Peut être infécté
Fermé
jo77
-
jo77 -
jo77 -
Bonjour,
Depuis trois jours, impossible de lancer spyware terminator, antivir, cleaner, à chaque fois j'ai le message suivant "service is not running", de plus je ne peux plus accéder au menu demarer en mode sans echec, quand je fais F8, le menu apparait, je choisis sans echec, et le pc redémarre.
Merci de votre aide
Depuis trois jours, impossible de lancer spyware terminator, antivir, cleaner, à chaque fois j'ai le message suivant "service is not running", de plus je ne peux plus accéder au menu demarer en mode sans echec, quand je fais F8, le menu apparait, je choisis sans echec, et le pc redémarre.
Merci de votre aide
A voir également:
- Peut être infécté
- Alerte windows ordinateur infecté - Accueil - Arnaque
- L'ordinateur de simon a été infecté par un virus répertorié récemment ✓ - Forum Virus
- L'ordinateur de samantha a ete infecte par un virus - Forum Virus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment - Forum Windows
- Virus détecté - Forum Virus
11 réponses
bonjour
en effet sa sent l'infection
peut tu faire ceci
telecharge hijackthis choisit do a scan and save the log et poste le rapport
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
en effet sa sent l'infection
peut tu faire ceci
telecharge hijackthis choisit do a scan and save the log et poste le rapport
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
donc tu as chopé un virus bagle qui anéanti ton antivirus etc.. tu devras remplacé des logiciel a la fin de la desinfection.
premiere chose a faire SUPPRIME tes cracks et keygen, l'infection viens de la et reviendra si tu ne les supprime pas
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
https://forum.malekal.com/viewtopic.php?f=59&t=6517
==> Vas dans "Démarrer" puis Panneau de configuration.
==> Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
==> Clique sur Continuer.
==> Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
==> Valide par OK et redémarre.
* Telecharge maintenant Findykill sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
/!\ Ne fais pas le nettoyage tout dessuite /!\
* Lance l installation avec les parametres par default
* Fais un clic droit sur le raccourci FindyKill sur ton bureau
* Choisi executer en tant qu administrateur
* Au menu principal,choisi l option 1 (Recherche)
* Post le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
premiere chose a faire SUPPRIME tes cracks et keygen, l'infection viens de la et reviendra si tu ne les supprime pas
* Telecharge maintenant Findykill sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
/!\ Ne fais pas le nettoyage tout dessuite /!\
* Lance l installation avec les parametres par default
* Fais un clic droit sur le raccourci FindyKill sur ton bureau
* Au menu principal,choisi l option 1 (Recherche)
* Post le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
* Telecharge maintenant Findykill sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
/!\ Ne fais pas le nettoyage tout dessuite /!\
* Lance l installation avec les parametres par default
* Fais un clic droit sur le raccourci FindyKill sur ton bureau
* Au menu principal,choisi l option 1 (Recherche)
* Post le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
voila le rapport et merci par avance :
############################## [ FindyKill V4.730 ]
# User : José (Administrateurs) # DOS-BE3A46F3509
# Update on 25/05/09 by Chiquitine29
# Start at: 22:14:23 | 26/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html
# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# AV : avast! antivirus 4.7.1098 [VPS 080320-0] 4.7.1098 [ Enabled | Updated ]
# FW : Look 'n' Stop 2.06 (Soft4Ever)[ Enabled ]2.06
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 76,33 Go (32,94 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Documents and Settings\José\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\José\Application Data\drivers\winupgro.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\José\Bureau\FxBeagle.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Processus infectieux stoppés ]
"C:\Documents and Settings\José\Application Data\drivers\winupgro.exe" (384)
"C:\WINDOWS\system32\wintems.exe" (2088)
################## [ Fichiers / Dossiers infectieux ]
Found ! C:\WINDOWS\Prefetch\127406.EXE-351BA438.pf
Found ! C:\WINDOWS\Prefetch\166281.EXE-09E307FE.pf
Found ! C:\WINDOWS\Prefetch\251562.EXE-2CCDD919.pf
Found ! C:\WINDOWS\Prefetch\266750.EXE-26D90E46.pf
Found ! C:\WINDOWS\Prefetch\31017296.EXE-1127CF68.pf
Found ! C:\WINDOWS\Prefetch\767078.EXE-37C382C7.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-24252215.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! C:\WINDOWS\system32\ban_list.txt
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\drivers\down
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers"
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers\downld"
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\shared"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\srvlist.oct"
################## [ Infected Temp Files ]
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[3].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[4].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[5].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_3[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_3[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\file[1].txt
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_1[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_3[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_6[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_6[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\file[1].txt
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\servernames[1].htm
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_1[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[3].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_6[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\mxd[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\mxd[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[3].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_1[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_1[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_3[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_3[2].jpg
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\FFC
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
################## [ Recherche dans supports amovibles]
################## [ Registre / Mountpoints2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.730 ! ]
############################## [ FindyKill V4.730 ]
# User : José (Administrateurs) # DOS-BE3A46F3509
# Update on 25/05/09 by Chiquitine29
# Start at: 22:14:23 | 26/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html
# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# AV : avast! antivirus 4.7.1098 [VPS 080320-0] 4.7.1098 [ Enabled | Updated ]
# FW : Look 'n' Stop 2.06 (Soft4Ever)[ Enabled ]2.06
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 76,33 Go (32,94 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Documents and Settings\José\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Documents and Settings\José\Application Data\drivers\winupgro.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\José\Bureau\FxBeagle.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Processus infectieux stoppés ]
"C:\Documents and Settings\José\Application Data\drivers\winupgro.exe" (384)
"C:\WINDOWS\system32\wintems.exe" (2088)
################## [ Fichiers / Dossiers infectieux ]
Found ! C:\WINDOWS\Prefetch\127406.EXE-351BA438.pf
Found ! C:\WINDOWS\Prefetch\166281.EXE-09E307FE.pf
Found ! C:\WINDOWS\Prefetch\251562.EXE-2CCDD919.pf
Found ! C:\WINDOWS\Prefetch\266750.EXE-26D90E46.pf
Found ! C:\WINDOWS\Prefetch\31017296.EXE-1127CF68.pf
Found ! C:\WINDOWS\Prefetch\767078.EXE-37C382C7.pf
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-24252215.pf
Found ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Found ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! C:\WINDOWS\system32\ban_list.txt
Found ! C:\WINDOWS\system32\mdelk.exe
Found ! C:\WINDOWS\system32\wintems.exe
Found ! C:\WINDOWS\system32\drivers\down
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers"
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers\downld"
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers\srosa2.sys"
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers\wfsintwq.sys"
Found ! "C:\Documents and Settings\Jos‚\Application Data\drivers\winupgro.exe"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\data.oct"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\flec006.exe"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\list.oct"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\shared"
Found ! "C:\Documents and Settings\Jos‚\Application Data\m\srvlist.oct"
################## [ Infected Temp Files ]
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[3].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[4].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[5].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_3[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_3[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\file[1].txt
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_1[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_3[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_6[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_6[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\file[1].txt
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\servernames[1].htm
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_1[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[3].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_6[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\mxd[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\mxd[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[3].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_1[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_1[2].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_3[1].jpg
Found ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_3[2].jpg
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\FFC
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
# (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
# (!) HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
################## [ Recherche dans supports amovibles]
################## [ Registre / Mountpoints2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.730 ! ]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
en effet tu es bien infecté par bagle et par d'autre chose comme eorezo qui est un spyware
pour continuer
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
* Double clic sur le raccourci FindyKill sur ton bureau
* Au menu principal,choisi l option 2 (Suppression)
/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !
* ensuite post le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
A lire :
Le danger des cracks
Bagle/Beagle
A LIRE :
http://forum.malekal.com/ftopic893.php
https://forum.malekal.com/viewtopic.php?f=33&t=4442
puis eorezo collecte des infos sur toi, ne retourne + telecharger chez eux ou meme sur leur site, il t'infecte
* Télécharge et enregistre le fichier d installation sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
* Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )
* Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.
* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
* Au menu principal choisi l'option "L" et tape sur [entrée] .
* Laisse travailler l'outil et ne touche à rien ...
* Poste le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis
entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels
de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces
antivirus.
pour continuer
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
* Double clic sur le raccourci FindyKill sur ton bureau
* Au menu principal,choisi l option 2 (Suppression)
/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !
* ensuite post le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
A lire :
Le danger des cracks
Bagle/Beagle
A LIRE :
http://forum.malekal.com/ftopic893.php
https://forum.malekal.com/viewtopic.php?f=33&t=4442
puis eorezo collecte des infos sur toi, ne retourne + telecharger chez eux ou meme sur leur site, il t'infecte
* Télécharge et enregistre le fichier d installation sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
* Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )
* Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.
* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
* Au menu principal choisi l'option "L" et tape sur [entrée] .
* Laisse travailler l'outil et ne touche à rien ...
* Poste le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis
entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels
de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces
antivirus.
voila le rapport :
############################## [ FindyKill V4.730 ]
# User : José (Administrateurs) # DOS-BE3A46F3509
# Update on 25/05/09 by Chiquitine29
# Start at: 22:37:58 | 26/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html
# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# AV : avast! antivirus 4.7.1098 [VPS 080320-0] 4.7.1098 [ Enabled | Updated ]
# FW : Look 'n' Stop 2.06 (Soft4Ever)[ Enabled ]2.06
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 76,33 Go (32,92 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible # 3,84 Go (2,78 Go free) # FAT32
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## [ Infected Files \ Folders ]
Deleted ! C:\WINDOWS\Prefetch\127406.EXE-351BA438.pf
Deleted ! C:\WINDOWS\Prefetch\166281.EXE-09E307FE.pf
Deleted ! C:\WINDOWS\Prefetch\251562.EXE-2CCDD919.pf
Deleted ! C:\WINDOWS\Prefetch\266750.EXE-26D90E46.pf
Deleted ! C:\WINDOWS\Prefetch\31017296.EXE-1127CF68.pf
Deleted ! C:\WINDOWS\Prefetch\767078.EXE-37C382C7.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-24252215.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-1715600E.pf
Deleted ! C:\WINDOWS\system32\ban_list.txt
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! C:\WINDOWS\system32\drivers\down
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\data.oct"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\list.oct"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\shared"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m"
################## [ Infected Temp Files ]
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[3].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[4].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[5].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\file[1].txt
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_6[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_6[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\file[1].txt
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\servernames[1].htm
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[3].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_6[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\mxd[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\mxd[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[3].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_3[2].jpg
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\FFC
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Documents and Settings\Jos‚\Application Data\drivers\winupgro.exe
CRC32 .. : 151c4e43
MD5 .... : bd52f90dcdacfbad0d1e59edc5977d7e
Deleted ! : C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
# Taille : 835584 # MD5 : BD52F90DCDACFBAD0D1E59EDC5977D7E
Deleted ! : C:\Program Files\eMule\Incoming\Adobe Illustrator 10 Key.zip
Contain run.exe [835584] with Bagle CRC32 : 151C4E43
################## [ Corrupted files # Re-Installation required ]
C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
C:\Documents and Settings\José\Bureau\HiJackThis.exe
C:\Documents and Settings\José\Bureau\Nouveau dossier\AVGUARD_47f5a648\update\update.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Engine\32bit\0x22000080\TMBMSRV.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Framework\32bit\200\SfCtlCom.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Framework\32bit\200\UfSeAgnt.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Function\32bit\212\TmPfw.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Function\32bit\213\TmProxy.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\TMAS\OE\TMAS_OEMon.exe
C:\Program Files\a-squared Free\a2cmd.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\a-squared Free\a2upd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avadmin.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avconfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardgui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\licmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\wsctool.exe
C:\Program Files\Drive Rescue\rescue.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\Update.exe
C:\Program Files\Spyware Terminator\update\SpywareTerminatorShield.Exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\system32\dllcache\register.exe
################################### [ Cracks / Keygens / Serials ]
H:\Kaon - Kup V3.0XP - Kaon Upgrade - Engineer Patch FR -- SatelliteFR.com.exe
################## [ ! End of Report # FindyKill V4.730 ! ]
############################## [ FindyKill V4.730 ]
# User : José (Administrateurs) # DOS-BE3A46F3509
# Update on 25/05/09 by Chiquitine29
# Start at: 22:37:58 | 26/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html
# AMD Athlon(tm) XP 2600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# AV : avast! antivirus 4.7.1098 [VPS 080320-0] 4.7.1098 [ Enabled | Updated ]
# FW : Look 'n' Stop 2.06 (Soft4Ever)[ Enabled ]2.06
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 76,33 Go (32,92 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible # 3,84 Go (2,78 Go free) # FAT32
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
################## [ Infected Files \ Folders ]
Deleted ! C:\WINDOWS\Prefetch\127406.EXE-351BA438.pf
Deleted ! C:\WINDOWS\Prefetch\166281.EXE-09E307FE.pf
Deleted ! C:\WINDOWS\Prefetch\251562.EXE-2CCDD919.pf
Deleted ! C:\WINDOWS\Prefetch\266750.EXE-26D90E46.pf
Deleted ! C:\WINDOWS\Prefetch\31017296.EXE-1127CF68.pf
Deleted ! C:\WINDOWS\Prefetch\767078.EXE-37C382C7.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-24252215.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-1D176F91.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-1715600E.pf
Deleted ! C:\WINDOWS\system32\ban_list.txt
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! C:\WINDOWS\system32\drivers\down
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\data.oct"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\list.oct"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\drivers"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m\shared"
Deleted ! "C:\Documents and Settings\Jos‚\Application Data\m"
################## [ Infected Temp Files ]
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[3].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[4].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_1[5].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\8UNBFXR3\file[1].txt
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_6[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\b64_6[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\file[1].txt
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\F9ZHNKCX\servernames[1].htm
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_3[3].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\b64_6[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\mxd[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\FFK0WBPM\mxd[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64[3].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_1[2].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Jos‚\Local Settings\Temporary Internet Files\Content.IE5\NDHOPL2L\b64_3[2].jpg
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1060284298-776561741-1801674531-1005\Software\FFC
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Documents and Settings\Jos‚\Application Data\drivers\winupgro.exe
CRC32 .. : 151c4e43
MD5 .... : bd52f90dcdacfbad0d1e59edc5977d7e
Deleted ! : C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
# Taille : 835584 # MD5 : BD52F90DCDACFBAD0D1E59EDC5977D7E
Deleted ! : C:\Program Files\eMule\Incoming\Adobe Illustrator 10 Key.zip
Contain run.exe [835584] with Bagle CRC32 : 151C4E43
################## [ Corrupted files # Re-Installation required ]
C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
C:\Documents and Settings\José\Bureau\HiJackThis.exe
C:\Documents and Settings\José\Bureau\Nouveau dossier\AVGUARD_47f5a648\update\update.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Engine\32bit\0x22000080\TMBMSRV.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Framework\32bit\200\SfCtlCom.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Framework\32bit\200\UfSeAgnt.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Function\32bit\212\TmPfw.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\Function\32bit\213\TmProxy.exe
C:\Documents and Settings\José\Bureau\TISP32FR_eval\Setup\TMAS\OE\TMAS_OEMon.exe
C:\Program Files\a-squared Free\a2cmd.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\a-squared Free\a2upd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avadmin.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avconfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardgui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\licmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\wsctool.exe
C:\Program Files\Drive Rescue\rescue.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\Update.exe
C:\Program Files\Spyware Terminator\update\SpywareTerminatorShield.Exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\system32\dllcache\register.exe
################################### [ Cracks / Keygens / Serials ]
H:\Kaon - Kup V3.0XP - Kaon Upgrade - Engineer Patch FR -- SatelliteFR.com.exe
################## [ ! End of Report # FindyKill V4.730 ! ]
après avoir fait AD remover
tu clic ici http://www.bibou0007.com/outils-specifiques-f78/rsit-t3035.htm et suit le tuto de RSIT et poste moi uniquement le log.txt
a quoi correspond ceci ?
H:\Kaon - Kup V3.0XP - Kaon Upgrade - Engineer Patch FR -- SatelliteFR.com.exe
si c'est un patch telecharge sur le P2P si c'est le cas je te conseil de le supprimer vivrement
regarde qui ta entre autre infecté :
Deleted ! : C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
Deleted ! : C:\Program Files\eMule\Incoming\Adobe Illustrator 10 Key.zip
si tu reutilise un crack infecté dans 1 semaine c'est reparti
tu clic ici http://www.bibou0007.com/outils-specifiques-f78/rsit-t3035.htm et suit le tuto de RSIT et poste moi uniquement le log.txt
a quoi correspond ceci ?
H:\Kaon - Kup V3.0XP - Kaon Upgrade - Engineer Patch FR -- SatelliteFR.com.exe
si c'est un patch telecharge sur le P2P si c'est le cas je te conseil de le supprimer vivrement
regarde qui ta entre autre infecté :
Deleted ! : C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
Deleted ! : C:\Program Files\eMule\Incoming\Adobe Illustrator 10 Key.zip
si tu reutilise un crack infecté dans 1 semaine c'est reparti
c'est sa
* Télécharge et enregistre le fichier d installation sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
* Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )
* Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.
* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
* Au menu principal choisi l'option "L" et tape sur [entrée] .
* Laisse travailler l'outil et ne touche à rien ...
* Poste le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis
entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels
de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces
antivirus.
* Télécharge et enregistre le fichier d installation sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
* Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )
* Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.
* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
* Au menu principal choisi l'option "L" et tape sur [entrée] .
* Laisse travailler l'outil et ne touche à rien ...
* Poste le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis
entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels
de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces
antivirus.
Bonjour,
Voila le rapport :
------- RAPPORT D'AD-REMOVER 1.1.4.4 | UNIQUEMENT XP/VISTA -------
Mit à jour part C_XX le 26/05/2009 à 21:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
Lancé à: 19:58:28, 27/05/2009 | Mode Normal
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: DOS-BE3A46F3509
Utilisateur actuel: Jos‚ - Administrateur
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\Documents and Settings\Jos‚\Application Data\EoRezo\cache
C:\Documents and Settings\Jos‚\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\ConfMedia.cyp.old
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\db
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoComputer.cfg
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoDesktop
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoStats
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction.cfg
C:\Documents and Settings\Jos‚\Application Data\EoRezo\host.cyp
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate
C:\Documents and Settings\Jos‚\Application Data\EoRezo\user.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoDesktop\config.xml
C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoStats\eoStats.txt
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\conf_site.xml
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraduction.cfg
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\aide.png
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\eoTraduction.png
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\fermer.png
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\minimiser.png
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\traduire.png
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Download
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\help_config.cyp
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\unins000.dat
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\unins000.exe
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\user_config.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Download\itsTV
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Download\itsTV\3.0.0.2
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\eoengine
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\eoengine\9.1.0.0
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.2
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3\itstv.exe
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5\itstv.exe
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo
C:\Program Files\EoRezo
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\db
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\eoDesktop
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\eoStats
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\EoTraduction
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\EoTraduction\EoTraductionSkin
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Download
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Download\itsTV
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Download\itsTV\3.0.0.2
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\eoengine
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\itsTV
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\eoengine\9.1.0.0
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.0.2
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.0.3
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.0.5
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-06F6A94D.pf
C:\Documents and Settings\Jos‚\Cookies\jos‚@dl.eorezo[1].txt
C:\Documents and Settings\Jos‚\Cookies\jos‚@eorezo[1].txt
(!) -- Fichiers temporaires supprimés.
.
+-----------------| Scan additionnel:
.
---- Mozilla FireFox Version 2.0.0.20 ----
Nom du profil: tcoxro7s.default (Jos‚)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.20");
.
.
---- Internet Explorer Version 7.0.5730.11 ----
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
=========== Suspect (Cracks, Serials ... ) ==========
.
C:\Documents and Settings\Jos‚\.housecall6.6\patch.exe
[218736 Octet(s)|--a------|13/09/2008 12:05|HashMD5: b9a80ba0083fb8196f8ca0bef053ea4e |CRC32: 12c79c8b]
+---------------------------------------------------------------------------+
8940 Octet(s) - C:\Ad-Report-27.05.2009.log
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
25 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 20:16:26 | 27/05/2009
.
+-----------------| E.O.F
.
Voila le rapport :
------- RAPPORT D'AD-REMOVER 1.1.4.4 | UNIQUEMENT XP/VISTA -------
Mit à jour part C_XX le 26/05/2009 à 21:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
Lancé à: 19:58:28, 27/05/2009 | Mode Normal
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: DOS-BE3A46F3509
Utilisateur actuel: Jos‚ - Administrateur
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\Documents and Settings\Jos‚\Application Data\EoRezo\cache
C:\Documents and Settings\Jos‚\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\ConfMedia.cyp.old
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\db
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoComputer.cfg
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoDesktop
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoStats
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction.cfg
C:\Documents and Settings\Jos‚\Application Data\EoRezo\host.cyp
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate
C:\Documents and Settings\Jos‚\Application Data\EoRezo\user.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoDesktop\config.xml
C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\Jos‚\Application Data\EoRezo\eoStats\eoStats.txt
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\conf_site.xml
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraduction.cfg
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\aide.png
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\eoTraduction.png
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\fermer.png
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\minimiser.png
C:\Documents and Settings\Jos‚\Application Data\EoRezo\EoTraduction\EoTraductionSkin\traduire.png
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Download
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\help_config.cyp
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\unins000.dat
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\unins000.exe
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\user_config.cyp
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Download\itsTV
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Download\itsTV\3.0.0.2
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\eoengine
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\eoengine\9.1.0.0
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.2
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3\itstv.exe
C:\Documents and Settings\Jos‚\Application Data\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.5\itstv.exe
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\EoRezo
C:\Program Files\EoRezo
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\db
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\eoDesktop
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\eoStats
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\EoTraduction
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\EoTraduction\EoTraductionSkin
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Download
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Download\itsTV
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Download\itsTV\3.0.0.2
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\eoengine
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\itsTV
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\eoengine\9.1.0.0
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.0.2
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.0.3
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.0.5
/!\ NON SUPPRIMÉ: C:\Documents and Settings\Jos‚\Application Data\Eorezo
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-06F6A94D.pf
C:\Documents and Settings\Jos‚\Cookies\jos‚@dl.eorezo[1].txt
C:\Documents and Settings\Jos‚\Cookies\jos‚@eorezo[1].txt
(!) -- Fichiers temporaires supprimés.
.
+-----------------| Scan additionnel:
.
---- Mozilla FireFox Version 2.0.0.20 ----
Nom du profil: tcoxro7s.default (Jos‚)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.20");
.
.
---- Internet Explorer Version 7.0.5730.11 ----
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
=========== Suspect (Cracks, Serials ... ) ==========
.
C:\Documents and Settings\Jos‚\.housecall6.6\patch.exe
[218736 Octet(s)|--a------|13/09/2008 12:05|HashMD5: b9a80ba0083fb8196f8ca0bef053ea4e |CRC32: 12c79c8b]
+---------------------------------------------------------------------------+
8940 Octet(s) - C:\Ad-Report-27.05.2009.log
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
25 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
Fin à: 20:16:26 | 27/05/2009
.
+-----------------| E.O.F
.
clic ici http://www.bibou0007.com/outils-specifiques-f78/rsit-t3035.htm et suit le tuto de RSIT et poste moi uniquement le log.txt
telcharge hijackthis sur ton bureau choisit do a sca and save the log et poste le rapport
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
as tu des problemes en particuliers encore ?
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
as tu des problemes en particuliers encore ?
point de vu problèmes, rien de nouveau, voila le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:54, on 27/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\José\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.fr/static/download/pixacodndupload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:54, on 27/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\José\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.fr/static/download/pixacodndupload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
tssssssss
y fait qu'oi le garcon, y fait mumuse a envoyé les memes rapports sur 2 sites differents...
tu pense pas qu'on a autre chose a faire que s'occuper de ... dans ton genre, il y a d'autre personne qui n'ont pas la chance qu'UNE seul personne leur prete l'attention que nous te donnons.
tu ne merite qu'une chose, c'est qu'on te laisse comme sa en plan, c'est d'ailleurs ce que je fait.
merci de cloturer ce sujet pour motif doublon
et merci Destrio d'avoir eviter de me faire perdre mon temps
y fait qu'oi le garcon, y fait mumuse a envoyé les memes rapports sur 2 sites differents...
tu pense pas qu'on a autre chose a faire que s'occuper de ... dans ton genre, il y a d'autre personne qui n'ont pas la chance qu'UNE seul personne leur prete l'attention que nous te donnons.
tu ne merite qu'une chose, c'est qu'on te laisse comme sa en plan, c'est d'ailleurs ce que je fait.
merci de cloturer ce sujet pour motif doublon
et merci Destrio d'avoir eviter de me faire perdre mon temps
Merci de m'aider