Virus sur XP

Résolu

Mrdude -
g!rly Messages postés 18462 Statut Contributeur - 28 déc. 2008 à 21:42

Bonjour,

Tout d'abord je poste anonymement parce que je voulais 'inscrir sur ce brillant forum mais j'ai l'impression que mon email de validation n'est jamais arrivé !! est ce que ça vient de mon problème ?

Help me, j'ai choppé un virus ( execution d'un soft downloadé de emule....je sais c'est pas bien..) qui m'as désinstallé mon antivirus. me met une stupide fenêtre NTSB investigator fligth recorder et me reboot mon pc tout seul....bine sûr impossible de insatller à nouveau un antivirus.
j'ai lu des 100 ain de post essayer plein de trucs......petits soft mais rien n'y fait ! le prob c'est que je viens de insatller a neuf tout mon système et j'ai pas envie de tout me retaper...

j'ai suivi cette procédure ci dessous ( souligné) empruntée sur un autre post et j'ai copié mon fichier log en bas de ce message. Si vous avez le quelconque idée pour me débarasser de ce virus j'en serais TRES reconnaissant. Merci d'avance les kings de l'info.

Salut,

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

voila mon fichier info:
info.txt logfile of random's system information tool 1.05 2008-12-28 16:33:56

======Uninstall list======

-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->MsiExec.exe /X{57922B53-02D4-4DFC-AC24-A3519DC1F49A}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\software\adobe_creative_suite_2_fr\setup/lang=040c
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Premiere Pro 2.0-->msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCAD 6.5-->"C:\WINDOWS\ISUN040C.EXE" -f"C:\Dossier ArchiCAD 6.5 R3\ACUninst.isu" -c"C:\Dossier ArchiCAD 6.5 R3\ACUninst.dll"
ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x40c
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Codec Pack - All In 1 6.0.2.7-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
eMule Plus 1.2-->"C:\Program Files\eMule\unins000.exe"
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPU-4 Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}\Setup.exe" -l0x40c
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

System event log

Computer Name: DUDE
Event Code: 3260
Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'.

Record Number: 5
Source Name: Workstation
Time Written: 20081223221053.000000+060
Event Type: information
User:

Computer Name: DUDE
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers DUDE.

Record Number: 4
Source Name: EventLog
Time Written: 20081223221017.000000+060
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 2
Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.

Record Number: 3
Source Name: Serial
Time Written: 20081223230528.000000+060
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20081223230513.000000+060
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20081223230513.000000+060
Event Type: information
User:

Application event log

Computer Name: DUDE
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20081223221203.000000+060
Event Type: information
User:

Computer Name: DUDE
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20081223221200.000000+060
Event Type: information
User:

Computer Name: DUDE
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20081223221050.000000+060
Event Type: information
User:

Computer Name: DUDE
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20081223221035.000000+060
Event Type: information
User:

Computer Name: DUDE
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20081223221024.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

voila mon log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Dude family at 2008-12-28 16:33:44
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 28 GB (71%) free of 40 GB
Total RAM: 2013 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:54, on 28.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dude family\Bureau\RSIT.exe
C:\Program Files\trend micro\Dude family.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\Dude family\Bureau\ELIBAGLA.BIABBØH.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapaovr - Macrovision Corporation - (no file)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Afficher la suite

A voir également:

Virus sur XP
Cle windows xp - Guide
Virus mcafee - Accueil - Piratage
Cd burner xp - Télécharger - Gravure
Telecharger windows xp - Télécharger - Systèmes d'exploitation
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares

15 réponses

Réponse 1 / 15

g!rly Messages postés 18462 Statut Contributeur 406

salut,

Télécharges FindyKill de Chiquitine29 :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

->Enregistres le sur ton bureau et pas ailleurs !

!! Déconnectes toi et fermes toute applications en cours !!

( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

-> Cliques sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

Notes importantes :
* si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

--> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .

-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

@+

Mrdude

Salut G!rly,
en tous cas merci ton impressionnante rapidité.... voilà le rapport, c'est grave docteur ?
c'est du Chinois pour moi.....

----------------- FindyKill V4.710 ------------------

* User : Dude family - DUDE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 17:04:56 le 28.12.2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dude family\Application Data\drivers\winupgro.exe
C:\Program Files\iPod\bin\iPodService.exe

--------------- [ Processus infectieux stoppés ] ----------------

"C:\Documents and Settings\Dude family\Application Data\drivers\winupgro.exe" (1244)

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

Found ! [28.12.2008 16:23] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\161265.EXE-02BAF8EA.pf
Found ! - C:\WINDOWS\prefetch\202375.EXE-2600A99B.pf
Found ! - C:\WINDOWS\prefetch\261500.EXE-31372CC1.pf
Found ! - C:\WINDOWS\prefetch\354781.EXE-207F6E1F.pf
Found ! - C:\WINDOWS\prefetch\435234.EXE-234F37CA.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-1D4C7234.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-011C7231.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [28.12.2008 16:58] - C:\WINDOWS\system32\mdelk.exe
Found ! [28.12.2008 16:58] - C:\WINDOWS\system32\wintems.exe
Found ! [28.12.2008 16:58] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\Dude family\Application Data

Found ! [28.12.2008 15:26] - "C:\Documents and Settings\Dude family\Application Data\m\flec006.exe"
Found ! [28.12.2008 16:25] - "C:\Documents and Settings\Dude family\Application Data\m\list.oct"
Found ! [28.12.2008 16:26] - "C:\Documents and Settings\Dude family\Application Data\m\data.oct"
Found ! [28.12.2008 16:26] - "C:\Documents and Settings\Dude family\Application Data\m\srvlist.oct"
Found ! [28.12.2008 16:59] - "C:\Documents and Settings\Dude family\Application Data\m\shared"
Found ! [28.12.2008 16:26] - "C:\Documents and Settings\Dude family\Application Data\m"
Found ! [28.12.2008 14:56] - "C:\Documents and Settings\Dude family\Application Data\drivers"
Found ! [28.12.2008 16:58] - "C:\Documents and Settings\Dude family\Application Data\drivers\srosa.sys"
Found ! [28.12.2008 16:58] - "C:\Documents and Settings\Dude family\Application Data\drivers\srosa2.sys"
Found ! [08.06.2004 09:08] - "C:\Documents and Settings\Dude family\Application Data\drivers\winupgro.exe"
Found ! [28.12.2008 16:59] - "C:\Documents and Settings\Dude family\Application Data\drivers\downld"
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\103906.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\108953.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\109250.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\113437.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\115031.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\115328.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\119000.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\120781.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\121093.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\124031.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\125859.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\134359.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\134937.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\135218.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\148140.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\149937.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\149953.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\161265.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\202375.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\244171.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\244765.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\244796.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\248125.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\252328.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\261500.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\264171.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\265546.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\266031.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\266671.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\269437.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\270812.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\304656.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\305328.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\305343.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\317671.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\318890.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\319359.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\32984.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\336656.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\34062.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\34500.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\34625.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\34640.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\347281.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\347562.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\35000.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\354781.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36015.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36328.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36375.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36906.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36921.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\373203.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\373828.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\374296.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\394281.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\409703.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\410171.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\410250.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\41031.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\427281.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\435234.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\456531.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\460078.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\460609.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\46265.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\482390.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\483328.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\49156.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\495203.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\495500.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\495562.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\60281.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\61000.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\61218.exe
Found ! [28.12.2008 16:59] - C:\Documents and Settings\Dude family\Application Data\drivers\downld\64062.exe

»»»» Presence des fichiers dans C:\DOCUME~1\DUDEFA~1\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5

Found ! [28.12.2008 15:09] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\4PURGPMV\b64[1].jpg
Found ! [28.12.2008 14:56] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\4PURGPMV\b64_3[1].jpg
Found ! [28.12.2008 15:29] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\8HUZGHYB\b64_1[1].jpg
Found ! [28.12.2008 15:06] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\8HUZGHYB\b64_3[1].jpg
Found ! [28.12.2008 15:26] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\CLA7GTIB\b64[1].jpg
Found ! [28.12.2008 15:22] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\CLA7GTIB\b64_3[1].jpg
Found ! [28.12.2008 16:58] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\CLA7GTIB\b64_3[2].jpg
Found ! [28.12.2008 15:26] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\CLA7GTIB\mxd[1].jpg
Found ! [28.12.2008 15:12] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\O9Y3KT2N\b64_1[1].jpg
Found ! [28.12.2008 15:30] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\O9Y3KT2N\b64_2[1].jpg
Found ! [28.12.2008 15:03] - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\O9Y3KT2N\b64_3[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Persistence=C:\WINDOWS\system32\igfxpers.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Six Engine="C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\FourEngine]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1757981266-1364589140-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1757981266-1364589140-1801674531-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1757981266-1364589140-1801674531-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1757981266-1364589140-1801674531-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1757981266-1364589140-1801674531-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

g!rly Messages postés 18462 Statut Contributeur 406 > Mrdude

ok

passe l´option deux de findykill et post son rapport stp

@+

Mrdude > g!rly Messages postés 18462 Statut Contributeur

Le voilà...

ça a rebooté mon pc, apparemment deleté des trucs....qu'est ce que ça veut dire ? merci encore

----------------- FindyKill V4.710 ------------------

* User : Dude family - DUDE
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29

* Start at 17:27:45 the 28.12.2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\161265.EXE-02BAF8EA.pf
Deleted ! - C:\WINDOWS\prefetch\202375.EXE-2600A99B.pf
Deleted ! - C:\WINDOWS\prefetch\261500.EXE-31372CC1.pf
Deleted ! - C:\WINDOWS\prefetch\354781.EXE-207F6E1F.pf
Deleted ! - C:\WINDOWS\prefetch\435234.EXE-234F37CA.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-1D4C7234.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-011C7231.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys

»»»» Supression files in C:\Documents and Settings\Dude family\Application Data

Deleted ! - "C:\Documents and Settings\Dude family\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\3D Ice Fairies 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\ACES 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\AeroTags TagsLock Pro 3.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Airstream.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\AleGr MEMTEST 2.00.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Analgesics.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\ApexDC++ (formerly PeerWeb DC++) 0.4.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Assembler Edit 2.2.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Audio Compression Batch Assistent 1.00.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\avast!.Home.Edition.4.6.763.Crack.WORKING.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Avast.4.7.Pro.ITA+Keygen+Skins.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Axialis AX-CDPlayer 2.61.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Barcode Reader 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Bingo! DVD Ripper II 3.8.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Calnique Custom Calendar 3.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Chi Vuol Essere Milionario Java Nokia 6630 6680(1).zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\cloneskelecton 1.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Crystal 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\CSVed 1.4.7.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Cute Kitty by Drawing Hand 1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\dallasnews.com College Sports Blog 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Daylight Dreaming Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\DesktopRTA 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Digital Pen 2.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Drweb.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\DVD X Copy Deluxe 6.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\DVDPe Pro 2.3 Build 20071106.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\eAnnouncer 2.3.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\EBook Maker 1.21.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Einstein Platform 2007.7.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Email Address Parser 1.5.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Eset_NOD32_Antivirus_Administrator_Edition_v2.50.25_Win2KXP_Cracked_by_ARN.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\EuroConvertor 1.2.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Extract Data & Text From Multiple Files Software 7.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\FavIconizer 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Find in google 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\FluidSynth 1.0.3.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Fly Album 2.4.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\GetAnonymous 2.0 Professional Edition.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Globex 3.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Goodnight Timer 1.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\GraphEdit 9.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\GroupsAloud 1.008.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Guiffy 8.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Home FTP Client 0.0.4.14.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Howie's Quick Screen Capture 1.1.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Hurricanesoft Personal Firewall 2.4.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\I-lighter 2.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\ICQ Info 0.1.6.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\IDELIX LookOUT 1.0 Beta.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\IE Restore 1.10.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\IE-URLs 1.01.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\IFS Lab 1.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Karaoke DVD Burner 1.0.25.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Kaspersky.Anti-Virus.Personal.2006.6.0.12.167.beta.Keys.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Kaspersky.Internet.Security.6.0.0.303.-.Licenza.14-07-2007GIUSTA.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\kaspersky.security.suite.6.0.0.300.fr.clÇ¸.incluse.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Kaze to Desktop 1.0.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\KingConvert For NewManN66 4.0.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\LabyCube 1.5.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\LanguageStudio Spanish 2.1s build 69.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 Polish - Greek 2.3.91.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\LingvoSoft Picture Dictionary 2008 German - Chinese Mandarin Simplified 1.2.26.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\M3U To HTML Converter 0.9.5.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\MailBee SMTP 5.2.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\MailTend 0.9.1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\MassRenamer 1.0.7.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\MathProf 4.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Medical Icon Collection 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\MetaVNC 0.6.6.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\MicroSchope.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\MisSpel For Delphi 1.1.0.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Mocks 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\MouseImp Pro Live! 0.0.0.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\MuchFX2 Winamp Plug-in 0.99.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Multimedia Playroom 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Music File Merger 1.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\neoDVD Back-Up 7.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Net Book Scheduler 5.09 Build 254.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Neuromixer Pro 0.5.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Online Media 1.0.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Orbital Splash SS 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Oscilloscope 2.51.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Paragon Mount Everything Personal 3.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Path Analyzer Pro 2.7 Build 177.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\PC Doctor Pro 4.3.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Phone Calls Filter 1.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\PhotoSprinkle 1.0.29.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\PHPWebQuiz 1.3.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Plush 1.2.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Portable EF Talk Scriber 1.50.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\PushSaver 2.1.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Real Cut 2D 6.5.1.5.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Recall 4.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Search Engine Builder Professional 2.60.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Shark Video Converter Gold 6.5.0.2.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\SID Video Cutter & Splitter 1.8.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Silver Sprouter e-book 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\SilverSoft Speed 2005.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Snow 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Soapbox Video Gadget.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Soccer News Vista Gadget 1.4.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\SphereXPlorer 1.1.420.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\StampLib Organizer 1.05 build 115.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Start Menu Frequent Programs 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Static Web Image 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\StickIt! 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Super Run XP 2.5.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Superman Returns IM icons 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Symantec Norton SystemWorks 2006_ITA.-.Perfetto100%.da.GioCip.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Symantec.Antivirus.for.PDA.(Pocketpc.and.Palm).zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Symantec.Norton.Internet.Security.2006.Spanish.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Tango DropBox 2.2.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\The Shortcut - Internet Explorer 2.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\The WeatherEye Vista Gadget 1.0.3.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\ThirdDir 1.14.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\TimeCalc ET Professional 3.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\TRNG 1.01.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\UTAC 0.1.2.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Valentines Day Countdown 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Virtual Flash Drive 3.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Vista Orbs Pack.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Windows Time Bomb 1.0.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\WinX DVD Player 3.0.32.zip
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\WorkBox 1.0.zip
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\m"
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\drivers\winupgro.exe"
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\103906.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\108953.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\109250.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\113437.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\115031.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\115328.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\119000.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\120781.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\121093.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\124031.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\125859.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\134359.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\134937.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\135218.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\148140.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\149937.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\149953.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\161265.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\202375.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\244171.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\244765.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\244796.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\248125.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\252328.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\261500.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\264171.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\265546.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\266031.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\266671.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\269437.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\270812.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\304656.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\305328.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\305343.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\317671.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\318890.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\319359.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\32984.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\336656.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\34062.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\34500.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\34625.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\34640.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\347281.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\347562.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\35000.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\354781.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36015.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36328.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36375.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36906.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\36921.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\373203.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\373828.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\374296.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\394281.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\409703.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\410171.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\410250.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\41031.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\427281.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\435234.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\456531.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\460078.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\460609.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\46265.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\482390.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\483328.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\49156.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\495203.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\495500.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\495562.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\60281.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\61000.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\61218.exe
Deleted ! - C:\Documents and Settings\Dude family\Application Data\drivers\downld\64062.exe
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Dude family\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\DUDEFA~1\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\4PURGPMV\b64[1].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\4PURGPMV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\8HUZGHYB\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\8HUZGHYB\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\CLA7GTIB\b64[1].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\CLA7GTIB\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\CLA7GTIB\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\CLA7GTIB\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\O9Y3KT2N\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\O9Y3KT2N\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Dude family\Local Settings\Temporary Internet Files\Content.IE5\O9Y3KT2N\b64_3[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-1757981266-1364589140-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Dude family\Recent\Crack.lnk
C:\Documents and Settings\Dude family\Recent\Crack_Install.txt.lnk

---------------- ! End of report ! ------------------

Réponse 2 / 15

g!rly Messages postés 18462 Statut Contributeur 406

A en croire le rapport l´infection est toujours présente :(

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

Mrdude

Voilà le rapport,
il m'as juste marqué au démarrage que ma console de récupération windows 'était pas installée j'ai skippé vu qu'il fallait une connexion pour l'installer.

Le log Combofix

ComboFix 08-12-26.03 - Dude family 2008-12-28 18:17:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2013.1626 [GMT 1:00]
Lancé depuis: c:\documents and settings\Dude family\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))
.

2008-12-28 17:04 . 2008-12-28 17:29 <REP> d-------- c:\program files\FindyKill
2008-12-28 16:33 . 2008-12-28 16:33 <REP> d-------- C:\rsit
2008-12-28 16:18 . 2004-06-08 09:08 790,536 --a------ c:\documents and settings\Dude family\RTHDCPL.EXE
2008-12-28 15:57 . 2008-12-28 17:55 <REP> d-------- c:\program files\Trend Micro
2008-12-28 15:35 . 2008-12-28 15:35 <REP> d-------- C:\VundoFix Backups
2008-12-28 15:31 . 2008-12-28 15:31 <REP> d-------- C:\!KillBox
2008-12-28 15:05 . 2008-01-04 13:34 11,832 --a------ c:\windows\system32\drivers\AsInsHelp64.sys
2008-12-28 15:05 . 2008-01-04 13:34 10,216 --a------ c:\windows\system32\drivers\AsInsHelp32.sys
2008-12-28 14:38 . 2008-12-28 14:38 664 --a------ c:\windows\system32\d3d9caps.dat
2008-12-28 13:58 . 2008-12-28 13:58 <REP> d-------- c:\program files\eMule
2008-12-28 13:39 . 2008-04-13 18:33 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-28 13:37 . 2008-12-28 13:37 <REP> d-------- c:\program files\Codec Pack - All In 1
2008-12-28 13:37 . 2008-12-28 13:36 737,280 --a------ c:\windows\iun6002.exe
2008-12-28 11:28 . 2008-12-28 11:28 <REP> d-------- c:\documents and settings\Dude family\Application Data\cucusoft
2008-12-28 11:27 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.DLL
2008-12-28 11:27 . 2003-03-18 21:14 499,712 --a------ c:\windows\system32\MSVCP71.DLL
2008-12-28 11:27 . 2003-02-21 05:42 348,160 --a------ c:\windows\system32\MSVCR71.DLL
2008-12-26 21:04 . 2008-04-13 17:34 92,160 --a------ c:\windows\system32\kswdmcap.ax
2008-12-26 19:36 . 2008-12-26 19:36 <REP> d-------- c:\windows\Sun
2008-12-26 14:37 . 2008-12-26 14:37 <REP> d-------- c:\windows\system32\RNBOSENT
2008-12-26 14:37 . 1999-04-22 05:38 73,216 --a------ c:\windows\system32\drivers\SENTINEL.SYS
2008-12-26 14:37 . 1999-04-22 05:38 47,616 --a------ c:\windows\system32\SNTI386.DLL
2008-12-26 14:37 . 1999-04-22 05:38 17,920 --a------ c:\windows\system32\RNBOVDD.DLL
2008-12-26 14:37 . 1999-04-22 05:38 9,949 --------- c:\windows\system32\SENTINEL.HLP
2008-12-26 14:36 . 2008-12-26 14:44 <REP> d-------- C:\Dossier ArchiCAD 6.5 R3
2008-12-26 14:35 . 2008-12-26 14:35 <REP> d-------- c:\documents and settings\Dude family\WINDOWS
2008-12-26 14:35 . 1998-01-23 13:20 305,664 --a------ c:\windows\IsUn040c.exe
2008-12-25 15:46 . 2008-12-25 15:46 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-25 15:46 . 2008-12-25 15:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-25 13:53 . 2008-12-25 13:53 <REP> d-------- c:\program files\iTunes
2008-12-25 13:53 . 2008-12-25 13:53 <REP> d-------- c:\program files\iPod
2008-12-25 13:53 . 2008-12-25 13:53 <REP> d-------- c:\program files\Bonjour
2008-12-25 13:53 . 2008-12-25 13:53 <REP> d-------- c:\documents and settings\Dude family\Application Data\Apple Computer
2008-12-25 13:53 . 2008-12-25 13:53 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-25 13:53 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-25 13:53 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-25 13:51 . 2008-12-25 13:53 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-12-25 13:51 . 2008-12-25 13:51 <REP> d-------- c:\program files\Apple Software Update
2008-12-25 13:51 . 2008-12-25 13:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-12-25 12:54 . 2008-12-25 12:54 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-25 12:54 . 2008-07-31 23:17 9,200 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-12-25 12:54 . 2008-07-31 23:17 9,072 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-12-25 12:54 . 2008-12-25 12:54 1,409 --a------ c:\windows\QTFont.for
2008-12-25 12:53 . 2008-12-25 12:53 <REP> d-------- c:\windows\system32\IOSUBSYS
2008-12-25 12:53 . 2008-12-25 12:53 <REP> d-------- c:\program files\Google
2008-12-25 12:51 . 2008-12-25 15:18 <REP> d-------- c:\documents and settings\Dude family\Graphisoft
2008-12-25 12:51 . 2008-12-25 15:18 <REP> d-------- c:\documents and settings\Dude family\Application Data\Graphisoft
2008-12-25 12:47 . 2008-12-25 13:53 <REP> d-------- c:\program files\QuickTime
2008-12-25 12:47 . 2008-12-25 13:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-25 12:47 . 2008-12-26 14:33 0 --a------ c:\windows\vpd.properties
2008-12-25 12:46 . 2008-12-25 12:46 <REP> d-------- c:\program files\Graphisoft
2008-12-25 12:45 . 2008-12-25 15:46 <REP> d-------- c:\program files\Java
2008-12-25 12:45 . 2008-12-25 12:45 <REP> d-------- c:\program files\Fichiers communs\Java
2008-12-24 17:02 . 2008-12-24 17:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems
2008-12-24 17:00 . 2008-12-24 17:00 1,233,920 --a------ c:\windows\system32\msxml4.dll
2008-12-24 17:00 . 2008-12-24 17:00 82,432 --a------ c:\windows\system32\msxml4r.dll
2008-12-24 15:44 . 2008-12-24 15:44 <REP> d-------- c:\windows\system32\Adobe
2008-12-24 15:44 . 2004-08-17 02:40 16,384 --a------ c:\windows\system32\FileOps.exe
2008-12-24 15:39 . 2008-12-24 15:39 <REP> d-------- c:\program files\Fichiers communs\Adobe Systems Shared
2008-12-24 13:43 . 2008-12-24 13:43 <REP> d-------- c:\program files\2BrightSparks
2008-12-24 13:39 . 2004-05-21 05:04 79,622 --a------ c:\windows\system32\EBPMON24.DLL
2008-12-24 13:39 . 2003-05-21 02:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL
2008-12-24 13:39 . 2000-06-07 01:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL
2008-12-24 13:39 . 2003-07-16 13:14 31,744 --a------ c:\windows\system32\E_DCINST.DLL
2008-12-24 13:38 . 2008-04-13 09:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-24 13:38 . 2008-04-13 09:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-24 13:37 . 2008-12-24 13:39 949,724 --a------ c:\windows\EPSTPLOG.BAK
2008-12-24 13:36 . 2008-12-24 13:39 <REP> d-------- c:\program files\epson
2008-12-24 13:36 . 2005-02-25 00:00 46,080 --a------ c:\windows\system32\escimgd.dll
2008-12-24 13:36 . 2005-02-25 00:00 29,696 --a------ c:\windows\system32\escwiad.dll
2008-12-24 13:36 . 2005-02-25 00:00 22,016 --a------ c:\windows\system32\esccmd.dll
2008-12-24 10:44 . 2008-12-28 17:49 <REP> d-------- c:\program files\Mozilla Thunderbird
2008-12-24 10:44 . 2008-12-24 10:44 <REP> d-------- c:\documents and settings\Dude family\Application Data\Thunderbird
2008-12-24 10:44 . 2008-12-24 10:44 <REP> d-------- c:\documents and settings\Dude family\Application Data\Talkback
2008-12-24 10:38 . 2008-12-24 10:38 0 --a------ c:\windows\nsreg.dat
2008-12-24 10:26 . 2008-12-24 17:23 <REP> d-------- c:\program files\ESET
2008-12-24 10:24 . 2008-12-24 17:06 <REP> d-------- c:\program files\Fichiers communs\Adobe
2008-12-24 10:20 . 2008-12-24 10:20 <REP> d-------- c:\windows\SHELLNEW
2008-12-24 10:20 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll
2008-12-24 10:20 . 2008-12-24 10:20 385 --a------ c:\windows\ODBC.INI
2008-12-24 10:13 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-24 10:12 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-12-24 10:12 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-12-24 10:12 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-12-24 10:12 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-12-24 10:11 . 2008-06-14 18:40 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 14:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 14:05 --------- d-----w c:\program files\ASUS
2008-12-25 11:47 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-12-23 21:53 319,488 ----a-w c:\windows\HideWin.exe
2008-12-23 21:53 --------- d-----w c:\program files\Realtek
2008-12-23 21:45 --------- d-----w c:\documents and settings\Dude family\Application Data\InstallShield
2008-12-23 21:42 --------- d-----w c:\program files\Intel
2008-12-23 21:15 --------- d-----w c:\program files\microsoft frontpage
2008-12-23 21:14 --------- d-----w c:\program files\Services en ligne
2008-12-12 21:47 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-11-25 16:05 993,816 ----a-w c:\windows\system32\igxpun.exe
2008-11-03 08:59 147,456 ----a-w c:\windows\system32\igfxCoIn_v5009.dll
2008-11-03 08:48 3,773,440 ----a-w c:\windows\system32\igxpdx32.dll
2008-11-03 08:47 982,192 ----a-w c:\windows\system32\igkrng500.bin
2008-11-03 08:47 57,344 ----a-w c:\windows\system32\igxprd32.dll
2008-11-03 08:47 417,344 ----a-w c:\windows\system32\igcompkrng500.bin
2008-11-03 08:47 2,685,760 ----a-w c:\windows\system32\igxpdv32.dll
2008-11-03 08:47 183,808 ----a-w c:\windows\system32\igxpgd32.dll
2008-11-03 08:46 6,273,504 ----a-w c:\windows\system32\drivers\igxpmp32.sys
2008-11-03 08:33 2,600,960 ----a-w c:\windows\system32\ig4dev32.dll
2008-11-03 08:29 4,112,384 ----a-w c:\windows\system32\ig4icd32.dll
2008-11-03 08:20 645,632 ----a-w c:\windows\system32\igfxcfg.exe
2008-11-03 08:20 23,552 ----a-w c:\windows\system32\igfxexps.dll
2008-11-03 08:20 166,912 ----a-w c:\windows\system32\hkcmd.exe
2008-11-03 08:20 165,376 ----a-w c:\windows\system32\igfxext.exe
2008-11-03 08:20 134,656 ----a-w c:\windows\system32\igfxtray.exe
2008-11-03 08:18 51,712 ----a-w c:\windows\system32\igfxsrvc.dll
2008-11-03 08:18 243,712 ----a-w c:\windows\system32\igfxsrvc.exe
2008-11-03 08:18 199,168 ----a-w c:\windows\system32\igfxpph.dll
2008-11-03 08:18 134,656 ----a-w c:\windows\system32\igfxpers.exe
2008-11-03 08:18 130,048 ----a-w c:\windows\system32\igfxdo.dll
2008-11-03 08:17 93,696 ----a-w c:\windows\system32\hccutils.dll
2008-11-03 08:17 5,702,656 ----a-w c:\windows\system32\igfxress.dll
2008-11-03 08:17 205,312 ----a-w c:\windows\system32\igfxdev.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-06-25 5625344]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=

*Newly Created Service* - EAPHOST
*Newly Created Service* - IP6FW
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Dude family\Application Data\Mozilla\Firefox\Profiles\1482x8l9.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 18:18:08
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-12-28 18:18:32
ComboFix-quarantined-files.txt 2008-12-28 17:18:26

Avant-CF: 32'376'446'976 octets libres
Après-CF: 32,366,780,416 octets libres

210

Réponse 3 / 15

alex59114 Messages postés 113 Statut Membre 5

bjr!
reformate ton ordi je ne vois que sa comme solution bon courage!

g!rly Messages postés 18462 Statut Contributeur 406

merci de ne pas intervenir si c´est pour balancer des trucs pareils, toi tu ne voies pas mais d´autres peut être voie...

Réponse 4 / 15

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

Mrdude bonjour, de même pour g!rly
j'aimerais bien si cela ne pose pas de problème à g!rly que tu nous dise ce que tu utilises comme anti-virus car sur le rapport que tu donnes je n'ai pas vu sauf erreur de ma part d'anti-virus actif sur ton pc

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 15

g!rly Messages postés 18462 Statut Contributeur 406

Ce que ça veut dire c´est que l´infection bagle a été supprimé; infection que tu as récolté en teléchargeant des crack, dont il reste encore des traces...

supprime ces deux fichiers :

C:\Documents and Settings\Dude family\Recent\Crack.lnk
C:\Documents and Settings\Dude family\Recent\Crack_Install.txt.lnk

repost un nouveau rapport rsit car j´ai l´impression que l´on est en présence d´une variante...

@+

Réponse 6 / 15

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\avast!.Home.Edition.4.6.763.Crack.WORKING.zip 
Deleted ! - C:\Documents and Settings\Dude family\Application Data\m\shared\Avast.4.7.Pro.ITA+Keygen+Skins.zip

bonjour les cracks faut pas être surpris d'être infecté

Réponse 7 / 15

g!rly Messages postés 18462 Statut Contributeur 406

Tu m´étonnes; salut Jacques`

Réponse 8 / 15

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 618

g!rly bonjour , as tu une idéesur l'anti-virus que Mrdude utilise ??

Réponse 9 / 15

g!rly Messages postés 18462 Statut Contributeur 406

Pour le moment il n´en a plus; j´imagine qu´il devait avoir avast dans sa version familiale vu qu´il a voulu télécharger la version pro ?!

Mrdude

J'avais la version familiale en effet mais j'ai jamais voulu charger la version pro par contre..
je n'ai en effet plus d'anti virus...puisque je n'arrivais plus a rien mettre...
j'ai voulu downloader sur le mule un utilitaire Ipod qui m'a fait tout planter...
je n'ai pas de dossier recent ( même caché) dans "dude family"

Voila mon rapport Rsit

Logfile of random's system information tool 1.05 (written by random/random)
Run by Dude family at 2008-12-28 17:55:52
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 29 GB (72%) free of 40 GB
Total RAM: 2013 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:54, on 28.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dude family\Bureau\RSIT.exe
C:\Program Files\trend micro\Dude family.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\Dude family\Bureau\ELIBAGLA.BIABBØH.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapaovr - Macrovision Corporation - (no file)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Réponse 10 / 15

g!rly Messages postés 18462 Statut Contributeur 406

bon

tu n´as pas de connection ?

Mrdude Messages postés 6 Statut Membre

Oui bien sûre mais quand j' ai lancé l'exe je m'étais déconnecter comme tu me l'as recommandé...
ça a encore nettoyé des trucs ? Il faut que je le refasse avec ma connection activée ?
Bon, ça veut dire que je vais pouvoir réinstaller mon antivirus ?
en tous cas je suis soufflé par la réactivité des réponses, moi je jongles entre les bains de mes enfants, poster un message etc..
merci pour tout

Réponse 11 / 15

g!rly Messages postés 18462 Statut Contributeur 406

ok pour la connection :)

j´suis collé a l´écran aujourd´hui, puis je n´ai pas d´enfants`

installes celui ci :

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

En francais :

https://www.avira.com/

Reglages :

en image :

http://speedweb1.free.fr/frames2.php?page=tuto5

mes explications :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

puis passe ceci :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+

Mrdude Messages postés 6 Statut Membre

Bon vais m'atteler à tout ça....
juste pour ma propre information, c'est une vocation de secourir à la rescousse de pauvres internautes paumé qui se font avoir comme des bleus.... ou tu utilises tous ces "comments" pour faire des applis pour contrer ces foutus virus ? bon te redirais quand même si tou s'est bien terminé

Merci pour tout

Réponse 12 / 15

g!rly Messages postés 18462 Statut Contributeur 406

Tu peux m´appeler sœur Julie`celle qui court au secours des pauvre internautes en détresse :)
J´ai bien l´œil rivé sur la création d´un fix (gratuit), mais c´est en stand by pour le moment...
De rien et courage, on arrive à la fin :)
@+

Mrdude Messages postés 6 Statut Membre

Soeur Julie,
ALELUIA je crois que cette fois ci j'en suis sortis....j'ai déjà pu re-insatller antivir...il a supprimé quelques fichiers infectés et malware aussi..tout à l'air d'être revenu dans l'ordre....
te redis si qqch d'anormal se passe...continue à te dévouer corps et âme pour nous pauvres petits malins...

MERCI mille fois et bonne nuit, tu viens d'où a part ça Suisse, France?

voilà le log

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1563
Windows 5.1.2600 Service Pack 3

28.12.2008 20:57:19
mbam-log-2008-12-28 (20-57-19).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 75543
Temps écoulé: 10 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{05DEEFE1-A18C-4CDD-A6C3-560368191218}\RP1\A0000009.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{05DEEFE1-A18C-4CDD-A6C3-560368191218}\RP1\A0000033.sys (Worm.Bagel) -> Quarantined and deleted successfully.

Réponse 13 / 15

g!rly Messages postés 18462 Statut Contributeur 406

Très bien mrdude,

Tout s´arrange avec une orange ;)

Post un dernier rapport hijack this et on pourra conclure...

J´habite Helsinki (Finlande)...

Bonne nuit egalement`

@+

Mrdude Messages postés 6 Statut Membre

Bon voilà le log hijack
Bon ma soeur , verdict final ?
Tout est rentré ds l'ordre ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:25, on 28.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Adobe\Adobe Premiere Pro 2.0\Adobe Premiere Pro.exe
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\DUDEFA~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dude family\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapaovr - Macrovision Corporation - (no file)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Réponse 14 / 15

g!rly Messages postés 18462 Statut Contributeur 406

Encore du pain sur la planche dude...

A l´aide de hijack this coche et fix :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

regarde ce tutorial pour mettre ta console java a jour :

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...

et

ta version de acrobat reader n´est pas a jour, tu veux la dernière version en date alors désinstalles ta version par le panneau de configuration / ajout et suppression de programme

et installes la dernière :

https://get2.adobe.com/reader/otherversions/

ou oublie complètement acrobat reader et installes foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

pour plus de sécu :

installes

un des par feu de la liste ci dessous :

par feu : kerio

telechargement : http://www.filehippo.com/download_sunbelt_personal_firewall/tech/468/

tuto :

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

Comodo 3 pro :

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

tuto : https://www.malekal.com/tutorial-comodo-firewall/

Online armor :

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

tuto : https://www.malekal.com/tutorial-online-armor-free/

ou zone alarm plus facil a configurer mais moins performant

https://www.malekal.com/tutoriel-zonealarm-firewall/

bonus :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

pour supprimer les outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

création d´un point de restauration tout beau tout neuf :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

sœur Julie ( ça me fait rire) a fait sa B.A de la journée, elle est fatiguée et va se coucher en pensant a un monde meilleure :)

Bonne nuit`

@+

Réponse 15 / 15

g!rly Messages postés 18462 Statut Contributeur 406

...

Discussions similaires

Softonic,est-ce un virus ?

Désinstaller Softonic

Message Apple virus !!

Virus sur XP

15 réponses

Votre réponse

Discussions similaires

Newsletters