Virus bagle

Benn -  
 Utilisateur anonyme -
Bonjour,

j'ai téléchargé avast anti virus et au démarrage le message suivant s'affiche: "x n'est pas une application win 32 valide

j'ai fait un scan avec findykill et voici le résultat

# User : Dominique Cavuoto (Administrateurs) # SONATA2
# Update on 19/04/09 by Chiquitine29
# Start at: 11:07:44 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 48,83 Go (19,5 Go free) [System] # NTFS
# D:\ # Disque fixe local # 100,22 Go (33,77 Go free) [Storage] # NTFS
# E:\ # Disque CD-ROM # 602,97 Mo (0 Mo free) [jediacad_1] # CDFS
# F:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\Dominique Cavuoto\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\winupgro.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dominique Cavuoto\Application Data\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Programs\eMule V0.48a\eMule\emule.exe
C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Processus infectieux stoppés ]

"C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\winupgro.exe" (736)
"C:\Documents and Settings\Dominique Cavuoto\Application Data\m\flec006.exe" (3984)
"C:\WINDOWS\system32\wintems.exe" (3508)

################## [ Infected File \ Folder ]

Found ! C:\WINDOWS\Prefetch\114390.EXE-39442C74.pf
Found ! C:\WINDOWS\Prefetch\121562.EXE-129E49DE.pf
Found ! C:\WINDOWS\Prefetch\124140.EXE-2E4F8026.pf
Found ! C:\WINDOWS\Prefetch\187640.EXE-1FF0CDAD.pf
Found ! C:\WINDOWS\Prefetch\198000.EXE-0D05BC14.pf
Found ! C:\WINDOWS\Prefetch\203359.EXE-336C0001.pf
Found ! C:\WINDOWS\Prefetch\235937.EXE-19FE7437.pf
Found ! C:\WINDOWS\Prefetch\243671.EXE-1D83EB38.pf
Found ! C:\WINDOWS\Prefetch\249484.EXE-14F12088.pf
Found ! C:\WINDOWS\Prefetch\255937.EXE-1AEB4B69.pf
Found ! C:\WINDOWS\Prefetch\256703.EXE-1C3C3878.pf
Found ! C:\WINDOWS\Prefetch\259953.EXE-216939D5.pf
Found ! C:\WINDOWS\Prefetch\264250.EXE-1866C2CB.pf
Found ! C:\WINDOWS\Prefetch\266937.EXE-07D7B335.pf
Found ! C:\WINDOWS\Prefetch\270187.EXE-20333056.pf
Found ! C:\WINDOWS\Prefetch\30212468.EXE-2C0E87B5.pf
Found ! C:\WINDOWS\Prefetch\30217750.EXE-319B8CEB.pf
Found ! C:\WINDOWS\Prefetch\30502828.EXE-07962190.pf
Found ! C:\WINDOWS\Prefetch\44980890.EXE-197BA65C.pf
Found ! C:\WINDOWS\Prefetch\45060312.EXE-1BE49762.pf
Found ! C:\WINDOWS\Prefetch\45170750.EXE-05B3C5D7.pf
Found ! C:\WINDOWS\Prefetch\45179593.EXE-37A0F9C3.pf
Found ! C:\WINDOWS\Prefetch\45189796.EXE-0336889F.pf
Found ! C:\WINDOWS\Prefetch\45436640.EXE-01456CE0.pf
Found ! C:\WINDOWS\Prefetch\463390.EXE-081E1BBC.pf
Found ! C:\WINDOWS\Prefetch\512875.EXE-0B053F82.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-29CBACE5.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Found ! C:\WINDOWS\Prefetch\PATCH.EXE-0F0A49FD.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\ban_list.txt
Found ! C:\WINDOWS\system32\drivers\down
Found ! C:\WINDOWS\system32\drivers\down\298953.exe
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\shared"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\srvlist.oct"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\downld"

################## [ Infected Temp Files ]

Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_1[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_1[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[4].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[5].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\ieps[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[4].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[5].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_2[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_2[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_6[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_6[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\mxd[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_1[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_6[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_6[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_2[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[4].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\file[1].txt
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\mxd[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\servernames[1].htm

################## [ Registre / Clés infectieuses ]

Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Local AppWizard-Generated Applications\install_patch
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\FFC
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\FirtR
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\MuleAppData
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Ubisoft
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

################## [ Recherche dans supports amovibles]

# Contenu de l'autorun : E:\autorun.inf

[autorun]
open=autorun.exe
icon=Install\JediAcademy.exe

# Recherche fichiers connus :

Found ! E:\autorun.inf

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.725 ! ]
Configuration: Windows XP
Firefox 3.0.8

5 réponses

  1. Utilisateur anonyme
     
    Hello

    ! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .

    * Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    * Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

    * Le pc va redémarrer automatiquement ...

    --> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

    * Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

    /!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide

    Aides en images ( Suppression ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_nettoyage.html

    ********************************************************************

    ● Télécharge DDS:

    Ici: https://download.bleepingcomputer.com/sUBs/dds.scr
    Ou la: https://forospyware.com

    de sUBs sur le bureau.

    (!) L'outil ne nécessite pas d'installation.

    Lances-le en cliquant sur l'icône dds.scr.

    Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg

    ● Le scan ne doit pas dépasser trois minutes.
    ● Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
    ● Il te sera demandé si tu veux faire le scan optionnel.
    Accepte par Oui

    ● Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
    Tu ne le fourniras que si nécessaire.
    Poste moi le rapport DDS.txt.

    ++
    0
  2. Benn
     
    voici le rapport

    DDS (Ver_09-03-16.01) - NTFSx86
    Run by Dominique Cavuoto at 12:48:36,68 on 21/04/2009
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.447.37 [GMT 2:00]

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AGI\common\win32\PythonService.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k eapsvcs
    C:\WINDOWS\explorer.exe
    D:\Programs\eMule V0.48a\eMule\emule.exe
    C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Dominique Cavuoto\Bureau\dds.pif

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://lo.st#home
    uSearch Bar = hxxp://search.msn.fr/spbasic.htm
    uInternet Connection Wizard,ShellNext = iexplore
    mSearchAssistant = about:blank
    uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {64F56FC1-1272-44CD-BA6E-39723696E350} - No File
    BHO: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\KiweeIEToolbar.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: NTIECatcher Class: {c56cb6b0-0d96-11d6-8c65-b2868b609932} - c:\program files\xi\nettransport 2\NTIEHelper.dll
    BHO: EoBHO Class: {c7b76b90-3455-4ae6-a752-eac4d19689e5} - c:\program files\eorezo\eoadv\EoRezoBHO.dll
    TB: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\KiweeIEToolbar.dll
    uRun: [msnmsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [PeerGuardian] d:\programs\peer guardian\peerguardian2\pg2.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
    uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
    mRun: [VTTimer] VTTimer.exe
    mRun: [S3Trayp] S3trayp.exe
    mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
    mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [EoEngine] "c:\program files\eorezo\EoEngine.exe"
    mRun: [SoftwareHelper] c:\documents and settings\dominique cavuoto\application data\eorezo\softwareupdate\SoftwareUpdateHP.exe
    mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: E&xport to Microsoft Excel - d:\programs\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2}
    IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\domini~1\applic~1\mozilla\firefox\profiles\3h2fjo45.default\
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - hxxp://lo.st#home
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
    FF - plugin: c:\documents and settings\dominique cavuoto\application data\mozilla\firefox\profiles\3h2fjo45.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: d:\programs\quick time\plugins\npqtplugin.dll
    FF - plugin: d:\programs\quick time\plugins\npqtplugin2.dll
    FF - plugin: d:\programs\quick time\plugins\npqtplugin3.dll
    FF - plugin: d:\programs\quick time\plugins\npqtplugin4.dll
    FF - plugin: d:\programs\quick time\plugins\npqtplugin5.dll
    FF - plugin: d:\programs\quick time\plugins\npqtplugin6.dll
    FF - plugin: d:\programs\quick time\plugins\npqtplugin7.dll

    ---- FIREFOX POLICIES ----

    ============= SERVICES / DRIVERS ===============

    R2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2008-9-25 10240]
    R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-6-22 808448]
    S3 DCamUSBNovatek;CI-8330 USB Video Camera;c:\windows\system32\drivers\nvtcam.sys [2007-1-28 79872]
    S3 jbridgep;jbridgep;\??\c:\docume~1\domini~1\locals~1\temp\jbridgep.sys --> c:\docume~1\domini~1\locals~1\temp\jbridgep.sys [?]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-3-15 216232]
    S4 Aapiwdsnfsra;Aapiwdsnfsra; [x]

    =============== Created Last 30 ================

    2009-04-21 11:06 <DIR> --d----- C:\FindyKill
    2009-04-21 10:26 <DIR> --d----- c:\documents and settings\dominique cavuoto\.housecall6.6
    2009-04-21 09:59 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
    2009-04-21 09:59 427,864 a------- c:\windows\system32\XceedZip.dll
    2009-04-21 09:38 <DIR> --d----- c:\program files\ma-config.com
    2009-04-21 09:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ma-config.com
    2009-04-17 09:14 54,156 a---h--- c:\windows\QTFont.qfn
    2009-04-17 09:14 1,409 a------- c:\windows\QTFont.for
    2009-04-17 07:42 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-17 07:42 735,744 -c------ c:\windows\system32\dllcache\lsasrv.dll
    2009-04-17 07:42 685,568 -c------ c:\windows\system32\dllcache\advapi32.dll
    2009-04-17 07:42 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
    2009-04-17 07:42 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-17 07:42 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
    2009-04-17 07:42 286,720 -c------ c:\windows\system32\dllcache\pdh.dll
    2009-04-17 07:42 111,104 -c------ c:\windows\system32\dllcache\services.exe
    2009-04-17 07:42 739,840 -c------ c:\windows\system32\dllcache\ntdll.dll
    2009-04-17 07:28 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
    2009-04-17 07:28 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
    2009-04-17 07:28 219,136 -c------ c:\windows\system32\dllcache\wordpad.exe
    2009-04-16 15:45 <DIR> --d----- c:\program files\Eidos
    2009-04-15 17:25 <DIR> --d----- c:\program files\LucasArts
    2009-04-10 18:50 <DIR> --d----- c:\program files\Alcohol Soft
    2009-04-10 18:42 717,296 a------- c:\windows\system32\drivers\sptd.sys
    2009-04-10 18:33 <DIR> --d----- c:\program files\SlySoft
    2009-04-04 18:34 <DIR> --d----- c:\windows\system32\LogFiles
    2009-04-04 15:49 43,520 a------- c:\windows\system32\CmdLineExt03.dll
    2009-03-27 18:38 <DIR> --d----- c:\program files\MC2
    2009-03-26 15:52 107,888 a------- c:\windows\system32\CmdLineExt.dll
    2009-03-23 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
    2009-03-23 19:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
    2009-03-23 19:15 <DIR> --d----- c:\docume~1\domini~1\applic~1\Azureus
    2009-03-23 18:56 <DIR> --d----- c:\program files\DNA
    2009-03-23 18:56 <DIR> --d----- c:\docume~1\domini~1\applic~1\DNA
    2009-03-23 18:34 <DIR> --d----- C:\Downloads
    2009-03-23 18:33 <DIR> --d----- c:\program files\BitComet

    ==================== Find3M ====================

    2009-04-17 08:28 368,076 a------- c:\windows\system32\perfh00C.dat
    2009-04-17 08:28 48,856 a------- c:\windows\system32\perfc00C.dat
    2009-03-06 16:20 286,720 a------- c:\windows\system32\pdh.dll
    2009-02-20 10:10 670,208 a------- c:\windows\system32\wininet.dll
    2009-02-20 10:10 81,920 a------- c:\windows\system32\ieencode.dll
    2009-02-10 19:06 2,068,096 a------- c:\windows\system32\ntkrnlpa.exe
    2009-02-09 16:05 1,846,912 a------- c:\windows\system32\win32k.sys
    2009-02-09 13:24 2,191,104 a------- c:\windows\system32\ntoskrnl.exe
    2009-02-09 13:23 111,104 a------- c:\windows\system32\services.exe
    2009-02-09 12:53 735,744 a------- c:\windows\system32\lsasrv.dll
    2009-02-09 12:53 739,840 a------- c:\windows\system32\ntdll.dll
    2009-02-09 12:53 685,568 a------- c:\windows\system32\advapi32.dll
    2009-02-09 12:53 401,408 a------- c:\windows\system32\rpcss.dll
    2009-02-06 12:39 35,328 a------- c:\windows\system32\sc.exe
    2009-02-03 21:58 56,832 a------- c:\windows\system32\secur32.dll

    ============= FINISH: 12:49:04,51 ===============
    0
  3. Utilisateur anonyme
     
    Re,

    Bien, sauf que ce n'est pas celui la que je veux en premier.

    Il est ou le rapport Findykill option nettoyage ?

    Va falloir mieux lire les consignes.

    +++
    0
  4. Benn
     
    le voici :)

    # User : Dominique Cavuoto (Administrateurs) # SONATA2
    # Update on 19/04/09 by Chiquitine29
    # Start at: 12:54:59 | 21/04/2009
    # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

    # AMD Sempron(tm) Processor 3000+
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 6.0.2900.5512
    # Windows Firewall Status : Enabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 48,83 Go (19,82 Go free) [System] # NTFS
    # D:\ # Disque fixe local # 100,22 Go (32,45 Go free) [Storage] # NTFS
    # E:\ # Disque CD-ROM # 602,97 Mo (0 Mo free) [jediacad_1] # CDFS
    # F:\ # Disque CD-ROM

    ############################## [ Active Processes ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AGI\common\win32\PythonService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Infected File \ Folder ]

    Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

    ################## [ Infected Temp Files ]

    ################## [ Registry / Infected keys ]

    ################## [ Cleaning Removable drives ]

    # Deleting Files :

    Not deleted ! E:\autorun.inf

    ################## [ Registry / Mountpoint2 ]

    # -> Not found !

    ################## [ States / Restarting of services ]

    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    # Ndisuio -> # Type of startup =3
    # EapHost -> # Type of startup =2
    # Ip6Fw -> # Type of startup =2
    # SharedAccess -> # Type of startup =2
    # wuauserv -> # Type of startup =2
    # wscsvc -> # Type of startup =2

    ################## [ Searching Other Infections ]

    # -> Nothing found.

    ################## [ Corrupted files # Re-Installation required ]

    C:\WINDOWS\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\72a4049f1baa204daaa90904a1d02845\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\79744cbfb0498e6a509ccf6b4d7a5d3c\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\aa575248fa2fd745643e306ccaa52cf2\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\ce5be003a2bf8d73308ed1db60259a46\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\fb0faa128362fdadcb1300a59dbc6dc9\update\update.exe
    D:\Programs\Peer guardian\PeerGuardian2\pg2.exe

    ################## [ ! End of Report # FindyKill V4.725 ! ]
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Re,

    Ok merci.

    Réinstalle Peer guardian si tu veux à nouveau pouvoir y jouer.

    Télécharges AD-Remover sur ton bureau :

    /!\ Déconnectes toi et fermes toutes applications en cours

    ● Double clique sur le programme d'installation , et suit les instructions.
    ● Double clique sur l'icône Ad-remover située sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note :

    "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    ++

    0