Ordi infecté par Beagle, besoin d'aide !

Voici le rapport :



----------------- FindyKill V4.710 ------------------

* User : brigitte - BIBI
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 16:15:41 le 02/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\bcmntray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wintems.exe

--------------- [ Processus infectieux stoppés ] ----------------




--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\223531.EXE-142F5DBB.pf
Found ! - C:\WINDOWS\prefetch\260000.EXE-3B69F916.pf
Found ! - C:\WINDOWS\prefetch\268656.EXE-2B3FB9CC.pf
Found ! - C:\WINDOWS\prefetch\274156.EXE-1911688D.pf
Found ! - C:\WINDOWS\prefetch\300265.EXE-106898AD.pf
Found ! - C:\WINDOWS\prefetch\338453.EXE-199C954B.pf
Found ! - C:\WINDOWS\prefetch\FLEC003.EXE-02620837.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-0EB8ED62.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-23B13664.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [02/01/2009 15:04] - C:\WINDOWS\system32\mdelk.exe
Found ! [02/01/2009 15:04] - C:\WINDOWS\system32\wintems.exe
Found ! [02/01/2009 15:22] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [25/05/2004 05:05] - C:\WINDOWS\system32\drivers\mdelk.exe
Found ! [02/01/2009 15:03] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [25/05/2004 05:05] - C:\WINDOWS\system32\drivers\hldrrr.exe
Found ! [02/01/2009 15:08] - "C:\WINDOWS\system32\drivers\downld"
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1001875.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1011468.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1058453.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1082656.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\183015.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1878687.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1888671.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1891531.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1898437.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1900546.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1907890.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1910187.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1920250.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1925453.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\192984.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\193343.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1934437.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\195671.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\199375.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\210968.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\215218.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\218812.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\219890.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\220640.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\221125.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\223531.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\225703.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\227500.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\228500.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\232406.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\238265.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\238421.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\239531.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\242843.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\244296.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\249812.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\258140.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\258750.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\260000.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\266109.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\268656.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\269875.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\274156.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\277531.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\291609.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\298093.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\304984.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\314109.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\322734.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\330015.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\335171.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\338453.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\342031.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\366015.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\375375.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\377750.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\383375.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\383625.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\393906.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\469796.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\490859.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\739546.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\765328.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\771765.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\833421.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\838625.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\862265.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\874250.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\882296.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\895578.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\920453.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\962906.exe

»»»» Presence des fichiers dans C:\Documents and Settings\brigitte\Application Data

Found ! [02/01/2009 15:05] - "C:\Documents and Settings\brigitte\Application Data\m\flec006.exe"
Found ! [02/01/2009 15:19] - "C:\Documents and Settings\brigitte\Application Data\m\list.oct"
Found ! [01/01/2009 17:01] - "C:\Documents and Settings\brigitte\Application Data\m\data.oct"
Found ! [02/01/2009 15:25] - "C:\Documents and Settings\brigitte\Application Data\m\srvlist.oct"
Found ! [02/01/2009 15:27] - "C:\Documents and Settings\brigitte\Application Data\m\shared"
Found ! [01/01/2009 15:07] - "C:\Documents and Settings\brigitte\Application Data\m"
Found ! [02/01/2009 15:04] - "C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe"
Found ! [02/01/2009 15:26] - "C:\Documents and Settings\brigitte\Application Data\hidires"

»»»» Presence des fichiers dans C:\DOCUME~1\brigitte\LOCALS~1\Temp

Desole de poster tardivement, mais l'ordi ne fait que buguer !
Je crois que j'ai poster l'autre raport un peu trop vite, il n'était pas fini, le voici fini :



----------------- FindyKill V4.710 ------------------

* User : brigitte - BIBI
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 16:15:41 le 02/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\bcmntray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wintems.exe

--------------- [ Processus infectieux stoppés ] ----------------




--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\223531.EXE-142F5DBB.pf
Found ! - C:\WINDOWS\prefetch\260000.EXE-3B69F916.pf
Found ! - C:\WINDOWS\prefetch\268656.EXE-2B3FB9CC.pf
Found ! - C:\WINDOWS\prefetch\274156.EXE-1911688D.pf
Found ! - C:\WINDOWS\prefetch\300265.EXE-106898AD.pf
Found ! - C:\WINDOWS\prefetch\338453.EXE-199C954B.pf
Found ! - C:\WINDOWS\prefetch\FLEC003.EXE-02620837.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-0EB8ED62.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-23B13664.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [02/01/2009 15:04] - C:\WINDOWS\system32\mdelk.exe
Found ! [02/01/2009 15:04] - C:\WINDOWS\system32\wintems.exe
Found ! [02/01/2009 15:22] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [25/05/2004 05:05] - C:\WINDOWS\system32\drivers\mdelk.exe
Found ! [02/01/2009 15:03] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [25/05/2004 05:05] - C:\WINDOWS\system32\drivers\hldrrr.exe
Found ! [02/01/2009 15:08] - "C:\WINDOWS\system32\drivers\downld"
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1001875.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1011468.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1058453.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1082656.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\183015.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1878687.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1888671.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1891531.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1898437.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1900546.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1907890.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1910187.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1920250.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1925453.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\192984.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\193343.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\1934437.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\195671.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\199375.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\210968.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\215218.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\218812.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\219890.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\220640.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\221125.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\223531.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\225703.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\227500.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\228500.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\232406.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\238265.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\238421.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\239531.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\242843.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\244296.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\249812.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\258140.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\258750.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\260000.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\266109.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\268656.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\269875.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\274156.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\277531.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\291609.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\298093.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\304984.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\314109.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\322734.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\330015.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\335171.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\338453.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\342031.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\366015.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\375375.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\377750.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\383375.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\383625.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\393906.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\469796.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\490859.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\739546.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\765328.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\771765.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\833421.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\838625.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\862265.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\874250.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\882296.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\895578.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\920453.exe
Found ! [02/01/2009 15:08] - C:\WINDOWS\system32\drivers\downld\962906.exe

»»»» Presence des fichiers dans C:\Documents and Settings\brigitte\Application Data

Found ! [02/01/2009 15:05] - "C:\Documents and Settings\brigitte\Application Data\m\flec006.exe"
Found ! [02/01/2009 15:19] - "C:\Documents and Settings\brigitte\Application Data\m\list.oct"
Found ! [01/01/2009 17:01] - "C:\Documents and Settings\brigitte\Application Data\m\data.oct"
Found ! [02/01/2009 15:25] - "C:\Documents and Settings\brigitte\Application Data\m\srvlist.oct"
Found ! [02/01/2009 15:27] - "C:\Documents and Settings\brigitte\Application Data\m\shared"
Found ! [01/01/2009 15:07] - "C:\Documents and Settings\brigitte\Application Data\m"
Found ! [02/01/2009 15:04] - "C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe"
Found ! [02/01/2009 15:26] - "C:\Documents and Settings\brigitte\Application Data\hidires"

»»»» Presence des fichiers dans C:\DOCUME~1\brigitte\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5

Found ! [01/01/2009 14:50] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64[1].jpg
Found ! [02/01/2009 15:05] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64_2[1].jpg
Found ! [01/01/2009 14:54] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64_5[1].jpg
Found ! [01/01/2009 16:51] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\49BFESCV\b64_5[2].jpg
Found ! [01/01/2009 14:50] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\5N1LC5OP\b64_5[1].jpg
Found ! [01/01/2009 15:42] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\BQNV1PBU\b64_2[1].jpg
Found ! [01/01/2009 14:55] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\BQNV1PBU\b64_3[1].jpg
Found ! [01/01/2009 17:01] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\BQNV1PBU\mxd[1].jpg
Found ! [01/01/2009 14:55] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CJTBP0UP\b64[1].jpg
Found ! [01/01/2009 15:41] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CZKS40SR\b64[1].jpg
Found ! [01/01/2009 16:53] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CZKS40SR\b64[2].jpg
Found ! [01/01/2009 14:55] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\CZKS40SR\b64_3[1].jpg
Found ! [01/01/2009 15:43] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\DMDQXH8U\b64[1].jpg
Found ! [01/01/2009 15:41] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\F58SKFJ6\b64_3[1].jpg
Found ! [01/01/2009 14:56] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\HSU4SG32\b64[1].jpg
Found ! [01/01/2009 15:05] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\HSU4SG32\mxd[1].jpg
Found ! [01/01/2009 16:52] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\JB70N3JA\b64[1].jpg
Found ! [02/01/2009 15:04] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\JB70N3JA\b64_3[1].jpg
Found ! [01/01/2009 15:39] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\M6WDM02N\b64_2[1].jpg
Found ! [01/01/2009 15:40] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\M6WDM02N\b64_5[1].jpg
Found ! [01/01/2009 14:50] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\MTDQHJJP\b64[1].jpg
Found ! [02/01/2009 15:18] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\MTDQHJJP\mxd[1].jpg
Found ! [01/01/2009 16:51] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\OEU3ZEQA\b64_2[1].jpg
Found ! [02/01/2009 15:04] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\OEU3ZEQA\b64_3[1].jpg
Found ! [01/01/2009 14:55] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\V5UN63YL\b64[1].jpg
Found ! [02/01/2009 15:04] - C:\Documents and Settings\brigitte\Local Settings\Temporary Internet Files\Content.IE5\WHED9SP5\b64[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MoneyAgent="C:\Program Files\Microsoft Money\System\mnyexpr.exe"
H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
flec003.exe=C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
Broadcom Wireless Manager UI=C:\WINDOWS\system32\bcmntray
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
EPSON Stylus DX4800 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S8D.tmp" /EF "HKLM"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\hldrrr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\mdelk]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\nideiect]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\Local AppWizard-Generated Applications\hldrrr
Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\Local AppWizard-Generated Applications\mdelk
Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\Local AppWizard-Generated Applications\nideiect
Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\FirstRRRun
Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-839522115-113007714-2147074499-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\hldrrr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\mdelk
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\nideiect
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\FirstRRRun

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

- des fichiers cachés non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32f8181c-9867-11dd-9fcc-0014a51db36f}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32f8181c-9867-11dd-9fcc-0014a51db36f}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32f8181c-9867-11dd-9fcc-0014a51db36f}\Shell\open\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ac8caa-c9de-11dd-a010-0014a51db36f}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ac8caa-c9de-11dd-a010-0014a51db36f}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ac8caa-c9de-11dd-a010-0014a51db36f}\Shell\open\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88fb2d4-d5c1-11dd-a021-0014a51db36f}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88fb2d4-d5c1-11dd-a021-0014a51db36f}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b88fb2d4-d5c1-11dd-a021-0014a51db36f}\Shell\open\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f17c1bea-991a-11dd-9fcd-0014a51db36f}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f17c1bea-991a-11dd-9fcd-0014a51db36f}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f17c1bea-991a-11dd-9fcd-0014a51db36f}\Shell\open\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a0edbc-92fd-11dd-9fc1-0014a51db36f}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a0edbc-92fd-11dd-9fc1-0014a51db36f}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9a0edbc-92fd-11dd-9fc1-0014a51db36f}\Shell\open\Command


------------------- ! Fin du rapport ! --------------------

Oui, mets tout (sans les ouvrir).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:06, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S8D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [flec003.exe] C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : brigitte ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081203-0] 4.8.1229 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:59 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT - Total:1934 Mo (Free:1 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 02/01/2009|17:43 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\01DF9679
C:\Program Files\AskBarDis\bar\Cache\01DF9AEE
C:\Program Files\AskBarDis\bar\Cache\01DF9D40.bin
C:\Program Files\AskBarDis\bar\Cache\01DFA01E.bin
C:\Program Files\AskBarDis\bar\Cache\01DFA34A.bin
C:\Program Files\AskBarDis\bar\Cache\01DFA638.bin
C:\Program Files\AskBarDis\bar\Cache\01DFA8B9.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm

-----------\\ Extensions

(brigitte) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.orange.fr/portail"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 02/01/2009|17:44 - Option : [1]

-----------\\ Fin du rapport a 17:44:20,29

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : brigitte ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081203-0] 4.8.1229 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:59 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT - Total:1934 Mo (Free:1 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 02/01/2009|17:46 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(brigitte) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.orange.fr/portail"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 02/01/2009|17:44 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 02/01/2009|17:47 - Option : [2]

-----------\\ Fin du rapport a 17:47:41,29

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:19, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\WINDOWS\TEMP\E_S8D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [flec003.exe] C:\Documents and Settings\brigitte\Application Data\hidires\flec003.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1596
Windows 5.1.2600 Service Pack 3

02/01/2009 18:22:32
mbam-log-2009-01-02 (18-22-32).txt

Type de recherche: Examen rapide
Eléments examinés: 48410
Temps écoulé: 3 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Voila, j'ai tout fait !

Bien, il va tres vite comparé a quand j'ai posté le message !

Mais qu'est ce qu'il avait et a cause de quoi ?

Mais je n'avais pas aussi des Trojan ?

Est ce que maintenant, je peux supprimer, tous les logiciels dont j'ai eu besoin pour enlever Bagle ?

Merci beaucoup de m'avoir aidé !! Je n'y serais jamais arrivé seule.