\ESET\infected\3YA4BJDA.NQF Infected: Trojan-Downloader.Win32.Adload.cu skipped

C:\Program Files\ESET\infected\5IVY41AA.NQF/data.rar/drxvp.exe Suspicious: Packed.Win32.CryptExe skipped

C:\Program Files\ESET\infected\5IVY41AA.NQF/data.rar Suspicious: Packed.Win32.CryptExe skipped

C:\Program Files\ESET\infected\5IVY41AA.NQF RarSFX: suspicious - 2 skipped

C:\Program Files\ESET\infected\5IVY41AA.NQF PE-Crypt.XorPE: suspicious - 2 skipped

C:\Program Files\ESET\infected\BRZ0DCBA.NQF Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\Program Files\ESET\infected\GKNKGWDA.NQF Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\Program Files\ESET\infected\HW0DK0DA.NQF Infected: Trojan-Downloader.Win32.Adload.cu skipped

C:\Program Files\ESET\infected\QLJ154BA.NQF Infected: Trojan-Clicker.Win32.VB.nh skipped

C:\Program Files\ESET\infected\RRNXZLCA.NQF Infected: Trojan-Downloader.Win32.Adload.db skipped

C:\Program Files\ESET\infected\SPDJ22AA.NQF Infected: Trojan-Downloader.Win32.Adload.cy skipped

C:\Program Files\ESET\infected\YEBZSTDA.NQF Infected: Trojan-Clicker.Win32.VB.nh skipped

C:\Program Files\ESET\infected\YIQCGTDA.NQF Infected: Trojan-Clicker.Win32.VB.nh skipped

C:\VundoFix Backups\DP.sys Infected: Trojan.Win32.Agent.ny skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd1005.sys Object is locked skipped

C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Deutsch\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Deutsch\trembler.exe RAR: infected - 1 skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\English\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\English\trembler.exe RAR: infected - 1 skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Español\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Español\trembler.exe RAR: infected - 1 skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Français\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Français\trembler.exe RAR: infected - 1 skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Italiano\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Italiano\trembler.exe RAR: infected - 1 skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Nederlands\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Nederlands\trembler.exe RAR: infected - 1 skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\Photos clara morgane, irina voronina, titia\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\Photos clara morgane, irina voronina, titia\trembler.exe RAR: infected - 1 skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\trembler.exe/trembler.exe Infected: not-virus:BadJoke.Win32.Trembler skipped

G:\EA Sports\LFP Manager 06\CRACK LFP MANAGER 2006 (MULTILANGUAGE VERSION)(RUN)\Portugeses\trembler.exe RAR: infected - 1 skipped

G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_btackle.png Suspicious: Exploit.Win32.MS05-009 skipped

G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_ftackle.png Suspicious: Exploit.Win32.MS05-009 skipped

G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_lockup.png Suspicious: Exploit.Win32.MS05-009 skipped

G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar/sheet_run.png Suspicious: Exploit.Win32.MS05-009 skipped

G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar/Moto Razr Complete/Games/NFL 2005 [v3 Razr]/NFL 2005 v3.jar Suspicious: Exploit.Win32.MS05-009 skipped

G:\eDonkey2000\incoming\(Motorola) V3 Razr(Apps, Games, Themes, Rings) Complete.rar RAR: suspicious - 5 skipped

G:\eDonkey2000\incoming\[France PC].Playboy the Mansion cracked.rar/setup.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped

G:\eDonkey2000\incoming\[France PC].Playboy the Mansion cracked.rar/setup.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped

G:\eDonkey2000\incoming\[France PC].Playboy the Mansion cracked.rar/setup.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped

G:\eDonkey2000\incoming\[France PC].Playboy the Mansion cracked.rar RAR: infected - 3 skipped

 

Scan process completed.

 

Par contre, je ne sais pas comment les supprimer, Kapersky ne m'en donne pas la possibilité?

Lien vers le commentaire
Partager sur d’autres sites
jcarine Member

jcarine

Posté(e)
  • Auteur
Posté(e)

ENFIN, VOILà LE SCAN HIJACKTHIS:

 

Logfile of HijackThis v1.99.1

Scan saved at 06:41:25, on 24/07/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\jj\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Program Files\Browser PS2 mouse\mouse32a.exe

O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Multimedia keyboard utility\1.3\MMKEYBD.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] G:\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\PROGRA~1\COPERN~1\COPERN~1.EXE" /tray

O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [PcSync] G:\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: BitTorrent.lnk = G:\bittorrent.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZS

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Télécharger en utilisant Download &Express - C:\Program Files\Download Express\Add_Url.htm

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - g:\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (ÌìÏÂËÑË÷) - http://iebar.t2t2.com/iebar.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125047201679

O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www3.photoweb.fr/telechargement/Photoweb_uploader.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125047150094

O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/alien.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/p...ivex/Ephoto.cab

O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://click.mirarsearch.com/FIX/WinATS.cab

O16 - DPF: {A9FD89D6-C839-11D3-B0FE-0050044B8FE9} (OBInstallRunner Control) - http://www.opinionbar.com/download/resourc...tallCabinet.CAB

O16 - DPF: {B3231E01-D1EA-4BF1-B872-CF21619704F3} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/144000s/...ANEL_EUROPE.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.girafoto.fr/XUpload.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\temp\Nvc\BIN\nipsvc.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

O23 - Service: Windows Process Viewer (The Windows Process Viewer) - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

Lien vers le commentaire
Partager sur d’autres sites
Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e)

Redémarre en mode sans échec puis :

vide le contenu de ce dossier : C:\WINDOWS\Downloaded Program Files\

vide le contenu de ce dossier : C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\

Supprime tous les cracks de ce dossier : G:\eDonkey2000\incoming\

 

Redémarre l'ordinateur

 

Télécharge le FixWareout d'un de ces deux sites sur le bureau:

http://downloads.subratam.org/Fixwareout.exe

http://swandog46.geekstogo.com/Fixwareout.exe

 

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.

Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Au final, poste le contenu de C:\fixwareout\report.txt.

 

____

 

On va relancer un coup de VundoFix :

 

- Double-clique VundoFix.exe afin de le lancer.

- Coche Run VundoFix as a task.

- Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok

- Clique sur le bouton Scan for Vundo.

- Lorsque le scan est complété, clique sur le bouton Remove Vundo.

- Une invite te demandera si tu veux supprimer les fichiers, clique YES

- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.

- Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK

- Démarre ton PC à nouveau.

 

____

 

- Télécharge chercher.zip sur ton bureau

- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout

- Un nouveau dossier chercher va être créé

- Ouvre le et double-clic sur chercher.cmd

- Une fenêtre va s'ouvrir, laisse la ouverte et appuie sur une touche quand on te le demande

- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :

-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout

-- A nouveau menu Edition / copier

-- Dans un nouveau message ici, faire un clic droit / coller

Lien vers le commentaire
Partager sur d’autres sites
jcarine Member

jcarine

Posté(e)
  • Auteur
Posté(e)

Ok, donc voilà, pendant que vundofix travaille, le rapport fixwareout:

 

 

Fixwareout ver 1.003

Last edited 07/1/2006

Post this report in the forums please

 

Reg Entries that were deleted

...

 

Microsoft ® Windows Script Host Version 5.6

Random Runs removed from HKLM

...

 

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

Example ipsec6.exe is legitimate

 

»»»»» Search by size and names...

 

»»»»» Misc files

 

»»»»» Checking for older varients covered by the Rem3 tool

 

»»»»»

Search five digit cs, dm and jb files

This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects

Directory of C:\WINDOWS\system32

Lien vers le commentaire
Partager sur d’autres sites
jcarine Member

jcarine

Posté(e)
  • Auteur
Posté(e)

rapport chercher.zip :

 

C:\WINDOWS\System32\rrstv.ini -->24/07/2006 14:53:11

C:\WINDOWS\System32\mcrh.tmp -->24/07/2006 08:23:07

C:\WINDOWS\System32\kdjuyjfw.exe -->24/07/2006 03:54:48

C:\WINDOWS\System32\nvapps.xml -->23/07/2006 23:45:14

C:\WINDOWS\System32\l3mpgnaa.ini -->23/07/2006 12:01:36

C:\WINDOWS\System32\oc5gpg9o.html -->23/07/2006 11:24:44

C:\WINDOWS\System32\imon1.dat -->21/07/2006 23:25:33

C:\WINDOWS\System32\mapisvc.inf -->21/07/2006 00:10:24

C:\WINDOWS\System32\imon.dll -->21/07/2006 00:04:00

C:\WINDOWS\System32\95a48h6d.dat -->20/07/2006 21:34:43

C:\WINDOWS\System32\5s6b1usn.dat -->20/07/2006 21:25:59

C:\WINDOWS\System32\5j9meqgi.dat -->20/07/2006 21:25:39

C:\WINDOWS\System32\awtqnkh.dll -->20/07/2006 20:46:04

C:\WINDOWS\System32\wpa.dbl -->20/07/2006 17:54:54

C:\WINDOWS\System32\__delete_on_reboot__c_b_x_u_s_t_t_._d_l_l_ -->16/07/2006 11:26:38

C:\WINDOWS\System32\vtsrr.dll -->15/07/2006 08:11:54

C:\WINDOWS\System32\TFTP3960 -->06/07/2006 20:23:07

C:\WINDOWS\System32\i -->06/07/2006 19:58:37

C:\WINDOWS\System32\TFTP3216 -->06/07/2006 19:40:14

C:\WINDOWS\System32\TFTP2428 -->06/07/2006 19:18:13

C:\WINDOWS\System32\TFTP1848 -->06/07/2006 19:15:20

C:\WINDOWS\System32\TFTP3220 -->06/07/2006 19:11:41

C:\WINDOWS\System32\CmdLineExt03.dll -->05/07/2006 13:48:53

C:\WINDOWS\System32\l3mpgnaa.exe -->28/06/2006 13:24:04

C:\WINDOWS\System32\smug93g7.dll -->28/06/2006 11:49:50

 

C:\WINDOWS\0.log -->24/07/2006 14:44:54

C:\WINDOWS\ntbtlog.txt -->24/07/2006 14:44:47

C:\WINDOWS\setupapi.log -->24/07/2006 09:14:13

C:\WINDOWS\WindowsUpdate.log -->24/07/2006 07:47:47

C:\WINDOWS\QTFont.qfn -->23/07/2006 23:43:28

C:\WINDOWS\wiadebug.log -->23/07/2006 23:42:28

C:\WINDOWS\wiaservc.log -->23/07/2006 23:42:03

C:\WINDOWS\setupact.log -->23/07/2006 12:51:04

C:\WINDOWS\QTFont.for -->23/07/2006 12:08:09

C:\WINDOWS\dp2_log.txt -->23/07/2006 11:25:57

C:\WINDOWS\SchedLgU.Txt -->23/07/2006 00:21:27

C:\WINDOWS\win.ini -->17/07/2006 15:40:06

C:\WINDOWS\system.ini -->17/07/2006 11:52:41

C:\WINDOWS\keyboard1.dat -->07/07/2006 06:43:54

C:\WINDOWS\VPTNFILE.555 -->07/07/2006 06:08:04

 

 

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 44D2-2E90

 

R‚pertoire de C:\Program Files

 

23/07/2006 19:00 <REP> .

23/07/2006 19:00 <REP> ..

16/03/2006 09:44 <REP> Adobe

17/02/2005 09:14 <REP> Ahead

03/08/2005 09:04 <REP> ArcPad

11/11/2005 12:19 <REP> Astraware

26/10/2005 22:08 <REP> Browser PS2 mouse

18/03/2005 16:11 <REP> Canon

07/07/2006 08:09 <REP> Common Files

19/01/2006 18:37 <REP> ErrorSafe

21/07/2006 09:54 <REP> ESET

03/08/2005 21:04 <REP> ESRI

27/12/2005 14:02 <REP> Every Toolbar 1.1

23/07/2006 14:45 <REP> ewido anti-spyware 4.0

06/04/2005 14:24 <REP> EZFace

29/03/2005 20:00 <REP> fdjeux

06/07/2006 20:00 <REP> Fichiers communs

29/11/2005 16:06 <REP> FunWebProducts

23/03/2005 22:39 <REP> GameSpy Arcade

13/05/2006 08:02 <REP> Google

20/02/2005 15:42 <REP> Grisoft

02/07/2005 22:14 <REP> HbTools

23/03/2006 14:02 <REP> IKEA Home Planner Kitchen

27/04/2005 11:22 <REP> IncrediMail

20/07/2006 22:22 <REP> InetGet2

04/03/2005 20:35 <REP> Internet Explorer

21/03/2005 15:03 <REP> Jasc Software Inc

07/12/2005 18:29 <REP> Java

10/07/2005 11:06 <REP> joystick networks

23/04/2005 18:26 <REP> JVTorrent

28/03/2005 17:52 <REP> LaserMedia

03/08/2005 20:54 <REP> Leica Geosystems

31/05/2006 17:37 <REP> Lexmark X1100 Series

04/10/2005 10:32 <REP> Livecom Plugins

28/01/2006 11:09 <REP> LiveUpdate

28/10/2005 13:32 <REP> Mega Bloc Notes

10/03/2005 09:33 <REP> Messenger

18/04/2006 11:51 <REP> MessengerPlus! 3

14/07/2006 16:14 <REP> Micro Application

16/02/2005 17:58 <REP> microsoft frontpage

10/09/2005 19:07 <REP> Microsoft GIF Animator

20/02/2005 16:31 <REP> Microsoft Office

17/02/2005 08:54 <REP> Microsoft Visual Studio

27/07/2005 19:48 <REP> MinitelADSL

28/01/2006 11:31 <REP> mobile PhoneTools

28/01/2006 11:32 <REP> Motorola Phone Tools

16/02/2005 17:52 <REP> Movie Maker

16/02/2005 17:50 <REP> MSN

11/05/2006 15:34 <REP> msn gaming zone

21/07/2006 08:47 <REP> MSN Messenger

26/10/2005 22:08 <REP> Multimedia keyboard utility

16/02/2005 17:52 <REP> NetMeeting

21/05/2005 10:10 <REP> Outlook Express

08/04/2005 07:21 <REP> PowerPoint Viewer

22/03/2005 17:43 <REP> QuickTime

07/11/2005 20:57 <REP> ReflexiveArcade

19/02/2005 19:27 <REP> SAGEM

18/03/2005 16:09 <REP> ScanSoft

16/03/2006 15:34 <REP> Siber Systems

23/03/2005 22:34 <REP> Smart Projects

22/07/2006 15:58 <REP> Spybot - Search & Destroy

20/03/2005 22:25 <REP> TLC-Edusoft

12/03/2005 20:56 <REP> VIRTUELSOFT

06/07/2006 20:39 <REP> Wanadoo

25/03/2005 12:43 <REP> WinAce

20/06/2006 06:30 <REP> WinAntiSpyware 2006 Scanner

04/10/2005 18:04 <REP> Windows Media Player

16/02/2005 17:49 <REP> Windows NT

30/08/2005 08:47 <REP> Winkaa 1.0

17/02/2005 09:12 <REP> WinRAR

16/03/2005 12:03 <REP> WinZip

16/03/2005 12:03 2ÿ417ÿ824 winzip90.exe

16/02/2005 17:58 <REP> xerox

1 fichier(s) 2ÿ417ÿ824 octets

72 R‚p(s) 3ÿ821ÿ150ÿ208 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 44D2-2E90

 

R‚pertoire de C:\Program Files\fichiers communs

 

06/07/2006 20:00 <REP> .

06/07/2006 20:00 <REP> ..

31/05/2005 17:32 <REP> ACD Systems

17/02/2005 10:06 <REP> Adobe

17/02/2005 09:14 <REP> Ahead

17/02/2005 08:54 <REP> Designer

21/07/2006 18:53 <REP> ErrorSafe

03/08/2005 20:56 <REP> ESRI

10/03/2005 12:38 <REP> GTK

25/03/2005 11:24 <REP> InstallShield

07/12/2005 18:23 <REP> Java

01/05/2005 13:40 <REP> Macrovision Shared

22/06/2006 09:24 <REP> Microsoft Shared

16/02/2005 17:52 <REP> MSSoap

10/04/2006 11:26 <REP> Nokia

08/10/2005 14:36 <REP> Oberon Media

16/02/2005 17:38 <REP> ODBC

10/04/2006 11:26 <REP> PCSuite

18/03/2005 16:10 <REP> ScanSoft Shared

16/02/2005 17:52 <REP> Services

16/02/2005 17:38 <REP> SpeechEngines

17/02/2005 08:53 <REP> System

23/12/2005 18:38 <REP> WhenU

23/07/2006 19:00 <REP> WinFixer 2005

23/07/2006 19:00 <REP> WinSoftware

23/07/2006 18:59 <REP> {44D22E90-0513-1036-0524-020320030021}

0 fichier(s) 0 octets

26 R‚p(s) 3ÿ821ÿ150ÿ208 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 44D2-2E90

 

R‚pertoire de C:\Program Files\common files

 

07/07/2006 08:09 <REP> .

07/07/2006 08:09 <REP> ..

15/10/2005 17:26 <REP> Microsoft Shared

06/07/2006 20:02 <REP> misc001

06/07/2006 20:02 <REP> simtest

0 fichier(s) 0 octets

5 R‚p(s) 3ÿ821ÿ150ÿ208 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le num‚ro de s‚rie du volume est 44D2-2E90

 

R‚pertoire de C:\

 

21/07/2006 17:45 570ÿ750 Installer3.exe

20/07/2006 19:46 151ÿ112 mc-110-12-0000228.exe

22/07/2006 15:27 5ÿ037ÿ072 spybot-search-destroy_spybot_-_search_destroy_1.4_francais_10965.exe

21/07/2006 17:38 566ÿ800 warebundlenewer.exe

4 fichier(s) 6ÿ325ÿ734 octets

0 R‚p(s) 3ÿ821ÿ150ÿ208 octets libres

c:\Documents and Settings\carine\.housecall\getMac.exe

c:\Documents and Settings\carine\.housecall\patch.exe

c:\Documents and Settings\carine\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdrUpd708_all_incr.exe

c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{26230C7C-12ED-40F8-A015-AE190E6E4793}\DRUKARZ.EXE

c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{7086AD15-92BC-472B-BF48-3C3AFE2FADA2}\DRUKARZ.EXE

c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{8756FE03-F171-4E43-AF47-11D09550C2F4}\DRUKARZ.EXE

c:\Documents and Settings\carine\Local Settings\Application Data\IM\Identities\{51982F9E-EC44-406F-9B97-5D36172E5D8C}\Message Store\Attachments\{992B5215-E42C-4878-AFFA-5C9A3605C457}\DRUKARZ.EXE

c:\Documents and Settings\carine\Menu D‚marrer\Programmes\ArxelTribe\Desinstalleur.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_51306a3.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_609a6e7a.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_609d1876.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_124305e.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_12db153c.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_26e91eb.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_440d491c.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_7e87390c.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_bb32ea6.exe

c:\Documents and Settings\jj\Application Data\Microsoft\Installer\{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}\_f3e99.exe

c:\Documents and Settings\jj\Bureau\Acoustica-Mixcraft-Installer.exe

c:\Documents and Settings\jj\Bureau\ewido-setup_4.0.0.172a.exe

c:\Documents and Settings\jj\Bureau\Fixwareout.exe

c:\Documents and Settings\jj\Bureau\HijackThis.exe

c:\Documents and Settings\jj\Bureau\setup.exe

c:\Documents and Settings\jj\Bureau\VundoFix.exe

c:\Documents and Settings\jj\Bureau\chercher\LFiles.exe

c:\Documents and Settings\jj\Bureau\Mes documents\patch_netsky.exe

c:\Documents and Settings\jj\Bureau\Mes documents\jacek.jackiewicz\a2freesetup.exe

c:\Documents and Settings\jj\Bureau\Mes documents\jacek.jackiewicz\dotnetfx.exe

c:\Documents and Settings\jj\Bureau\Mes documents\jacek.jackiewicz\MDAC_TYP.EXE

c:\Documents and Settings\jj\Local Settings\Temp\rtdrvmon.exe

c:\Documents and Settings\jj\Menu D‚marrer\Programmes\COKTEL\D‚sinstalleur Coktel.exe

c:\Documents and Settings\jj\Mes documents\jacek.jackiewicz\airoboform.exe

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\jj\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

 

Vérifications de quelques clefs

Recherche de clefs EGDACCESS

 

HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler

Lien vers le commentaire
Partager sur d’autres sites
Malekal_morte Godlike Member

Malekal_morte

Posté(e)
Posté(e) (modifié)

humm.

Un petit conseil.

Lorsqu'une fenêtre s'ouvre pour te proposer d'installer un programme soit disant pour nettoyer ton ordinateur.

Evite d'installer le dit programme, c'est une arnaque.

D'après ce que je peux voir, tu en as installé quelques un :/

 

Mais bon on va nettoyer tout ça :P

Modifié par Malekal_morte
Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...