Virus bagle
Benn
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
j'ai téléchargé avast anti virus et au démarrage le message suivant s'affiche: "x n'est pas une application win 32 valide
j'ai fait un scan avec findykill et voici le résultat
# User : Dominique Cavuoto (Administrateurs) # SONATA2
# Update on 19/04/09 by Chiquitine29
# Start at: 11:07:44 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 48,83 Go (19,5 Go free) [System] # NTFS
# D:\ # Disque fixe local # 100,22 Go (33,77 Go free) [Storage] # NTFS
# E:\ # Disque CD-ROM # 602,97 Mo (0 Mo free) [jediacad_1] # CDFS
# F:\ # Disque CD-ROM
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\Dominique Cavuoto\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\winupgro.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dominique Cavuoto\Application Data\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Programs\eMule V0.48a\eMule\emule.exe
C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Processus infectieux stoppés ]
"C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\winupgro.exe" (736)
"C:\Documents and Settings\Dominique Cavuoto\Application Data\m\flec006.exe" (3984)
"C:\WINDOWS\system32\wintems.exe" (3508)
################## [ Infected File \ Folder ]
Found ! C:\WINDOWS\Prefetch\114390.EXE-39442C74.pf
Found ! C:\WINDOWS\Prefetch\121562.EXE-129E49DE.pf
Found ! C:\WINDOWS\Prefetch\124140.EXE-2E4F8026.pf
Found ! C:\WINDOWS\Prefetch\187640.EXE-1FF0CDAD.pf
Found ! C:\WINDOWS\Prefetch\198000.EXE-0D05BC14.pf
Found ! C:\WINDOWS\Prefetch\203359.EXE-336C0001.pf
Found ! C:\WINDOWS\Prefetch\235937.EXE-19FE7437.pf
Found ! C:\WINDOWS\Prefetch\243671.EXE-1D83EB38.pf
Found ! C:\WINDOWS\Prefetch\249484.EXE-14F12088.pf
Found ! C:\WINDOWS\Prefetch\255937.EXE-1AEB4B69.pf
Found ! C:\WINDOWS\Prefetch\256703.EXE-1C3C3878.pf
Found ! C:\WINDOWS\Prefetch\259953.EXE-216939D5.pf
Found ! C:\WINDOWS\Prefetch\264250.EXE-1866C2CB.pf
Found ! C:\WINDOWS\Prefetch\266937.EXE-07D7B335.pf
Found ! C:\WINDOWS\Prefetch\270187.EXE-20333056.pf
Found ! C:\WINDOWS\Prefetch\30212468.EXE-2C0E87B5.pf
Found ! C:\WINDOWS\Prefetch\30217750.EXE-319B8CEB.pf
Found ! C:\WINDOWS\Prefetch\30502828.EXE-07962190.pf
Found ! C:\WINDOWS\Prefetch\44980890.EXE-197BA65C.pf
Found ! C:\WINDOWS\Prefetch\45060312.EXE-1BE49762.pf
Found ! C:\WINDOWS\Prefetch\45170750.EXE-05B3C5D7.pf
Found ! C:\WINDOWS\Prefetch\45179593.EXE-37A0F9C3.pf
Found ! C:\WINDOWS\Prefetch\45189796.EXE-0336889F.pf
Found ! C:\WINDOWS\Prefetch\45436640.EXE-01456CE0.pf
Found ! C:\WINDOWS\Prefetch\463390.EXE-081E1BBC.pf
Found ! C:\WINDOWS\Prefetch\512875.EXE-0B053F82.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-29CBACE5.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Found ! C:\WINDOWS\Prefetch\PATCH.EXE-0F0A49FD.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\ban_list.txt
Found ! C:\WINDOWS\system32\drivers\down
Found ! C:\WINDOWS\system32\drivers\down\298953.exe
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\shared"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\srvlist.oct"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\downld"
################## [ Infected Temp Files ]
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_1[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_1[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[4].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[5].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\ieps[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[4].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[5].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_2[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_2[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_6[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_6[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\mxd[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_1[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_6[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_6[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_2[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[4].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\file[1].txt
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\mxd[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\servernames[1].htm
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Local AppWizard-Generated Applications\install_patch
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\FFC
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\FirtR
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\MuleAppData
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Ubisoft
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
################## [ Recherche dans supports amovibles]
# Contenu de l'autorun : E:\autorun.inf
[autorun]
open=autorun.exe
icon=Install\JediAcademy.exe
# Recherche fichiers connus :
Found ! E:\autorun.inf
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.725 ! ]
j'ai téléchargé avast anti virus et au démarrage le message suivant s'affiche: "x n'est pas une application win 32 valide
j'ai fait un scan avec findykill et voici le résultat
# User : Dominique Cavuoto (Administrateurs) # SONATA2
# Update on 19/04/09 by Chiquitine29
# Start at: 11:07:44 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 48,83 Go (19,5 Go free) [System] # NTFS
# D:\ # Disque fixe local # 100,22 Go (33,77 Go free) [Storage] # NTFS
# E:\ # Disque CD-ROM # 602,97 Mo (0 Mo free) [jediacad_1] # CDFS
# F:\ # Disque CD-ROM
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\Dominique Cavuoto\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\winupgro.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dominique Cavuoto\Application Data\m\flec006.exe
C:\WINDOWS\system32\wintems.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\Programs\eMule V0.48a\eMule\emule.exe
C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Processus infectieux stoppés ]
"C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\winupgro.exe" (736)
"C:\Documents and Settings\Dominique Cavuoto\Application Data\m\flec006.exe" (3984)
"C:\WINDOWS\system32\wintems.exe" (3508)
################## [ Infected File \ Folder ]
Found ! C:\WINDOWS\Prefetch\114390.EXE-39442C74.pf
Found ! C:\WINDOWS\Prefetch\121562.EXE-129E49DE.pf
Found ! C:\WINDOWS\Prefetch\124140.EXE-2E4F8026.pf
Found ! C:\WINDOWS\Prefetch\187640.EXE-1FF0CDAD.pf
Found ! C:\WINDOWS\Prefetch\198000.EXE-0D05BC14.pf
Found ! C:\WINDOWS\Prefetch\203359.EXE-336C0001.pf
Found ! C:\WINDOWS\Prefetch\235937.EXE-19FE7437.pf
Found ! C:\WINDOWS\Prefetch\243671.EXE-1D83EB38.pf
Found ! C:\WINDOWS\Prefetch\249484.EXE-14F12088.pf
Found ! C:\WINDOWS\Prefetch\255937.EXE-1AEB4B69.pf
Found ! C:\WINDOWS\Prefetch\256703.EXE-1C3C3878.pf
Found ! C:\WINDOWS\Prefetch\259953.EXE-216939D5.pf
Found ! C:\WINDOWS\Prefetch\264250.EXE-1866C2CB.pf
Found ! C:\WINDOWS\Prefetch\266937.EXE-07D7B335.pf
Found ! C:\WINDOWS\Prefetch\270187.EXE-20333056.pf
Found ! C:\WINDOWS\Prefetch\30212468.EXE-2C0E87B5.pf
Found ! C:\WINDOWS\Prefetch\30217750.EXE-319B8CEB.pf
Found ! C:\WINDOWS\Prefetch\30502828.EXE-07962190.pf
Found ! C:\WINDOWS\Prefetch\44980890.EXE-197BA65C.pf
Found ! C:\WINDOWS\Prefetch\45060312.EXE-1BE49762.pf
Found ! C:\WINDOWS\Prefetch\45170750.EXE-05B3C5D7.pf
Found ! C:\WINDOWS\Prefetch\45179593.EXE-37A0F9C3.pf
Found ! C:\WINDOWS\Prefetch\45189796.EXE-0336889F.pf
Found ! C:\WINDOWS\Prefetch\45436640.EXE-01456CE0.pf
Found ! C:\WINDOWS\Prefetch\463390.EXE-081E1BBC.pf
Found ! C:\WINDOWS\Prefetch\512875.EXE-0B053F82.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-29CBACE5.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Found ! C:\WINDOWS\Prefetch\PATCH.EXE-0F0A49FD.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\ban_list.txt
Found ! C:\WINDOWS\system32\drivers\down
Found ! C:\WINDOWS\system32\drivers\down\298953.exe
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\shared"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m\srvlist.oct"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\m"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Dominique Cavuoto\Application Data\drivers\downld"
################## [ Infected Temp Files ]
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_1[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_1[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[4].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_3[5].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\E141QLAR\ieps[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[4].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_1[5].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_2[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_2[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_6[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\b64_6[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\K7G3EL4H\mxd[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_1[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_6[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\R543GH01\b64_6[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_2[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_2[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[2].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[3].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_3[4].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\b64_6[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\file[1].txt
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\mxd[1].jpg
Found ! C:\Documents and Settings\Dominique Cavuoto\Local Settings\Temporary Internet Files\Content.IE5\YRYPE3O1\servernames[1].htm
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Local AppWizard-Generated Applications\install_patch
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\FFC
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\FirtR
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\MuleAppData
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Ubisoft
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1060284298-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
################## [ Recherche dans supports amovibles]
# Contenu de l'autorun : E:\autorun.inf
[autorun]
open=autorun.exe
icon=Install\JediAcademy.exe
# Recherche fichiers connus :
Found ! E:\autorun.inf
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.725 ! ]
A voir également:
- Virus bagle
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
5 réponses
Hello
! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
* Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
* Le pc va redémarrer automatiquement ...
--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
* Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
Aides en images ( Suppression ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_nettoyage.html
********************************************************************
● Télécharge DDS:
Ici: https://download.bleepingcomputer.com/sUBs/dds.scr
Ou la: https://forospyware.com
de sUBs sur le bureau.
(!) L'outil ne nécessite pas d'installation.
Lances-le en cliquant sur l'icône dds.scr.
Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg
● Le scan ne doit pas dépasser trois minutes.
● Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
● Il te sera demandé si tu veux faire le scan optionnel.
Accepte par Oui
● Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
Tu ne le fourniras que si nécessaire.
Poste moi le rapport DDS.txt.
++
! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
* Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
* Le pc va redémarrer automatiquement ...
--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
* Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
Aides en images ( Suppression ) : http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_nettoyage.html
********************************************************************
● Télécharge DDS:
Ici: https://download.bleepingcomputer.com/sUBs/dds.scr
Ou la: https://forospyware.com
de sUBs sur le bureau.
(!) L'outil ne nécessite pas d'installation.
Lances-le en cliquant sur l'icône dds.scr.
Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg
● Le scan ne doit pas dépasser trois minutes.
● Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
● Il te sera demandé si tu veux faire le scan optionnel.
Accepte par Oui
● Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
Tu ne le fourniras que si nécessaire.
Poste moi le rapport DDS.txt.
++
voici le rapport
DDS (Ver_09-03-16.01) - NTFSx86
Run by Dominique Cavuoto at 12:48:36,68 on 21/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.447.37 [GMT 2:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\explorer.exe
D:\Programs\eMule V0.48a\eMule\emule.exe
C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dominique Cavuoto\Bureau\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://lo.st#home
uSearch Bar = hxxp://search.msn.fr/spbasic.htm
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = about:blank
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {64F56FC1-1272-44CD-BA6E-39723696E350} - No File
BHO: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\KiweeIEToolbar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NTIECatcher Class: {c56cb6b0-0d96-11d6-8c65-b2868b609932} - c:\program files\xi\nettransport 2\NTIEHelper.dll
BHO: EoBHO Class: {c7b76b90-3455-4ae6-a752-eac4d19689e5} - c:\program files\eorezo\eoadv\EoRezoBHO.dll
TB: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\KiweeIEToolbar.dll
uRun: [msnmsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] d:\programs\peer guardian\peerguardian2\pg2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EoEngine] "c:\program files\eorezo\EoEngine.exe"
mRun: [SoftwareHelper] c:\documents and settings\dominique cavuoto\application data\eorezo\softwareupdate\SoftwareUpdateHP.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\programs\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2}
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\domini~1\applic~1\mozilla\firefox\profiles\3h2fjo45.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://lo.st#home
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - plugin: c:\documents and settings\dominique cavuoto\application data\mozilla\firefox\profiles\3h2fjo45.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin2.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin3.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin4.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin5.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin6.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin7.dll
---- FIREFOX POLICIES ----
============= SERVICES / DRIVERS ===============
R2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2008-9-25 10240]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-6-22 808448]
S3 DCamUSBNovatek;CI-8330 USB Video Camera;c:\windows\system32\drivers\nvtcam.sys [2007-1-28 79872]
S3 jbridgep;jbridgep;\??\c:\docume~1\domini~1\locals~1\temp\jbridgep.sys --> c:\docume~1\domini~1\locals~1\temp\jbridgep.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-3-15 216232]
S4 Aapiwdsnfsra;Aapiwdsnfsra; [x]
=============== Created Last 30 ================
2009-04-21 11:06 <DIR> --d----- C:\FindyKill
2009-04-21 10:26 <DIR> --d----- c:\documents and settings\dominique cavuoto\.housecall6.6
2009-04-21 09:59 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
2009-04-21 09:59 427,864 a------- c:\windows\system32\XceedZip.dll
2009-04-21 09:38 <DIR> --d----- c:\program files\ma-config.com
2009-04-21 09:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ma-config.com
2009-04-17 09:14 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-17 09:14 1,409 a------- c:\windows\QTFont.for
2009-04-17 07:42 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 07:42 735,744 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 07:42 685,568 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 07:42 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 07:42 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 07:42 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 07:42 286,720 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 07:42 111,104 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 07:42 739,840 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-17 07:28 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-04-17 07:28 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 07:28 219,136 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 15:45 <DIR> --d----- c:\program files\Eidos
2009-04-15 17:25 <DIR> --d----- c:\program files\LucasArts
2009-04-10 18:50 <DIR> --d----- c:\program files\Alcohol Soft
2009-04-10 18:42 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-04-10 18:33 <DIR> --d----- c:\program files\SlySoft
2009-04-04 18:34 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-04 15:49 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-03-27 18:38 <DIR> --d----- c:\program files\MC2
2009-03-26 15:52 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-23 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-03-23 19:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-03-23 19:15 <DIR> --d----- c:\docume~1\domini~1\applic~1\Azureus
2009-03-23 18:56 <DIR> --d----- c:\program files\DNA
2009-03-23 18:56 <DIR> --d----- c:\docume~1\domini~1\applic~1\DNA
2009-03-23 18:34 <DIR> --d----- C:\Downloads
2009-03-23 18:33 <DIR> --d----- c:\program files\BitComet
==================== Find3M ====================
2009-04-17 08:28 368,076 a------- c:\windows\system32\perfh00C.dat
2009-04-17 08:28 48,856 a------- c:\windows\system32\perfc00C.dat
2009-03-06 16:20 286,720 a------- c:\windows\system32\pdh.dll
2009-02-20 10:10 670,208 a------- c:\windows\system32\wininet.dll
2009-02-20 10:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-10 19:06 2,068,096 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 16:05 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-09 13:24 2,191,104 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 13:23 111,104 a------- c:\windows\system32\services.exe
2009-02-09 12:53 735,744 a------- c:\windows\system32\lsasrv.dll
2009-02-09 12:53 739,840 a------- c:\windows\system32\ntdll.dll
2009-02-09 12:53 685,568 a------- c:\windows\system32\advapi32.dll
2009-02-09 12:53 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-06 12:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 21:58 56,832 a------- c:\windows\system32\secur32.dll
============= FINISH: 12:49:04,51 ===============
DDS (Ver_09-03-16.01) - NTFSx86
Run by Dominique Cavuoto at 12:48:36,68 on 21/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.447.37 [GMT 2:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\explorer.exe
D:\Programs\eMule V0.48a\eMule\emule.exe
C:\Program Files\Mozilla Thunderbird Beta 2\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dominique Cavuoto\Bureau\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://lo.st#home
uSearch Bar = hxxp://search.msn.fr/spbasic.htm
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = about:blank
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\agcutils.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {64F56FC1-1272-44CD-BA6E-39723696E350} - No File
BHO: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\KiweeIEToolbar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NTIECatcher Class: {c56cb6b0-0d96-11d6-8c65-b2868b609932} - c:\program files\xi\nettransport 2\NTIEHelper.dll
BHO: EoBHO Class: {c7b76b90-3455-4ae6-a752-eac4d19689e5} - c:\program files\eorezo\eoadv\EoRezoBHO.dll
TB: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar\2.8.167\KiweeIEToolbar.dll
uRun: [msnmsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\fichiers communs\ahead\lib\NMBgMonitor.exe"
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] d:\programs\peer guardian\peerguardian2\pg2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [EoEngine] "c:\program files\eorezo\EoEngine.exe"
mRun: [SoftwareHelper] c:\documents and settings\dominique cavuoto\application data\eorezo\softwareupdate\SoftwareUpdateHP.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\programs\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {2260D608-C844-435d-90FD-DC16CFA577F2}
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\domini~1\applic~1\mozilla\firefox\profiles\3h2fjo45.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://lo.st#home
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - plugin: c:\documents and settings\dominique cavuoto\application data\mozilla\firefox\profiles\3h2fjo45.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin2.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin3.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin4.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin5.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin6.dll
FF - plugin: d:\programs\quick time\plugins\npqtplugin7.dll
---- FIREFOX POLICIES ----
============= SERVICES / DRIVERS ===============
R2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2008-9-25 10240]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-6-22 808448]
S3 DCamUSBNovatek;CI-8330 USB Video Camera;c:\windows\system32\drivers\nvtcam.sys [2007-1-28 79872]
S3 jbridgep;jbridgep;\??\c:\docume~1\domini~1\locals~1\temp\jbridgep.sys --> c:\docume~1\domini~1\locals~1\temp\jbridgep.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-3-15 216232]
S4 Aapiwdsnfsra;Aapiwdsnfsra; [x]
=============== Created Last 30 ================
2009-04-21 11:06 <DIR> --d----- C:\FindyKill
2009-04-21 10:26 <DIR> --d----- c:\documents and settings\dominique cavuoto\.housecall6.6
2009-04-21 09:59 1,686,016 a------- c:\windows\system32\clinetsuitex6.ocx
2009-04-21 09:59 427,864 a------- c:\windows\system32\XceedZip.dll
2009-04-21 09:38 <DIR> --d----- c:\program files\ma-config.com
2009-04-21 09:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ma-config.com
2009-04-17 09:14 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-17 09:14 1,409 a------- c:\windows\QTFont.for
2009-04-17 07:42 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 07:42 735,744 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 07:42 685,568 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-17 07:42 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-17 07:42 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 07:42 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-17 07:42 286,720 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-17 07:42 111,104 -c------ c:\windows\system32\dllcache\services.exe
2009-04-17 07:42 739,840 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-17 07:28 354,304 -c------ c:\windows\system32\dllcache\winhttp.dll
2009-04-17 07:28 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 07:28 219,136 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 15:45 <DIR> --d----- c:\program files\Eidos
2009-04-15 17:25 <DIR> --d----- c:\program files\LucasArts
2009-04-10 18:50 <DIR> --d----- c:\program files\Alcohol Soft
2009-04-10 18:42 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-04-10 18:33 <DIR> --d----- c:\program files\SlySoft
2009-04-04 18:34 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-04 15:49 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-03-27 18:38 <DIR> --d----- c:\program files\MC2
2009-03-26 15:52 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-23 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-03-23 19:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-03-23 19:15 <DIR> --d----- c:\docume~1\domini~1\applic~1\Azureus
2009-03-23 18:56 <DIR> --d----- c:\program files\DNA
2009-03-23 18:56 <DIR> --d----- c:\docume~1\domini~1\applic~1\DNA
2009-03-23 18:34 <DIR> --d----- C:\Downloads
2009-03-23 18:33 <DIR> --d----- c:\program files\BitComet
==================== Find3M ====================
2009-04-17 08:28 368,076 a------- c:\windows\system32\perfh00C.dat
2009-04-17 08:28 48,856 a------- c:\windows\system32\perfc00C.dat
2009-03-06 16:20 286,720 a------- c:\windows\system32\pdh.dll
2009-02-20 10:10 670,208 a------- c:\windows\system32\wininet.dll
2009-02-20 10:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-10 19:06 2,068,096 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-09 16:05 1,846,912 a------- c:\windows\system32\win32k.sys
2009-02-09 13:24 2,191,104 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 13:23 111,104 a------- c:\windows\system32\services.exe
2009-02-09 12:53 735,744 a------- c:\windows\system32\lsasrv.dll
2009-02-09 12:53 739,840 a------- c:\windows\system32\ntdll.dll
2009-02-09 12:53 685,568 a------- c:\windows\system32\advapi32.dll
2009-02-09 12:53 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-06 12:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 21:58 56,832 a------- c:\windows\system32\secur32.dll
============= FINISH: 12:49:04,51 ===============
Re,
Bien, sauf que ce n'est pas celui la que je veux en premier.
Il est ou le rapport Findykill option nettoyage ?
Va falloir mieux lire les consignes.
+++
Bien, sauf que ce n'est pas celui la que je veux en premier.
Il est ou le rapport Findykill option nettoyage ?
Va falloir mieux lire les consignes.
+++
le voici :)
# User : Dominique Cavuoto (Administrateurs) # SONATA2
# Update on 19/04/09 by Chiquitine29
# Start at: 12:54:59 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 48,83 Go (19,82 Go free) [System] # NTFS
# D:\ # Disque fixe local # 100,22 Go (32,45 Go free) [Storage] # NTFS
# E:\ # Disque CD-ROM # 602,97 Mo (0 Mo free) [jediacad_1] # CDFS
# F:\ # Disque CD-ROM
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Infected File \ Folder ]
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## [ Infected Temp Files ]
################## [ Registry / Infected keys ]
################## [ Cleaning Removable drives ]
# Deleting Files :
Not deleted ! E:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
################## [ Searching Other Infections ]
# -> Nothing found.
################## [ Corrupted files # Re-Installation required ]
C:\WINDOWS\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\72a4049f1baa204daaa90904a1d02845\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\79744cbfb0498e6a509ccf6b4d7a5d3c\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\aa575248fa2fd745643e306ccaa52cf2\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\ce5be003a2bf8d73308ed1db60259a46\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\fb0faa128362fdadcb1300a59dbc6dc9\update\update.exe
D:\Programs\Peer guardian\PeerGuardian2\pg2.exe
################## [ ! End of Report # FindyKill V4.725 ! ]
# User : Dominique Cavuoto (Administrateurs) # SONATA2
# Update on 19/04/09 by Chiquitine29
# Start at: 12:54:59 | 21/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 48,83 Go (19,82 Go free) [System] # NTFS
# D:\ # Disque fixe local # 100,22 Go (32,45 Go free) [Storage] # NTFS
# E:\ # Disque CD-ROM # 602,97 Mo (0 Mo free) [jediacad_1] # CDFS
# F:\ # Disque CD-ROM
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Infected File \ Folder ]
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## [ Infected Temp Files ]
################## [ Registry / Infected keys ]
################## [ Cleaning Removable drives ]
# Deleting Files :
Not deleted ! E:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
################## [ Searching Other Infections ]
# -> Nothing found.
################## [ Corrupted files # Re-Installation required ]
C:\WINDOWS\SoftwareDistribution\Download\149dffda614674463c33ccf79c4404f3\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\72a4049f1baa204daaa90904a1d02845\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\79744cbfb0498e6a509ccf6b4d7a5d3c\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\aa575248fa2fd745643e306ccaa52cf2\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\ce5be003a2bf8d73308ed1db60259a46\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\fb0faa128362fdadcb1300a59dbc6dc9\update\update.exe
D:\Programs\Peer guardian\PeerGuardian2\pg2.exe
################## [ ! End of Report # FindyKill V4.725 ! ]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
Ok merci.
Réinstalle Peer guardian si tu veux à nouveau pouvoir y jouer.
Télécharges AD-Remover sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et suit les instructions.
● Double clique sur l'icône Ad-remover située sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
++
Ok merci.
Réinstalle Peer guardian si tu veux à nouveau pouvoir y jouer.
Télécharges AD-Remover sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et suit les instructions.
● Double clique sur l'icône Ad-remover située sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
++
