Sujet Précédent Sujet Suivant

Bagle et autres virus (?)

Fermé
lilibiscuit - 3 janv. 2009 à 15:44
 Utilisateur anonyme - 5 janv. 2009 à 19:35
Bonjour,

Hier, j'avais posté pour que l'on m'aide a enlever le virus Bagle qui etait sur mon PC.
Il est maintenant Nickel, mais un autre ordi du reseau est infecté et a mon avis pas que par Bagle !
J'ai fait Elibagla, et j'ai un rapport. Je suis en train de faire un examen rapide Malwarebytes' Anti-Malware, et je viens de finir le scan Hijackthis. Seulement, je ne sais pas trop dechiffrer les rapports, et je ne sais plus trop ce que je dois faire, s'il reste encore une infection ou non. Donc, si quelqu'un pouvait m'aider ...

Ci dessous, rapport Elibagla :


Sat Jan 03 13:31:02 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle

Sat Jan 03 13:31:39 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle(rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Sat Jan 03 14:18:56 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle(rootkit)
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle.dldr
Eliminada Carpeta "%AppData%\Hidires"
Restaurada Clave: "SafeBoot\Minimal y Network"

Sat Jan 03 14:19:51 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1025750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\102734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\10286281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1039421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\104531.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1046343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1068359.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\111859.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\1139640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1154765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\115734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\115781.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1159828.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\120468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\120984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1211578.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\121843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\123109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\124796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\128625.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\129031.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\129390.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\130406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\131187.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\133921.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\135578.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\137000.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\138109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\138890.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\138984.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\140437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\141093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\141687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\143203.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1436687.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\1448437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1456593.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1460796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14628984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14676234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\146828.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14718531.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14723921.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\147343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14766468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14878984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14880359.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14886109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14916921.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\14922609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1492656.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\14967156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\14978187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\14999203.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15002890.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\150250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\15069250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\150734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15074468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15077171.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\152140.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15580890.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15592156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15601390.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\15642500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\156765.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\15973781.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\15978968.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\160531.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1648484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16602234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16606546.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\16642531.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\167765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16781953.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1698046.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1756031.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\175703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1763812.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\17658781.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1766468.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1771156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\178234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\18073046.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\1815265.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\190093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\19070500.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\19082656.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\19126500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\192859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\194796.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\196781.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2021437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\202812.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2050843.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\205984.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2065843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2088578.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\211078.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2130328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\21443296.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\21455750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\21494000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2178156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\218171.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2193359.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\223562.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\228031.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\228640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\234109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\243421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\244046.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\24598203.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\24601921.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\246187.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\24630812.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\24690687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\24690921.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\247625.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2476531.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2480265.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2482109.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\248609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2490328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2490484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\250625.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2517468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\253734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\255156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\255750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\256343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\256781.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2567906.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\258250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\259343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\263968.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\264187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\268671.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\269000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\270968.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\273984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\275625.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\277531.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\280703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\282187.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\290234.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\2933109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2945109.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29518375.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\29524406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\29544031.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29615359.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29681218.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\29684546.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29685453.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\29894453.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\2991640.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\299781.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\300468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\30155093.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\30166531.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3017265.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\30225062.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3026734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3031750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3031921.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\303937.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\306453.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\30871875.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3089078.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\312015.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3128328.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\313046.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\313515.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3164031.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\317078.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\317640.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\319656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\325609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\327859.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\328546.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\333234.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3391843.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\340343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\343703.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\349468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\350031.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\353156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3547484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\3555937.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\357875.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\36050390.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\3606578.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\376218.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\378343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\378390.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\382937.EXE --> Eliminado Bagle.VR
C:\WINDOWS\system32\drivers\downld\386953.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\388265.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\390750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\39266687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\39273562.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\393234.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\39330656.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\39334234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\399859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4044375.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4151687.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4158656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\416296.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4165109.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4174375.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\417515.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4202484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\422218.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\425796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\427531.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\431156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\437328.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\442812.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44298875.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\44301156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44306078.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44339265.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\44374593.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44427468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\44470281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4486750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4488968.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\45402500.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4543812.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\469343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\484906.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\4955640.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\4967281.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\5017265.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\50715656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\50769250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\513796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\516375.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\539343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\5532781.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\5540953.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\5582281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\605015.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\616484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\619765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\635390.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\643734.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\6811390.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\6838312.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\6877140.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\7064203.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\7068375.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\7078437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\723421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\762281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\798890.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\905953.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\9459156.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\9464484.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\9466843.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\965218.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\98578.EXE --> Eliminado Bagle.VR

Nº Total de Directorios: 20752
Nº Total de Ficheros: 379109
Nº de Ficheros Analizados: 17417
Nº de Ficheros Infectados: 265
Nº de Ficheros Limpiados: 265

Sat Jan 03 14:43:38 2009
EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 20835
Nº Total de Ficheros: 379111
Nº de Ficheros Analizados: 17259
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:54, on 03/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\update\update.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\orange\player orange\Orange Player.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\svchost.exe
open=C:\WINDOWS\system32\C:\WINDOWS\system32\pkguard32.exe"
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E4A0165A-AE85-4B16-9E62-C973313407A5} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [System Updates] ipyrs.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [System Updates] ipyrs.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\RunServices: [System Updates] ipyrs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FMZilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://photosgalerie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.agelia.com/consulter/XUpload.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: pmnNedBT - pmnNedBT.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
A voir également:

67 réponses

Précédent
Réponse 21 / 67
lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 17:37
Rapport Findykill, apres l'option 2 :

----------------- FindyKill V4.710 ------------------

* User : Administrateur - PAPA
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 17:27:11 the 03/01/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\119390.EXE-2B7E8C4B.pf
Deleted ! - C:\WINDOWS\prefetch\14873234.EXE-1D4E5B03.pf
Deleted ! - C:\WINDOWS\prefetch\14916921.EXE-190369FD.pf
Deleted ! - C:\WINDOWS\prefetch\16578453.EXE-269D47F7.pf
Deleted ! - C:\WINDOWS\prefetch\16602234.EXE-33F0AABD.pf
Deleted ! - C:\WINDOWS\prefetch\16606546.EXE-34F2F67B.pf
Deleted ! - C:\WINDOWS\prefetch\16614828.EXE-1A99FD19.pf
Deleted ! - C:\WINDOWS\prefetch\16642531.EXE-1DEB79F0.pf
Deleted ! - C:\WINDOWS\prefetch\1750281.EXE-2AA93CCC.pf
Deleted ! - C:\WINDOWS\prefetch\1766468.EXE-08E641AA.pf
Deleted ! - C:\WINDOWS\prefetch\1771156.EXE-1DB1CD39.pf
Deleted ! - C:\WINDOWS\prefetch\1787562.EXE-00C2ADE9.pf
Deleted ! - C:\WINDOWS\prefetch\1815265.EXE-2958E0D2.pf
Deleted ! - C:\WINDOWS\prefetch\1995765.EXE-24C5FEE6.pf
Deleted ! - C:\WINDOWS\prefetch\202328.EXE-2D2725B4.pf
Deleted ! - C:\WINDOWS\prefetch\2050843.EXE-0B1DA8A2.pf
Deleted ! - C:\WINDOWS\prefetch\2088578.EXE-06EE7783.pf
Deleted ! - C:\WINDOWS\prefetch\234109.EXE-0425DDC6.pf
Deleted ! - C:\WINDOWS\prefetch\268671.EXE-2A5CB42F.pf
Deleted ! - C:\WINDOWS\prefetch\280703.EXE-3562FE9A.pf
Deleted ! - C:\WINDOWS\prefetch\2900046.EXE-108540B1.pf
Deleted ! - C:\WINDOWS\prefetch\2933109.EXE-303C141A.pf
Deleted ! - C:\WINDOWS\prefetch\2945109.EXE-2CD3BDF8.pf
Deleted ! - C:\WINDOWS\prefetch\2991640.EXE-32EFCE8A.pf
Deleted ! - C:\WINDOWS\prefetch\299781.EXE-01A73449.pf
Deleted ! - C:\WINDOWS\prefetch\303937.EXE-0604CEB4.pf
Deleted ! - C:\WINDOWS\prefetch\313703.EXE-300D5C24.pf
Deleted ! - C:\WINDOWS\prefetch\343703.EXE-31709EEF.pf
Deleted ! - C:\WINDOWS\prefetch\4151687.EXE-07E57BFD.pf
Deleted ! - C:\WINDOWS\prefetch\4154781.EXE-0E03FC67.pf
Deleted ! - C:\WINDOWS\prefetch\4158656.EXE-2C492CDB.pf
Deleted ! - C:\WINDOWS\prefetch\4165109.EXE-29789443.pf
Deleted ! - C:\WINDOWS\prefetch\4202484.EXE-15FCEDFB.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-0695BA6E.pf
Deleted ! - C:\WINDOWS\prefetch\HLDRRR.EXE-106798BB.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\Administrateur\Application Data


»»»» Supression files in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\09FBBB78-B640-4E6A-BAC8-EC6C7ACFD286.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\28FDE204-FB64-4965-9903-4445C6EEAF2D.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\31E37712-DBCC-4ED4-ACB6-81DB64CFFE0D.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\40ACC61B-8C4C-427D-AB64-81B781164AD7.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\52F77901-9462-4797-BB5E-0B648F8E9593.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\63B64114-7395-4337-9F62-42B17A1280FE.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\753732E7-AE5F-4185-B640-9426231184AA.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\8680CA5F-AEF4-4096-B64C-1FA9FA38B20B.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\9E36B911-A493-4EB8-B64D-7C36F3B26E23.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\A06AE301-CE2C-423E-954B-24996A9B647E.jpg
Deleted ! - C:\Documents and Settings\Administrateur\iWizz\Thumbnails\D8C8A97F-8A9A-453C-B64D-51355EB2B58F.jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0HLRHUMI\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0HLRHUMI\b64[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0HLRHUMI\b64[3].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0HLRHUMI\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0HLRHUMI\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LLAL3X8\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LLAL3X8\b64[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LLAL3X8\b64[3].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LLAL3X8\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LLAL3X8\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LLAL3X8\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LLAL3X8\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1A6E8F9K\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1A6E8F9K\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1A6E8F9K\b64_2[4].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1A6E8F9K\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1A6E8F9K\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1A6E8F9K\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\1A6E8F9K\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3DEFUQ18\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3DEFUQ18\b64[4].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3DEFUQ18\b64[5].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3DEFUQ18\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3DEFUQ18\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3QQLMR5V\b64[3].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3QQLMR5V\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3QQLMR5V\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\5R0FOJUO\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\5R0FOJUO\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\5R0FOJUO\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6BQIJLP4\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6BQIJLP4\b64[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6BQIJLP4\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6KU5D72X\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6KU5D72X\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6KU5D72X\d7f746ecc0a4f502221a38b6425ed0a5[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\7TTV7N3Q\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\9ZO0D1VV\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\A1IA7BR3\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\A1IA7BR3\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\CP3YMRLY\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\CP3YMRLY\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\CP3YMRLY\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\CP3YMRLY\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\CP3YMRLY\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DVWORC1R\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DVWORC1R\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DVWORC1R\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DVWORC1R\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DVWORC1R\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DVWORC1R\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\DVWORC1R\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EMT26VA5\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EMT26VA5\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EMT26VA5\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EMT26VA5\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FF2II0J9\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\FF2II0J9\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KXKAB8TT\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KXKAB8TT\b64[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KXKAB8TT\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ONQ84MQA\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ONQ84MQA\b64[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ONQ84MQA\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OPHSU5AJ\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OPHSU5AJ\b64[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OPHSU5AJ\b64[3].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OPHSU5AJ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OPHSU5AJ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OPHSU5AJ\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OPHSU5AJ\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OPHSU5AJ\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OPHSU5AJ\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TFE662RA\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TFE662RA\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TFE662RA\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ZKQFPGMC\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ZKQFPGMC\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ZKQFPGMC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ZKQFPGMC\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Mes documents\Mes images\Nouveau dossier (2)\doma_(www_sverch_ru)_004_b64f.jpg
Deleted ! - C:\Documents and Settings\Administrateur\Mes documents\Mes images\Nouveau dossier (2)\doma_(www_sverch_ru)_006_b64f.jpg
Deleted ! - C:\Documents and Settings\Administrateur\Mes documents\Mes images\Nouveau dossier (2)\doma_(www_sverch_ru)_007_b64f.jpg
Deleted ! - C:\Documents and Settings\Administrateur\Mes documents\Mes images\Nouveau dossier (2)\doma_(www_sverch_ru)_008_b64f.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{0259B644-CF0D-4513-8C8C-D3BBCA1DFC08}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{08C20480-694E-4B64-89EA-AE2D84DC23A4}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{3726BB64-4637-46E6-905E-2ED2B4C27A9B}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{41F6093C-F2AF-40AC-B648-9A4A11E564F3}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{5E38FE11-9EE7-4104-9C81-5B644EA02267}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{6EC4B648-5908-4278-994D-94CCD43C70B0}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{830B3672-CA6C-4BC1-B640-6D4D7E2A7DF5}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{B1320B64-9C60-4E9E-84BA-E99BFA794995}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{C4B64B07-952A-4AA7-8898-26C93407143B}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{CB642205-62F6-498E-B7EB-FE9BBF8A7251}.jpg
Deleted ! - C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Media Player\Cache d'images\LocalMLS\{F8AF0C91-C884-48CA-9F20-B823B64954DB}.jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-823518204-789336058-839522115-500\Software\Local AppWizard-Generated Applications\AVS_Video_Converter_5.6.1.715_[Key+Serial]
Deleted ! - HKEY_USERS\S-1-5-21-823518204-789336058-839522115-500\Software\Local AppWizard-Generated Applications\hldrrr
Deleted ! - HKEY_USERS\S-1-5-21-823518204-789336058-839522115-500\Software\Local AppWizard-Generated Applications\mdelk
Deleted ! - HKEY_USERS\S-1-5-21-823518204-789336058-839522115-500\Software\Local AppWizard-Generated Applications\nideiect
Deleted ! - HKEY_USERS\S-1-5-21-823518204-789336058-839522115-500\Software\UBISOFT

--------------- [ States / Restarting of services ] ----------------


+- Showing of hidden files has been repaired !



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe


+- deleting files :

Deleted ! - C:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00225aaa-8d41-11dd-9033-00030d000001}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00225aaa-8d41-11dd-9033-00030d000001}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00225aaa-8d41-11dd-9033-00030d000001}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0409fcb1-96a6-11db-937b-00073a47f0ed}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0409fcb1-96a6-11db-937b-00073a47f0ed}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0409fcb1-96a6-11db-937b-00073a47f0ed}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a95c7cf-c7bf-11dd-90b6-00d05c000000}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a95c7cf-c7bf-11dd-90b6-00d05c000000}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a95c7cf-c7bf-11dd-90b6-00d05c000000}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e9b35a5-5cef-11dd-8fc0-00030d000001}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e9b35a5-5cef-11dd-8fc0-00030d000001}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e9b35a5-5cef-11dd-8fc0-00030d000001}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6509e5bb-c44d-11dd-90ae-00d05c000000}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6509e5bb-c44d-11dd-90ae-00d05c000000}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6509e5bb-c44d-11dd-90ae-00d05c000000}\Shell\open\Command

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Administrateur\Bureau\progdvb elecard edition keygen.exe
C:\Documents and Settings\Administrateur\Bureau\ProgDVB_v4_85_1_Elecard_Edition_Bilingual_Incl_Keygen-ViRiLiTY
C:\Documents and Settings\Administrateur\Bureau\Dreamwaver MX2004\How To Crack The Program.txt
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\Nouveau dossier\Xilisoft.iPod.Video.Converter.v3.1.23.build.0209b.WinALL.Cracked.Multi-KiMERA
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\Nouveau dossier\Xilisoft.iPod.Video.Converter.v3.1.23.build.0209b.WinALL.Cracked.Multi-KiMERA\file_id.diz
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\Nouveau dossier\Xilisoft.iPod.Video.Converter.v3.1.23.build.0209b.WinALL.Cracked.Multi-KiMERA\KIMERA
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\Nouveau dossier\Xilisoft.iPod.Video.Converter.v3.1.23.build.0209b.WinALL.Cracked.Multi-KiMERA\kimera.nfo
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\Nouveau dossier\Xilisoft.iPod.Video.Converter.v3.1.23.build.0209b.WinALL.Cracked.Multi-KiMERA\KIMERA\UILib71.dll
C:\Documents and Settings\Administrateur\Bureau\PATCH ADOBE\- Adobe Photoshop Cs3 Extended Keygen Activation
C:\Documents and Settings\Administrateur\Bureau\PATCH ADOBE\- Adobe Photoshop Cs3 Extended Keygen Activation(1)
C:\Documents and Settings\Administrateur\Bureau\PATCH ADOBE\- Adobe Photoshop Cs3 Extended Keygen Activation\keygen + activation
C:\Documents and Settings\Administrateur\Bureau\PATCH ADOBE\- Adobe Photoshop Cs3 Extended Keygen Activation\keygen + activation\Filler.wav
C:\Documents and Settings\Administrateur\Bureau\PATCH ADOBE\- Adobe Photoshop Cs3 Extended Keygen Activation(1)\keygen + activation
C:\Documents and Settings\Administrateur\Bureau\ProgDVB_v4_85_1_Elecard_Edition_Bilingual_Incl_Keygen-ViRiLiTY\ProgDVB.v4.85.1.Elecard.Edition.Bilingual.Incl.Keygen-ViRiLiTY
C:\Documents and Settings\Administrateur\Bureau\ProgDVB_v4_85_1_Elecard_Edition_Bilingual_Incl_Keygen-ViRiLiTY\ProgDVB.v4.85.1.Elecard.Edition.Bilingual.Incl.Keygen-ViRiLiTY\keygen.exe
C:\Documents and Settings\Administrateur\Bureau\ProgDVB_v4_85_1_Elecard_Edition_Bilingual_Incl_Keygen-ViRiLiTY\ProgDVB.v4.85.1.Elecard.Edition.Bilingual.Incl.Keygen-ViRiLiTY\virility.nfo
C:\Documents and Settings\Administrateur\Cookies\administrateur@crackdb[2].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@crackloader[1].txt
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.keygen[2].txt
C:\Documents and Settings\Administrateur\Favoris\hum\CRACK ET AUTRES MAI 2005.url
C:\Documents and Settings\Administrateur\Favoris\hum\Crackz.url
C:\Documents and Settings\Administrateur\Favoris\hum\DoCrack.com - Top Crack - Serials - KeyGen.url
C:\Documents and Settings\Administrateur\Favoris\hum\Download Crack Serial - download cracks serials NO AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.url
C:\Documents and Settings\Administrateur\Favoris\hum\Les Cracks de Superg‚g‚.url
C:\Documents and Settings\Administrateur\Favoris\hum\NEW SERVER - Cerials.NET - Browsing Serials and Cracks Starting with letter d.url
C:\Documents and Settings\Administrateur\Favoris\hum\Results of search 6600.sis crack.url
C:\Documents and Settings\Administrateur\Favoris\hum\WAREZ - FREE FULL APPZ, GAMEZ, MOVIEZ, CRACKZ, ISO, PORN, XXX DOWNLOADS, Warez.url
C:\Documents and Settings\Administrateur\Favoris\hum\www.steph30crack.fr.st - Redirect by ulimit.com.url
C:\Documents and Settings\Administrateur\Favoris\hum\ ASTALAVISTA.US - - unlock software with cracks - serials - keygens - loaders.url
C:\Documents and Settings\Administrateur\Favoris\Liens\CINE\This Site is LikeCrack.com.url
C:\Documents and Settings\Administrateur\Mes documents\cs2crack
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Nouveau dossier (3)\QuarkXPress.8.01-WIN32_KEYGEN-FFF
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Nouveau dossier (3)\QuarkXPress.8.01-WIN32_KEYGEN-FFF.rar
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Nouveau dossier (3)\QuarkXPress.8.01-WIN32_KEYGEN-FFF\FFF.NFO
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Nouveau dossier (3)\QuarkXPress.8.01-WIN32_KEYGEN-FFF\FILE_ID.DIZ
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Nouveau dossier (3)\QuarkXPress.8.01-WIN32_KEYGEN-FFF\QuarkXPress.8.01_KEYGEN-FFF.exe
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Nouveau dossier (6)\Adobe_PhotoShop_CS3_Extended_Keygen_+_Activation
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Nouveau dossier (6)\Adobe_PhotoShop_CS3_Extended_Keygen_+_Activation.rar
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Nouveau dossier (6)\Adobe_PhotoShop_CS3_Extended_Keygen_+_Activation\Adobe PhotoShop CS3 Extended Keygen + Activation.exe
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Softcam.17.12.2008ok_,Polsat_ok,Digi_tvTho+_Canal_sat12610_V_22000_Astra_19.2øE+RTVI_12322_H_27500_HOTBIRD+_MAX_TV_11513-V-29950-34_EUTELSAT_W2\keygen.exe
C:\Documents and Settings\Administrateur\Mes documents\aaaaaaaaaaaaaaaaaaaaa\Softcam.17.12.2008ok_,Polsat_ok,Digi_tvTho+_Canal_sat12610_V_22000_Astra_19.2øE+RTVI_12322_H_27500_HOTBIRD+_MAX_TV_11513-V-29950-34_EUTELSAT_W2\keygen.nfo
C:\Documents and Settings\Administrateur\Mes documents\cs2crack\Guide_Utilisateur_HomeScreenNokia.pdf
C:\Documents and Settings\Administrateur\Mes documents\cs2crack\keygen-paradox-pscs2.exe
C:\Documents and Settings\Administrateur\Mes documents\cs2crack\WarezFaw.Com.url
C:\Documents and Settings\Administrateur\Mes documents\CuteFTP_pro_8.0.5.0_activation_patch_vi_KmL_ReveRsEr\Crack.exe
C:\Documents and Settings\Administrateur\Mes documents\CuteFTP_pro_8.0.5.0_activation_patch_vi_KmL_ReveRsEr\Crack.nfo
C:\Documents and Settings\Administrateur\Mes documents\ITS TV\Surething_CD_Labeler_Deluxe_4.0.0.45_by_TSRh\keygen.url
C:\Documents and Settings\Administrateur\Mes documents\ITS TV\Surething_CD_Labeler_Deluxe_4.0.0.45_by_TSRh\surething.cd.labeler.deluxe.4.0.0.45.crack-tsrh
C:\Documents and Settings\Administrateur\Mes documents\ITS TV\Surething_CD_Labeler_Deluxe_4.0.0.45_by_TSRh\surething.cd.labeler.deluxe.4.0.0.45.crack-tsrh\file_id.diz
C:\Documents and Settings\Administrateur\Mes documents\ITS TV\Surething_CD_Labeler_Deluxe_4.0.0.45_by_TSRh\surething.cd.labeler.deluxe.4.0.0.45.crack-tsrh\tsrh.nfo
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Incomplete\T-77516-xpress8 crack brunette teen sweetie getting fucked and her pussy creampied.zip
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Incomplete\T-78308-xpress8 crack keygen.zip
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Incomplete\T-78308-xpress8 crack setup.zip
C:\Documents and Settings\Administrateur\Mes documents\LimeWire\Incomplete\T-78310-xpress8 crack.zip
C:\Documents and Settings\Administrateur\Recent\Adobe_PhotoShop_CS3_Extended_Keygen_+_Activation.rar.lnk
C:\Documents and Settings\Administrateur\Recent\Cute_FTP_Pro_v6_Crack.rar.lnk
C:\Documents and Settings\Administrateur\Recent\Cute_FTP_Pro_v6_Crack.rar.torrent.lnk
C:\Documents and Settings\Administrateur\Recent\Le Crack Batiprix 2005 fr.rar.lnk
C:\Documents and Settings\Administrateur\Recent\Pack Ciel - Compta Devis Facture Gestion Crack updated-fixed 01-2007.lnk
C:\Documents and Settings\Administrateur\Recent\photoshop_CS3_crack_and_keygen_team_Tr1ck5s73r5.zip.lnk


---------------- ! End of report ! ------------------
0
Réponse 22 / 67
Utilisateur anonyme
3 janv. 2009 à 17:38
Re,

Vire tout tes cracks et autres.

fait ceci :

▶ Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
CCLEANER

▶ Lance-le. Va dans "Options" puis "Avancé",

▶ Tu décoches la case "Effacer uniquement les fichiers etc...".

▶ Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage.

▶ Tu vas dans "Registre", tu fais "Chercher des erreurs".

Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

▶ Un tuto ( aide )


Passe aussi ce que je t'es demander par MP.
0
Réponse 23 / 67
lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 17:48
C'est fait, je dois faire combofix apres ?
0
Réponse 24 / 67
Utilisateur anonyme
3 janv. 2009 à 17:48
Re,

OUI.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 67
lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 18:19
Il me met "Compte rendu en cours de preparation" Mon pare-feu remarche !
0
Réponse 26 / 67
Utilisateur anonyme
3 janv. 2009 à 18:21
Re,

attend alors et poste le rapport .

Ensuite tu feras sa:

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 27 / 67
lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 18:23
Rapport Combofix:

ComboFix 09-01-01.02 - Administrateur 2009-01-03 18:04:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.599 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\killbagle.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.url
C:\update.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\qgqqlmei.ini
c:\windows\system32\vwaaayxx.ini
c:\windows\system32\vwaaayxx.ini2

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-03 au 2009-01-03 ))))))))))))))))))))))))))))))))))))
.

2009-01-03 15:35 . 2009-01-03 15:35 <REP> d-------- c:\program files\Trend Micro
2009-01-03 15:08 . 2009-01-03 15:46 <REP> d-------- c:\windows\system32\CatRoot_bak
2009-01-03 15:02 . 2009-01-03 15:02 <REP> d-------- c:\program files\MSXML 4.0
2009-01-03 13:57 . 2009-01-03 13:57 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-03 13:57 . 2009-01-03 13:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 13:57 . 2009-01-03 13:57 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-01-03 13:57 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 13:57 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-03 13:10 . 2009-01-03 17:34 <REP> d-------- c:\program files\FindyKill
2009-01-03 00:28 . 2009-01-03 01:14 <REP> d-------- c:\windows\BDOSCAN8
2008-12-30 01:37 . 2008-12-30 01:27 2,001,379 --a------ C:\Comptabilité-kandiraton-30122008.zip
2008-12-30 01:33 . 2008-12-30 01:33 <REP> d-------- c:\documents and settings\Administrateur\Application Data\com.orange.clip2mobile.0B79F3AA8BA7B28571920BBC33ADF06D54740292.1
2008-12-30 01:32 . 2008-12-30 01:32 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-12-30 01:32 . 2008-12-30 01:32 <REP> d-------- c:\program files\Clip2Mobile
2008-12-25 00:32 . 2008-12-25 00:32 1,121,733 --a------ c:\windows\GraphiSoftware Uninstaller.exe
2008-12-25 00:29 . 2008-12-25 01:05 <REP> d-------- c:\program files\GraphiSoftware
2008-12-18 23:47 . 2008-12-18 19:27 3,367,009 --a------ C:\90x150_SIGNAL PRINT.pdf
2008-12-18 23:39 . 2008-12-18 23:40 <REP> d-------- C:\Cut FTP pro
2008-12-18 23:30 . 2004-03-26 18:40 10,752 --a------ C:\Crack.exe
2008-12-18 22:59 . 2008-12-18 22:59 <REP> d-------- C:\CuteFTP.Pro.v8.3.2.Build.09.02.2008.1-NoPE
2008-12-17 23:02 . 2008-12-17 23:02 <REP> d-------- c:\program files\Fichiers communs\Ciel
2008-12-14 00:02 . 2008-12-14 00:02 <REP> d-------- c:\program files\FontLab
2008-12-14 00:02 . 2008-12-14 00:02 <REP> d-------- c:\program files\Fichiers communs\FontLab
2008-12-13 00:21 . 2008-12-13 01:29 <REP> d-------- C:\PATCH
2008-12-13 00:03 . 2007-07-26 08:51 5,591 --a------ C:\CiM.nFo
2008-12-12 23:38 . 2003-07-11 16:01 4,100,167 --a------ C:\Kernel.dll
2008-12-12 23:14 . 2007-02-13 15:01 109,568 --------- c:\windows\system32\pxinsi64.exe
2008-12-12 23:14 . 2007-02-13 15:01 108,544 --------- c:\windows\system32\pxcpyi64.exe
2008-12-12 23:14 . 2007-02-13 15:01 20,640 --------- c:\windows\system32\drivers\PxHelp20.sys
2008-12-08 22:44 . 2008-12-08 22:49 <REP> d-------- c:\program files\Extensis
2008-12-08 01:20 . 2008-12-08 01:20 0 --a------ C:\2433081728.mp4
2008-12-05 00:29 . 2008-12-05 00:29 <REP> d-------- c:\windows\system32\QuickTime
2008-12-04 22:45 . 2008-12-05 00:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Quark

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 17:15 --------- d-----w c:\program files\GetRight
2009-01-03 17:15 --------- d-----w c:\program files\Free Music Zilla
2009-01-03 16:44 --------- d-----w c:\program files\CCleaner
2009-01-03 14:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-18 23:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\LimeWire
2008-12-17 21:31 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
2008-12-08 22:59 --------- d-----w c:\program files\AVS4YOU
2008-12-08 22:41 --------- d-----w c:\program files\Movies2iPhone
2008-12-08 21:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-04 23:28 --------- d-----w c:\program files\Quark
2008-12-04 21:47 --------- d-----w c:\documents and settings\Administrateur\Application Data\Quark
2008-11-30 16:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\AdxEditorApp
2008-11-30 12:32 --------- d-----w c:\program files\Photopassion Pro
2008-11-30 12:31 --------- d-----w c:\program files\Fichiers communs\ActiveData
2008-11-27 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\OrbNetworks
2008-11-27 22:42 --------- d-----w c:\program files\Orb Networks
2008-11-25 23:19 --------- d-----w c:\program files\CDDiapoPro
2008-11-22 22:49 --------- d-----w c:\program files\iTunes
2008-11-22 22:49 --------- d-----w c:\program files\iPod
2008-11-22 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 22:48 --------- d-----w c:\program files\Bonjour
2008-11-22 22:47 --------- d-----w c:\program files\QuickTime
2008-11-22 22:45 --------- d-----w c:\program files\Apple Software Update
2008-11-22 22:44 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-13 23:56 --------- d-----w c:\documents and settings\Administrateur\Application Data\ZoomBrowser EX
2008-11-13 23:11 --------- d-----w c:\documents and settings\Administrateur\Application Data\CameraWindowDC
2008-11-13 22:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\Canon
2008-11-13 22:52 --------- d-----w c:\program files\Canon
2008-11-13 22:50 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-11-04 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-26 14:00 325,884 ----a-w c:\windows\taskmg.exe
2007-04-16 21:28 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
2006-12-26 17:28 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-06-19 09:16 118,784 ----a-w c:\program files\mozilla firefox\plugins\MyCamera.dll
2008-04-07 08:02 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 08:02 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 08:02 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 08:02 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 08:02 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-12-26 18:00 32 --sha-w c:\windows\{B321D59D-40BC-4B9E-A47A-5B10939C071D}.dat
2006-12-26 18:00 32 --sha-w c:\windows\{E0C5E4C3-982C-4985-8BD1-489D062410B0}.dat
2006-12-26 18:00 32 --sha-w c:\windows\system32\{47BF20AC-5BEA-4F86-8E84-FCFAEB1FFFEA}.dat
2006-12-26 18:00 32 --sha-w c:\windows\system32\{CAD84CB6-CF93-4F50-AC0E-01EC386C9865}.dat
2008-09-09 21:34 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-09-09 21:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-07-16 20:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007071620070717\index.dat
2008-09-09 21:34 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"OrangePlayer"="c:\program files\orange\player orange\Orange Player.exe" [2007-07-06 45056]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"Orb"="c:\program files\Orb Networks\Orb\bin\OrbTray.exe" [2008-05-14 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-09-22 817976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
FMZilla.lnk - c:\program files\Free Music Zilla\FMZilla.exe [2008-05-01 626688]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
GetRight - Tray Icon.lnk - c:\program files\GetRight\getright.exe [2008-11-10 3248128]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2008-07-11 954368]
Suitcase Startup.lnk - c:\program files\Extensis\Suitcase 9.2\Suitcase.exe [2008-12-08 3379200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
2003-11-07 17:24 61440 c:\program files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS\[u]0/ulsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\UBISOFT\\SCRABBLE® Interactif EDITION 2007\\Scrabble2007.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"=
"c:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Documents and Settings\\Administrateur\\Mes documents\\installer-38284-845-Open-Office-complet-en-francais-French.exe"=
"c:\\Documents and Settings\\Administrateur\\Mes documents\\open office\\installer-38284-845-Open-Office-complet-en-francais-French.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\Program Files\\TribalWeb\\tribalweb.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ProgDVBjanvier2008\\ProgDvbNet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"c:\\Program Files\\DMV\\MaxTV\\MaxTV.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2005-07-20 24320]
R0 Pnp649r;CMD IDE Raid Controller;c:\windows\system32\DRIVERS\pnp649r.sys [2006-12-27 66889]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.sys [2005-11-07 209152]
R2 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [2006-12-07 32768]
R2 PDIHWCTL;PDIHWCTL;\??\c:\windows\system32\drivers\pdihwctl.sys [2008-07-11 14416]
R3 SAA7146n;TT DVB-PCI driver (SAA7146n);c:\windows\system32\DRIVERS\saa7146n.sys [2006-12-26 65840]
R3 TTLOOPHE;Virtual DVB-S/-C/-T Network Adapter Driver;c:\windows\system32\DRIVERS\ttloophe.sys [2006-12-26 39284]
S3 hideproc;hideproc;\??\c:\windows\system32\Drivers\hideproc.sys []
S3 i1;i1 Pro;c:\windows\system32\Drivers\i1.sys [2008-07-11 26045]
S3 i1display;i1 Display;c:\windows\system32\Drivers\i1display.sys [2008-07-11 44344]
S3 zebrbus;Sony Ericsson Composite Device driver;c:\windows\system32\DRIVERS\zebrbus.sys [2007-01-15 66656]
S3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);c:\windows\system32\DRIVERS\zebrceb.sys [2007-01-15 53408]
S3 zebrmdfl;Sony Ericsson Modem Filter;c:\windows\system32\DRIVERS\zebrmdfl.sys [2007-01-15 9264]
S3 zebrmdm;Sony Ericsson Port (WDM);c:\windows\system32\DRIVERS\zebrmdm.sys [2007-01-15 100640]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);c:\windows\system32\DRIVERS\zebrmdmc.sys [2007-01-15 100672]
S3 zebrsce;Sony Ericsson PC-Connect Port;c:\windows\system32\DRIVERS\zebrsce.sys [2007-01-15 84960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{083c1fe0-7f67-11dd-9014-00030d000001}]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70f46e04-96a0-11db-9378-806d6172696f}]
\Shell\AutoRun\command - G:\ShellExe.exe "Diaporama.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd5fb7ce-979f-11dc-8e26-806d6172696f}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{59CA991A-D8BE-3864-C986-F44114F45C55}]
c:\windows\system32\windot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{88B6B569-116C-520A-8577-2FD0A5F28888}]
c:\windows\system32\pkguard32.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{E4A0165A-AE85-4B16-9E62-C973313407A5} - (no file)
ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ShellExecuteHooks-{93994DE8-8239-4655-B1D1-5F4E91300429} - d:\progra~1\DVDREG~1\DVDREG~1\DVDShell.dll
Notify-pmnNedBT - pmnNedBT.dll
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.wanadoo.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
c:\windows\Downloaded Program Files\CNIMGUP_01_210102F.inf
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 18:15:26
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5256D28E-C5FF-3D98-DEB1-89B98808417B}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"paoicckemfnkmoanjmegnfjfhamplbfi"=hex:61,61,00,00

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CB387080-23F6-C385-BA7D-D4D39AA1A4CC}*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"padgcbkafohnmphfmehlmobjemflddih"=hex:61,62,67,6e,62,61,63,63,65,67,6d,6b,6d,\
66,61,6f,67,6e,6d,69,6e,68,6f,61,68,68,6d,70,67,65,63,66,70,6f,00,00

[HKEY_USERS\Administrator\Software\YourCompanyName\YourProductName\Version*NULL*]
"VersionData"=hex:9b,02,a6,a7,ad,b8,a1,6f,4e,11,c9,35,1c,75,21,75,b8,95,49,1e,\
ae,a3,a8,11,b2,bc,38,d1,89,81,23,b8,83,38,39,64,26,14,f5,75,a4,0b,c1,13,6f,\
27,b4,98,0e,78,d5,93,c8,dc,d4,df

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\DefaultPreset]
@DACL=(02 0000)
@="c:\\Program Files\\Adobe\\Premiere Pro\\Settings\\DV - PAL\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere\7.0\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_13_2_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\[u]0/u_0_0_0.html"
"Keyboard"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\1_4_15_0.html"
"Search"="c:\\Program Files\\Adobe\\Premiere Pro\\Help\\search.html"
"Support"="https://helpx.adobe.com/support/premiere-pro.html"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*NULL*Version]
"Version"=hex:19,e9,2c,dd,9a,8e,dc,30,ad,ce,19,99,bd,02,bc,9f,71,43,aa,b4,32,\
ab,7c,e8,80,d6,88,6f,66,54,87,40,d3,d1,68,7b,e7,65,ee,d3,62,27,dd,db,4d,bc,\
05,ee,6b,d8,9b,2e,47,7e,2c,e4,e2,84,b6,5e,da,1a,ce,af,d4,9e,c2,d9,11,dd,5e,\
63,d7,cf,fa,6d,8b,2b,a2,43,c9,23,b3,af,6e,6b,e2,6d,c6,04,5b,ac,a8,f6,78,fc,\
66,cf,4f,6a,e3,47,4c,0c,98,a3,db,da,2b,ca,b0,2b,14,62,9b,03,58,15,8a,05,48,\
43,d6,11,05,bc,09,14,32,39,3c,0c,df,3f,c3,57,0e,2b,9b,19,91,f6,65,ca,40,e0,\
9d,5d,e8,4f,73,ec,69,59,17,01,d3,f8,01,3a,9f,86,2b,e6,c1,49,41,ab,d6,e8,57,\
a5,97,08,30,bf,a2,de,67,ec,5e,c0,2a,8b,5c,83,5e,29,17,b4,50,b9,df,ba,25,49,\
6e,98,97,0d,b7,71,44,73,3b,41,c7,4d,e1,0f,c3,b3,2c,46,dc,cd,98,1f,d0,71,71,\
9a,6d,b9,56,af,08,25,66,c2,50,5d,a0,c9,01,60,47,95,1f,16,d0,cf,2d,98,ed,81,\
5a,c9,34,b6,20,c6,6d,e0,18,e9,1e,00,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*NULL*]
"OODEFRAG10.00.00.01WORKSTATION"="BA1DE6A9E98EB853CC12CF339C28E818A2289C8EF06B7A62FD45A8857A4E8608F2DC700F118531D21110C4AD3D4AE4C08D0B161E2E6624208EC7C84D4A1966EBF88F9AAAC4470805D0579CC14B7644B5B3643428BDA44B054F4B38387A6359DC01B18FA0BACC6BFE6E69713E773E76C73D5AA3C8E86D3FBF52B953500FC8AF09A6927D88CDA6CC0CAB1D64E794C32EFD37E713911B9994350BD3FB12AB7700D069D794EB7D7863A7AF1A14F61C42E392125CB7086716237C552D16F01CAFA147297A0CCBEBF7A9058661AB972983D175FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555C038D530D6EB34528EDD5E5BE2F6E66714360310AB65D79BC8BD8FE42305B74A36CD68E854F3CDBAC7125C514F6B22B5F5156163C359EF7B2B9F8E132D60A6C3B55AA56908A57396CC4BA2C91FF8646A9E99E6F8E5BB969F75AB72F964A770406D0B20B9AE5DF5952E1E0910F1C4248E473463090D3DDC710CD6F5FD3C21E9648778298A55110D3B026B93C00D9A95228FA8A5BBD6201810B36A5EF74D24AA0C16131480AB512E3D4166C46F5ADDB2D87991053308BBE4CA1A85F133531D0C448C1DB6B588BC958AC995A4A0E783389BEA5ADB0285FB2028CC197BEFAD8CADD1442D6FB66288443F5C56C24EE8982888AEC385AC5CDFECE2C06A49E2608574A8F8AD1C83D880FEB19ED72C6730B8C5ED73636631B8FAAE66CC15ACB214B105764ADDA113A900CC679B9DF8CDB9971CD24C2262FD70F29255AB847EFC93CCCC173E50664DBC78F81CBD7F3ED6247B786CADBA637479058585FDFB19CF50A7781EBCECD68E996F9641D72A1C4D2F3E6AA97341D6ECED7F397F461059315C26FDD1916D62296D7EF7F7A01C31EEC2CE48AB5C97AE320D46A4816CAC2497F0BF92ADEDE07CE188D134192FA922EDE7ADAA4488F76104B94F82FBBB8D5E70E982B15F65291DF0E0ACA93003FA18EF4C72EEFD81ED6794FA28CE96E246F39AC50D1CC8F0FDBF830E6276FBFB8AC08E41C7B595AE5C3F8A7BED4E2976BA526A2A94D101EC6AE4BBCDDC80705FAACAD93E6B65F961F5E9818AD40542EDA4ECA85E611D5399CC0F2D011A6F36587C6C515C30A6514AC56D881B243EA123143B90CD4E863D1CD7C6E12CAAAE27F2F8DC6DD9FAE5F27F26D3A243B7883FD6E93652894DDFF17B1216577934EED2A0EBD99618C7D46C7C48A946BFFCB4432C5ADD91C3633AD724568EFCB36F247D37F4A4AA1DA3687D1FB280DF6D79D98A2A70B367D626EC09E8D3C2B94EA9879E6F8780FB14315A1BA9BD6F4DD0435128BC0ABF5E3C431454FB8DCA645BC414E167EBB551C826A6EC42148F610F85B9E132D88AF794FB0F3D755AC2CB16360A27A0BD9264ADCE10D0"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*NULL*Version]
"Version"=hex:19,e9,2c,dd,9a,8e,dc,30,ad,ce,19,99,bd,02,bc,9f,71,43,aa,b4,32,\
ab,7c,e8,80,d6,88,6f,66,54,87,40,d3,d1,68,7b,e7,65,ee,d3,62,27,dd,db,4d,bc,\
05,ee,6b,d8,9b,2e,47,7e,2c,e4,e2,84,b6,5e,da,1a,ce,af,d4,9e,c2,d9,11,dd,5e,\
63,d7,cf,fa,6d,8b,2b,a2,43,c9,23,b3,af,6e,6b,e2,6d,c6,04,5b,ac,a8,f6,78,fc,\
66,cf,4f,6a,e3,47,4c,0c,98,a3,db,da,2b,ca,b0,2b,14,62,9b,03,58,15,8a,05,48,\
43,d6,11,05,bc,09,14,32,39,3c,0c,df,3f,c3,57,0e,2b,9b,19,91,f6,65,ca,40,e0,\
9d,5d,e8,4f,73,ec,69,59,17,01,d3,f8,01,3a,9f,86,2b,e6,c1,49,41,ab,d6,e8,57,\
a5,97,08,30,bf,a2,de,67,ec,5e,c0,2a,8b,5c,83,5e,29,17,b4,50,b9,df,ba,25,49,\
6e,98,97,0d,b7,71,44,73,3b,41,c7,4d,e1,0f,c3,b3,2c,46,dc,cd,98,1f,d0,71,71,\
9a,6d,b9,56,af,08,25,66,c2,50,5d,a0,c9,01,60,47,95,1f,16,d0,cf,2d,98,ed,81,\
5a,c9,34,b6,20,c6,6d,e0,18,e9,1e,00,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\program files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
c:\pvsw\Bin\w3dbsmgr.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\system32\PDFCreatorMessages.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Orb Networks\Orb\bin\Orb.exe
.
**************************************************************************
.
Heure de fin: 2009-01-03 18:23:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-03 17:23:10

Avant-CF: 86 511 370 240 octets libres
Après-CF: 86,527,647,744 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

352 --- E O F --- 2009-01-03 14:04:40
0
Réponse 28 / 67
Utilisateur anonyme
3 janv. 2009 à 18:23
bonsoir ,

Mon pare-feu remarche !

c est cool ,

V-X puis je parcipé a la discussion si besoin est ?

++
0
Réponse 29 / 67
Utilisateur anonyme
3 janv. 2009 à 18:24
Re,

V-X puis je parcipé a la discussion si besoin est ?

Comme PCA et chimay pas de problème.
0
Réponse 30 / 67
Utilisateur anonyme
3 janv. 2009 à 18:24
MERCI

++

BONNE SUITE
0
Réponse 31 / 67
Utilisateur anonyme
3 janv. 2009 à 18:27
Re,

@lilibiscuit:

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 32 / 67
lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 18:28
Log.txt :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-01-03 18:28:26
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 83 GB (27%) free of 305 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:30, on 03/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\orange\player orange\Orange Player.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FMZilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://photosgalerie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.agelia.com/consulter/XUpload.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 33 / 67
lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 18:28
Log.txt :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-01-03 18:28:26
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 83 GB (27%) free of 305 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:30, on 03/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\orange\player orange\Orange Player.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: FMZilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://photosgalerie.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/l2/bin/cortvrml.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - http://www.cig.canon-europe.com/ph/fr_FR/st/download/ddup/CNIMGUP_01_210102F.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.agelia.com/consulter/XUpload.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDFCreatorMessages - Global Graphics Software Ltd - C:\WINDOWS\system32\PDFCreatorMessages.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShow\ScsiAccess.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 34 / 67
Utilisateur anonyme
3 janv. 2009 à 18:31
Re,

▶ Télécharge UsbFix (de Chiquitine29) sur ton Bureau :

▶ Lance l'installation avec les paramètres par défaut.

▶ Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

▶ Double-clique sur le raccourci UsbFix sur ton Bureau.

Choisit l'option 1

▶ Le PC va redémarrer.

▶ Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Ensuite tu fait un scan complet aprés sa mise à jour de malwarebyte.
0
Réponse 35 / 67
Utilisateur anonyme
3 janv. 2009 à 18:32
Re,


Voit le poste n°37
0
Réponse 36 / 67
lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 19:14
-------------- UsbFix V2.413.8 ---------------

* User : Administrateur - PAPA
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:12:26 le 03/01/2009
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[26/12/2006 23:25][--a------] C:\AUTOEXEC.BAT
[02/03/2006 13:00][-rahs----] C:\NTDETECT.COM
[26/03/2004 18:40][--a------] C:\Crack.exe
[26/03/2004 18:40][--a------] C:\DXSETUP.exe
[26/03/2004 18:40][--a------] C:\fileisworng.exe
[26/03/2004 18:40][--a------] C:\hassdihhckh3.exe
[26/03/2004 18:40][--a------] C:\newwinupdate.exe
[26/03/2004 18:40][--a------] C:\newwiupdate.exe
[26/03/2004 18:40][--a------] C:\rayv_abweb.exe
[26/03/2004 18:40][--a------] C:\win.exe
[26/03/2004 18:40][--a------] C:\windor.exe
[26/03/2004 18:40][--a------] C:\winupdate.exe
[26/03/2004 18:40][--a------] C:\zippo.exe
[03/01/2009 18:02][-rahs----] C:\boot.ini
[03/01/2009 18:02][-rahs----] C:\Main.ini
[03/01/2009 18:02][-rahs----] C:\ProgDVB.ini
[03/01/2009 18:23][--a------] C:\ComboFix.txt
[03/01/2009 18:23][--a------] C:\FindyKill.txt
[03/01/2009 18:23][--a------] C:\LogBDATuner.txt
[03/01/2009 18:23][--a------] C:\mpeg.txt
[03/01/2009 18:23][--a------] C:\SIGNATURES.txt
[03/01/2009 18:23][--a------] C:\UsbFix.txt
[26/12/2006 23:25][--a------] C:\CONFIG.SYS
[26/12/2006 23:25][--a------] C:\IO.SYS
[26/12/2006 23:25][--a------] C:\MSDOS.SYS
[26/12/2006 23:25][--a------] C:\pagefile.sys

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
mRouterConfig="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
OrangePlayer=c:\program files\orange\player orange\Orange Player.exe /systray
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
TomTomHOME.exe="C:\Program Files\TomTom HOME 2\HOMERunner.exe"
Orb="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IntelliPoint="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{083c1fe0-7f67-11dd-9014-00030d000001}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70f46e04-96a0-11db-9378-806d6172696f}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd5fb7ce-979f-11dc-8e26-806d6172696f}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [02/08/2008 22:26][---hs----] C:\THUMBS.DB

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[26/12/2006 23:25][--a------] C:\AUTOEXEC.BAT
[02/03/2006 13:00][-rahs----] C:\NTDETECT.COM
[26/03/2004 18:40][--a------] C:\Crack.exe
[26/03/2004 18:40][--a------] C:\DXSETUP.exe
[26/03/2004 18:40][--a------] C:\fileisworng.exe
[26/03/2004 18:40][--a------] C:\hassdihhckh3.exe
[26/03/2004 18:40][--a------] C:\newwinupdate.exe
[26/03/2004 18:40][--a------] C:\newwiupdate.exe
[26/03/2004 18:40][--a------] C:\rayv_abweb.exe
[26/03/2004 18:40][--a------] C:\win.exe
[26/03/2004 18:40][--a------] C:\windor.exe
[26/03/2004 18:40][--a------] C:\winupdate.exe
[26/03/2004 18:40][--a------] C:\zippo.exe
[03/01/2009 18:02][-rahs----] C:\boot.ini
[03/01/2009 18:02][-rahs----] C:\Main.ini
[03/01/2009 18:02][-rahs----] C:\ProgDVB.ini

--------------- ! Fin du rapport ! ----------------
0
Réponse 37 / 67
Utilisateur anonyme
3 janv. 2009 à 19:18
Re,

OK.

Fait un scan complet avec malwarebyte.

Fait la mise à jour avant.
0
Réponse 38 / 67
lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 19:26
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1602
Windows 5.1.2600 Service Pack 2

03/01/2009 19:27:27
mbam-log-2009-01-03 (19-27-27).txt

Type de recherche: Examen rapide
Eléments examinés: 58608
Temps écoulé: 5 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
0
Réponse 39 / 67
lilibiscuit Messages postés 50 Date d'inscription dimanche 9 mars 2008 Statut Membre Dernière intervention 9 juin 2013
3 janv. 2009 à 19:28
Oups, jnai fait qu'un examen rapide, j'en refais un complet ?
0
Réponse 40 / 67
Utilisateur anonyme
3 janv. 2009 à 19:28
Re,

Un complet STP.

Ensuite tu feras sa:

▶ Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours/!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses