infection Bagle Résolu

Question

bonsoir les gens, 
je fait une deuxième tentative pour éradiquer Bagle, j'ai besoin d'aide: mode sans échec ne fonctionne, win32 non valide et tout le train train de Bagle. Il y a des manip à faire et je ne souhaite pas les faire seul car je ne sais pas lire les rapports. CCleaner ne veut pas se lancer, avast non plus.
Please help me

sam3341 · Answer

moi sa m'est arrivé sauvegarde formatage systeme tout neuf

foxymophan · Answer

là ou cela a bloquer, c'est l'opération 2 de FyndiKill's qui ne se fini pas (le 2eme démarrage ne se fait pas)

foxymophan · Answer

j'ai envisager de le faire mais jne pense pas que ça défonce le Bagle.

sam3341 · Answer

oui je me souviens sa ma fait pareil c'est pour sa j'ai formater mais sur google ya plein d'explication pour eradiquer cette me***

sam3341 · Answer

sisi je t'assure que moi apres le formatage plus rien !

foxymophan · Answer

j'ai bien pris soin de lire les post concernés mais il me faudrait une personne sachant lire les rapports pour faire ça proprement. Et puis je n'est plus le cd original windows si jamais je doit réparer certain fichier corrompu.

foxymophan · Answer

Elibagla ne veut même pas se lancer

Utilisateur anonyme · Answer

Salut,

Telecharge FindyKill sur ton bureau :

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Tuto : malekal
Tuto : 01net

foxymophan · Answer

je précise que je suis en Guadeloupe du coup ya 5h de décalage.Si je suis long à répondre c'est normal.
le rapport arrive.

foxymophan · Answer

----------------- FindyKill V4.711 ------------------

* User : Florian - YAMYCORP-4D6A34
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 15:43:13 le 06/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
((((((((((((((((( *** Recherche *** ))))))))))))))))))  
 
 
--------------- [ Processus actifs ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\DISKDUR\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32	lntsvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\florian\local settings\application data\uiimgko.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\msiexec.exe
E:\Firefox\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
 
--------------- [ Processus infectieux stoppés ] ----------------  
 

"C:\WINDOWS\system32\wintems.exe"  (1256)

 
--------------- [ Fichiers/Dossiers infectieux ] ----------------  
 
 
»»»» Presence des fichiers dans C: 
 
Found ! [06/01/2009 04:52] - C:\InfoSat.txt 
 
»»»» Presence des fichiers dans C:\WINDOWS 
 
 
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch 
 
Found ! - C:\WINDOWS\prefetch\105156.EXE-11C89353.pf 
Found ! - C:\WINDOWS\prefetch\107234.EXE-37667EE3.pf 
Found ! - C:\WINDOWS\prefetch\110625.EXE-12F6A8C1.pf 
Found ! - C:\WINDOWS\prefetch\121843.EXE-19D57224.pf 
Found ! - C:\WINDOWS\prefetch\126015.EXE-1E86E4A0.pf 
Found ! - C:\WINDOWS\prefetch\128656.EXE-02B69EDD.pf 
Found ! - C:\WINDOWS\prefetch\132734.EXE-359993C3.pf 
Found ! - C:\WINDOWS\prefetch\135812.EXE-351A83E4.pf 
Found ! - C:\WINDOWS\prefetch\14899796.EXE-06C17A22.pf 
Found ! - C:\WINDOWS\prefetch\14968484.EXE-273F9134.pf 
Found ! - C:\WINDOWS\prefetch\156687.EXE-2630A3F6.pf 
Found ! - C:\WINDOWS\prefetch\157718.EXE-001A90FC.pf 
Found ! - C:\WINDOWS\prefetch\159609.EXE-27EF3C42.pf 
Found ! - C:\WINDOWS\prefetch\180500.EXE-2EF1878F.pf 
Found ! - C:\WINDOWS\prefetch\182812.EXE-2AFD5148.pf 
Found ! - C:\WINDOWS\prefetch\195812.EXE-3253FE4E.pf 
Found ! - C:\WINDOWS\prefetch\196312.EXE-17041FDA.pf 
Found ! - C:\WINDOWS\prefetch\206109.EXE-2458539E.pf 
Found ! - C:\WINDOWS\prefetch\209359.EXE-298554FB.pf 
Found ! - C:\WINDOWS\prefetch\215484.EXE-30D11119.pf 
Found ! - C:\WINDOWS\prefetch\252281.EXE-0F4ED336.pf 
Found ! - C:\WINDOWS\prefetch\286093.EXE-02EEE27D.pf 
Found ! - C:\WINDOWS\prefetch\287859.EXE-1F97CF11.pf 
Found ! - C:\WINDOWS\prefetch\309265.EXE-0AF7D673.pf 
Found ! - C:\WINDOWS\prefetch\316671.EXE-1F99D35A.pf 
Found ! - C:\WINDOWS\prefetch\324484.EXE-0B46879B.pf 
Found ! - C:\WINDOWS\prefetch\335218.EXE-2F0031D0.pf 
Found ! - C:\WINDOWS\prefetch\342312.EXE-0EED8580.pf 
Found ! - C:\WINDOWS\prefetch\353359.EXE-03F53753.pf 
Found ! - C:\WINDOWS\prefetch\353765.EXE-3B390ABE.pf 
Found ! - C:\WINDOWS\prefetch\364000.EXE-2B473FEF.pf 
Found ! - C:\WINDOWS\prefetch\372765.EXE-2785AE51.pf 
Found ! - C:\WINDOWS\prefetch\378343.EXE-08C4D575.pf 
Found ! - C:\WINDOWS\prefetch\383906.EXE-3A041A52.pf 
Found ! - C:\WINDOWS\prefetch\405312.EXE-130948E9.pf 
Found ! - C:\WINDOWS\prefetch\450343.EXE-24FE5D8C.pf 
Found ! - C:\WINDOWS\prefetch\518671.EXE-15168845.pf 
Found ! - C:\WINDOWS\prefetch\587312.EXE-0A543075.pf 
Found ! - C:\WINDOWS\prefetch\58937.EXE-375AA9B9.pf 
Found ! - C:\WINDOWS\prefetch\621906.EXE-2C13A522.pf 
Found ! - C:\WINDOWS\prefetch\694703.EXE-26D06062.pf 
Found ! - C:\WINDOWS\prefetch\70484.EXE-213BF380.pf 
Found ! - C:\WINDOWS\prefetch\711078.EXE-0315AE00.pf 
Found ! - C:\WINDOWS\prefetch\822234.EXE-2D85ECD2.pf 
Found ! - C:\WINDOWS\prefetch\84515.EXE-046A7138.pf 
Found ! - C:\WINDOWS\prefetch\857875.EXE-2AD2252A.pf 
Found ! - C:\WINDOWS\prefetch\95343.EXE-07BCB028.pf 
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-050E21FC.pf 
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf 
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf 
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf 
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-1FE9A009.pf 
 
»»»» Presence des fichiers dans C:\WINDOWS\system32 
 
Found ! [06/01/2009 04:08] - C:\WINDOWS\system32\mdelk.exe 
Found ! [06/01/2009 04:08] - C:\WINDOWS\system32\wintems.exe 
Found ! [06/01/2009 15:32] - C:\WINDOWS\system32\ban_list.txt 
Found ! [24/05/2007 08:55] - C:\WINDOWS\system32\AutoRun.inf 
 
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers 
 
Found ! [04/01/2009 23:43] - C:\WINDOWS\system32\drivers\srosa.sys 
Found ! [04/01/2009 23:43] - C:\WINDOWS\system32\drivers\srosa2.sys 
 
»»»» Presence des fichiers dans C:\Documents and Settings\Florian\Application Data 
 
Found ! [06/01/2009 04:10] - "C:\Documents and Settings\Florian\Application Data\m\flec006.exe" 
Found ! [06/01/2009 04:13] - "C:\Documents and Settings\Florian\Application Data\m\shared" 
Found ! [06/01/2009 04:51] - "C:\Documents and Settings\Florian\Application Data\m" 
Found ! [04/01/2009 22:07] - "C:\Documents and Settings\Florian\Application Data\drivers" 
Found ! [06/01/2009 04:07] - "C:\Documents and Settings\Florian\Application Data\drivers\srosa.sys" 
Found ! [06/01/2009 04:07] - "C:\Documents and Settings\Florian\Application Data\drivers\srosa2.sys" 
Found ! [22/09/2004 06:03] - "C:\Documents and Settings\Florian\Application Data\drivers\winupgro.exe" 
Found ! [06/01/2009 04:14] - "C:\Documents and Settings\Florian\Application Data\drivers\downld" 
 
»»»» Presence des fichiers dans f:\Temp 
 
 
»»»» Presence des fichiers dans C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5 
 
Found ! [04/01/2009 20:34] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[1].jpg  
Found ! [05/01/2009 18:28] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[2].jpg  
Found ! [05/01/2009 20:29] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[3].jpg  
Found ! [05/01/2009 21:18] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[4].jpg  
Found ! [06/01/2009 04:12] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[5].jpg  
Found ! [05/01/2009 11:44] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_3[1].jpg  
Found ! [05/01/2009 13:58] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_3[2].jpg  
Found ! [05/01/2009 20:42] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_3[3].jpg  
Found ! [05/01/2009 19:25] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_5[1].jpg  
Found ! [05/01/2009 12:45] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\file[1].txt  
Found ! [05/01/2009 20:30] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\mxd[1].jpg  
Found ! [06/01/2009 04:10] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\mxd[2].jpg  
Found ! [05/01/2009 21:34] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[1].jpg  
Found ! [05/01/2009 11:38] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[2].jpg  
Found ! [05/01/2009 11:49] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[3].jpg  
Found ! [05/01/2009 21:48] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[4].jpg  
Found ! [06/01/2009 15:32] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\file[1].txt  
Found ! [05/01/2009 20:30] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\mxd[3].jpg  
Found ! [06/01/2009 04:10] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\servernames[1].htm  
Found ! [05/01/2009 13:59] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\b64[2].jpg  
Found ! [04/01/2009 20:37] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\b64_1[1].jpg  
Found ! [05/01/2009 21:30] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\b64_1[2].jpg  
Found ! [03/01/2009 22:30] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\mxd[1].jpg  
Found ! [05/01/2009 14:28] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\mxd[2].jpg  
Found ! [05/01/2009 19:26] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\7LC3MMKY\b64[1].jpg  
Found ! [05/01/2009 20:31] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\7LC3MMKY\b64_1[1].jpg  
Found ! [06/01/2009 04:10] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64[1].jpg  
Found ! [04/01/2009 22:40] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64_1[1].jpg  
Found ! [05/01/2009 19:45] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64_1[2].jpg  
Found ! [05/01/2009 20:46] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64_1[3].jpg  
Found ! [05/01/2009 11:35] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64[1].jpg  
Found ! [05/01/2009 14:21] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64[2].jpg  
Found ! [05/01/2009 13:59] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64_1[1].jpg  
Found ! [06/01/2009 04:13] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64_2[1].jpg  
Found ! [05/01/2009 14:20] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64_3[1].jpg  
Found ! [05/01/2009 21:30] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64[1].jpg  
Found ! [05/01/2009 11:32] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64_1[2].jpg  
Found ! [05/01/2009 13:59] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64_1[4].jpg  
Found ! [05/01/2009 14:21] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64_1[5].jpg  
Found ! [05/01/2009 21:45] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\mxd[1].jpg  
Found ! [05/01/2009 19:47] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[1].jpg  
Found ! [05/01/2009 14:23] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[2].jpg  
Found ! [05/01/2009 18:27] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[3].jpg  
Found ! [05/01/2009 21:16] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[4].jpg  
Found ! [05/01/2009 18:28] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_2[1].jpg  
Found ! [05/01/2009 19:24] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_3[1].jpg  
Found ! [05/01/2009 21:28] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_3[2].jpg  
Found ! [05/01/2009 20:27] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\file[1].txt  
Found ! [05/01/2009 21:45] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64[1].jpg  
Found ! [05/01/2009 11:37] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64_1[1].jpg  
Found ! [06/01/2009 04:10] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64_1[2].jpg  
Found ! [05/01/2009 19:48] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64_2[1].jpg  
Found ! [04/01/2009 21:33] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SGZ2649M\file[1].txt  
Found ! [05/01/2009 20:29] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64[2].jpg  
Found ! [05/01/2009 14:23] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64_1[1].jpg  
Found ! [04/01/2009 20:33] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64_3[1].jpg  
Found ! [05/01/2009 11:31] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64_3[4].jpg  
Found ! [04/01/2009 01:12] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\mxd[1].jpg  
Found ! [05/01/2009 19:26] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\mxd[2].jpg  
Found ! [05/01/2009 21:31] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\mxd[3].jpg  
Found ! [05/01/2009 12:51] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_1[1].jpg  
Found ! [04/01/2009 20:37] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_2[1].jpg  
Found ! [05/01/2009 20:32] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_2[2].jpg  
Found ! [05/01/2009 21:43] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_3[1].jpg  
Found ! [06/01/2009 04:08] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_3[2].jpg  
Found ! [05/01/2009 19:45] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64[1].jpg  
Found ! [05/01/2009 21:16] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64[2].jpg  
Found ! [05/01/2009 19:28] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_1[1].jpg  
Found ! [05/01/2009 14:24] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_2[1].jpg  
Found ! [05/01/2009 20:47] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_2[2].jpg  
Found ! [05/01/2009 20:27] - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_3[1].jpg  
 
--------------- [ Registre / Startup ] ----------------  
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   NBJ="E:\Ahead\Nero BackItUp\NBJ.exe"
   ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
   uiimgko="c:\documents and settings\florian\local settings\application data\uiimgko.exe" uiimgko
   drvsyskit=C:\Documents and Settings\Florian\Application Data\drivers\winupgro.exe
   mule_st_key=C:\Documents and Settings\Florian\Application Data\m\flec006.exe
   german.exe=C:\WINDOWS\system32\wintems.exe
   SpybotSD TeaTimer=E:\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
   MaxMenuMgr="E:\DISKDUR\FreeAgent Status\StxMenuMgr.exe"
 
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NBJ]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
 
--------------- [ Registre / Clés infectieuses ] ----------------  
 
 
Found ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\Local AppWizard-Generated Applications\install_crack 
Found ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\Local AppWizard-Generated Applications\winupgro 
Found ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\bisoft 
Found ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\DateTime4 
Found ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\FFC 
Found ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\FirtR 
Found ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\MuleAppData 
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack 
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s 
Found ! - HKEY_CURRENT_USER\Software\bisoft 
Found ! - HKEY_CURRENT_USER\Software\DateTime4 
Found ! - HKEY_CURRENT_USER\Software\FirtR 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s 
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s 
Found ! - HKEY_CURRENT_USER\Software\bisoft 
Found ! - HKEY_CURRENT_USER\Software\DateTime4 
Found ! - HKEY_CURRENT_USER\Software\FirtR 
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit   
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe   
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key    
Found ! - [HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit   
Found ! - [HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe   
Found ! - [HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key    
 
 
--------------- [ Etat / Services ] ---------------- 
 
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot 
 
  /!\ Mode sans echec non fonctionnel !! 
 
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal 
 
  /!\ Mode sans echec non fonctionnel !! 
 
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network 
 
  /!\ Mode sans echec non fonctionnel !! 
 


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ] 

/!\ Ndisuio - Type de démarrage = 4 
 
/!\ Ip6Fw - Type de démarrage = 4 
 
SharedAccess - Type de démarrage = 2 
 
wuauserv - Type de démarrage = 2 
 
/!\ wscsvc - Type de démarrage = 4 
 
 
--------------- [ Recherche dans supports amovibles] ----------------  
 
 
+- Informations : 

C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

 
+- presence des fichiers :  

 
 
--------------- [ Registre / Mountpoint2 ] ----------------  
 
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ce48e7c-82a7-11dd-beee-fbb3d328bbe8}\Shell\AutoRun\command   
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a205652-e50b-11db-bd22-88bde0b5dfe8}\Shell\AutoRun\command   
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ce6e4f5-57ba-11dc-bdb1-eebcfe6f99ea}\Shell\AutoRun\command   
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b57bf2-56f0-11dc-bdaf-dfbed579eae9}\Shell\AutoRun\command   
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b57bf3-56f0-11dc-bdaf-dfbed579eae9}\Shell\AutoRun\command   
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8595fb2-5425-11dc-bdad-da374e258feb}\Shell\AutoRun\command   
 
 
------------------- ! Fin du rapport ! --------------------

Utilisateur anonyme · Answer

ok 

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
/!\ A lire dans tons cas 1 : http://www.libellules.ch/...
/!\ A lire dans tons cas 2 : http://forum.malekal.com/ftopic893.php
/!\ A visionner : http://secuboxlabs.fr/archives/computertoday.html

foxymophan · Answer

j'ai bien lu les lignes principales de mes cas. Je comprends pas mal de choses et je sais que j'était dans l'ignorance totale. Que ça me sert de leçon...

Utilisateur anonyme · Answer

ok hé bé passe l option 2 maintenant ..

foxymophan · Answer

je l'ai posté 2 fois il ne s'affiche pas ...

foxymophan · Answer

rraport 2


----------------- FindyKill V4.711 ------------------

* User : Florian - YAMYCORP-4D6A34
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 16:04:40 the 06/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in C: 
 
Deleted ! - C:\InfoSat.txt  
 
»»»» Supression files in C:\WINDOWS 
 
 
»»»» Supression files in C:\WINDOWS\Prefetch 
 
Deleted ! - C:\WINDOWS\prefetch\105156.EXE-11C89353.pf 
Deleted ! - C:\WINDOWS\prefetch\107234.EXE-37667EE3.pf 
Deleted ! - C:\WINDOWS\prefetch\110625.EXE-12F6A8C1.pf 
Deleted ! - C:\WINDOWS\prefetch\121843.EXE-19D57224.pf 
Deleted ! - C:\WINDOWS\prefetch\126015.EXE-1E86E4A0.pf 
Deleted ! - C:\WINDOWS\prefetch\128656.EXE-02B69EDD.pf 
Deleted ! - C:\WINDOWS\prefetch\132734.EXE-359993C3.pf 
Deleted ! - C:\WINDOWS\prefetch\135812.EXE-351A83E4.pf 
Deleted ! - C:\WINDOWS\prefetch\14899796.EXE-06C17A22.pf 
Deleted ! - C:\WINDOWS\prefetch\14968484.EXE-273F9134.pf 
Deleted ! - C:\WINDOWS\prefetch\156687.EXE-2630A3F6.pf 
Deleted ! - C:\WINDOWS\prefetch\157718.EXE-001A90FC.pf 
Deleted ! - C:\WINDOWS\prefetch\159609.EXE-27EF3C42.pf 
Deleted ! - C:\WINDOWS\prefetch\180500.EXE-2EF1878F.pf 
Deleted ! - C:\WINDOWS\prefetch\182812.EXE-2AFD5148.pf 
Deleted ! - C:\WINDOWS\prefetch\195812.EXE-3253FE4E.pf 
Deleted ! - C:\WINDOWS\prefetch\196312.EXE-17041FDA.pf 
Deleted ! - C:\WINDOWS\prefetch\206109.EXE-2458539E.pf 
Deleted ! - C:\WINDOWS\prefetch\209359.EXE-298554FB.pf 
Deleted ! - C:\WINDOWS\prefetch\215484.EXE-30D11119.pf 
Deleted ! - C:\WINDOWS\prefetch\252281.EXE-0F4ED336.pf 
Deleted ! - C:\WINDOWS\prefetch\286093.EXE-02EEE27D.pf 
Deleted ! - C:\WINDOWS\prefetch\287859.EXE-1F97CF11.pf 
Deleted ! - C:\WINDOWS\prefetch\309265.EXE-0AF7D673.pf 
Deleted ! - C:\WINDOWS\prefetch\316671.EXE-1F99D35A.pf 
Deleted ! - C:\WINDOWS\prefetch\324484.EXE-0B46879B.pf 
Deleted ! - C:\WINDOWS\prefetch\335218.EXE-2F0031D0.pf 
Deleted ! - C:\WINDOWS\prefetch\342312.EXE-0EED8580.pf 
Deleted ! - C:\WINDOWS\prefetch\353359.EXE-03F53753.pf 
Deleted ! - C:\WINDOWS\prefetch\353765.EXE-3B390ABE.pf 
Deleted ! - C:\WINDOWS\prefetch\364000.EXE-2B473FEF.pf 
Deleted ! - C:\WINDOWS\prefetch\372765.EXE-2785AE51.pf 
Deleted ! - C:\WINDOWS\prefetch\378343.EXE-08C4D575.pf 
Deleted ! - C:\WINDOWS\prefetch\383906.EXE-3A041A52.pf 
Deleted ! - C:\WINDOWS\prefetch\405312.EXE-130948E9.pf 
Deleted ! - C:\WINDOWS\prefetch\450343.EXE-24FE5D8C.pf 
Deleted ! - C:\WINDOWS\prefetch\518671.EXE-15168845.pf 
Deleted ! - C:\WINDOWS\prefetch\587312.EXE-0A543075.pf 
Deleted ! - C:\WINDOWS\prefetch\58937.EXE-375AA9B9.pf 
Deleted ! - C:\WINDOWS\prefetch\621906.EXE-2C13A522.pf 
Deleted ! - C:\WINDOWS\prefetch\694703.EXE-26D06062.pf 
Deleted ! - C:\WINDOWS\prefetch\70484.EXE-213BF380.pf 
Deleted ! - C:\WINDOWS\prefetch\711078.EXE-0315AE00.pf 
Deleted ! - C:\WINDOWS\prefetch\822234.EXE-2D85ECD2.pf 
Deleted ! - C:\WINDOWS\prefetch\84515.EXE-046A7138.pf 
Deleted ! - C:\WINDOWS\prefetch\857875.EXE-2AD2252A.pf 
Deleted ! - C:\WINDOWS\prefetch\95343.EXE-07BCB028.pf 
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-050E21FC.pf 
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf 
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf 
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf 
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-1FE9A009.pf 
 
»»»» Supression files in C:\WINDOWS\system32 
 
Deleted ! - C:\WINDOWS\system32\autorun.inf  
Deleted ! - C:\WINDOWS\system32\mdelk.exe  
Deleted ! - C:\WINDOWS\system32\wintems.exe  
Deleted ! - C:\WINDOWS\system32\ban_list.txt  
 
»»»» Supression files in C:\WINDOWS\system32\drivers 
 
Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys  
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys  
 
»»»» Supression files in C:\Documents and Settings\Florian\Application Data 
 
Deleted ! - "C:\Documents and Settings\Florian\Application Data\m\flec006.exe"  
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\3D A Salute to America 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\642-564 Practice Exam Testing Engine Software 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Active Clock 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Adaeria Today! 0.36.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Admit One R2686.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\AGM View 1.0.3 Beta.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Aimersoft iPod Copy Manager 2.1.22.3.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Aiseesoft iPhone Movie Converter 3.1.22.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Amadis Apple TV Video Converter 3.7.3.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Annotea Ubimarks 0.6.3.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Any Flash Screensaver Maker 1.90.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Arendaine [ FTP  
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ASP.NET Documentation Tool 9.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Attachment Security for Microsoft Outlook 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Auction Artist 2.5.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Bahama Slim 001.000.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Basketball Scoreboard Deluxe 1.0.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\BatchSync FTP 2.1 Build 3.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Beautiful Reef - Animated Wallpaper 2.52.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\BlackBerry Database Viewer 2.2.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\British Isles - Visible Satellite Animation.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\CadStd Lite 3.7.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ChatBlocker 2.6.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ChordWizard Music Theory 3.01f.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Classic Menu for Word 2007 3.5.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ClusterSHISH 0.15.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Contante 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\CopyCode 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Cowboy with Keyboard 2.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\cryptlib 3.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\CSE HTML Validator Lite 9.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\CTL 0.9 Build 20080325.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Daniusoft DVD to iPhone Suite 2.0.2.7.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Date Doctor For Women 3.7.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\DAudioK 0.1.9 beta.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\DKMessenger 4.6.2.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\DocTray 2.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\DudeCMS 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Early Learning 5.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ESC-Rental 4.13.7.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\eTeSoft iPod Video Converter 1.00.806.19.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Finale PrintMusic 2007.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\FitLife 4.36.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\FontMaker 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Franken's-SteinA.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\FreshOutline 2.1.1.49.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\FTP Shortcut 0.3.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Gameloft Brain Challenge j2Me Nokia n92 n93 n73 e61 n71 e50 240x320 Symbian s60 v3 Os9.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\GeoLINE 1.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Glueee Business Wallpapers Set 1024x768 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Groowe Firefox Toolbar 1.6.4.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\GymMaster Lite 2.7.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\HD Photo Plug-in 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Ice Pattern 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Image Grabber 3.0.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Intacros 2.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Investment Analyzer InvAn-4 2008.04.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\JEST INLINE & SOLID 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Kaspersky.Internet.Security.v6.0.0.303.EspaÇñol.by.SashiX.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\KB Piano 2.3.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\LangPad - German Characters.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 English - Turkish 2.3.90.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Math Pal Computer Calculator 1.12.13.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\MB Free Tarot Tutor And Glossary 1.40.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\MestRe-C 4.8.6.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\MiniMinder 8.2.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Mobile Movie Studio (Sony Ericsson) 1.2.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\MoreMotion AF 4.1.0.106.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\NetSess 2.00.00.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\NTDomain 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\NumberFox 0.3.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\o3find 0.8.2.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Optimaze! 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Panda.Platinum.Internet.Security.2005.Trupevent.(Crack).Hasta.El.(30-12-2020).Funciona.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Panda.Titanium.Antivirus.2005.v4.02.WinALL.Retail-DVT+sn.for.update=.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Pascal Look 1.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\PhotoPulse 1.3.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\PHP Function Finder mini 1.5.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Pixelshop 5.2.48.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\PolyMorph3D 1.02.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\PQ DVD to Apple TV Converter 1.0 build 01.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Program starter 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\QuickGuidePAVFirewalls_es.GUIA.PANDA.FIRARE.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Rainbow 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RDSGroup Animated chat 1.0.5.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Record (and edit) anything to Mp3 2.6.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\sharedemovegoogleadsfromdu 0.2.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Rescue 911 2.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RGB to CMYK Color Space 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Ringtone Editor 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RSP Encrypt OCX 3.2.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RSS Validator Maxthon Plugin 0.5.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RTF-to-HTML DLL .Net 2.3.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ScreenNemo 1.2.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\SecuriKey 1.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ServiceMP 3.324.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Shark! Yahoo Widget 1.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\sipcli 1.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Sketcher Plugin 1.2.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Snow In The Valley Demo Screensaver 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Software.Avg.Antivirus.Pro.7.0.206.Keygen.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Solid FTP 4.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\SolvoLink Link Exchange Software 1.00.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\SQL-RD 5.6 Build 20080924.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Stay Connected 4.01.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Swiss City 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Symantec.Mobile.Security.4.0.For.Symbian.Phones.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Symantec.Norton.Antivirus.2007.in.italiano.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\System Keylogger 3.1.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Template Phrases for Microsoft Outlook 1.39.103.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\The Great Lake - Animated Wallpaper 5.07.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\The Name Dropper 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared	ssSubst 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Tuber Player 1.06.160.171.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Vista Network Icons 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\VS BMI Calculator 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\WDIR 1.54.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Weather Channel Search 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Window Tracker 1.0.zip 
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Xilisoft iPhone Video Converter 5.1.17.1114.zip 
Deleted ! - "C:\Documents and Settings\Florian\Application Data\m\shared"  
Deleted ! - "C:\Documents and Settings\Florian\Application Data\m"  
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers\srosa.sys"  
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers\srosa2.sys"  
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers\winupgro.exe"  
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers\downld"  
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers"  
 
»»»» Supression files in f:\Temp 
 
 
»»»» Supression files in C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5 
 
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[3].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[4].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[5].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_3[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_3[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_3[3].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_5[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\file[1].txt    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\mxd[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\mxd[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[3].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[4].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\file[1].txt    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\mxd[3].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\servernames[1].htm    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\b64[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\b64_1[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\mxd[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\mxd[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\7LC3MMKY\b64[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\7LC3MMKY\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64_1[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64_1[3].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64_2[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64_3[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64_1[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64_1[4].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64_1[5].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\mxd[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[3].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[4].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_2[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_3[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_3[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\file[1].txt    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64_1[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64_2[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SGZ2649M\file[1].txt    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64_3[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64_3[4].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\mxd[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\mxd[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\mxd[3].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_2[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_2[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_3[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_3[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_1[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_2[1].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_2[2].jpg    
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_3[1].jpg    
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! - HKEY_CURRENT_USER\Software\bisoft   
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4   
Deleted ! - HKEY_CURRENT_USER\Software\FirtR   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe   
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe   
Deleted ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\Local AppWizard-Generated Applications\install_crack   
Deleted ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\Local AppWizard-Generated Applications\winupgro   
Deleted ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\FFC   
Deleted ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\MuleAppData   
 
--------------- [ States / Restarting of services ] ---------------- 
 
+- Safe boot mode restored ! 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

Ndisuio - Type of startup  = 3 
 
Ip6Fw - Type of startup  = 2 
 
SharedAccess - Type of startup  = 2 
 
wuauserv - Type of startup  = 2 
 
wscsvc - Type of startup  = 2 
 
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

 
+- deleting files : 
 
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ce48e7c-82a7-11dd-beee-fbb3d328bbe8}\Shell\AutoRun\command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a205652-e50b-11db-bd22-88bde0b5dfe8}\Shell\AutoRun\command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ce6e4f5-57ba-11dc-bdb1-eebcfe6f99ea}\Shell\AutoRun\command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b57bf2-56f0-11dc-bdaf-dfbed579eae9}\Shell\AutoRun\command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b57bf3-56f0-11dc-bdaf-dfbed579eae9}\Shell\AutoRun\command  
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8595fb2-5425-11dc-bdad-da374e258feb}\Shell\AutoRun\command  
 
--------------- [ Searching Other Infections ] ----------------  
 
 
Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4  C:\WINDOWS\system32\mdelk.exe 
113ac36b77630a2f67dd6cb7844406a4  C:\WINDOWS\system32\wintems.exe 
9c15290ee0d941f08b7ac48a1eaecffb  C:\Documents and Settings\Florian\Application Data\drivers\winupgro.exe 

 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
 
 
---------------- ! End of report ! ------------------

Utilisateur anonyme · Answer

OK attend j averti 

et post le ici en message privé stp 


http://www.commentcamarche.net/communaute/profil Chiquitine29

foxymophan · Answer

je vien de le posté un 3eme fois il me dit que mon post est arrivé mais en vain..

Utilisateur anonyme · Answer

http://www.commentcamarche.net/forum/affich 10335106 infection bagle?#18

foxymophan · Answer

est-il bien arrivé??

Utilisateur anonyme · Answer

oué ,

Télécharge Navilog1 sur ton bureau : 

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

!! Déconnecte toi,désactive tes défenses( anti-virus,anti-spyware ) et ferme bien toutes tes applications le temps de la manipe !! 

Ensuite double clique sur navilog1.exe pour lancer l'installation. 
Une fois l'installation terminée, le fix s'exécutera automatiquement. 
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau). 

Laisse-toi guider. Au menu principal, choisis 1 et valide . 
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord) 

Patiente jusqu'au message : 
*** Analyse Termine le ..... *** 

Appuie sur une touche comme demandé, le bloc-note va s'ouvrir. 
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite . 

(Le rapport est en outre sauvegardé à la racine du disque "C\:fixnavi.txt" ) 

TUTO (aide) : http://www.malekal.com/Adware.Magic_Control.php#mozTocId595901

green day · Answer

Bonjour

le rapport en question, je ne vois pas d'où vient le soucis ...


----------------- FindyKill V4.711 ------------------

* User : Florian - YAMYCORP-4D6A34
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 16:04:40 the 06/01/2009
* Windows XP - Internet Explorer 7.0.5730.11


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\105156.EXE-11C89353.pf
Deleted ! - C:\WINDOWS\prefetch\107234.EXE-37667EE3.pf
Deleted ! - C:\WINDOWS\prefetch\110625.EXE-12F6A8C1.pf
Deleted ! - C:\WINDOWS\prefetch\121843.EXE-19D57224.pf
Deleted ! - C:\WINDOWS\prefetch\126015.EXE-1E86E4A0.pf
Deleted ! - C:\WINDOWS\prefetch\128656.EXE-02B69EDD.pf
Deleted ! - C:\WINDOWS\prefetch\132734.EXE-359993C3.pf
Deleted ! - C:\WINDOWS\prefetch\135812.EXE-351A83E4.pf
Deleted ! - C:\WINDOWS\prefetch\14899796.EXE-06C17A22.pf
Deleted ! - C:\WINDOWS\prefetch\14968484.EXE-273F9134.pf
Deleted ! - C:\WINDOWS\prefetch\156687.EXE-2630A3F6.pf
Deleted ! - C:\WINDOWS\prefetch\157718.EXE-001A90FC.pf
Deleted ! - C:\WINDOWS\prefetch\159609.EXE-27EF3C42.pf
Deleted ! - C:\WINDOWS\prefetch\180500.EXE-2EF1878F.pf
Deleted ! - C:\WINDOWS\prefetch\182812.EXE-2AFD5148.pf
Deleted ! - C:\WINDOWS\prefetch\195812.EXE-3253FE4E.pf
Deleted ! - C:\WINDOWS\prefetch\196312.EXE-17041FDA.pf
Deleted ! - C:\WINDOWS\prefetch\206109.EXE-2458539E.pf
Deleted ! - C:\WINDOWS\prefetch\209359.EXE-298554FB.pf
Deleted ! - C:\WINDOWS\prefetch\215484.EXE-30D11119.pf
Deleted ! - C:\WINDOWS\prefetch\252281.EXE-0F4ED336.pf
Deleted ! - C:\WINDOWS\prefetch\286093.EXE-02EEE27D.pf
Deleted ! - C:\WINDOWS\prefetch\287859.EXE-1F97CF11.pf
Deleted ! - C:\WINDOWS\prefetch\309265.EXE-0AF7D673.pf
Deleted ! - C:\WINDOWS\prefetch\316671.EXE-1F99D35A.pf
Deleted ! - C:\WINDOWS\prefetch\324484.EXE-0B46879B.pf
Deleted ! - C:\WINDOWS\prefetch\335218.EXE-2F0031D0.pf
Deleted ! - C:\WINDOWS\prefetch\342312.EXE-0EED8580.pf
Deleted ! - C:\WINDOWS\prefetch\353359.EXE-03F53753.pf
Deleted ! - C:\WINDOWS\prefetch\353765.EXE-3B390ABE.pf
Deleted ! - C:\WINDOWS\prefetch\364000.EXE-2B473FEF.pf
Deleted ! - C:\WINDOWS\prefetch\372765.EXE-2785AE51.pf
Deleted ! - C:\WINDOWS\prefetch\378343.EXE-08C4D575.pf
Deleted ! - C:\WINDOWS\prefetch\383906.EXE-3A041A52.pf
Deleted ! - C:\WINDOWS\prefetch\405312.EXE-130948E9.pf
Deleted ! - C:\WINDOWS\prefetch\450343.EXE-24FE5D8C.pf
Deleted ! - C:\WINDOWS\prefetch\518671.EXE-15168845.pf
Deleted ! - C:\WINDOWS\prefetch\587312.EXE-0A543075.pf
Deleted ! - C:\WINDOWS\prefetch\58937.EXE-375AA9B9.pf
Deleted ! - C:\WINDOWS\prefetch\621906.EXE-2C13A522.pf
Deleted ! - C:\WINDOWS\prefetch\694703.EXE-26D06062.pf
Deleted ! - C:\WINDOWS\prefetch\70484.EXE-213BF380.pf
Deleted ! - C:\WINDOWS\prefetch\711078.EXE-0315AE00.pf
Deleted ! - C:\WINDOWS\prefetch\822234.EXE-2D85ECD2.pf
Deleted ! - C:\WINDOWS\prefetch\84515.EXE-046A7138.pf
Deleted ! - C:\WINDOWS\prefetch\857875.EXE-2AD2252A.pf
Deleted ! - C:\WINDOWS\prefetch\95343.EXE-07BCB028.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-050E21FC.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-1FE9A009.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\autorun.inf
Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys

»»»» Supression files in C:\Documents and Settings\Florian\Application Data

Deleted ! - "C:\Documents and Settings\Florian\Application Data\m\flec006.exe"
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\3D A Salute to America 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\642-564 Practice Exam Testing Engine Software 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Active Clock 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Adaeria Today! 0.36.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Admit One R2686.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\AGM View 1.0.3 Beta.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Aimersoft iPod Copy Manager 2.1.22.3.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Aiseesoft iPhone Movie Converter 3.1.22.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Amadis Apple TV Video Converter 3.7.3.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Annotea Ubimarks 0.6.3.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Any Flash Screensaver Maker 1.90.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Arendaine [ FTP
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ASP.NET Documentation Tool 9.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Attachment Security for Microsoft Outlook 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Auction Artist 2.5.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Bahama Slim 001.000.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Basketball Scoreboard Deluxe 1.0.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\BatchSync FTP 2.1 Build 3.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Beautiful Reef - Animated Wallpaper 2.52.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\BlackBerry Database Viewer 2.2.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\British Isles - Visible Satellite Animation.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\CadStd Lite 3.7.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ChatBlocker 2.6.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ChordWizard Music Theory 3.01f.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Classic Menu for Word 2007 3.5.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ClusterSHISH 0.15.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Contante 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\CopyCode 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Cowboy with Keyboard 2.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\cryptlib 3.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\CSE HTML Validator Lite 9.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\CTL 0.9 Build 20080325.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Daniusoft DVD to iPhone Suite 2.0.2.7.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Date Doctor For Women 3.7.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\DAudioK 0.1.9 beta.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\DKMessenger 4.6.2.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\DocTray 2.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\DudeCMS 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Early Learning 5.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ESC-Rental 4.13.7.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\eTeSoft iPod Video Converter 1.00.806.19.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Finale PrintMusic 2007.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\FitLife 4.36.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\FontMaker 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Franken's-SteinA.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\FreshOutline 2.1.1.49.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\FTP Shortcut 0.3.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Gameloft Brain Challenge j2Me Nokia n92 n93 n73 e61 n71 e50 240x320 Symbian s60 v3 Os9.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\GeoLINE 1.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Glueee Business Wallpapers Set 1024x768 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Groowe Firefox Toolbar 1.6.4.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\GymMaster Lite 2.7.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\HD Photo Plug-in 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Ice Pattern 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Image Grabber 3.0.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Intacros 2.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Investment Analyzer InvAn-4 2008.04.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\JEST INLINE & SOLID 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Kaspersky.Internet.Security.v6.0.0.303.EspaÇñol.by.SashiX.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\KB Piano 2.3.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\LangPad - German Characters.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 English - Turkish 2.3.90.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Math Pal Computer Calculator 1.12.13.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\MB Free Tarot Tutor And Glossary 1.40.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\MestRe-C 4.8.6.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\MiniMinder 8.2.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Mobile Movie Studio (Sony Ericsson) 1.2.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\MoreMotion AF 4.1.0.106.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\NetSess 2.00.00.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\NTDomain 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\NumberFox 0.3.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\o3find 0.8.2.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Optimaze! 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Panda.Platinum.Internet.Security.2005.Trupevent.(Crack).Hasta.El.(30-12-2020).Funciona.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Panda.Titanium.Antivirus.2005.v4.02.WinALL.Retail-DVT+sn.for.update=.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Pascal Look 1.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\PhotoPulse 1.3.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\PHP Function Finder mini 1.5.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Pixelshop 5.2.48.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\PolyMorph3D 1.02.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\PQ DVD to Apple TV Converter 1.0 build 01.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Program starter 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\QuickGuidePAVFirewalls_es.GUIA.PANDA.FIRARE.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Rainbow 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RDSGroup Animated chat 1.0.5.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Record (and edit) anything to Mp3 2.6.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\sharedemovegoogleadsfromdu 0.2.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Rescue 911 2.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RGB to CMYK Color Space 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Ringtone Editor 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RSP Encrypt OCX 3.2.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RSS Validator Maxthon Plugin 0.5.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\RTF-to-HTML DLL .Net 2.3.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ScreenNemo 1.2.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\SecuriKey 1.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\ServiceMP 3.324.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Shark! Yahoo Widget 1.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\sipcli 1.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Sketcher Plugin 1.2.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Snow In The Valley Demo Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Software.Avg.Antivirus.Pro.7.0.206.Keygen.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Solid FTP 4.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\SolvoLink Link Exchange Software 1.00.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\SQL-RD 5.6 Build 20080924.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Stay Connected 4.01.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Swiss City 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Symantec.Mobile.Security.4.0.For.Symbian.Phones.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Symantec.Norton.Antivirus.2007.in.italiano.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\System Keylogger 3.1.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Template Phrases for Microsoft Outlook 1.39.103.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\The Great Lake - Animated Wallpaper 5.07.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\The Name Dropper 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared	ssSubst 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Tuber Player 1.06.160.171.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Vista Network Icons 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\VS BMI Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\WDIR 1.54.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Weather Channel Search 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Window Tracker 1.0.zip
Deleted ! - C:\Documents and Settings\Florian\Application Data\m\shared\Xilisoft iPhone Video Converter 5.1.17.1114.zip
Deleted ! - "C:\Documents and Settings\Florian\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Florian\Application Data\m"
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Florian\Application Data\drivers"

»»»» Supression files in f:\Temp


»»»» Supression files in C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\file[1].txt
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\1EPGF2GD\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\b64_2[4].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\file[1].txt
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\5QRW5393\servernames[1].htm
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\b64[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\78U0F4UP\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\7LC3MMKY\b64[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\7LC3MMKY\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\EAP0JD61\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\FHJQ0JCI\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\HM8UEL4R\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\LOS795CM\file[1].txt
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\NR8VM3PD\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SGZ2649M\file[1].txt
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\SKB3UWAC\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\U36BN05R\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Florian\Local Settings\Temporary Internet Files\Content.IE5\WP861SZ5\b64_3[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\Local AppWizard-Generated Applications\install_crack
Deleted ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-299502267-117609710-839522115-1003\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !


+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ce48e7c-82a7-11dd-beee-fbb3d328bbe8}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a205652-e50b-11db-bd22-88bde0b5dfe8}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ce6e4f5-57ba-11dc-bdb1-eebcfe6f99ea}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b57bf2-56f0-11dc-bdaf-dfbed579eae9}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0b57bf3-56f0-11dc-bdaf-dfbed579eae9}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8595fb2-5425-11dc-bdad-da374e258feb}\Shell\AutoRun\command

--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
9c15290ee0d941f08b7ac48a1eaecffb C:\Documents and Settings\Florian\Application Data\drivers\winupgro.exe


--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------

@+

Utilisateur anonyme · Answer

Merci greenday ,

moi non plus , je m attendais a un ww.mini....truc 

bref merci

Utilisateur anonyme · Answer

-;)

idem ma belle , prend soin de toi

foxymophan · Answer

Search Navipromo version 3.7.1 commencé le 06/01/2009 à 16:37:20,42

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-30 )
BIOS : Insyde Software MobilePRO BIOS Version 4.00.05
USER : Florian ( Administrator )
BOOT : Normal boot


Firewall  : ZoneAlarm Firewall 6.1.744.001 (Not Activated)

C:\ (Local Disk) - NTFS - Total:4 Go (Free:0 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:19 Go (Free:16 Go)
F:\ (Local Disk) - NTFS - Total:4 Go (Free:4 Go)
G:\ (Local Disk) - NTFS - Total:63 Go (Free:9 Go)


Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Florian\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Florian\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\Florian\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Florian\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uiimgko"="\"c:\documents and settings\florian\local settings\application data\uiimgko.exe\" uiimgko"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Florian\locals~1\applic~1" : 

uiimgko.exe trouvé !
uiimgko.dat trouvé !
uiimgko_nav.dat trouvé !
uiimgko_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 06/01/2009 à 16:39:02,79 ***

Utilisateur anonyme · Answer

!! Déconnecte toi, désactive tes défenses ( anti-virus,anti-spyware ) et ferme bien toutes tes applications le temps de la manipe !! 

--->Double-clique sur le raccourci Navilog1 

Arriver au menu principal, choisir l'option 2 et valider (nettoyage "automatique" ). 

Le fix demandera ensuite de "redémarrer le PC", fermer toutes les fenêtres ouvertes 
et appuyer sur une touche comme demandé.( important : si le PC ne redémarre pas automatiquement, le faire manuellement ) 
Au redémarrage du PC, choisir la session habituelle si nécessaire. 

Patienter jusqu'au message : "Nettoyage Terminé le ..." 

Le bureau revient, puis le bloc-note s'ouvre . 
Sauvegarder ce rapport de manière à le retrouver, puis fermer le bloc-note ... 
(Le rapport sera en outre sauvegardé à la racine du disque "C\:cleannavi.txt") 

Poste ce rapport dans ta nouvelle réponse accompagné d'un nouveau rapport hijacthis pour analyse et attends la suite ... 

(PS : Si le bureau ne réapparaît pas, faire CTRL+ALT+SUPPR pour ouvrir le gestionnaire de tâches. 
Choisir l'onglet processus. Cliquer en haut à gauche sur fichiers et choisir exécuter, 
Taper explorer et valider.)

foxymophan · Answer

Clean Navipromo version 3.7.1 commencé le 06/01/2009 à 16:47:38,98

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-30 )
BIOS : Insyde Software MobilePRO BIOS Version 4.00.05
USER : Florian ( Administrator )
BOOT : Normal boot


Firewall  : ZoneAlarm Firewall 6.1.744.001 (Not Activated)

C:\ (Local Disk) - NTFS - Total:4 Go (Free:0 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:19 Go (Free:16 Go)
F:\ (Local Disk) - NTFS - Total:4 Go (Free:4 Go)
G:\ (Local Disk) - NTFS - Total:63 Go (Free:9 Go)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Florian\locals~1\applic~1" * 



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Florian\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Florian\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\Florian\menudm~1\progra~1" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Florian\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


C:\WINDOWS\prefetch\uiimgko*.pf trouvé ! 
Copie C:\WINDOWS\prefetch\uiimgko*.pf réalisée avec succès !
C:\WINDOWS\prefetch\uiimgko*.pf supprimé !


* Dans "C:\Documents and Settings\Florian\locals~1\applic~1" * 


uiimgko.exe trouvé ! 
Copie uiimgko.exe réalisée avec succès !
uiimgko.exe supprimé !

uiimgko.dat trouvé ! 
Copie uiimgko.dat réalisée avec succès !
uiimgko.dat supprimé !

uiimgko_nav.dat trouvé ! 
Copie uiimgko_nav.dat réalisée avec succès !
uiimgko_nav.dat supprimé !

uiimgko_navps.dat trouvé ! 
Copie uiimgko_navps.dat réalisée avec succès !
uiimgko_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 06/01/2009 à 16:50:18,62 ***

foxymophan · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:11, on 06/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\DISKDUR\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32	lntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Florian\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Avg\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "E:\DISKDUR\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [NBJ] "E:\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD2F77E-E17F-455D-85D9-C6942D23A6DF}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{980A4B25-36E6-44C5-B502-C4EA49EA6A78}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6CE9529-576E-4B36-90FB-F96DE85C497A}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Avg\avgpp.dll (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - E:\DISKDUR\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Utilisateur anonyme · Answer

réinstal ton antivirus , je te conseil antivir :

->Antivir le telecharger

-> http://www.commentcamarche.net/telecharger/telecharger 55 antivir

tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59 

ensuite :

Telecharge UsbFix sur ton bureau

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

-->choisi l option 1 (nettoyage)

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt 

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : 
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

foxymophan · Answer

-------------- UsbFix V2.413.9 ---------------

* User : Florian - YAMYCORP-4D6A34
* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 17:11:00 le 06/01/2009
* Windows Xp - Internet Explorer 7.0.5730.11 
  
  
--------------- [ Processus actifs ] ----------------   
  
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
  
--------------- [ Informations lecteurs ] ----------------   
  
C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe


--------------- [ Lecteur C ] ---------------- 

C: - Lecteur fixe


+- Listing des fichiers présents :

[02/12/2006 18:25][--a------] C:\AUTOEXEC.BAT   
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM   
[06/01/2009 17:07][--a------] C:\UsbFix.exe   
[03/01/2009 22:30][---hs----] C:\boot.ini   
[06/01/2009 16:50][--a------] C:\cleannavi.txt   
[06/01/2009 16:50][--a------] C:\cleannavi.txtRappor1du2(d‚sin)navilog.txt   
[06/01/2009 16:50][--a------] C:\FindyKill.txt   
[06/01/2009 16:50][--a------] C:\FindyKill.txtrapport1,2emeessaie.txt   
[06/01/2009 16:50][--a------] C:\FindyKill.txtrapport2,2emeessaie.txt   
[06/01/2009 16:50][--a------] C:\fixnavi.txt   
[06/01/2009 16:50][--a------] C:\fixnavi.txtrapport1navilog.txt   
[06/01/2009 16:50][--a------] C:\SAFEBOOT_REPAIR.TXT   
[06/01/2009 16:50][--a------] C:\UsbFix.txt   
[02/12/2006 18:25][--a------] C:\CONFIG.SYS   
[02/12/2006 18:25][--a------] C:\IO.SYS   
[02/12/2006 18:25][--a------] C:\MSDOS.SYS   
[02/12/2006 18:25][--a------] C:\pagefile.sys   

--------------- [ Lecteur E ] ---------------- 

E: - Lecteur fixe


+- Listing des fichiers présents :

[03/01/2009 23:52][--a------] E:\antivir_workstation_winu_en_h.exe   
[03/01/2009 23:52][--a------] E:\antivir_workstation_winu_fr_h.exe   
[03/01/2009 23:52][--a------] E:\ccsetup215.exe   
[03/01/2009 23:52][--a------] E:\FindyKill.exe   
[03/01/2009 23:52][--a------] E:\Sequoia1_3XPInstall.exe   
[03/01/2009 23:52][--a------] E:\setupfrepro.exe   
[03/01/2009 23:52][--a------] E:\spybotsd160.exe   
[03/01/2009 23:52][--a------] E:\zlsSetup_65_737_000_enzonelabs.exe   
[20/09/2007 03:15][--a------] E:\README.txt   
[20/09/2007 03:15][--a------] E:\THIRDPARTYLICENSEREADME.txt   

--------------- [ Lecteur F ] ---------------- 

F: - Lecteur fixe


+- Listing des fichiers présents :


--------------- [ Lecteur G ] ---------------- 

G: - Lecteur fixe


+- Listing des fichiers présents :

[06/01/2009 04:06][--a------] G:\Nouveau Document texte.txt   
  
--------------- [ Registre / Startup ] ----------------   
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
  
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] 
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
  
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   NBJ="E:\Ahead\Nero BackItUp\NBJ.exe"
   ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
   SpybotSD TeaTimer=E:\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionun]
   SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
   MaxMenuMgr="E:\DISKDUR\FreeAgent Status\StxMenuMgr.exe"
   avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
  
--------------- [ Registre / Mountpoint2 ] ----------------   
  
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b742b6f-dcac-11dc-be1d-ca62f013ebe9}\Shell\AutoRun\command  
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b4d448a-6271-11dd-beae-b6f4f2dd0ceb}\Shell\AutoRun\command  
  
--------------- [ Nettoyage des disques ] ----------------   
   
Supprimé ! - [02/10/2007 17:24][--ahs----] F:\THUMBS.DB    
  
--------------- [ Resumé ] ----------------   
  
 -> /!\ Le resultat doit etre interprété par un spécialiste  /!\   
  
[02/12/2006 18:25][--a------] C:\AUTOEXEC.BAT   
[03/08/2004 21:38][-rahs----] C:\NTDETECT.COM   
[06/01/2009 17:07][--a------] C:\UsbFix.exe   
[03/01/2009 22:30][---hs----] C:\boot.ini   
[03/01/2009 23:52][--a------] E:\antivir_workstation_winu_en_h.exe   
[03/01/2009 23:52][--a------] E:\antivir_workstation_winu_fr_h.exe   
[03/01/2009 23:52][--a------] E:\ccsetup215.exe   
[03/01/2009 23:52][--a------] E:\FindyKill.exe   
[03/01/2009 23:52][--a------] E:\Sequoia1_3XPInstall.exe   
[03/01/2009 23:52][--a------] E:\setupfrepro.exe   
[03/01/2009 23:52][--a------] E:\spybotsd160.exe   
[03/01/2009 23:52][--a------] E:\zlsSetup_65_737_000_enzonelabs.exe   
   
--------------- [ Vaccination ] ----------------   
   
C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !  
E:\autorun.inf -> Dossier autorun.inf crée par UsbFix !  
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !  
G:\autorun.inf -> Dossier autorun.inf crée par UsbFix !  
 
--------------- ! Fin du rapport ! ----------------

Utilisateur anonyme · Answer

ok on a bien avancé 

* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pc-system.fr/ 
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

ensuite :

Télécharge HijackThis (outils de diagnostic) ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau

->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  http://static.commentcamarche.net/www.commentcamarche.net/download/fichiers/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

foxymophan · Answer

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\UsbFix.exe: trouvé !
C:\UsbFix.txt: trouvé !
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Florian\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\Florian\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Florian\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Florian\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\Florian\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\Florian\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Documents and Settings\Florian\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !


Fichiers temporaires nettoyés !
Corbeille vidée!
Restauration annulée !
---------------------------------
-->- Suppression: 
C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Florian\Bureau\Navilog1.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\UsbFix.exe: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Florian\Bureau\hijackthis.log: supprimé !
C:\Documents and Settings\Florian\Bureau\UsbFix.lnk: supprimé !
C:\Documents and Settings\Florian\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Florian\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Documents and Settings\Florian\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\FindyKill: supprimé !

foxymophan · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:50, on 06/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\DISKDUR\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32	lntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Firefox\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Avg\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "E:\DISKDUR\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [NBJ] "E:\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BD2F77E-E17F-455D-85D9-C6942D23A6DF}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{980A4B25-36E6-44C5-B502-C4EA49EA6A78}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6CE9529-576E-4B36-90FB-F96DE85C497A}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Avg\avgpp.dll (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - E:\DISKDUR\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Utilisateur anonyme · Answer

réouvre hijackthis
fais scan only
coches ces lignes :

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Avg\avgssie.dll (file missing) 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr 
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab 


tu les coches et tu clci sur fix checked 

ensuite :

Désactive et réactive ta restauration system :

(1) Désactiver la Restauration du système 

cliques sur Démarrer 
Cliques droit sur Poste de travail 
cliques sur Propriétés 
Cliques sur l'onglet Restauration du système 
Coches Désactiver la Restauration du système sur tous les lecteurs 
Cliques sur Appliquer, Lorsque le message de confirmation apparaît, 
cliques sur Oui. 
Cliques sur OK. 


(2) Activer la Restauration du système 


cliques sur Démarrer 
Cliques droit sur Poste de travail 
cliques sur Propriétés 
Cliques sur l'onglet Restauration du système 
Décoches Désactiver la Restauration du système sur tous les lecteurs 
Cliques sur Appliquer, Lorsque le message de confirmation apparaît, 
cliques sur Oui. 
Cliques sur OK. 


Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924


ensuite :

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pc-system.fr/ 
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

et dis si t as encore des soucis 

je précise que je suis en Guadeloupe >> justement je sais pas ou aller cet été hihi ..

foxymophan · Answer

pour la guadeloupe j'y suis jusqu'à fin mai minimun et serai ravi de t'accueuillir si tu passe par là

foxymophan · Answer

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]1

-->- Recherche: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Florian\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Florian\Bureau\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Florian\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Florian\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Fichiers temporaires nettoyés !
Corbeille vidée!
Sauvegarde du registre crée !

Utilisateur anonyme · Answer

seulement si il y a des jolies filles lol

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).  ??

Utilisateur anonyme · Answer

re ok 

si tu n as pas d autres soucis change le statut du sujet en resolu stp

http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu

foxymophan · Answer

j'y suis avec ma chérie mais je peut te dire que les plus belle femme du monde sont ici. ta jamais vu ça.

Utilisateur anonyme · Answer

mdr 

j en connais quelques unes .... 

mais c est des immigrées de guadeloupe hihi 

prend soin de toi , pour cette nouvelle année et de ta petite femme et voir de ton pc ... 

besos

foxymophan · Answer

ça ma l'air impec. Un grand merci à toi et ton équipe vous etes bon et je vous en remercie. je passe en statut résolu.
(envoi un message si la guadeloupe te branche)

foxymophan · Answer

meilleurs voeux a toi aussi, bon courage pour tout

Utilisateur anonyme · Answer

(envoi un message si la guadeloupe te branche)

pas de soucis mais avant mai je crains que c cuit 

@++ et : STOP CRACK !! 

++

foxymophan · Answer

voici le rapport antivir

Avira AntiVir Personal
Date de création du fichier de rapport : mardi 6 janvier 2009 17:55

La recherche porte sur 1150939 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme : Windows XP
Version de Windows :(Service Pack 2) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur :YAMYCORP-4D6A34

Informations de version :
BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 16:05:37
ANTIVIR2.VDF : 7.1.1.60 318976 Bytes 02/01/2009 16:05:39
ANTIVIR3.VDF : 7.1.1.73 125952 Bytes 05/01/2009 16:05:40
Version du moteur: 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 06/01/2009 16:05:50
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 06/01/2009 16:05:49
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 06/01/2009 16:05:48
AEHELP.DLL : 8.1.2.0 119159 Bytes 06/01/2009 16:05:44
AEGEN.DLL : 8.1.1.8 323956 Bytes 06/01/2009 16:05:43
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 06/01/2009 16:05:41
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, E:, F:, G:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : mardi 6 janvier 2009 17:55

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'tlntsvr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'FreeAgentService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'28' processus ont été contrôlés avec '28' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'E:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'F:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'G:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '45' fichiers).

La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <Systeme>
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZangoShoppingReport7.zip
[RESULTAT] Contient le code suspect GEN/PwdZIP
[REMARQUE] Le résultat positif a été classé comme suspect.
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49d19062.qua' !
Recherche débutant dans 'E:\' <Logiciels>
E:\Ahead\Nero BackItUp\NBJ.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Bagle.LI.2
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49ad93a6.qua' !
E:\System Volume Information\_restore{0D3651B0-6BEA-425A-B93C-2789FC36566E}\RP1\A0000017.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Bagle.LI.2
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '49939453.qua' !
Recherche débutant dans 'F:\' <Temporaire>
Recherche débutant dans 'G:\' <Reste>
G:\Mes documents\Temp\041.part
[0] Type d'archive: ACE
--> Goran Bregovic - Le temps des gitans\02. Scena pojavljivanja majke.mp3
[AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée.

Fin de la recherche : mardi 6 janvier 2009 18:40
Temps nécessaire: 45:34 Minute(s)

La recherche a été effectuée intégralement

5232 Les répertoires ont été contrôlés
261117 Des fichiers ont été contrôlés
2 Des virus ou programmes indésirables ont été trouvés
1 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
3 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
1 Impossible de contrôler des fichiers
261113 Fichiers non infectés
1468 Les archives ont été contrôlées
2 Avertissements
3 Consignes

Utilisateur anonyme · Answer

que d émotions ...

Antivir a finit le menage , c est son role 

encore des soucis ?

foxymophan · Answer

et oui la misère se bagle il me trouve 3 fichier infectés Bagle ils sont en quarantaine, je n'ose pas les supprimés?

Utilisateur anonyme · Answer

lol 

OSE sans soucis !!

foxymophan · Answer

dite, Findykill's, safe boots,fxbgleMo je peut les virer ou pas?

Utilisateur anonyme · Answer

oui tous

foxymophan · Answer

ok et bien ça me parait bon cette fois ci. mille merci pour ton aide Chiquitine. A chi.ki.chi.ki.chi.HaïHaïHaï. 
Bye.

Utilisateur anonyme · Answer

mdr

bye

Infection Bagle

50 réponses

Votre réponse

Discussions similaires

Newsletters