Analyse findykill suite infection bagle
roudoudou
-
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
merci de me dire si mon pc est encore infecter apres nettoyage par findykill suite a infection bagle
----------------- FindyKill V4.711 ------------------
* User : HP_Propri‚taire - ANNICK
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 22:42:53 the 11/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\143593.EXE-15E4DE8F.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-2E16D772.pf
»»»» Supression files in C:\WINDOWS\system32
Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
»»»» Supression files in C:\WINDOWS\system32\drivers
»»»» Supression files in C:\Documents and Settings\HP_Propri‚taire\Application Data
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\.Net VisualPaseo Freeware 6.1.0.9.0.68.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\2001
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\@PROMT French-Russian Express Translator 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ABC Amber Text Converter 5.06.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Absolute Video Converter 3.30.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Active NTFS Reader for DOS 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Add Bookmark Here 2 3.0.20081031.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Alea Address Book 2.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Amazon MP3 Search 1.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Arabs Radio Toolbar 1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ASP Calendar 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ATCalc 3.1.8.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Auslogics System Information 1.2.16.230.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Auto Monitor 1.1.3.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Automated Domain Inspiration 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Avast.Antivirus.4.6.Profesional.spanish-espaÇñol.+.keygen.por.TuNeM.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Beautiful Snow Demo Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Best MP3 WAV Converter 1.00.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Bid-n-Invoice Basic Invoice 2.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Biorhythm Expert 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Black 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\BMP EMF Grapher 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Box Option Spread Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\BW-Plus 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Chameleon Flash 1.10.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ClickFix Lite for Adobe Audition 3.02a.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Comic Hi-FI 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Convert PSD to JPG Software 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\CRACK NORTON ANTIVIRUS 2005(1).zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Crimson Skies Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Cubic Ruler 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Customized Windows Logon 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\CyberLink MediaShow 4.0.1617.6618.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Daniusoft WMA MP3 Converter 2.3.0.23.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Data Tracker for Figurines 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\dedupeIT 1.06.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Dipstick 3.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Disney Movies Screensaver.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Domain Finder Tools 2.07626.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\DSSF Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EarMuffs 0.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EMCO OS License Modifier 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Enchanted Toolbar 2.00.0003.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EZ WebShow 2.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EzMagnifier 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Fast Email Verifier Pro 2.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Firesizer 0.54.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Harmony In My Ears toolbar for Firefox 1.5.0.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\HaroldSearchNetworks for IE 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Haxial Calculator 1.2 Beta 1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\HDOB 1.01.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Healthy Life Cookbook 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Hixus Scrollbar Designer 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Homemade Facial Moisturizers 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\iOrgSoft WAV Converter 1.6.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Kalimages Basic 1.0.17.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Kaspersky.Internet.Security.6.0.1.402.all.Windows.and.Server2K3.version.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\KeyState 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Label Flow - Label Maker Software 3.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\LingvoSoft Suite 2008 English - Albanian 2.1.28.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Log Paper 1.04.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Lokad Safety Stock Calculator 1.5.1171.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\LucidLink Wireless LAN Security 2.22.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Mail Server Pro 3.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Mailing List Studio 3.13.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ManageEngine ServiceDesk Plus 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\McAfee.Total.Protection.2007.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MediaJoin 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Micron iPod Data Recovery 4.8.3.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MONOGRAM Frame Grabber 1.0.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MP3 CD Burn Magic 7.4.0.10.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MPI.NET Runtime 1.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\n80 n72 6600 Ngage.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\NetFloor Live! 2.0.0.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Nod32.v2.12.3.Win.95.98.Me.Espa‡û¸Ol.Spanish.Comercial.Profesional.Monousuario.By.Freeman.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\nod32_2_70_final.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\OGS Notifier 0.18.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\One-Click Opener 0.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Oxygen Plan Library 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Oxygen SimpleUp 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PANDA_TITANIUM_2005.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PCLoupe 1.0.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Photonizer 2005 1.13.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PopScan 4.63.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Print Expander 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PSTCompactor (Professional Edition) 2.5.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Quick Recovery for Microsoft Access 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Rapla 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\RealMedia Muxer 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Report Forge 3.0.11.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ResumeGrabber Standard 2008 5.0.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\SavantFTP 2.1.2.28.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Schedule Password Recovery Key 8.0 build 2514.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ServiceUtility 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Simple Unit Tab Editor 1.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Snipperoo 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\SocketWatch 3.5b.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Spring Dream 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Sprintometer 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\StartupPlus WOL 2.0 Build 118.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Surf Icons.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Swift POS 5.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Symantec.AntiVirus.Corporate.v9.0.1.1000.FULL.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\symantec.pcanywhere.11.0_german_retail_win_all_[ccb].zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\TheDatabaser 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Time Gain 1.5.0720.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Totwise 2.0.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\txt2pdf 9.7.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\UniversalHDTV 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\UniView 1.65.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Vista Caller-ID 1.0.7 Beta.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ViviClip Pre-Wash DV Basic 1.00.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\VTC Player 1.11.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\W32.Welchia.Worm Removal Tool 1.06.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WBIAS 0.81.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Widget World Cup 1.6.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Win Mp3 Merge App 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Win PC Adress Book 3.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WinContig 0.80.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WinKiller 3 3.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WMon 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WordBanker English-Swedish 6.4.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\XenoCrawler Beta 1.0 Build 3223.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\xTang 1.5.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Yahoo Satellite Maps Downloader 4.18.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\YIPI 2.0 beta.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\_Lizenzschlussel.zip
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\drivers"
»»»» Supression files in C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\bisoft
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\DateTime4
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
»»»» Supression files in C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0465HI7K\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0Y9KF0PT\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3M6P072I\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3M6P072I\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\4M2ERXRA\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\6I3BFS2J\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\7XPSD1FS\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\945CPJY7\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\945CPJY7\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\95O6V1G3\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B9B0WKXT\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B9B0WKXT\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DMQ07ARH\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DMQ07ARH\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64[2].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\F7EVWZ0M\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SJ0WJRYH\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\VWB2DRJJ\file[1].txt
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\MuleAppData
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixeD: - Lecteur fixe
+- deleting files :
Deleted ! - D:\autorun.inf
Deleted ! - D:\info.exe
--------------- [ Registry / Mountpoint2 ] ----------------
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e117e0b-6de7-11dc-9fe6-00112f76ba3d}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a534d0a2-a272-11dd-9c8e-00112f76ba3d}\Shell\AutoRun\command
--------------- [ Searching Other Infections ] ----------------
Références de comparaison Bagle MD5 :
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Suspect ! - f5a3e4b4bcf683ebfd3948acfdee3ed2 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1353\A0262699.exe
Suspect ! - a8440f007fb29127b649917f55a7defe C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1379\A0265052.exe
Suspect ! - 64f497dace34ea0c38569c4c0549fe03 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1409\A0266625.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1437\A0269232.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273437.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273488.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273489.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273497.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273499.exe
Suspect ! - 9c498d9305a5014caf113709499e093a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273501.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273521.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273547.exe
--------------- [ Searching Cracks / Keygen ] ----------------
C:\Documents and Settings\HP_Propri‚taire\Bureau\int‚grales artistes\Jacques Dutronc\Crack Boum Hue.MP3
C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\IM\Animation\firecracker.ima
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert.zip
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Sony.Sound.Forge.7.0 + KeyGen + MP3.Plugin.2.0 + Patch.FR.zip
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Easy Cd-Da Extractor Professional v10.0.2.1 Multilangages Incl-Crack.rar
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Armadillo.dll
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Consignes.txt
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\ezcddax.exe
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT.ISO
C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen
C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen\keygen.exe
---------------- ! End of report ! ------------------
merci de me dire si mon pc est encore infecter apres nettoyage par findykill suite a infection bagle
----------------- FindyKill V4.711 ------------------
* User : HP_Propri‚taire - ANNICK
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 22:42:53 the 11/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\143593.EXE-15E4DE8F.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-2E16D772.pf
»»»» Supression files in C:\WINDOWS\system32
Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
»»»» Supression files in C:\WINDOWS\system32\drivers
»»»» Supression files in C:\Documents and Settings\HP_Propri‚taire\Application Data
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\.Net VisualPaseo Freeware 6.1.0.9.0.68.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\2001
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\@PROMT French-Russian Express Translator 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ABC Amber Text Converter 5.06.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Absolute Video Converter 3.30.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Active NTFS Reader for DOS 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Add Bookmark Here 2 3.0.20081031.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Alea Address Book 2.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Amazon MP3 Search 1.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Arabs Radio Toolbar 1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ASP Calendar 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ATCalc 3.1.8.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Auslogics System Information 1.2.16.230.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Auto Monitor 1.1.3.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Automated Domain Inspiration 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Avast.Antivirus.4.6.Profesional.spanish-espaÇñol.+.keygen.por.TuNeM.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Beautiful Snow Demo Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Best MP3 WAV Converter 1.00.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Bid-n-Invoice Basic Invoice 2.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Biorhythm Expert 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Black 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\BMP EMF Grapher 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Box Option Spread Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\BW-Plus 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Chameleon Flash 1.10.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ClickFix Lite for Adobe Audition 3.02a.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Comic Hi-FI 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Convert PSD to JPG Software 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\CRACK NORTON ANTIVIRUS 2005(1).zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Crimson Skies Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Cubic Ruler 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Customized Windows Logon 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\CyberLink MediaShow 4.0.1617.6618.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Daniusoft WMA MP3 Converter 2.3.0.23.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Data Tracker for Figurines 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\dedupeIT 1.06.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Dipstick 3.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Disney Movies Screensaver.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Domain Finder Tools 2.07626.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\DSSF Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EarMuffs 0.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EMCO OS License Modifier 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Enchanted Toolbar 2.00.0003.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EZ WebShow 2.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EzMagnifier 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Fast Email Verifier Pro 2.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Firesizer 0.54.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Harmony In My Ears toolbar for Firefox 1.5.0.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\HaroldSearchNetworks for IE 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Haxial Calculator 1.2 Beta 1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\HDOB 1.01.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Healthy Life Cookbook 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Hixus Scrollbar Designer 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Homemade Facial Moisturizers 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\iOrgSoft WAV Converter 1.6.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Kalimages Basic 1.0.17.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Kaspersky.Internet.Security.6.0.1.402.all.Windows.and.Server2K3.version.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\KeyState 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Label Flow - Label Maker Software 3.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\LingvoSoft Suite 2008 English - Albanian 2.1.28.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Log Paper 1.04.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Lokad Safety Stock Calculator 1.5.1171.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\LucidLink Wireless LAN Security 2.22.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Mail Server Pro 3.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Mailing List Studio 3.13.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ManageEngine ServiceDesk Plus 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\McAfee.Total.Protection.2007.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MediaJoin 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Micron iPod Data Recovery 4.8.3.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MONOGRAM Frame Grabber 1.0.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MP3 CD Burn Magic 7.4.0.10.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MPI.NET Runtime 1.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\n80 n72 6600 Ngage.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\NetFloor Live! 2.0.0.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Nod32.v2.12.3.Win.95.98.Me.Espa‡û¸Ol.Spanish.Comercial.Profesional.Monousuario.By.Freeman.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\nod32_2_70_final.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\OGS Notifier 0.18.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\One-Click Opener 0.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Oxygen Plan Library 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Oxygen SimpleUp 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PANDA_TITANIUM_2005.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PCLoupe 1.0.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Photonizer 2005 1.13.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PopScan 4.63.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Print Expander 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PSTCompactor (Professional Edition) 2.5.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Quick Recovery for Microsoft Access 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Rapla 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\RealMedia Muxer 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Report Forge 3.0.11.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ResumeGrabber Standard 2008 5.0.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\SavantFTP 2.1.2.28.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Schedule Password Recovery Key 8.0 build 2514.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ServiceUtility 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Simple Unit Tab Editor 1.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Snipperoo 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\SocketWatch 3.5b.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Spring Dream 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Sprintometer 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\StartupPlus WOL 2.0 Build 118.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Surf Icons.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Swift POS 5.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Symantec.AntiVirus.Corporate.v9.0.1.1000.FULL.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\symantec.pcanywhere.11.0_german_retail_win_all_[ccb].zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\TheDatabaser 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Time Gain 1.5.0720.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Totwise 2.0.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\txt2pdf 9.7.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\UniversalHDTV 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\UniView 1.65.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Vista Caller-ID 1.0.7 Beta.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ViviClip Pre-Wash DV Basic 1.00.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\VTC Player 1.11.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\W32.Welchia.Worm Removal Tool 1.06.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WBIAS 0.81.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Widget World Cup 1.6.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Win Mp3 Merge App 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Win PC Adress Book 3.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WinContig 0.80.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WinKiller 3 3.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WMon 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WordBanker English-Swedish 6.4.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\XenoCrawler Beta 1.0 Build 3223.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\xTang 1.5.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Yahoo Satellite Maps Downloader 4.18.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\YIPI 2.0 beta.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\_Lizenzschlussel.zip
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\drivers"
»»»» Supression files in C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\bisoft
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\DateTime4
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
»»»» Supression files in C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0465HI7K\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0Y9KF0PT\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3M6P072I\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3M6P072I\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\4M2ERXRA\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\6I3BFS2J\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\7XPSD1FS\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\945CPJY7\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\945CPJY7\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\95O6V1G3\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B9B0WKXT\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B9B0WKXT\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DMQ07ARH\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DMQ07ARH\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64[2].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\F7EVWZ0M\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SJ0WJRYH\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\VWB2DRJJ\file[1].txt
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\MuleAppData
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixeD: - Lecteur fixe
+- deleting files :
Deleted ! - D:\autorun.inf
Deleted ! - D:\info.exe
--------------- [ Registry / Mountpoint2 ] ----------------
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e117e0b-6de7-11dc-9fe6-00112f76ba3d}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a534d0a2-a272-11dd-9c8e-00112f76ba3d}\Shell\AutoRun\command
--------------- [ Searching Other Infections ] ----------------
Références de comparaison Bagle MD5 :
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Suspect ! - f5a3e4b4bcf683ebfd3948acfdee3ed2 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1353\A0262699.exe
Suspect ! - a8440f007fb29127b649917f55a7defe C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1379\A0265052.exe
Suspect ! - 64f497dace34ea0c38569c4c0549fe03 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1409\A0266625.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1437\A0269232.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273437.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273488.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273489.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273497.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273499.exe
Suspect ! - 9c498d9305a5014caf113709499e093a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273501.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273521.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273547.exe
--------------- [ Searching Cracks / Keygen ] ----------------
C:\Documents and Settings\HP_Propri‚taire\Bureau\int‚grales artistes\Jacques Dutronc\Crack Boum Hue.MP3
C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\IM\Animation\firecracker.ima
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert.zip
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Sony.Sound.Forge.7.0 + KeyGen + MP3.Plugin.2.0 + Patch.FR.zip
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Easy Cd-Da Extractor Professional v10.0.2.1 Multilangages Incl-Crack.rar
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Armadillo.dll
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Consignes.txt
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\ezcddax.exe
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT.ISO
C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen
C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen\keygen.exe
---------------- ! End of report ! ------------------
A voir également:
- Analyse findykill suite infection bagle
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Analyse et réparation disque dur externe - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
4 réponses
Bonjour
Pour que Pimprenelle puisse t'aider correctement, commence par supprimer tous les cracks.
Un crack est un keygen ou une clé illégale permettant d'activer un logiciel payant.
Beaucoup d'infections de type Bagle sont véhiculées par les cracks
Pour que Pimprenelle puisse t'aider correctement, commence par supprimer tous les cracks.
Un crack est un keygen ou une clé illégale permettant d'activer un logiciel payant.
Beaucoup d'infections de type Bagle sont véhiculées par les cracks
Télécharge le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
bonjour
comme tu me l'a conseillé, je t'envoie le rapport hjackthis pour une nouvelle analyse.
merci encore de mettre vos compétenses à notre service et de tous vos conseils . bon courage
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:32, on 13/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application
Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers
communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Adobe\Adobe Version
Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\TMController.exe
C:\Program Files\DVBT Application\Schedule_d.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and Settings\HP_Propriétaire\Mes
documents\Memturbo\memturbo.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone
Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
=
https://www8.hp.com/fr/fr/home.html
4&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www8.hp.com/fr/fr/home.html
404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://r.orange.fr/r/WGlistemsg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
= https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
https://www8.hp.com/fr/fr/home.html
404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Orange
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class -
{08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Share Accelerator MM Toolbar -
{4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program
Files\Share_Accelerator_MM\tbSha0.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class -
{EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program
Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 212.150.54.250 dv-networks.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers
communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer
- {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Share Accelerator MM Toolbar -
{4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program
Files\Share_Accelerator_MM\tbSha0.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no
file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890}
- C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers
communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\MSN
Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} -
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\MSN
Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Share Accelerator MM Toolbar -
{4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program
Files\Share_Accelerator_MM\tbSha0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer -
{EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program
Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Application Launcher.exe"
/startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers
communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers
communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe
Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers
communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program
Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TM Control] C:\WINDOWS\system32\TMController.exe
O4 - HKLM\..\Run: [Schedule_d] "C:\Program Files\DVBT
Application\Schedule_d.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program
Files\Panda Software\Panda Platinum 2005 Internet
Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program
Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program
Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
-hidden
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and
Settings\HP_Propriétaire\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and
Settings\HP_Propriétaire\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: MemTurbo.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messager Wanadoo -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo
Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo
Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan
Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)
- http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown
Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image
Uploader 3.5 Control) -
http://www.extrafilm.fr/import/ImageUploader3.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) -
http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.
cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class)
- http://assets.photobox.com/assets/activex/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.ca
b
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader
Control) -
http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUplo
ader.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags
Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program
Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program
Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL
Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) -
France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman
Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program
Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero
7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program
Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
comme tu me l'a conseillé, je t'envoie le rapport hjackthis pour une nouvelle analyse.
merci encore de mettre vos compétenses à notre service et de tous vos conseils . bon courage
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:32, on 13/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application
Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers
communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Adobe\Adobe Version
Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\TMController.exe
C:\Program Files\DVBT Application\Schedule_d.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and Settings\HP_Propriétaire\Mes
documents\Memturbo\memturbo.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone
Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
=
https://www8.hp.com/fr/fr/home.html
4&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www8.hp.com/fr/fr/home.html
404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://r.orange.fr/r/WGlistemsg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
= https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
https://www8.hp.com/fr/fr/home.html
404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant
=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Orange
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class -
{08C06D61-F1F3-4799-86F8-BE1A89362C85} -
C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Share Accelerator MM Toolbar -
{4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program
Files\Share_Accelerator_MM\tbSha0.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class -
{EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program
Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 212.150.54.250 dv-networks.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers
communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer
- {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Share Accelerator MM Toolbar -
{4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program
Files\Share_Accelerator_MM\tbSha0.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no
file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890}
- C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no
file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers
communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program
Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\MSN
Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} -
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\MSN
Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Share Accelerator MM Toolbar -
{4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program
Files\Share_Accelerator_MM\tbSha0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer -
{EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program
Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony
Ericsson\Mobile2\Application Launcher\Application Launcher.exe"
/startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers
communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers
communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe
Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers
communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program
Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TM Control] C:\WINDOWS\system32\TMController.exe
O4 - HKLM\..\Run: [Schedule_d] "C:\Program Files\DVBT
Application\Schedule_d.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program
Files\Panda Software\Panda Platinum 2005 Internet
Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program
Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program
Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
-hidden
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and
Settings\HP_Propriétaire\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and
Settings\HP_Propriétaire\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: MemTurbo.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messager Wanadoo -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo
Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo
Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan
Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)
- http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown
Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image
Uploader 3.5 Control) -
http://www.extrafilm.fr/import/ImageUploader3.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) -
http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.
cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class)
- http://assets.photobox.com/assets/activex/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.ca
b
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader
Control) -
http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUplo
ader.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags
Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program
Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program
Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL
Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) -
France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman
Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program
Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero
7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program
Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
bonjour à vous tous, oui tu est bien infectés tu peux faire l'option 2 de findykill et puis mettre un hijackthis comme demander et aussi faire comme dit marie virer tes cracks et keygens si tu ne sais pas ou les trouver je te mets la liste
--------------- [ Searching Cracks / Keygen ] ---------------- C:\Documents and Settings\HP_Propri‚taire\Bureau\int‚grales artistes\Jacques Dutronc\Crack Boum Hue.MP3 C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\IM\Animation\firecracker.ima C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert.zip C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Sony.Sound.Forge.7.0 + KeyGen + MP3.Plugin.2.0 + Patch.FR.zip C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Easy Cd-Da Extractor Professional v10.0.2.1 Multilangages Incl-Crack.rar C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Armadillo.dll C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Consignes.txt C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\ezcddax.exe C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT.ISO C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen\keygen.exe ---------------- ! End of report ! ------------------
Bonsoir
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
