Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Analyse findykill suite infection bagle

Dernière réponse le 13 jan 2009 à 23:30:51 roudoudou, le 11 jan 2009 à 23:25:24

Signaler ce message aux modérateurs

Bonjour,
merci de me dire si mon pc est encore infecter apres nettoyage par findykill suite a infection bagle

----------------- FindyKill V4.711 ------------------

* User : HP_Propri‚taire - ANNICK
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 22:42:53 the 11/01/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\143593.EXE-15E4DE8F.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-2E16D772.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\HP_Propri‚taire\Application Data

Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\.Net VisualPaseo Freeware 6.1.0.9.0.68.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\2001
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\@PROMT French-Russian Express Translator 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ABC Amber Text Converter 5.06.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Absolute Video Converter 3.30.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Active NTFS Reader for DOS 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Add Bookmark Here 2 3.0.20081031.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Alea Address Book 2.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Amazon MP3 Search 1.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Arabs Radio Toolbar 1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ASP Calendar 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ATCalc 3.1.8.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Auslogics System Information 1.2.16.230.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Auto Monitor 1.1.3.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Automated Domain Inspiration 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Avast.Antivirus.4.6.Profesional.spanish-espaÇñol.+.keygen.por.TuNeM.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Beautiful Snow Demo Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Best MP3 WAV Converter 1.00.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Bid-n-Invoice Basic Invoice 2.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Biorhythm Expert 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Black 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\BMP EMF Grapher 1.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Box Option Spread Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\BW-Plus 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Chameleon Flash 1.10.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ClickFix Lite for Adobe Audition 3.02a.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Comic Hi-FI 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Convert PSD to JPG Software 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\CRACK NORTON ANTIVIRUS 2005(1).zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Crimson Skies Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Cubic Ruler 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Customized Windows Logon 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\CyberLink MediaShow 4.0.1617.6618.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Daniusoft WMA MP3 Converter 2.3.0.23.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Data Tracker for Figurines 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\dedupeIT 1.06.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Dipstick 3.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Disney Movies Screensaver.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Domain Finder Tools 2.07626.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\DSSF Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EarMuffs 0.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EMCO OS License Modifier 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Enchanted Toolbar 2.00.0003.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EZ WebShow 2.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\EzMagnifier 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Fast Email Verifier Pro 2.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Firesizer 0.54.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Harmony In My Ears toolbar for Firefox 1.5.0.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\HaroldSearchNetworks for IE 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Haxial Calculator 1.2 Beta 1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\HDOB 1.01.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Healthy Life Cookbook 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Hixus Scrollbar Designer 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Homemade Facial Moisturizers 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\iOrgSoft WAV Converter 1.6.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Kalimages Basic 1.0.17.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Kaspersky.Internet.Security.6.0.1.402.all.Windows.and.Server2K3.version.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\KeyState 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Label Flow - Label Maker Software 3.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\LingvoSoft Suite 2008 English - Albanian 2.1.28.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Log Paper 1.04.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Lokad Safety Stock Calculator 1.5.1171.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\LucidLink Wireless LAN Security 2.22.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Mail Server Pro 3.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Mailing List Studio 3.13.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ManageEngine ServiceDesk Plus 7.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\McAfee.Total.Protection.2007.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MediaJoin 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Micron iPod Data Recovery 4.8.3.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MONOGRAM Frame Grabber 1.0.0.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MP3 CD Burn Magic 7.4.0.10.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\MPI.NET Runtime 1.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\n80 n72 6600 Ngage.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\NetFloor Live! 2.0.0.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Nod32.v2.12.3.Win.95.98.Me.Espa‡û¸Ol.Spanish.Comercial.Profesional.Monousuario.By.Freeman.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\nod32_2_70_final.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\OGS Notifier 0.18.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\One-Click Opener 0.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Oxygen Plan Library 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Oxygen SimpleUp 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PANDA_TITANIUM_2005.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PCLoupe 1.0.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Photonizer 2005 1.13.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PopScan 4.63.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Print Expander 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\PSTCompactor (Professional Edition) 2.5.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Quick Recovery for Microsoft Access 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Rapla 1.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\RealMedia Muxer 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Report Forge 3.0.11.5.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ResumeGrabber Standard 2008 5.0.0.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\SavantFTP 2.1.2.28.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Schedule Password Recovery Key 8.0 build 2514.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ServiceUtility 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Simple Unit Tab Editor 1.4.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Snipperoo 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\SocketWatch 3.5b.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Spring Dream 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Sprintometer 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\StartupPlus WOL 2.0 Build 118.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Surf Icons.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Swift POS 5.3.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Symantec.AntiVirus.Corporate.v9.0.1.1000.FULL.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\symantec.pcanywhere.11.0_german_retail_win_all_[ccb].zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\TheDatabaser 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Time Gain 1.5.0720.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Totwise 2.0.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\txt2pdf 9.7.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\UniversalHDTV 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\UniView 1.65.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Vista Caller-ID 1.0.7 Beta.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\ViviClip Pre-Wash DV Basic 1.00.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\VTC Player 1.11.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\W32.Welchia.Worm Removal Tool 1.06.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WBIAS 0.81.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Widget World Cup 1.6.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Win Mp3 Merge App 1.2.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Win PC Adress Book 3.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WinContig 0.80.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WinKiller 3 3.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WMon 1.0.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\WordBanker English-Swedish 6.4.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\XenoCrawler Beta 1.0 Build 3223.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\xTang 1.5.1.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\Yahoo Satellite Maps Downloader 4.18.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\YIPI 2.0 beta.zip
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared\_Lizenzschlussel.zip
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\m"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\HP_Propri‚taire\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp

Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\bisoft
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\DateTime4
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro

»»»» Supression files in C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0465HI7K\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0Y9KF0PT\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3M6P072I\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3M6P072I\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\4M2ERXRA\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\6I3BFS2J\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\7XPSD1FS\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\945CPJY7\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\945CPJY7\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\95O6V1G3\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B9B0WKXT\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B9B0WKXT\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DMQ07ARH\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\DMQ07ARH\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64[2].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\EBGEAG4X\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\F7EVWZ0M\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SJ0WJRYH\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\HP_Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\VWB2DRJJ\file[1].txt

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-881167365-900127857-875764690-1007\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixeD: - Lecteur fixe
+- deleting files :

Deleted ! - D:\autorun.inf
Deleted ! - D:\info.exe

--------------- [ Registry / Mountpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e117e0b-6de7-11dc-9fe6-00112f76ba3d}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a534d0a2-a272-11dd-9c8e-00112f76ba3d}\Shell\AutoRun\command

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe

Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Suspect ! - f5a3e4b4bcf683ebfd3948acfdee3ed2 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1353\A0262699.exe
Suspect ! - a8440f007fb29127b649917f55a7defe C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1379\A0265052.exe
Suspect ! - 64f497dace34ea0c38569c4c0549fe03 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1409\A0266625.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1437\A0269232.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273437.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273488.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273489.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273497.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273499.exe
Suspect ! - 9c498d9305a5014caf113709499e093a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273501.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273521.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP1439\A0273547.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\HP_Propri‚taire\Bureau\int‚grales artistes\Jacques Dutronc\Crack Boum Hue.MP3
C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\IM\Animation\firecracker.ima
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert.zip
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Sony.Sound.Forge.7.0 + KeyGen + MP3.Plugin.2.0 + Patch.FR.zip
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Easy Cd-Da Extractor Professional v10.0.2.1 Multilangages Incl-Crack.rar
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Armadillo.dll
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Consignes.txt
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\ezcddax.exe
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT.ISO
C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen
C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen\keygen.exe

---------------- ! End of report ! ------------------

Configuration: Windows XP
Internet Explorer 7.0

Meilleures réponses pour « analyse findykill suite infection bagle » dans :

Infection bagle installation anti-virus impos Voir

Infection par bagle - rapport findykill Voir

Infection BAGLE --> rapport FINDYKILL Voir

Comment supprimer le virus Beagle/Bagle ? VoirLe malware Bagle est en réalité un ver informatique se propageant essentiellement par les logiciels P2P et via de faux cracks (= logiciels piratés !), ainsi que par mail. L'internaute croyant télécharger un crack pour un logiciel en faisant une...

[Virus] Que faire quand on est infecté ? VoirSi vous savez ou vous pensez être infecté par un virus Si vous savez ou vous pensez être infecté par un virus, il faut s'en occuper le plus rapidement possible car l'infection peut inviter d'autres infections dans votre PC et votre système risque...

[Virus] Kit de désinfection pour éradiquer W32/Beagle@mm (Bagle) VoirNom des variantes Beagle/bagle Kits de désinfection Nom des variantes Beagle/bagle Plusieurs éditeurs ont mis au point des kits de désinfection permettant de supprimer les variantes suivantes du Virus W32.Beagle@mm, appelé aussi Win32.Bagle...

Infecte par W32/Bagle.HX.worm et d'autre Voir

Résultat analyse findykill (Résolu) Voir

Infection bagle wintems etc (Résolu) Voir

Télécharger FindyKill Voir

Analyseurs réseau (sniffers) VoirL'analyse de réseau Un « analyseur réseau » (appelé également analyseur de trames ou en anglais sniffer, traduisez « renifleur ») est un dispositif permettant d'« écouter » le trafic d'un réseau, c'est-à-dire de capturer les informations qui y...

Analyste programmeur (développeur) VoirDéveloppeur Le métier de développeur (également nommé analyste-programmeur) consiste à concevoir et à développer une application informatique, c'est-à-dire transcrire un besoin en une solution informatique écrite dans un langage informatique....

Analyse des journaux d'événements (logs) VoirL'analyse des journaux Un des meilleurs moyens de détecter les intrusions consiste à surveiller les journaux d'événements (appelés aussi journaux d'activité ou en anglais logs). En effet, d'une manière générale les serveurs stockent dans des...

Bonjour Pour que Pimprenelle puisse t'aider correctement, commence Lire la suite

Posez votre question Répondre

pimprenelle27, le 11 jan 2009 à 23:58:21

Télécharge le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la licence en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

Tutoriaux (ne fixe rien pour le moment !!)

Je vais me coucher. Pensez à mettre vos messages en résolu quand ils le sont.
Pour ceux qui sont anonyme, pensez à avertir les modos avec le triangle jaune que votre sujet est résolu.
Merci

Répondre à pimprenelle27

roudoudou, le 13 jan 2009 à 22:52:33

Bonjour
comme tu me l'a conseillé, je t'envoie le rapport hjackthis pour une nouvelle analyse.
merci encore de mettre vos compétenses à notre service et de tous vos conseils . bon courage

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:32, on 13/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application

Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers

communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Adobe\Adobe Version

Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\TMController.exe
C:\Program Files\DVBT Application\Schedule_d.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and Settings\HP_Propriétaire\Mes

documents\Memturbo\memturbo.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone

Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

=

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q40

4&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q

404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://r.orange.fr/r/WGlistemsg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

= http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q

404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant

=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Orange
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class -

{08C06D61-F1F3-4799-86F8-BE1A89362C85} -

C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Share Accelerator MM Toolbar -

{4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program

Files\Share_Accelerator_MM\tbSha0.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class -

{EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: 212.150.54.250 dv-networks.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers

communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer

- {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Share Accelerator MM Toolbar -

{4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program

Files\Share_Accelerator_MM\tbSha0.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no

file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890}

- C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no

file)
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program

Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN Toolbar\MSN

Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} -

C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no

file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN Toolbar\MSN

Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Share Accelerator MM Toolbar -

{4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program

Files\Share_Accelerator_MM\tbSha0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer -

{EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony

Ericsson\Mobile2\Application Launcher\Application Launcher.exe"

/startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers

communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers

communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe

Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers

communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program

Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TM Control] C:\WINDOWS\system32\TMController.exe
O4 - HKLM\..\Run: [Schedule_d] "C:\Program Files\DVBT

Application\Schedule_d.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers

communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Program

Files\Panda Software\Panda Platinum 2005 Internet

Security\PasSrv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program

Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program

Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

-hidden
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and

Settings\HP_Propriétaire\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and

Settings\HP_Propriétaire\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: MemTurbo.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program

Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messager Wanadoo -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo

Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo

Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -

http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan

Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)

- http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown

Class) -

http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image

Uploader 3.5 Control) -

http://www.extrafilm.fr/import/ImageUploader3.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) -

http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.

cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class)

- http://assets.photobox.com/assets/activex/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.ca

b
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader

Control) -

http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUplo

ader.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags

Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program

Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program

Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL

Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) -

France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Fichiers

communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman

Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program

Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero

7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program

Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
End of file - 14088 bytes

Répondre à roudoudou

^^Marie^^, le 12 jan 2009 à 11:56:25

Bonjour

Pour que Pimprenelle puisse t'aider correctement, commence par supprimer tous les cracks.

Un crack est un keygen ou une clé illégale permettant d'activer un logiciel payant.
Beaucoup d'infections de type Bagle sont véhiculées par les cracks Choisir un bon partenaire dans la Vie ! ©Tongs©
Pareil dans les Virus ! Sinon ''PLANTAGE assuré''

Répondre à ^^Marie^^

jacques.gache, le 12 jan 2009 à 19:26:23

Bonjour à vous tous, oui tu est bien infectés tu peux faire l'option 2 de findykill et puis mettre un hijackthis comme demander et aussi faire comme dit marie virer tes cracks et keygens si tu ne sais pas ou les trouver je te mets la liste

--------------- [ Searching Cracks / Keygen ] ---------------- 

C:\Documents and Settings\HP_Propri‚taire\Bureau\int‚grales artistes\Jacques Dutronc\Crack Boum Hue.MP3 
C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\IM\Animation\firecracker.ima 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert.zip 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Sony.Sound.Forge.7.0 + KeyGen + MP3.Plugin.2.0 + Patch.FR.zip 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Easy Cd-Da Extractor Professional v10.0.2.1 Multilangages Incl-Crack.rar 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Armadillo.dll 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\Consignes.txt 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Easy Cd-Da Extractor\Crack\ezcddax.exe 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\programmes t‚l‚charg‚s\Office Xp 2005 Sp3 (Word Excel Access Powerpoint Frontpage) French Francais No Fake Cracked By Frelon Vert\OFFICE XP 2005 SP3 ( word excel access powerpoint frontpage ) FRENCH FRANCAIS no fake cracked by FRELON VERT.ISO 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen 
C:\Documents and Settings\HP_Propri‚taire\Mes documents\soundforge70\KeyGen\keygen.exe 


---------------- ! End of report ! ------------------

Attention !! la surmultiplication de logiciels de sécurité ne
protège pas mieux voire peut engendrer des conflits et
des plantages. " mais chacun reste maître de son PC "

Répondre à jacques.gache

^^Marie^^, le 13 jan 2009 à 23:30:51

Bonsoir

--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir

--> Double-clique sur le raccourci FindyKill sur ton bureau

--> Au menu principal, choisis l'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
Je suis entrée dans CCM, La cigarette dans une main,
Les ©Tongs© dans l’autre main,
Les ***** nus sous la chemise

Répondre à ^^Marie^^

Posez votre question Répondre