Ordi infecté par Beagle, besoin d'aide !

Résolu
Lilibiscuit -  
 Lilibiscuit -
Bonjour,

Hier, alors que je mettai sur mon ordinateur une clé USB, et que je cliquai sur poste de travail, en double cliquant sur l'icone, 3 icones ont étés selectionnés en meme temps, je continua pensant que j'avais fait une mauvaise manipulation, mais ca a continue, a chaque fois que je cliquais sur quelque chose, je cliquais en meme temps sur les icones a cotés ! J'ai donc tout fermé, et ai branché la clé sur les autres trous USB, mais ca a continue, et puis une fenetre s'est ouverte "Select to file a crack" sans avoir rien touché, j'ai fermé la fenetre, et l'écran est devenu bleu, avec pleins d'écritures en anglais, mais je n'ai pas eu le temps de lire, l'ordinateur a redémarré tout seul. J'ai arrete là avec la clé, pour ne pas faire de bêtises, et depuis l'ordi est tres lent, j'ai cliqué sur mon antivirus qui est Avast (Qui, je crois ne marchait plus, car je ne l'avais pas enregistré) pour faire une analyse croyant que j'avais un virus, et une fenetre grise s'est ouverte " C://Program Files [...] Avast n'est pas une application Win32 valide" je l'ai donc supprimé, et je suis allé le retelecharger sur internet, mais ca a continue, toujours la meme petite fenetre grise. J'ai donc cherché sur internet, en mettant ce qui etait inscrit dans la petite fenetre grise. En cherchant, lisant, j'ai donc compris que j'étais infecté par le virus Beagle. J'ai donc regardé comment le supprimer, et j'ai essayé la methode "Combofix" qui me paraissait la plus facile, mais en ouvrant Combofix, toujours la meme petite fenetre grise ! J'étais prete a essayer les autres methodes, mais ayant peur de faire une betise, je prefere que quelqu'un m'aide. J'ai telechargé Antivir, toujours la meme petite fenetre grise, et Anti-bagle, mais je ne l'ai pas utilisé car je ne sais pas trop comment faire et je ne sais pas s'il est très efficace. Je suis assez a l'aise a l'informatique, mais pour les Virus pas tellement, et en plus je ne maitrise pas vraiment l'anglais. Je ne sais pas comment on fait un demarrage en mode sans echec, alors si quelqu'un pouvait me dire quelle methode suivre, et m'aider pas a pas ...

Merci beaucoup !
Configuration: Windows XP
Internet Explorer 7.0

13 réponses

  1. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Bonjour

    Télécharge FindyKill de Chiquitine29 :

    http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    ->Enregistre-le sur ton bureau et pas ailleurs !

    !! Déconnecte toi et ferme toutes les applications en cours !!

    ( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

    -> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

    Tuto : https://www.malekal.com/tutorial-findykill/

    --> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .

    -->choisis l'option 1 ( recherche ) . Puis laisse travailler l'outil sans rien toucher ...

    Une fois terminé, poste le rapport FindyKill.txt qui est généré ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. Lilibiscuit
       
      Voici le rapport :



      ----------------- FindyKill V4.710 ------------------

      * User : brigitte - BIBI
      * Emplacement : C:\Program Files\FindyKill
      * Outils Mis a jours le 21/12/08 par Chiquitine29
      * Recherche effectuée à 16:15:41 le 02/01/2009
      * Windows XP - Internet Explorer 7.0.5730.13

      ((((((((((((((((( *** Recherche *** ))))))))))))))))))


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\system32\bcmntray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Money\System\mnyexpr.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\HPQ\Shared\hpqwmi.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wintems.exe

      --------------- [ Processus infectieux stoppés ] ----------------




      --------------- [ Fichiers/Dossiers infectieux ] ----------------


      »»»» Presence des fichiers dans C:


      »»»» Presence des fichiers dans C:\WINDOWS


      »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

      Found ! - C:\WINDOWS\prefetch\223531.EXE-142F5DBB.pf
      Found ! - C:\WINDOWS\prefetch\260000.EXE-3B69F916.pf
      Found ! - C:\WINDOWS\prefetch\268656.EXE-2B3FB9CC.pf
      Found ! - C:\WINDOWS\prefetch\274156.EXE-1911688D.pf
      Found ! - C:\WINDOWS\prefetch\300265.EXE-106898AD.pf
      Found ! - C:\WINDOWS\prefetch\338453.EXE-199C954B.pf
      Found ! - C:\WINDOWS\prefetch\FLEC003.EXE-02620837.pf
      Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-0EB8ED62.pf
      Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
      Found ! - C:\WINDOWS\prefetch\MDELK.EXE-23B13664.pf
      Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
      Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

      »»»» Presence des fichiers dans C:\WINDOWS\system32

      Found ! [02/01/2009 15:04] - C:\WINDOWS\system32\mdelk.exe
      Found ! [02/01/2009 15:04] - C:\WINDOWS\system32\wintems.exe
      Found ! [02/01/2009 15:22] - C:\WINDOWS\system32\ban_list.txt

      »»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


      »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

      Found ! [25/05/2004 05:05] - C:\WINDOWS\system32\drivers\mdelk.exe
      Found ! [02/01/2009 15:03] - C:\WINDOWS\system32\drivers\srosa.sys
      Found ! [25/05/2004 05:05] - C:\WINDOWS\system32\drivers\hldrrr.exe
      Found ! [02/01/2009 15:08] - "C:\WINDOWS\system32\drivers\downld"
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1001875.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1011468.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1058453.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1082656.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\183015.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1878687.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1888671.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1891531.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1898437.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1900546.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1907890.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1910187.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1920250.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1925453.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\192984.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\193343.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1934437.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\195671.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\199375.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\210968.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\215218.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\218812.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\219890.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\220640.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\221125.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\223531.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\225703.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\227500.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\228500.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\232406.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\238265.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\238421.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\239531.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\242843.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\244296.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\249812.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\258140.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\258750.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\260000.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\266109.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\268656.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\269875.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\274156.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\277531.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\291609.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\298093.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\304984.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\314109.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\322734.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\330015.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\335171.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\338453.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\342031.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\366015.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\375375.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\377750.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\383375.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\383625.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\393906.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\469796.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\490859.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\739546.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\765328.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\771765.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\833421.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\838625.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\862265.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\874250.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\882296.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\895578.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\920453.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\962906.exe

      »»»» Presence des fichiers dans C:\Documents and Settings\brigitte\Application Data

      Found ! [02/01/2009 15:05] - "C:\Documents and Settings\brigitte\Application Data\m\flec006.exe"
      Found ! [02/01/2009 15:19] - "C:\Documents and Settings\brigitte\Application Data\m\list.oct"
      Found ! [01/01/2009 17:01] - "C:\Documents and Settings\brigitte\Application Data\m\data.oct"
      Found ! [02/01/2009 15:25] - "C:\Documents and Settings\brigitte\Application Data\m\srvlist.oct"
      Found ! [02/01/2009 15:27] - "C:\Documents and Settings\brigitte\Application Data\m\shared"
      Found ! [01/01/2009 15:07] - "C:\Documents and Settings\brigitte\Application Data\m"
      Found ! [02/01/2009 15:04] - "C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe"
      Found ! [02/01/2009 15:26] - "C:\Documents and Settings\brigitte\Application Data\hidires"

      »»»» Presence des fichiers dans C:\DOCUME~1\brigitte\LOCALS~1\Temp
      0
  2. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Important :
    Branche toutes tes unités externes au PC ( DD externes , clé USB , lecteur mp3, ect...) mais sans les ouvrir !
    Tu les retireras après la manipe ...

    Ferme toutes les applications en cours !

    Relance FindyKill :

    -> choisis cette fois-ci l'option 2 (suppression).

    /!\ ton PC va redémarrer de lui même , c'est normal !... Laisse travailler l'outil jusqu' à l'apparition du message :
    "nettoyage terminé" .

    Note : lors du message d'avertissement , cliques sur " Ok " .

    --> Poste le nouveau rapport FindyKill.txt qui est généré.

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    PS : Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
    tapes explorer.exe et valide .

    0
    1. Lilibiscuit
       
      Desole de poster tardivement, mais l'ordi ne fait que buguer !
      Je crois que j'ai poster l'autre raport un peu trop vite, il n'était pas fini, le voici fini :



      ----------------- FindyKill V4.710 ------------------

      * User : brigitte - BIBI
      * Emplacement : C:\Program Files\FindyKill
      * Outils Mis a jours le 21/12/08 par Chiquitine29
      * Recherche effectuée à 16:15:41 le 02/01/2009
      * Windows XP - Internet Explorer 7.0.5730.13

      ((((((((((((((((( *** Recherche *** ))))))))))))))))))


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\system32\bcmntray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Money\System\mnyexpr.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\HPQ\Shared\hpqwmi.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wintems.exe

      --------------- [ Processus infectieux stoppés ] ----------------




      --------------- [ Fichiers/Dossiers infectieux ] ----------------


      »»»» Presence des fichiers dans C:


      »»»» Presence des fichiers dans C:\WINDOWS


      »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

      Found ! - C:\WINDOWS\prefetch\223531.EXE-142F5DBB.pf
      Found ! - C:\WINDOWS\prefetch\260000.EXE-3B69F916.pf
      Found ! - C:\WINDOWS\prefetch\268656.EXE-2B3FB9CC.pf
      Found ! - C:\WINDOWS\prefetch\274156.EXE-1911688D.pf
      Found ! - C:\WINDOWS\prefetch\300265.EXE-106898AD.pf
      Found ! - C:\WINDOWS\prefetch\338453.EXE-199C954B.pf
      Found ! - C:\WINDOWS\prefetch\FLEC003.EXE-02620837.pf
      Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-0EB8ED62.pf
      Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
      Found ! - C:\WINDOWS\prefetch\MDELK.EXE-23B13664.pf
      Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
      Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

      »»»» Presence des fichiers dans C:\WINDOWS\system32

      Found ! [02/01/2009 15:04] - C:\WINDOWS\system32\mdelk.exe
      Found ! [02/01/2009 15:04] - C:\WINDOWS\system32\wintems.exe
      Found ! [02/01/2009 15:22] - C:\WINDOWS\system32\ban_list.txt

      »»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


      »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

      Found ! [25/05/2004 05:05] - C:\WINDOWS\system32\drivers\mdelk.exe
      Found ! [02/01/2009 15:03] - C:\WINDOWS\system32\drivers\srosa.sys
      Found ! [25/05/2004 05:05] - C:\WINDOWS\system32\drivers\hldrrr.exe
      Found ! [02/01/2009 15:08] - "C:\WINDOWS\system32\drivers\downld"
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1001875.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1011468.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1058453.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1082656.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\183015.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1878687.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1888671.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1891531.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1898437.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1900546.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1907890.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1910187.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1920250.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1925453.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\192984.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\193343.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1934437.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\195671.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\199375.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\210968.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\215218.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\218812.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\219890.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\220640.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\221125.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\223531.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\225703.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\227500.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\228500.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\232406.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\238265.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\238421.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\239531.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\242843.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\244296.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\249812.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\258140.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\258750.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\260000.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\266109.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\268656.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\269875.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\274156.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\277531.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\291609.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\298093.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\304984.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\314109.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\322734.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\330015.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\335171.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\338453.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\342031.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\366015.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\375375.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\377750.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\383375.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\383625.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\393906.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\469796.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\490859.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\739546.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\765328.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\771765.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\833421.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\838625.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\862265.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\874250.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\882296.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\895578.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\920453.exe
      Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\962906.exe

      »»»» Presence des fichiers dans C:\Documents and Settings\brigitte\Application Data

      Found ! [02/01/2009 15:05] - "C:\Documents and Settings\brigitte\Application Data\m\flec006.exe"
      Found ! [02/01/2009 15:19] - "C:\Documents and Settings\brigitte\Application Data\m\list.oct"
      Found ! [01/01/2009 17:01] - "C:\Documents and Settings\brigitte\Application Data\m\data.oct"
      Found ! [02/01/2009 15:25] - "C:\Documents and Settings\brigitte\Application Data\m\srvlist.oct"
      Found ! [02/01/2009 15:27] - "C:\Documents and Settings\brigitte\Application Data\m\shared"
      Found ! [01/01/2009 15:07] - "C:\Documents and Settings\brigitte\Application Data\m"
      Found ! [02/01/2009 15:04] - "C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe"
      Found ! [02/01/2009 15:26] - "C:\Documents and Settings\brigitte\Application Data\hidires"

      »»»» Presence des fichiers dans C:\DOCUME~1\brigitte\LOCALS~1\Temp


      »»»» Presence des fichiers dans C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5

      Found ! [01/01/2009 14:50] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64[1].jpg
      Found ! [02/01/2009 15:05] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64_2[1].jpg
      Found ! [01/01/2009 14:54] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64_5[1].jpg
      Found ! [01/01/2009 16:51] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64_5[2].jpg
      Found ! [01/01/2009 14:50] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\5N1LC5OP\b64_5[1].jpg
      Found ! [01/01/2009 15:42] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\BQNV1PBU\b64_2[1].jpg
      Found ! [01/01/2009 14:55] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\BQNV1PBU\b64_3[1].jpg
      Found ! [01/01/2009 17:01] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\BQNV1PBU\mxd[1].jpg
      Found ! [01/01/2009 14:55] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CJTBP0UP\b64[1].jpg
      Found ! [01/01/2009 15:41] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CZKS40SR\b64[1].jpg
      Found ! [01/01/2009 16:53] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CZKS40SR\b64[2].jpg
      Found ! [01/01/2009 14:55] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CZKS40SR\b64_3[1].jpg
      Found ! [01/01/2009 15:43] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\DMDQXH8U\b64[1].jpg
      Found ! [01/01/2009 15:41] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\F58SKFJ6\b64_3[1].jpg
      Found ! [01/01/2009 14:56] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\HSU4SG32\b64[1].jpg
      Found ! [01/01/2009 15:05] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\HSU4SG32\mxd[1].jpg
      Found ! [01/01/2009 16:52] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\JB70N3JA\b64[1].jpg
      Found ! [02/01/2009 15:04] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\JB70N3JA\b64_3[1].jpg
      Found ! [01/01/2009 15:39] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\M6WDM02N\b64_2[1].jpg
      Found ! [01/01/2009 15:40] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\M6WDM02N\b64_5[1].jpg
      Found ! [01/01/2009 14:50] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\MTDQHJJP\b64[1].jpg
      Found ! [02/01/2009 15:18] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\MTDQHJJP\mxd[1].jpg
      Found ! [01/01/2009 16:51] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\OEU3ZEQA\b64_2[1].jpg
      Found ! [02/01/2009 15:04] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\OEU3ZEQA\b64_3[1].jpg
      Found ! [01/01/2009 14:55] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\V5UN63YL\b64[1].jpg
      Found ! [02/01/2009 15:04] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\WHED9SP5\b64[1].jpg

      --------------- [ Registre / Startup ] ----------------

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
      MoneyAgent="C:\Program Files\Microsoft Money\System\mnyexpr.exe"
      H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      flec003.exe=C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      Broadcom Wireless Manager UI=C:\WINDOWS\system32\bcmntray
      QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
      iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
      avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      EPSON Stylus DX4800 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S8D.tmp" /EF "HKLM"
      Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      <NO NAME>=
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
      Installed=1
      <NO NAME>=
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
      NoChange=1
      Installed=1
      <NO NAME>=
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
      Installed=1
      <NO NAME>=

      [HKEY_CURRENT_USER\software\local appwizard-generated applications\hldrrr]
      [HKEY_CURRENT_USER\software\local appwizard-generated applications\mdelk]
      [HKEY_CURRENT_USER\software\local appwizard-generated applications\nideiect]

      --------------- [ Registre / Clés infectieuses ] ----------------


      Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\Local AppWizard-Generated Applications\hldrrr
      Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\Local AppWizard-Generated Applications\mdelk
      Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\Local AppWizard-Generated Applications\nideiect
      Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\DateTime4
      Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\FirstRRRun
      Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\FirtR
      Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\MuleAppData
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\hldrrr
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\mdelk
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\nideiect
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_CURRENT_USER\Software\DateTime4
      Found ! - HKEY_CURRENT_USER\Software\FirtR
      Found ! - HKEY_CURRENT_USER\Software\FirstRRRun

      --------------- [ Etat / Services ] ----------------

      Clé manquante : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

      - des fichiers cachés non fonctionnel !!

      Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

      - sans echec non fonctionnel !!

      Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

      - sans echec non fonctionnel !!

      Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

      - sans echec non fonctionnel !!



      +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

      /!\ Ndisuio - Type de démarrage = 4

      EapHost - Type de démarrage = 3

      /!\ Ip6Fw - Type de démarrage = 4

      /!\ SharedAccess - Type de démarrage = 4

      /!\ wuauserv - Type de démarrage = 4

      /!\ wscsvc - Type de démarrage = 4



      --------------- [ Recherche dans supports amovibles] ----------------


      +- Informations :

      C: - Lecteur fixe


      +- presence des fichiers :



      --------------- [ Registre / Mountpoint2 ] ----------------

      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32f8181c-9867-11dd-9fcc-0014a51db36f}\Shell\AutoRun\command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32f8181c-9867-11dd-9fcc-0014a51db36f}\Shell\explore\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32f8181c-9867-11dd-9fcc-0014a51db36f}\Shell\open\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ac8caa-c9de-11dd-a010-0014a51db36f}\Shell\AutoRun\command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ac8caa-c9de-11dd-a010-0014a51db36f}\Shell\explore\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ac8caa-c9de-11dd-a010-0014a51db36f}\Shell\open\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88fb2d4-d5c1-11dd-a021-0014a51db36f}\Shell\AutoRun\command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88fb2d4-d5c1-11dd-a021-0014a51db36f}\Shell\explore\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88fb2d4-d5c1-11dd-a021-0014a51db36f}\Shell\open\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f17c1bea-991a-11dd-9fcd-0014a51db36f}\Shell\AutoRun\command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f17c1bea-991a-11dd-9fcd-0014a51db36f}\Shell\explore\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f17c1bea-991a-11dd-9fcd-0014a51db36f}\Shell\open\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a0edbc-92fd-11dd-9fc1-0014a51db36f}\Shell\AutoRun\command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a0edbc-92fd-11dd-9fc1-0014a51db36f}\Shell\explore\Command
      Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a0edbc-92fd-11dd-9fc1-0014a51db36f}\Shell\open\Command


      ------------------- ! Fin du rapport ! --------------------
      0
  3. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    As-tu fait l'option 2 ?
    0
  4. Lilibiscuit
     
    Non, je ne l'ai pas fait ! Et dois-je mettre forcement tous les appareils, meme ceux inutilisés depuis une semaine ?
    0
    1. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
       
      Oui, mets tout (sans les ouvrir).
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lilibiscuit
     
    ----------------- FindyKill V4.710 ------------------

    * User : brigitte - BIBI
    * executed from : C:\Program Files\FindyKill
    * Update on 21/12/08 par Chiquitine29
    * Start at 17:07:41 the 02/01/2009
    * Windows XP - Internet Explorer 7.0.5730.13

    ((((((((((((((( *** deleting *** ))))))))))))))))))

    --------------- [ Active Processes ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\userinit.exe

    --------------- [ Infected files / folders ] ----------------

    »»»» Supression files in C:

    »»»» Supression files in C:\WINDOWS

    »»»» Supression files in C:\WINDOWS\Prefetch

    Deleted ! - C:\WINDOWS\prefetch\223531.EXE-142F5DBB.pf
    Deleted ! - C:\WINDOWS\prefetch\260000.EXE-3B69F916.pf
    Deleted ! - C:\WINDOWS\prefetch\268656.EXE-2B3FB9CC.pf
    Deleted ! - C:\WINDOWS\prefetch\274156.EXE-1911688D.pf
    Deleted ! - C:\WINDOWS\prefetch\300265.EXE-106898AD.pf
    Deleted ! - C:\WINDOWS\prefetch\338453.EXE-199C954B.pf
    Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-0EB8ED62.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-23B13664.pf
    Deleted ! - C:\WINDOWS\prefetch\NIDEIECT.COM-0002A53A.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
    Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

    »»»» Supression files in C:\WINDOWS\system32

    Deleted ! - C:\WINDOWS\system32\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\wintems.exe
    Deleted ! - C:\WINDOWS\system32\ban_list.txt

    »»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming

    »»»» Supression files in C:\WINDOWS\system32\drivers

    Deleted ! - C:\WINDOWS\system32\drivers\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
    Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
    Deleted ! - C:\WINDOWS\system32\drivers\hldrrr.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1001875.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1011468.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1058453.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1082656.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\183015.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1878687.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1888671.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1891531.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1898437.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1900546.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1907890.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1910187.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1920250.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1925453.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\192984.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\193343.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1934437.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\195671.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\199375.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\210968.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\215218.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\218812.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\219890.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\220640.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\221125.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\223531.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\225703.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\227500.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\228500.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\232406.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\238265.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\238421.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\239531.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\242843.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\244296.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\249812.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\258140.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\258750.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\260000.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\266109.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\268656.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\269875.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\274156.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\277531.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\291609.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\298093.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\304984.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\314109.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\322734.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\330015.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\335171.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\338453.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\342031.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\366015.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\375375.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\377750.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\383375.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\383625.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\393906.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\469796.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\490859.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\739546.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\765328.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\771765.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\833421.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\838625.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\862265.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\874250.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\882296.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\895578.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\920453.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\962906.exe
    Deleted ! - "C:\WINDOWS\system32\drivers\downld"

    »»»» Supression files in C:\Documents and Settings\brigitte\Application Data

    Deleted ! - "C:\Documents and Settings\brigitte\Application Data\m\flec006.exe"
    Deleted ! - "C:\Documents and Settings\brigitte\Application Data\m\list.oct"
    Deleted ! - "C:\Documents and Settings\brigitte\Application Data\m\data.oct"
    Deleted ! - "C:\Documents and Settings\brigitte\Application Data\m\srvlist.oct"
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\3D Skellerina Ballerinas 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\59-8 a9.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\A Discount Prescription Drug Information Primer 1.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\a Google Search (Romana) 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\ACDSee Mobile For Palm +Serial.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Ace Screen Capture 2.3.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Advanced Net Monitor for Classroom 4.8.4.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\AgsPro Dictionary 2.5.2141.42444.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Alexa Sparky 1.3.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\apex 0.6.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\APNSoft Menu 2.5.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\AudioJack 2.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\avast.Pro.4.7.892.[new.Version].zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\AVG.Anti-Virus.Professional.Edition.7.5.441.Build.919.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Batch To Exe Converter 1.4.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Beautiful Iris Screen Saver 5.00.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Beautiful Rare Wildflowers 3.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Blaze Composer Lite 3.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\BookmarkMenuHider 0.1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\CHAOS Shredder 3.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\CoffeeMachine 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\ColorLab 4.5.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Comicazzi 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Croc Mobile Pinball v 2.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Crown Icons 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\CURLYWURLY 1.40.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Daily Picture Diary 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\DailyBilling 3.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Desktop Wallpaper 3.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Directory Dominator 1.0.14.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\DJ Legend 4.02.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\DX Winter Snow Screensaver 2.0.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Edmonton Toolbar 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Eject CD 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\ejecutable para pdas com windows mobile 5.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Elementary 0.8.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Embedded Windows CE SAPI 5.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\EMCO Remote Registry Merge 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\ESLP1000 2.2.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\eWall 3.0.211.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Excel_Mobile_6.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Expectal Photo Gallery 2.0.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\EZ Backup Firefox Premium 6.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\FD Flickr Uploader 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\FitnessTool 1.03.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\FlashSnap 2.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\FPS to Joule Converter 1.00.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Free RM to MP3 Converter Splitter 1.8.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\GrandBackup Ultimate 1.2 build 418.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\HddLed Indicator 1.86.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Helzberg Diamond's Snow Globe 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\IE View Lite 1.3.3.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Inventory and Production WRC 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\IPThing 1.01.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\J2K-Codec 1.9.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\JDN Hotkeys 1.47.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Jigetiser Calendar - Halloween 2005 1.0.0.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Jungle Cats 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Kana Checksum 1.0.0.15.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Keywords Seeker 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\KNBR 680AM 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Lenogo Video Converter 2.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Life Christmas Screensaver 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\LingvoSoft Talking Picture Dictionary 2008 Polish - Chinese Mandarin Traditional 1.2.26.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\LOTTOmania 2005 1.1.7.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\MailBoy 2004 Mass Mailer 1.9.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Massive Headache 3.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\McAfee_QuickClean.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Metalogic Calculator 3.3.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\MiLo's Jukebox 5.3.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\MP3 Encoder 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Music Database 1.0.0.19.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Nidesoft DVD to Zune Suite 2.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\NOD32_V2.50.16 and crack.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Norton_Partition_Magic_8.05.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Notes 1.1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\NTK HTML Builder 1.5.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\obado).By.Poliketo.updated-fixed.01-2007.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\PausePlayer 0.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\PDF Optimizer 2.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Pepsky MP4 Converter 4.3.6.916.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\PhoneTray Free 1.31.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Physis Library 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Piglatin Generator 1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Pop-Up Stopper Companion 4.0.1000.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\PopUp Control.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Process Pacifier 1.0.02.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Quick Time Converter 2.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\QVCS-Pro 3.10.18.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Rebecca de Mornay Theme 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Reify Turnabout 0.3 b15.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\RGBSlider 1.4.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\RichWord 1.3.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\RootAlyzer 0.2.1.35.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\ScreenShot 2000 2.0.91.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Shark Apple iPhone Video Converter 6.8.1.9.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\ShuangzSoft Audio Editor 2.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\SlickEdit Gadgets 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\SLOC Metrics 3.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\SmartFlute 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\SmartVizor 9.3.8.123.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\SoftGuard Register 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\SphereXP 1.1.626.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\SQL Debugger 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\SrcCodeCnt 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Surfy Hotels Offline 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Symantec.ACT.2005.v7.0.-.Incl.Keygen.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Symantec.AntiVirus.Corporate.Edition.v10.1.5.5000-DVT.part5.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\TestComplete 6.50.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Titanium Checkbook 3.2.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Trevor's Music Mixer 1.32.8.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Tristana Writer RSS Editor 5.0.0.191.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\UsefulRest (former Protector of Health) 2.8 Build 123.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Viking Currency 1.35.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Vorbis GT2.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Web2HTML 1.5.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Whid 1.00.00 Beta.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Wimpy MP3 Player 6.0.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Winows Shutdown Speed Up 1.0 Beta.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Wondershare Pocket DVD Suite 3.2.56.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\World 3D Cup 2006 1.2.1.9.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Xilisoft MP3 WAV Converter 2.1.69.1114.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Xkcd 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\XSLT Processor 1.0.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Xtudio Alpha 0.2.1.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\Y!StatusRevolution 0.3.0.2.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\YASA MOV to MPEG WMV AVI Converter 3.3.56.1574.zip
    Deleted ! - C:\Documents and Settings\brigitte\Application Data\m\shared\ZDT 0.7.0.zip
    Deleted ! - "C:\Documents and Settings\brigitte\Application Data\m\shared"
    Deleted ! - "C:\Documents and Settings\brigitte\Application Data\m"
    Deleted ! - "C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe"
    Deleted ! - "C:\Documents and Settings\brigitte\Application Data\hidires"

    »»»» Supression files in C:\DOCUME~1\brigitte\LOCALS~1\Temp

    »»»» Supression files in C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5

    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64_5[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64_5[2].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\5N1LC5OP\b64_5[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\BQNV1PBU\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\BQNV1PBU\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\BQNV1PBU\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CJTBP0UP\b64[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CZKS40SR\b64[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CZKS40SR\b64[2].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CZKS40SR\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\DMDQXH8U\b64[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\F58SKFJ6\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\HSU4SG32\b64[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\HSU4SG32\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\JB70N3JA\b64[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\JB70N3JA\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\M6WDM02N\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\M6WDM02N\b64_5[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\MTDQHJJP\b64[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\MTDQHJJP\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\OEU3ZEQA\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\OEU3ZEQA\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\V5UN63YL\b64[1].jpg
    Deleted ! - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\WHED9SP5\b64[1].jpg

    --------------- [ Registry / Infected keys ] ----------------

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
    Deleted ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\Local AppWizard-Generated Applications\hldrrr
    Deleted ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\Local AppWizard-Generated Applications\mdelk
    Deleted ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\Local AppWizard-Generated Applications\nideiect

    --------------- [ States / Restarting of services ] ----------------

    +- Safe boot mode restored !

    +- Showing of hidden files has been repaired !

    +- Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - Type of startup = 3

    EapHost - Type of startup = 2

    Ip6Fw - Type of startup = 2

    SharedAccess - Type of startup = 2

    wuauserv - Type of startup = 2

    wscsvc - Type of startup = 2

    --------------- [ Cleaning removable drives ] ----------------

    +- Informations :

    C: - Lecteur fixe

    E: - Lecteur amovible

    +- deleting files :

    Deleted ! - E:\autorun.inf
    Deleted ! - E:\nideiect.com

    --------------- [ Registry / Mountpoint2 ] ----------------

    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32f8181c-9867-11dd-9fcc-0014a51db36f}\Shell\AutoRun\command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32f8181c-9867-11dd-9fcc-0014a51db36f}\Shell\explore\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32f8181c-9867-11dd-9fcc-0014a51db36f}\Shell\open\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ac8caa-c9de-11dd-a010-0014a51db36f}\Shell\AutoRun\command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ac8caa-c9de-11dd-a010-0014a51db36f}\Shell\explore\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ac8caa-c9de-11dd-a010-0014a51db36f}\Shell\open\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88fb2d4-d5c1-11dd-a021-0014a51db36f}\Shell\AutoRun\command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88fb2d4-d5c1-11dd-a021-0014a51db36f}\Shell\explore\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88fb2d4-d5c1-11dd-a021-0014a51db36f}\Shell\open\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a0edbc-92fd-11dd-9fc1-0014a51db36f}\Shell\AutoRun\command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a0edbc-92fd-11dd-9fc1-0014a51db36f}\Shell\explore\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a0edbc-92fd-11dd-9fc1-0014a51db36f}\Shell\open\Command

    --------------- [ Searching Cracks / Keygen ] ----------------

    ---------------- ! End of report ! ------------------

    Voilà ! L'ordi est nettement moins lent, par contre il dit toujours qu'avast n'est pas une application Win32 valide ...
    0
  7. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Fais un Hijackthis stp

    Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    * Enregistre HJTInstall.exe sur ton bureau.

    * Double-clique sur HJTInstall.exe pour lancer le programme

    Tuto : https://www.malekal.com/tutoriel-hijackthis/
    http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

    * Accepte la license en cliquant sur le bouton "I Accept"
    * Choisis l'option "Do a system scan and save a log file"
    * Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
    * Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    * Colle le rapport que tu viens de copier sur ce forum
    0
    1. Lilibiscuit
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:33:06, on 02/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\system32\bcmntray.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Money\System\mnyexpr.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\HPQ\Shared\hpqwmi.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S8D.tmp" /EF "HKLM"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [flec003.exe] C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
      0
  8. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Tu as d'autres infections, on va les traiter.
    Il faudra peut-être réinstaller ton antivirus, bagle a dû faire des dégâts dessus.

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
    1. Lilibiscuit
       
      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
      BIOS : Ver 1.00PARTTBL
      USER : brigitte ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1229 [VPS 081203-0] 4.8.1229 (Not Activated)
      C:\ (Local Disk) - NTFS - Total:74 Go (Free:59 Go)
      D:\ (CD or DVD)
      E:\ (USB) - FAT - Total:1934 Mo (Free:1 Go)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 02/01/2009|17:43 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\Program Files\AskBarDis
      C:\Program Files\AskBarDis\bar
      C:\Program Files\AskBarDis\unins000.dat
      C:\Program Files\AskBarDis\unins000.exe
      C:\Program Files\AskBarDis\bar\bin
      C:\Program Files\AskBarDis\bar\Cache
      C:\Program Files\AskBarDis\bar\History
      C:\Program Files\AskBarDis\bar\Settings
      C:\Program Files\AskBarDis\bar\bin\askBar.dll
      C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
      C:\Program Files\AskBarDis\bar\bin\psvince.dll
      C:\Program Files\AskBarDis\bar\Cache\01DF9679
      C:\Program Files\AskBarDis\bar\Cache\01DF9AEE
      C:\Program Files\AskBarDis\bar\Cache\01DF9D40.bin
      C:\Program Files\AskBarDis\bar\Cache\01DFA01E.bin
      C:\Program Files\AskBarDis\bar\Cache\01DFA34A.bin
      C:\Program Files\AskBarDis\bar\Cache\01DFA638.bin
      C:\Program Files\AskBarDis\bar\Cache\01DFA8B9.bin
      C:\Program Files\AskBarDis\bar\Cache\files.ini
      C:\Program Files\AskBarDis\bar\History\search
      C:\Program Files\AskBarDis\bar\Settings\config.dat
      C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
      C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm

      -----------\\ Extensions

      (brigitte) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.orange.fr/portail"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - 02/01/2009|17:44 - Option : [1]

      -----------\\ Fin du rapport a 17:44:20,29
      0
  9. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

    ! Ne ferme pas la fenêtre lors de la suppression !

    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.
    0
    1. Lilibiscuit
       
      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
      BIOS : Ver 1.00PARTTBL
      USER : brigitte ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1229 [VPS 081203-0] 4.8.1229 (Not Activated)
      C:\ (Local Disk) - NTFS - Total:74 Go (Free:59 Go)
      D:\ (CD or DVD)
      E:\ (USB) - FAT - Total:1934 Mo (Free:1 Go)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [2] ( 02/01/2009|17:46 )

      -----------\\ SUPPRESSION

      Supprime! - C:\Program Files\AskBarDis\bar
      Supprime! - C:\Program Files\AskBarDis\unins000.dat
      Supprime! - C:\Program Files\AskBarDis\unins000.exe
      Supprime! - C:\Program Files\AskBarDis

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ Extensions

      (brigitte) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.orange.fr/portail"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://www.msn.com/fr-fr/"
      "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !


      1 - "C:\ToolBar SD\TB_1.txt" - 02/01/2009|17:44 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - 02/01/2009|17:47 - Option : [2]

      -----------\\ Fin du rapport a 17:47:41,29
      0
  10. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Fais un nouvel Hijackthis stp
    .
    0
    1. Lilibiscuit
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:54:19, on 02/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\system32\bcmntray.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Money\System\mnyexpr.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\HPQ\Shared\hpqwmi.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S8D.tmp" /EF "HKLM"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [flec003.exe] C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
      0
  11. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Imprime ces instructions ou sauvegarde les sur ton Bureau car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

    https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

    A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

    Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

    Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

    MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

    Dans l'onglet analyse, vérifie que "Exécuter un examen rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

    MBAM analyse ton ordinateur. L'analyse peut prendre un certain teps. Il suffit de vérifier de temps en temps son avancement.

    A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

    Si des malwares ont été détectés, leur liste s'affiche.
    En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

    Ferme MBAM en cliquant sur Quitter.

    Poste le rapport sur le forum.
    0
    1. Lilibiscuit
       
      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1596
      Windows 5.1.2600 Service Pack 3

      02/01/2009 18:22:32
      mbam-log-2009-01-02 (18-22-32).txt

      Type de recherche: Examen rapide
      Eléments examinés: 48410
      Temps écoulé: 3 minute(s), 45 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 2
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  12. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    * Télécharge CCleaner.
    (attention à l'installation penser à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner).

    https://www.pcastuces.com/logitheque/ccleaner.htm
    https://www.commentcamarche.net/telecharger/ 168 ccleaner

    Installe le dans un répertoire dédié.

    Décoche pendant l'installation

    --- les deux cases "Ajouter l'option ... "
    --- Contrôler les mises à jour

    * Lance Ccleaner pour un nettoyage complet :

    Déconnecte-toi et ferme toutes les applications en cours
    * va dans "nettoyeur" : fait analyse puis nettoyage
    * va dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

    Tutorial ici :
    https://kerio.probb.fr/
    https://www.malekal.com/tutoriel-ccleaner/
    ET
    http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
    0
    1. Lilibiscuit
       
      Voila, j'ai tout fait !
      0
  13. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    OK, où en es-tu, comment se comporte le PC ?
    0
    1. Lilibiscuit
       
      Bien, il va tres vite comparé a quand j'ai posté le message !

      Mais qu'est ce qu'il avait et a cause de quoi ?
      0
  14. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
     
    Tu était infecté par bagle.
    C'est une infection qui s'attrape par les cracks

    Lis cet article : http://www.malekal.com/W32.Beagle.KF_Trojan.Tooso.R.php

    0
    1. Lilibiscuit
       
      Mais je n'avais pas aussi des Trojan ?

      Est ce que maintenant, je peux supprimer, tous les logiciels dont j'ai eu besoin pour enlever Bagle ?

      Merci beaucoup de m'avoir aidé !! Je n'y serais jamais arrivé seule.
      0
    2. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232 > Lilibiscuit
       
      Bagle est un trojan.
      Tu avais également une barre d'outils infectée.

      Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

      Télécharge toolscleaner sur ton Bureau :
      http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
      * Double-clique sur ToolsCleaner2.exe et laisse le travailler
      * Clique sur Recherche et laisse le scan se terminer.
      * Clique sur Suppression pour finaliser.
      * Tu peux, si tu le souhaites, te servir des Options facultatives.
      * Clique sur Quitter, pour que le rapport puisse se créer.
      * Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
      0
    3. Lilibiscuit > toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention  
       
      [ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

      -->- Recherche:

      C:\TB.txt: trouvé !
      C:\FindyKill.txt: trouvé !
      C:\Toolbar SD: trouvé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
      C:\Documents and Settings\brigitte\Bureau\HijackThis.lnk: trouvé !
      C:\Documents and Settings\brigitte\Bureau\HJTInstall.exe: trouvé !
      C:\Documents and Settings\brigitte\Bureau\ToolBarSD.exe: trouvé !
      C:\Documents and Settings\brigitte\Menu Démarrer\Programmes\FindyKill: trouvé !
      C:\Program Files\FindyKill: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
      C:\Documents and Settings\brigitte\Bureau\HijackThis.lnk: supprimé !
      C:\Documents and Settings\brigitte\Bureau\HJTInstall.exe: supprimé !
      C:\Documents and Settings\brigitte\Bureau\ToolBarSD.exe: supprimé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
      C:\TB.txt: supprimé !
      C:\FindyKill.txt: supprimé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
      C:\Toolbar SD: supprimé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
      C:\Documents and Settings\brigitte\Menu Démarrer\Programmes\FindyKill: supprimé !
      C:\Program Files\FindyKill: supprimé !
      C:\Program Files\Trend Micro\HijackThis: supprimé !
      0
    4. Lilibiscuit > Lilibiscuit
       
      Il y a quelques icones de supprimer, mais pas tous ...
      0
    5. toptitbal Messages postés 5341 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232 > Lilibiscuit
       
      Tools Cleaner, tu le supprimes directement sur ton bureau.
      0