virus bagle
Dernière réponse : dans Sécurité
bonjour j ai attrapé un virus bagle et je n arrive pas a le supprimé.si quelqu un pouvait m aider merci d avance.
voici ub scan.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-30 08:22:08
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 081129-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt
03926378 W32/Bagle.KV.worm HackTools No 0 Yes No C:\WINDOWS\system32\drivers\down\79031.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location M
;===================================================================================================================================================================================
No C:\Program Files\rnamfler\naomf.exe M
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description M
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 M
184379 MEDIUM MS08-001 M
182048 HIGH MS07-069 M
182046 HIGH MS07-067 M
182043 HIGH MS07-064 M
179553 HIGH MS07-061 M
176382 HIGH MS07-057 M
176383 HIGH MS07-058 M
170911 HIGH MS07-050 M
170907 HIGH MS07-046 M
170906 HIGH MS07-045 M
170904 HIGH MS07-043 M
164915 HIGH MS07-035 M
164913 HIGH MS07-033 M
164911 HIGH MS07-031 M
160623 HIGH MS07-027 M
157262 HIGH MS07-022 M
157261 HIGH MS07-021 M
157260 HIGH MS07-020 M
157259 HIGH MS07-019 M
156477 HIGH MS07-017 M
150253 HIGH MS07-016 M
150249 HIGH MS07-013 M
150248 HIGH MS07-012 M
150247 HIGH MS07-011 M
150243 HIGH MS07-008 M
150242 HIGH MS07-007 M
150241 MEDIUM MS07-006 M
141034 HIGH MS06-076 M
141033 MEDIUM MS06-075 M
141030 HIGH MS06-072 M
137571 HIGH MS06-070 M
137568 HIGH MS06-067 M
133387 MEDIUM MS06-065 M
133386 MEDIUM MS06-064 M
133385 MEDIUM MS06-063 M
133379 HIGH MS06-057 M
131654 HIGH MS06-055 M
129977 MEDIUM MS06-053 M
129976 MEDIUM MS06-052 M
126093 HIGH MS06-051 M
126092 MEDIUM MS06-050 M
126087 HIGH MS06-046 M
126086 MEDIUM MS06-045 M
126083 HIGH MS06-042 M
126082 HIGH MS06-041 M
126081 HIGH MS06-040 M
123421 HIGH MS06-036 M
123420 HIGH MS06-035 M
120825 MEDIUM MS06-032 M
120823 MEDIUM MS06-030 M
120818 HIGH MS06-025 M
120815 HIGH MS06-022 M
120814 HIGH MS06-021 M
117384 MEDIUM MS06-018 M
114666 HIGH MS06-015 M
114664 HIGH MS06-013 M
108744 MEDIUM MS06-008 M
108743 MEDIUM MS06-007 M
108742 MEDIUM MS06-006 M
104567 HIGH MS06-002 M
104237 HIGH MS06-001 M
96574 HIGH MS05-053 M
93395 HIGH MS05-051 M
93394 HIGH MS05-050 M
93454 MEDIUM MS05-049 M
;===================================================================================================================================================================================
merci
voici ub scan.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-30 08:22:08
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1229 [VPS 081129-0] 4.8.1229 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[1].txt
03926378 W32/Bagle.KV.worm HackTools No 0 Yes No C:\WINDOWS\system32\drivers\down\79031.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location M
;===================================================================================================================================================================================
No C:\Program Files\rnamfler\naomf.exe M
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description M
;===================================================================================================================================================================================
184380 MEDIUM MS08-002 M
184379 MEDIUM MS08-001 M
182048 HIGH MS07-069 M
182046 HIGH MS07-067 M
182043 HIGH MS07-064 M
179553 HIGH MS07-061 M
176382 HIGH MS07-057 M
176383 HIGH MS07-058 M
170911 HIGH MS07-050 M
170907 HIGH MS07-046 M
170906 HIGH MS07-045 M
170904 HIGH MS07-043 M
164915 HIGH MS07-035 M
164913 HIGH MS07-033 M
164911 HIGH MS07-031 M
160623 HIGH MS07-027 M
157262 HIGH MS07-022 M
157261 HIGH MS07-021 M
157260 HIGH MS07-020 M
157259 HIGH MS07-019 M
156477 HIGH MS07-017 M
150253 HIGH MS07-016 M
150249 HIGH MS07-013 M
150248 HIGH MS07-012 M
150247 HIGH MS07-011 M
150243 HIGH MS07-008 M
150242 HIGH MS07-007 M
150241 MEDIUM MS07-006 M
141034 HIGH MS06-076 M
141033 MEDIUM MS06-075 M
141030 HIGH MS06-072 M
137571 HIGH MS06-070 M
137568 HIGH MS06-067 M
133387 MEDIUM MS06-065 M
133386 MEDIUM MS06-064 M
133385 MEDIUM MS06-063 M
133379 HIGH MS06-057 M
131654 HIGH MS06-055 M
129977 MEDIUM MS06-053 M
129976 MEDIUM MS06-052 M
126093 HIGH MS06-051 M
126092 MEDIUM MS06-050 M
126087 HIGH MS06-046 M
126086 MEDIUM MS06-045 M
126083 HIGH MS06-042 M
126082 HIGH MS06-041 M
126081 HIGH MS06-040 M
123421 HIGH MS06-036 M
123420 HIGH MS06-035 M
120825 MEDIUM MS06-032 M
120823 MEDIUM MS06-030 M
120818 HIGH MS06-025 M
120815 HIGH MS06-022 M
120814 HIGH MS06-021 M
117384 MEDIUM MS06-018 M
114666 HIGH MS06-015 M
114664 HIGH MS06-013 M
108744 MEDIUM MS06-008 M
108743 MEDIUM MS06-007 M
108742 MEDIUM MS06-006 M
104567 HIGH MS06-002 M
104237 HIGH MS06-001 M
96574 HIGH MS05-053 M
93395 HIGH MS05-051 M
93394 HIGH MS05-050 M
93454 MEDIUM MS05-049 M
;===================================================================================================================================================================================
merci
Autres pages sur : virus bagle
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge FindyKill ([#ff0000]Chiquitine29[/#ff]) sur ton Bureau.
Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de FindyKill.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Poste le rapport généré dans ta prochaine réponse.
NB : La barre des tâches et les icônes vont disparaître pendant la recherche.
Télécharge FindyKill ([#ff0000]Chiquitine29[/#ff]) sur ton Bureau.
NB : La barre des tâches et les icônes vont disparaître pendant la recherche.
voila
----------------- FindyKill V4.706 ------------------
* User : Administrateur - ORDI-XPSP2
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 27/11/08 par Chiquitine29
* Recherche effectuée à 13:01:56 le 02/12/2008
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\windows\system32\svchost.exe
C:\Program Files\TooX\Groom\GroomAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\svchost.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\knlwrap.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\iKernel.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\bitcomet\BitComet.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
Found ! [01/12/2008 10:33] - C:\InfoSat.txt
»»»» Presence des fichiers dans C:\windows
»»»» Presence des fichiers dans C:\windows\Prefetch
»»»» Presence des fichiers dans C:\windows\system32
»»»» Presence des fichiers dans C:\windows\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\Administrateur\Local Settings\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
BitTorrent="D:\bitorent\bittorrent.exe" --force_start_minimized
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
avast!="C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
RTHDCPL=RTHDCPL.EXE
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
PKR Pal="C:\Program Files\PKR\pkrpal.exe" -osboot
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
LogMeIn GUI="D:\appz\depannage\x86\LogMeInSystray.exe"
LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
Logitech Hardware Abstraction Layer=KHALMNPR.EXE
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
8001002=D:\appz\logiciel espion\8001002.exe
Synchronization Manager=%SystemRoot%\system32\mobsync.exe /logon
Synchronization Manager=%SystemRoot%\system32\mobsync.exe /logon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\uiytuhjy]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\Local AppWizard-Generated Applications\uiytuhjy
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\EWZ
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\XYZ
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\uiytuhjy
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\EWZ
Found ! - HKEY_CURRENT_USER\Software\XYZ
Found ! - HKEY_CURRENT_USER\Software\FirtR
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
----------------- FindyKill V4.706 ------------------
* User : Administrateur - ORDI-XPSP2
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 27/11/08 par Chiquitine29
* Recherche effectuée à 13:01:56 le 02/12/2008
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\windows\system32\svchost.exe
C:\Program Files\TooX\Groom\GroomAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\svchost.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\knlwrap.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\iKernel.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\bitcomet\BitComet.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
Found ! [01/12/2008 10:33] - C:\InfoSat.txt
»»»» Presence des fichiers dans C:\windows
»»»» Presence des fichiers dans C:\windows\Prefetch
»»»» Presence des fichiers dans C:\windows\system32
»»»» Presence des fichiers dans C:\windows\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\Administrateur\Local Settings\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
BitTorrent="D:\bitorent\bittorrent.exe" --force_start_minimized
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
avast!="C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
RTHDCPL=RTHDCPL.EXE
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
PKR Pal="C:\Program Files\PKR\pkrpal.exe" -osboot
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
LogMeIn GUI="D:\appz\depannage\x86\LogMeInSystray.exe"
LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
Logitech Hardware Abstraction Layer=KHALMNPR.EXE
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
8001002=D:\appz\logiciel espion\8001002.exe
Synchronization Manager=%SystemRoot%\system32\mobsync.exe /logon
Synchronization Manager=%SystemRoot%\system32\mobsync.exe /logon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\uiytuhjy]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\Local AppWizard-Generated Applications\uiytuhjy
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\EWZ
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-1757981266-220523388-682003330-500\Software\XYZ
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\uiytuhjy
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\EWZ
Found ! - HKEY_CURRENT_USER\Software\XYZ
Found ! - HKEY_CURRENT_USER\Software\FirtR
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
rE?
Relance FindyKill en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
[#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
Un rapport sera généré, poste son contenu ici.
NB : Un redémarrage est parfois nécessaire, FindyKill t'enverra un message si cela est nécessaire.
Relance FindyKill en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
[#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
Un rapport sera généré, poste son contenu ici.
NB : Un redémarrage est parfois nécessaire, FindyKill t'enverra un message si cela est nécessaire.
Merci de faire un effort sur l'orthographe.
Télécharge ELIBAGLA en bas de cette page.
Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
Double-clique dessus pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
Clique sur le bouton Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
AIDE : Comment supprimer Bagle ?
Télécharge ELIBAGLA en bas de cette page.
Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
Double-clique dessus pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
Clique sur le bouton Explorar pour lancer l'analyse.
Poste le rapport généré en fin fin d'analyse.
AIDE : Comment supprimer Bagle ?
désolé pour l orthoraphe.merci quand meme.
Mon May 12 09:50:56 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Mon May 12 09:51:06 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\down\103796.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\115281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14539437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14542203.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14543078.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14546375.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14551843.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14554015.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14554484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14557140.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14558187.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14559468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14559500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14565875.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14567500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14574015.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14578609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14585187.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14587750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14592125.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14597500.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14618609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14624062.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14630484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14636000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14641515.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\17032218.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\29057843.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29059515.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\29068734.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29070875.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29082046.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29096625.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29130953.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29168500.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\29194765.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29219218.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\31738812.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\38000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\38703.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\38968.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\39343.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\39796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\40625.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\40640.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\40750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\40984.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\41250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\41406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\41609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\41968.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\42000.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\42343.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\42828.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\43296.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\43359.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\43406.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\43576859.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\43765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\44578.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\44609.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\45109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\45731046.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\45906.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\45984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\46000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\46781.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\47500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\49421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\49656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\49703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\49859.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\49937.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\52062.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\52859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\55218.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\58078.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\60062.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\60734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\62812.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\64234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\69343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\69390.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\70765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\79000.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\83968.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\93570984.EXE --> Eliminado Bagle.dldr
Nº Total de Directorios: 3488
Nº Total de Ficheros: 33399
Nº de Ficheros Analizados: 8039
Nº de Ficheros Infectados: 87
Nº de Ficheros Limpiados: 87
Mon Dec 01 10:25:18 2008
EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Mon Dec 01 10:28:40 2008
EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Nº Total de Directorios: 4135
Nº Total de Ficheros: 44172
Nº de Ficheros Analizados: 7941
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Mon Dec 01 10:32:13 2008
EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Mon Dec 01 10:32:35 2008
EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "D:\"
Nº Total de Directorios: 759
Nº Total de Ficheros: 16010
Nº de Ficheros Analizados: 1471
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Wed Dec 03 14:20:15 2008
EliBagle v12.01 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Wed Dec 03 14:20:42 2008
EliBagle v12.01 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Nº Total de Directorios: 4138
Nº Total de Ficheros: 44404
Nº de Ficheros Analizados: 7947
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
voila merci.
Mon May 12 09:50:56 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\FLEC006.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Mon May 12 09:51:06 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\down\103796.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\115281.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14539437.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14542203.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14543078.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14546375.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14551843.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14554015.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14554484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14557140.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14558187.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14559468.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14559500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14565875.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14567500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14574015.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14578609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14585187.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14587750.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14592125.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14597500.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14618609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\14624062.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14630484.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14636000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\14641515.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\17032218.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\29057843.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29059515.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\29068734.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29070875.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29082046.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29096625.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29130953.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29168500.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\29194765.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\29219218.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\31738812.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\38000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\38703.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\38968.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\39343.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\39796.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\40625.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\40640.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\40750.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\40984.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\41250.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\41406.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\41609.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\41968.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\42000.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\42343.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\42828.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\43296.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\43359.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\43406.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\43576859.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\43765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\44578.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\44609.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\45109.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\45731046.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\45906.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\45984.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\46000.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\46781.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\47500.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\49421.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\49656.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\49703.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\49859.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\49937.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\52062.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\52859.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\55218.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\58078.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\60062.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\down\60734.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\62812.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\64234.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\69343.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\69390.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\70765.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\79000.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\83968.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\down\93570984.EXE --> Eliminado Bagle.dldr
Nº Total de Directorios: 3488
Nº Total de Ficheros: 33399
Nº de Ficheros Analizados: 8039
Nº de Ficheros Infectados: 87
Nº de Ficheros Limpiados: 87
Mon Dec 01 10:25:18 2008
EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Mon Dec 01 10:28:40 2008
EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Nº Total de Directorios: 4135
Nº Total de Ficheros: 44172
Nº de Ficheros Analizados: 7941
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Mon Dec 01 10:32:13 2008
EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Mon Dec 01 10:32:35 2008
EliBagle v12.00 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 26 de Noviembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "D:\"
Nº Total de Directorios: 759
Nº Total de Ficheros: 16010
Nº de Ficheros Analizados: 1471
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Wed Dec 03 14:20:15 2008
EliBagle v12.01 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Wed Dec 03 14:20:42 2008
EliBagle v12.01 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Diciembre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Nº Total de Directorios: 4138
Nº Total de Ficheros: 44404
Nº de Ficheros Analizados: 7947
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
voila merci.
Re,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
voila
ComboFix 08-12-02.02 - Administrateur 2008-12-03 18:15:40.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.129 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\new.txt
C:\InfoSat.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\lsa.dll
c:\windows\system32\lsa32.dll
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_SROSA
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-03 au 2008-12-03 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 10:10 . 2008-12-01 10:10 3,762 --a------ c:\windows\system32\tmp.reg
2008-12-01 10:06 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-12-01 10:06 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-12-01 10:06 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-12-01 10:06 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-12-01 10:06 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-12-01 10:06 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-12-01 10:06 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-12-01 10:06 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-12-01 10:06 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-12-01 10:06 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-12-01 09:54 . 2008-12-01 09:54 250 --a------ c:\windows\gmer.ini
2008-11-30 08:36 . 2008-11-30 08:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 08:36 . 2008-11-30 08:36 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-29 20:52 . 2008-04-25 13:29 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-29 20:47 . 2008-11-29 20:47 <REP> d-------- C:\fsaua.data
2008-11-29 18:00 . 2008-11-29 20:41 <REP> d-------- c:\windows\BDOSCAN8
2008-11-29 09:28 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-27 05:48 . 2008-12-03 06:44 0 --a------ C:\Debug.QC6
2008-11-25 17:25 . 2008-11-25 17:25 1,409 --a------ c:\windows\QTFont.for
2008-11-20 08:47 . 2008-11-25 17:25 54,156 --ah----- c:\windows\QTFont.qfn
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 05:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 09:10 --------- d-----w c:\program files\Google
2008-11-29 10:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 04:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 10:34 --------- d-----w c:\program files\GameHouse
2008-11-25 14:42 --------- d-----w c:\program files\InstantTouch
2008-11-08 08:49 --------- d-----w c:\documents and settings\Administrateur\Application Data\Image Zone Express
2007-01-26 21:24 17,144 ----a-w c:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2006-12-27 19:13 1 ----a-w c:\documents and settings\Administrateur\SI.bin
2006-10-29 10:56 54 ----a-w c:\program files\delir.gio
2006-12-05 19:06 86,048 --sha-w c:\windows\fidbox.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-15 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-03 144384]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="d:\appz\photo\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Groom Agent.lnk - c:\program files\TooX\Groom\GroomAgent.exe [2006-10-29 167936]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Lancement rapide d'Adobe Reader.lnk - d:\logiciels\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.enc"= ITIG726.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\jeux\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25071:TCP"= 25071:TCP:BitComet 25071 TCP
"25071:UDP"= 25071:UDP:BitComet 25071 UDP
"25950:TCP"= 25950:TCP:BitComet 25950 TCP
"25950:UDP"= 25950:UDP:BitComet 25950 UDP
"21076:TCP"= 21076:TCP:BitComet 21076 TCP
"21076:UDP"= 21076:UDP:BitComet 21076 UDP
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-29 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-25 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-25 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2007-01-22 3712]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-05-17 46112]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\appz\depannage\x86\RaInfo.sys []
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2007-08-05 152576]
S3 sdAuxService;PC Tools Auxiliary Service;d:\appz\hitman\Spyware Doctor\pctsAuxs.exe [2008-07-22 356920]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2008-04-19 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2008-04-19 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2008-04-19 97088]
S4 LMIRfsClientNP;LMIRfsClientNP; []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f832119e-bc84-11dd-8d5e-00138fc1b710}]
\Shell\AutoRun\command - F:\EmDesk.exe
\Shell\EmDesk\command - F:\EmDesk.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-BitTorrent - d:\bitorent\bittorrent.exe
HKCU-Run-2pspx - d:\appz\virus\hpqsfmsfsodlmob\bqyzbovbo.exe
HKLM-Run-PKR Pal - c:\program files\PKR\pkrpal.exe
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-LogMeIn GUI - d:\appz\depannage\x86\LogMeInSystray.exe
HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
HKLM-Run-8001002 - d:\appz\logiciel espion\8001002.exe
HKLM-Run-2pspx - d:\appz\virus\hpqsfmsfsodlmob\bqyzbovbo.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7noijcay.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr/
FF -: plugin - d:\appz\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - d:\appz\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - d:\appz\Netscape6\nppl3260.dll
FF -: plugin - d:\appz\Netscape6\nprjplug.dll
FF -: plugin - d:\appz\Netscape6\nprpjplug.dll
FF -: plugin - d:\logiciels\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 18:18:27
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1156)
c:\windows\system32\klogon.dll
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
.
**************************************************************************
.
Heure de fin: 2008-12-03 18:19:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-03 17:19:53
Avant-CF: 5 713 063 936 octets libres
Après-CF: 5,853,413,376 octets libres
201
ComboFix 08-12-02.02 - Administrateur 2008-12-03 18:15:40.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.129 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\new.txt
C:\InfoSat.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\lsa.dll
c:\windows\system32\lsa32.dll
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Legacy_SROSA
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-03 au 2008-12-03 ))))))))))))))))))))))))))))))))))))
.
2008-12-01 10:10 . 2008-12-01 10:10 3,762 --a------ c:\windows\system32\tmp.reg
2008-12-01 10:06 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-12-01 10:06 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-12-01 10:06 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-12-01 10:06 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-12-01 10:06 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-12-01 10:06 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-12-01 10:06 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-12-01 10:06 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-12-01 10:06 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-12-01 10:06 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-12-01 09:54 . 2008-12-01 09:54 250 --a------ c:\windows\gmer.ini
2008-11-30 08:36 . 2008-11-30 08:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 08:36 . 2008-11-30 08:36 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-29 20:52 . 2008-04-25 13:29 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-29 20:47 . 2008-11-29 20:47 <REP> d-------- C:\fsaua.data
2008-11-29 18:00 . 2008-11-29 20:41 <REP> d-------- c:\windows\BDOSCAN8
2008-11-29 09:28 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-11-27 05:48 . 2008-12-03 06:44 0 --a------ C:\Debug.QC6
2008-11-25 17:25 . 2008-11-25 17:25 1,409 --a------ c:\windows\QTFont.for
2008-11-20 08:47 . 2008-11-25 17:25 54,156 --ah----- c:\windows\QTFont.qfn
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 05:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 09:10 --------- d-----w c:\program files\Google
2008-11-29 10:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 04:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 10:34 --------- d-----w c:\program files\GameHouse
2008-11-25 14:42 --------- d-----w c:\program files\InstantTouch
2008-11-08 08:49 --------- d-----w c:\documents and settings\Administrateur\Application Data\Image Zone Express
2007-01-26 21:24 17,144 ----a-w c:\documents and settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2006-12-27 19:13 1 ----a-w c:\documents and settings\Administrateur\SI.bin
2006-10-29 10:56 54 ----a-w c:\program files\delir.gio
2006-12-05 19:06 86,048 --sha-w c:\windows\fidbox.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-15 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-03 144384]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="d:\appz\photo\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Groom Agent.lnk - c:\program files\TooX\Groom\GroomAgent.exe [2006-10-29 167936]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Lancement rapide d'Adobe Reader.lnk - d:\logiciels\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.enc"= ITIG726.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\jeux\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25071:TCP"= 25071:TCP:BitComet 25071 TCP
"25071:UDP"= 25071:UDP:BitComet 25071 UDP
"25950:TCP"= 25950:TCP:BitComet 25950 TCP
"25950:UDP"= 25950:UDP:BitComet 25950 UDP
"21076:TCP"= 21076:TCP:BitComet 21076 TCP
"21076:UDP"= 21076:UDP:BitComet 21076 UDP
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-29 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-25 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-25 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2007-01-22 3712]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2007-05-17 46112]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\appz\depannage\x86\RaInfo.sys []
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2007-08-05 152576]
S3 sdAuxService;PC Tools Auxiliary Service;d:\appz\hitman\Spyware Doctor\pctsAuxs.exe [2008-07-22 356920]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2008-04-19 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2008-04-19 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2008-04-19 97088]
S4 LMIRfsClientNP;LMIRfsClientNP; []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f832119e-bc84-11dd-8d5e-00138fc1b710}]
\Shell\AutoRun\command - F:\EmDesk.exe
\Shell\EmDesk\command - F:\EmDesk.exe
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-BitTorrent - d:\bitorent\bittorrent.exe
HKCU-Run-2pspx - d:\appz\virus\hpqsfmsfsodlmob\bqyzbovbo.exe
HKLM-Run-PKR Pal - c:\program files\PKR\pkrpal.exe
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-LogMeIn GUI - d:\appz\depannage\x86\LogMeInSystray.exe
HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
HKLM-Run-8001002 - d:\appz\logiciel espion\8001002.exe
HKLM-Run-2pspx - d:\appz\virus\hpqsfmsfsodlmob\bqyzbovbo.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7noijcay.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr/
FF -: plugin - d:\appz\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - d:\appz\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - d:\appz\Netscape6\nppl3260.dll
FF -: plugin - d:\appz\Netscape6\nprjplug.dll
FF -: plugin - d:\appz\Netscape6\nprpjplug.dll
FF -: plugin - d:\logiciels\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 18:18:27
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1156)
c:\windows\system32\klogon.dll
c:\windows\system32\WRLogonNTF.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\Setup\avast.setup
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
.
**************************************************************************
.
Heure de fin: 2008-12-03 18:19:56 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-03 17:19:53
Avant-CF: 5 713 063 936 octets libres
Après-CF: 5,853,413,376 octets libres
201
voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:57, on 04/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TooX\Groom\GroomAgent.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\appz\hidjactis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\logiciels\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\bitcomet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\appz\hitman\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Groom Agent.lnk = C:\Program Files\TooX\Groom\GroomAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\logiciels\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\bitcomet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O15 - Trusted Zone: http://www.secuser.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\appz\hitman\Webroot\Spy Sweeper\WRSSSDK.exe
--
End of file - 8142 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:57, on 04/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TooX\Groom\GroomAgent.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\wscntfy.exe
C:\windows\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\appz\hidjactis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\logiciels\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\bitcomet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\appz\hitman\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Groom Agent.lnk = C:\Program Files\TooX\Groom\GroomAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\logiciels\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\bitcomet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O15 - Trusted Zone: http://www.secuser.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\appz\hitman\Webroot\Spy Sweeper\WRSSSDK.exe
--
End of file - 8142 bytes
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Avira AntiVir Personal
Report file date: Friday 5 December 2008 08:18
Scanning for 1074021 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Administrateur
Computer name: ORDI-XPSP2
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 06:46:56
ANTIVIR3.VDF : 7.1.0.189 200192 Bytes 04/12/2008 06:46:57
Engineversion : 8.2.0.41
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.17 336251 Bytes 05/12/2008 06:47:02
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.31 196987 Bytes 05/12/2008 06:47:01
AEHEUR.DLL : 8.1.0.74 1519990 Bytes 05/12/2008 06:47:01
AEHELP.DLL : 8.1.2.0 119159 Bytes 05/12/2008 06:46:59
AEGEN.DLL : 8.1.1.6 323955 Bytes 05/12/2008 06:46:59
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 05/12/2008 06:46:58
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Friday 5 December 2008 08:18
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '57' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\Bureau\FindyKill.exe
[DETECTION] Contains recognition pattern of the DR/Tool.PsKill.K.37 dropper
[NOTE] The file was moved to '49a6d6cc.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
End of the scan: Friday 5 December 2008 09:09
Used time: 50:52 Minute(s)
The scan has been done completely.
4919 Scanning directories
273501 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
273497 Files not concerned
3053 Archives were scanned
3 Warnings
1 Notes
voila merci encore de ton aide.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:57, on 05/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TooX\Groom\GroomAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\windows\system32\wscntfy.exe
C:\windows\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\appz\hidjactis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\logiciels\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\bitcomet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\appz\hitman\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Groom Agent.lnk = C:\Program Files\TooX\Groom\GroomAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\logiciels\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\bitcomet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O15 - Trusted Zone: http://www.secuser.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\appz\hitman\Webroot\Spy Sweeper\WRSSSDK.exe
--
End of file - 7980 bytes
Scan saved at 16:20:57, on 05/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TooX\Groom\GroomAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\windows\system32\wscntfy.exe
C:\windows\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\appz\hidjactis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\logiciels\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\bitcomet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\appz\hitman\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\appz\photo\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Groom Agent.lnk = C:\Program Files\TooX\Groom\GroomAgent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\logiciels\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\bitcomet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\bitcomet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\bitcomet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O15 - Trusted Zone: http://www.secuser.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{55CCFDAD-DFA1-4364-A5E8-81FC8096A881}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\appz\hitman\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\appz\hitman\Webroot\Spy Sweeper\WRSSSDK.exe
--
End of file - 7980 bytes
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumProblème global de débit suite à une infection par le virus Bagle.gen
- ForumVirus Bagle
- ForumAide pour désinfecter mon ordinateur , Virus BAGLE.
- Forum[Resolu - Virus Bagle] Virus inconnu je sais plus quoi faire
- Foruminfection virus type bagle: srosa.sys!! BESOIN D'AIDE!!!
- Forum[résolu] "(...) n'est pas une application Win32 valide" (virus Bagle)
- Forumencore un problème avec ashavast.exe (virus bagle)
- Forumaide infection bagle
- ForumCombofix virus bagle
- Voir plus
