Sujet Précédent Sujet Suivant

Aide pour irradiquer bagle avec findykill

Résolu
mattdusud -  
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,
je sais c'est stupide mais je suis infecté par un bagle (a cause d(un crack.. je le recononnais) et j'ai besoin de quelqu'un qui puisse lire mon rapport findykill pour être enfin débarrassé de cette saleté!!
merci d'avance pour ceux qui peuvent m'aider..

voici le rapport:

----------------- FindyKill V4.711 ------------------

* User : matt' - UNICORNI-B997B1
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:47:46 le 06/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

Found ! [06/01/2009 18:26] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-12B8AFCC.pf
Found ! - C:\WINDOWS\Prefetch\NBKEYSCAN.EXE-2E1DB169.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [05/01/2009 20:13] - C:\WINDOWS\system32\mdelk.exe
Found ! [05/01/2009 20:13] - C:\WINDOWS\system32\wintems.exe
Found ! [06/01/2009 18:27] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data

Found ! [05/01/2009 19:58] - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\flec006.exe"
Found ! [06/01/2009 18:27] - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\list.oct"
Found ! [06/01/2009 18:27] - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\data.oct"
Found ! [06/01/2009 18:27] - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\srvlist.oct"
Found ! [06/01/2009 18:31] - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared"
Found ! [06/01/2009 18:27] - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m"
Found ! [05/01/2009 21:17] - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers"
Found ! [05/01/2009 21:04] - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers\srosa.sys"
Found ! [05/01/2009 21:04] - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\MATT'~1.UNI\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5

Found ! [06/01/2009 18:27] - C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5\8LABCD2R\file[1].txt
Found ! [06/01/2009 18:27] - C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5\8LABCD2R\mxd[1].jpg
Found ! [06/01/2009 18:27] - C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5\WNEN23QX\servernames[1].htm

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
RocketDock="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
LogitechSoftwareUpdate="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NVIDIA nForce APU1 Utilities=NVATray.exe
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
NeroFilterCheck=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
WinampAgent="C:\Program Files\Winamp\winampa.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\GetPartition]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\ManifestEngine]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

20 réponses

Réponse 1 / 20
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Salut,
Commence par supprimer tes cracks afin que je ne te retrouve pas ici dans 2 semaines pour une nouvelle infection !

Nettoyage :

--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l’option 2 (Suppression)

/!\ Il y aura deux redémarrages, laisse travailler l’outil jusqu’à l’apparition du message "nettoyage effectué" /!\

/!\ Ne te sert pas du pc durant la suppression, ton bureau ne sera pas accessible, c’est normal ! /!\

Ensuite poste le rapport FindyKill.txt

Notes :
* Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\ FindyKill.txt)
* Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide
2
Réponse 2 / 20
mattdusud
 
----------------- FindyKill V4.711 ------------------

* User : matt' - UNICORNI-B997B1
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 19:03:31 the 06/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-12B8AFCC.pf
Deleted ! - C:\WINDOWS\prefetch\NBKEYSCAN.EXE-2E1DB169.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data

Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\A Strange Message 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Abaca classic 1.2.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Active Directory Sizer 2.0.1005.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Acubix PicoBackup 2.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\adenin IntelliEnterprise 7.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Advanced Mysql Query 2.11.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Aesop GIF Creator 2.0c.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Almanac 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Amazing NetGrapher 1.10.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\AntiSpam Personal 1.0.4.12.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Article Marketing Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Article of the Day 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Ashkon Translation Pad 1.95.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Avg.Antivirus.Multi.Keygen.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\BackupAssist 5.0.6.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\BitDefender 9.0.1 Professional Plus Espa%C3%B1ol + Keygen.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Bome's Midi Translator Player 1.6.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Candy Stripe Font 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ccHorizont 1.0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Ccy Wallpaper Changer 2.1.4.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Chico WebTool 2.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ciona Buenisimo Updated-Fixed 06-2008.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ClickOK 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Close Matching Tabs 1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Cool Cars Exotic 1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Crack Route 66 Mobile 7 s60 v2-3 Keygen(1).zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\DeStencil Font 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Doc2html pro+ 1.6.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\DocuJot 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\DVD DataBase 0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\EAN13 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Easy Diary 1.10.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Excel Stock Quotes Software 7.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Expired Domain Sleuth 5.7.5r2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ezConverter Mixer 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Fast CAD DWG Viewer 8.10.09.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Find Protected 3.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Flasher 0.95.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Framy Pink Snowman 3.0.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\FreeMPC 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Gameloft.Might.And.Magic.II.v1.1.1.Nokia.N73.Retail-Toby.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\GNUnet 0.7.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\GSGlossary 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Happy Halloween 5.07.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\HiDens Mail Client 0.9 Build 009000.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\HyperCoder Pro 1.1.1752.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Ideal Statements 1.40.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\InstallAware Express for Windows Installer 8.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\JChix 1.4.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\JellyFish Pro Editor 1.72.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Joboshare PSP Video Converter 2.2.6.1107.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\JPEG IFilter 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\JPodCast Player 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Kerio VPN Client 6.5.2 Build 5172.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\KingConvert For T-Mobile G1 4.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Kith and Kin Pro 2.14.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\KM Rover Logger 3.51.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Load2Mobile 1.9.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Mandelbrot Set 1.2.40.14.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\MaxMortgage 1.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Mcafee.Viruscan.8.0.Profesional.Full.(Firewall.Spam.Killer.Privacy).zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\MCX India - SPOT and Future Commodity Indexes 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Monte Carlo Doualiya 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Movkit iPod Video Converter 4.0.5 Build 20080522.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Mozilla Sunbird 0.9.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Multimedia Icons for Vista 2008.3.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Multivoice Chorus 1201.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\M²Convert Professional 1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Neat Suite 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Neomesh Image Converter 3.0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\NetBalancer 0.6.1. Beta.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\NetPromoter Pack 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Nexus Radio 2.2.5.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\nMacro Recorder 1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\NOD32 AntiVirus v2.000.6 Incl crack-CORE-Pleasuredome101.com.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Noname Client 0.1.7.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\OpenPhotoPod 0.0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Ovulator 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Panda_Titanium_2006_v.5_Antivirus.+.Antispyware_Espa-ol_Crackeado_Garantizado_Por_Luismi.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PaperNotes 1.0.8.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Patterns Collection 3 1.0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Personal Progress File Personal Edition 1.4.01.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Personal Stock Monitor GOLD 8.2.3 Build 305.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Photo Merge and Rename 2.4.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PicoWeather 0.1.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Picture Ripper 4.0.1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PixSmart Digital Imager 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Plane Ride 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Polar MultiClipboard 3.0.1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Portabe Classic Hamster 2.1.0.11.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Portable Pidgin (formerly Gaim) 2.5.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Portable TagScanner 5.0 Build 525.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PR Prowler 3.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Presto Transfer IE and Windows Mail 3.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Print Favorites for Word 1.5.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Print Polish Marker 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PuppetMuppet Official Clock [Spring version] 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PyCat 0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\QClip 0.9.3.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Quantum GIS 0.8.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Quite Imposing 2.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\RegiCon.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Remover for I-Worm.Sobig 1.3.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\RF Toolbox 3.5.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ria Continental AM590 radio player 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\RSI Warrior 4.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\SearchChips 2.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\SoftPlus AutoRun Creator 1.4.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Song of the Week (SotW) 1.3.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Split Shift Schedulers 6.43.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\SSH Explorer 1.81.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Stellar Phoenix Recovery Suite 2.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Sun Times 7.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\SVCD2DVD 2.5.5000.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Table Tool 1.06.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\The JetChart Library 3.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\TPlayer 1R10.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\TrackLink 1.1 build 91.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\TrafficSmartz 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\UPServe 1.0a.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Video Fixer 3.23.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Visual Build Professional 6.7.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\WallpaperSpinner 2.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Watcher1 2.00.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Windows Processes 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Work Time Tracker 5.1.zip
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\MATT'~1.UNI\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5\8LABCD2R\file[1].txt
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5\8LABCD2R\mxd[1].jpg
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5\WNEN23QX\servernames[1].htm

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

6f74b3f37d4aa664e7d88d8e557218fa C:\WINDOWS\system32\mdelk.exe
6f74b3f37d4aa664e7d88d8e557218fa C:\WINDOWS\system32\wintems.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\Azureus\torrents\GuitarPro v5.2 Incl. Keygen - Te4mFricti0n [mininova].torrent
C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\Azureus\torrents\NERO[1].8.X.X.X FRESH KEYGEN [mininova].torrent
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\MAGIX_MusicMaker14PE_Download_version\Soundloops\HipHop Vol. 9\Fx\Crackle.OGG
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crack Ov Dawn
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crackers, The
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Cracknell, Debbie
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crack Ov Dawn\Crack Ov Dawn - Miss Suicide.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crack Ov Dawn\Crack Ov Dawn - Rise And Fall.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crackers, The\Crackers, The - He Gone.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Cracknell, Debbie\Cracknell, Debbie - Guitar Talk.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\f\Faith No More\Faith No More - Crack Hitler.gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\f\Focus\Focus - Crackers.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\j\John Death\John Death - Cracked Up.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack\Leftover Crack - Gang Control.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack\Leftover Crack - Nazi White Trash.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack\Leftover Crack - Operation Mouve.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Limp Bizkit\Limp Bizkit - Crack Addict (2).gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Limp Bizkit\Limp Bizkit - Crack Addict (3).gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Limp Bizkit\Limp Bizkit - Crack Addict.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\m\Malmsteen, Yngwie\Malmsteen, Yngwie - Cracking The Whip.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\n\Nada Surf\Nada Surf - Firecracker.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\p\Pixies\Pixies - Crackity Jones.gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\s\Soliz, David\Soliz, David - Crack Kills.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\s\Stone Temple Pilots\Stone Temple Pilots - Crackerman (2).gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\s\Stone Temple Pilots\Stone Temple Pilots - Crackerman.gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\t\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\t\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3
C:\Documents and Settings\All Users.WINDOWS\Application Data\MAGIX\MusicMaker14PE_Download_version\Synth\Data\DrumnBass\Crackle.wav

---------------- ! End of report ! ------------------
1
Réponse 3 / 20
mattdusud
 
voici le rapport:
(merci beaucoup pour la rapidité de la réponse précendente! incroyable!)
----------------- FindyKill V4.711 ------------------

* User : matt' - UNICORNI-B997B1
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 19:03:31 the 06/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\spoolsv.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-12B8AFCC.pf
Deleted ! - C:\WINDOWS\prefetch\NBKEYSCAN.EXE-2E1DB169.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data

Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\A Strange Message 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Abaca classic 1.2.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Active Directory Sizer 2.0.1005.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Acubix PicoBackup 2.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\adenin IntelliEnterprise 7.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Advanced Mysql Query 2.11.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Aesop GIF Creator 2.0c.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Almanac 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Amazing NetGrapher 1.10.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\AntiSpam Personal 1.0.4.12.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Article Marketing Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Article of the Day 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Ashkon Translation Pad 1.95.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Avg.Antivirus.Multi.Keygen.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\BackupAssist 5.0.6.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\BitDefender 9.0.1 Professional Plus Espa%C3%B1ol + Keygen.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Bome's Midi Translator Player 1.6.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Candy Stripe Font 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ccHorizont 1.0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Ccy Wallpaper Changer 2.1.4.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Chico WebTool 2.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ciona Buenisimo Updated-Fixed 06-2008.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ClickOK 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Close Matching Tabs 1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Cool Cars Exotic 1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Crack Route 66 Mobile 7 s60 v2-3 Keygen(1).zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\DeStencil Font 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Doc2html pro+ 1.6.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\DocuJot 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\DVD DataBase 0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\EAN13 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Easy Diary 1.10.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Excel Stock Quotes Software 7.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Expired Domain Sleuth 5.7.5r2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ezConverter Mixer 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Fast CAD DWG Viewer 8.10.09.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Find Protected 3.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Flasher 0.95.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Framy Pink Snowman 3.0.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\FreeMPC 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Gameloft.Might.And.Magic.II.v1.1.1.Nokia.N73.Retail-Toby.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\GNUnet 0.7.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\GSGlossary 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Happy Halloween 5.07.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\HiDens Mail Client 0.9 Build 009000.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\HyperCoder Pro 1.1.1752.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Ideal Statements 1.40.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\InstallAware Express for Windows Installer 8.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\JChix 1.4.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\JellyFish Pro Editor 1.72.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Joboshare PSP Video Converter 2.2.6.1107.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\JPEG IFilter 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\JPodCast Player 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Kerio VPN Client 6.5.2 Build 5172.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\KingConvert For T-Mobile G1 4.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Kith and Kin Pro 2.14.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\KM Rover Logger 3.51.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Load2Mobile 1.9.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Mandelbrot Set 1.2.40.14.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\MaxMortgage 1.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Mcafee.Viruscan.8.0.Profesional.Full.(Firewall.Spam.Killer.Privacy).zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\MCX India - SPOT and Future Commodity Indexes 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Monte Carlo Doualiya 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Movkit iPod Video Converter 4.0.5 Build 20080522.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Mozilla Sunbird 0.9.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Multimedia Icons for Vista 2008.3.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Multivoice Chorus 1201.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\M²Convert Professional 1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Neat Suite 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Neomesh Image Converter 3.0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\NetBalancer 0.6.1. Beta.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\NetPromoter Pack 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Nexus Radio 2.2.5.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\nMacro Recorder 1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\NOD32 AntiVirus v2.000.6 Incl crack-CORE-Pleasuredome101.com.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Noname Client 0.1.7.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\OpenPhotoPod 0.0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Ovulator 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Panda_Titanium_2006_v.5_Antivirus.+.Antispyware_Espa-ol_Crackeado_Garantizado_Por_Luismi.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PaperNotes 1.0.8.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Patterns Collection 3 1.0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Personal Progress File Personal Edition 1.4.01.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Personal Stock Monitor GOLD 8.2.3 Build 305.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Photo Merge and Rename 2.4.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PicoWeather 0.1.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Picture Ripper 4.0.1.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PixSmart Digital Imager 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Plane Ride 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Polar MultiClipboard 3.0.1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Portabe Classic Hamster 2.1.0.11.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Portable Pidgin (formerly Gaim) 2.5.2.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Portable TagScanner 5.0 Build 525.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PR Prowler 3.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Presto Transfer IE and Windows Mail 3.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Print Favorites for Word 1.5.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Print Polish Marker 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PuppetMuppet Official Clock [Spring version] 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\PyCat 0.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\QClip 0.9.3.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Quantum GIS 0.8.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Quite Imposing 2.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\RegiCon.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Remover for I-Worm.Sobig 1.3.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\RF Toolbox 3.5.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\ria Continental AM590 radio player 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\RSI Warrior 4.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\SearchChips 2.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\SoftPlus AutoRun Creator 1.4.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Song of the Week (SotW) 1.3.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Split Shift Schedulers 6.43.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\SSH Explorer 1.81.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Stellar Phoenix Recovery Suite 2.1.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Sun Times 7.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\SVCD2DVD 2.5.5000.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Table Tool 1.06.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\The JetChart Library 3.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\TPlayer 1R10.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\TrackLink 1.1 build 91.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\TrafficSmartz 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\UPServe 1.0a.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Video Fixer 3.23.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Visual Build Professional 6.7.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\WallpaperSpinner 2.0.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Watcher1 2.00.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Windows Processes 1.0.zip
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared\Work Time Tracker 5.1.zip
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\MATT'~1.UNI\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5\8LABCD2R\file[1].txt
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5\8LABCD2R\mxd[1].jpg
Deleted ! - C:\Documents and Settings\matt'.UNICORNI-B997B1\Local Settings\Temporary Internet Files\Content.IE5\WNEN23QX\servernames[1].htm

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-682003330-746137067-1343024091-1003\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

6f74b3f37d4aa664e7d88d8e557218fa C:\WINDOWS\system32\mdelk.exe
6f74b3f37d4aa664e7d88d8e557218fa C:\WINDOWS\system32\wintems.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\Azureus\torrents\GuitarPro v5.2 Incl. Keygen - Te4mFricti0n [mininova].torrent
C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\Azureus\torrents\NERO[1].8.X.X.X FRESH KEYGEN [mininova].torrent
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\MAGIX_MusicMaker14PE_Download_version\Soundloops\HipHop Vol. 9\Fx\Crackle.OGG
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crack Ov Dawn
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crackers, The
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Cracknell, Debbie
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crack Ov Dawn\Crack Ov Dawn - Miss Suicide.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crack Ov Dawn\Crack Ov Dawn - Rise And Fall.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crackers, The\Crackers, The - He Gone.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Cracknell, Debbie\Cracknell, Debbie - Guitar Talk.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\f\Faith No More\Faith No More - Crack Hitler.gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\f\Focus\Focus - Crackers.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\j\John Death\John Death - Cracked Up.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack\Leftover Crack - Gang Control.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack\Leftover Crack - Nazi White Trash.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack\Leftover Crack - Operation Mouve.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Limp Bizkit\Limp Bizkit - Crack Addict (2).gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Limp Bizkit\Limp Bizkit - Crack Addict (3).gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Limp Bizkit\Limp Bizkit - Crack Addict.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\m\Malmsteen, Yngwie\Malmsteen, Yngwie - Cracking The Whip.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\n\Nada Surf\Nada Surf - Firecracker.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\p\Pixies\Pixies - Crackity Jones.gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\s\Soliz, David\Soliz, David - Crack Kills.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\s\Stone Temple Pilots\Stone Temple Pilots - Crackerman (2).gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\s\Stone Temple Pilots\Stone Temple Pilots - Crackerman.gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\t\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\t\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3
C:\Documents and Settings\All Users.WINDOWS\Application Data\MAGIX\MusicMaker14PE_Download_version\Synth\Data\DrumnBass\Crackle.wav

---------------- ! End of report ! ------------------
0
Réponse 4 / 20
mattdusud Messages postés 277 Statut Membre 27
 
alors?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Tu n'as pas supprimé tes cracks comme demandé ...!
Voilà la liste à supprimer :

C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\Azureus\torrents\GuitarPro v5.2 Incl. Keygen - Te4mFricti0n [mininova].torrent
C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\Azureus\torrents\NERO[1].8.X.X.X FRESH KEYGEN [mininova].torrent
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\MAGIX_MusicMaker14PE_Download_version\Soundloops\HipHop Vol. 9\Fx\Crackle.OGG
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crack Ov Dawn
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crackers, The
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Cracknell, Debbie
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crack Ov Dawn\Crack Ov Dawn - Miss Suicide.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crack Ov Dawn\Crack Ov Dawn - Rise And Fall.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Crackers, The\Crackers, The - He Gone.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\c\Cracknell, Debbie\Cracknell, Debbie - Guitar Talk.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\f\Faith No More\Faith No More - Crack Hitler.gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\f\Focus\Focus - Crackers.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\j\John Death\John Death - Cracked Up.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack\Leftover Crack - Gang Control.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack\Leftover Crack - Nazi White Trash.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Leftover Crack\Leftover Crack - Operation Mouve.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Limp Bizkit\Limp Bizkit - Crack Addict (2).gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Limp Bizkit\Limp Bizkit - Crack Addict (3).gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\l\Limp Bizkit\Limp Bizkit - Crack Addict.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\m\Malmsteen, Yngwie\Malmsteen, Yngwie - Cracking The Whip.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\n\Nada Surf\Nada Surf - Firecracker.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\p\Pixies\Pixies - Crackity Jones.gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\s\Soliz, David\Soliz, David - Crack Kills.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\s\Stone Temple Pilots\Stone Temple Pilots - Crackerman (2).gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\s\Stone Temple Pilots\Stone Temple Pilots - Crackerman.gp3
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\t\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Nutcracker Suite_ Miniature Overture.gp4
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\tabs\t\Tchaikovsky, Pioter Ilych\Tchaikovsky, Pioter Ilych - Waltz Of The Flowers From The Nutcracker Ballet, Op. 71.gp3
C:\Documents and Settings\All Users.WINDOWS\Application Data\MAGIX\MusicMaker14PE_Download_version\Synth\Data\DrumnBass\Crackle.wav

*****************

- Télécharge HijackThis Version 2.02 :
= = = = >>> En cliquant ici <<< = = = =

- Enregistre HJTInstall.exe sur ton bureau.
- Fais un double-clic (gauche) sur HJTInstall.exe afin de lancer l’installation
- Clique sur Install ensuite sur « I Accept »
- Clique sur « Do a scan system and save log file »
- Le bloc-notes s’ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
0
Réponse 6 / 20
mattdusud Messages postés 277 Statut Membre 27
 
ok merci beaucoup
en fait si je comprend bien, tout les fichiers comportants crack doivent disparaitre?
parce-que j'avas des tablatures de guitar pro avec crack ainsi que des sons pour mon logiciel de son...

bon c'est pas une grande perte, mieux vaut prévenir que guérir et voici le rapport de HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:36, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\m\flec006.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D072EC8-D38C-489C-96D0-41C3EDF1D0EE}: NameServer = 192.168.30.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 7 / 20
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Si tu trouve AVG dans la liste ajout/suppression de programmes, supprime le.

**********

Pas besoin de formater tout roule omme sur des roulettes ! le seul inconvénient c'est qu'il t'empêche d'ouvrir certains programmes, que tu as du réinstallés.
De plus, il touche la restauratiion système donc on la purgera en fin de désinfection.

***************

1) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

2) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

3) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

4) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

5) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

6) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

7) MBAM analyse ton ordinateur. L'analyse peut prendre un certain teps. Il suffit de vérifier de temps en temps son avancement.

8) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

9) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

10) MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

11) Ferme MBAM en cliquant sur Quitter.
0
Réponse 8 / 20
mattdusud Messages postés 277 Statut Membre 27
 
ok merci beaucoup... je suis rassuré à l'idée de na pas formater!! ^^

voici le rapport de MBAM

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1633
Windows 5.1.2600 Service Pack 2

09/01/2009 10:28:45
mbam-log-2009-01-09 (10-28-45).txt

Type de recherche: Examen rapide
Eléments examinés: 61985
Temps écoulé: 6 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 9 / 20
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Tu as fait un examen rapide.
Fais maintenant un examen complet stp.
Poste le rapport.
As tu désinstallé AVG ?
0
Réponse 10 / 20
mattdusud Messages postés 277 Statut Membre 27
 
je n'avait pas avg. donc il n'était pas dans la liste du panneau de configuration, et pas non plus dans C:/program files.

rapport d'analyse complète dans le prochain rapport.
(euh.. le pc marche nikel!! j'ai du son et un antivirus qui marche.(antivir personal édition))
0
Réponse 11 / 20
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
bon antivirus !
C:\Program Files\AVG n'existe pas ?
0
Réponse 12 / 20
mattdusud Messages postés 277 Statut Membre 27
 
non.
0
Réponse 13 / 20
mattdusud Messages postés 277 Statut Membre 27
 
voici le rapport.

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1633
Windows 5.1.2600 Service Pack 2

09/01/2009 23:49:01
mbam-log-2009-01-09 (23-49-01).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 199740
Temps écoulé: 3 hour(s), 6 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{D25E3D8F-0EE2-426E-AF13-99F2C4931948}\RP50\A0028343.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D25E3D8F-0EE2-426E-AF13-99F2C4931948}\RP51\A0028469.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D25E3D8F-0EE2-426E-AF13-99F2C4931948}\RP52\A0028720.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D25E3D8F-0EE2-426E-AF13-99F2C4931948}\RP53\A0029723.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D25E3D8F-0EE2-426E-AF13-99F2C4931948}\RP53\A0029733.sys (Worm.Bagel) -> Quarantined and deleted successfully.
0
Réponse 14 / 20
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
ok, poste un nouveau rapport hijackthis stp.
0
Réponse 15 / 20
mattdusud Messages postés 277 Statut Membre 27
 
voili voilou

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:51, on 10/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u11-windows-i586-jc.cab&AuthParam=1580990370_ae51af1f2e3e7c78a0fbe2e88da6073d&ext=.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D072EC8-D38C-489C-96D0-41C3EDF1D0EE}: NameServer = 192.168.30.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Réponse 16 / 20
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Relance Hijackthis.
Clic sur "Do a system scan only".
Coche ces lignes :
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\matt'.UNICORNI-B997B1\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
Clic ensuite sur fix checked.

***********************

Mets à jour Internet Explorer en téléchargeant la version 7 (même si tu ne l’utilise pas, sinon c’est une faille de sécurité …)
= = = =>>> En cliquant ici <<<= = = =

***********************

OK, tout est bon :

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

Télécharge toolscleaner sur ton Bureau
= = = =>>> En cliquant ici <<<= = = =
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse.
0
Réponse 17 / 20
mattdusud Messages postés 277 Statut Membre 27
 
impossible d'installer ie7.
bon c'est pas bien grave du moment que bagle n'est plus là.
merci mille fois de votre aide.

voici le rapport de toolscleaner:

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\FindyKill.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\matt'.UNICORNI-B997B1\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\logiciels et jeux\HijackThis.lnk: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\matt'.UNICORNI-B997B1\Mes documents\logiciels et jeux\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\FindyKill.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\matt'.UNICORNI-B997B1\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 18 / 20
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Ok, tu réessaieras quand même car c'est une faille de sécurité de ne pas le mettre à jour ...!

***********

/!\ TRES IMPORTANT /!\
Désactive et réactive ta restauration système.
Démarrer, clic droit</gras> sur Poste de travail, Propriétés, onglet Restauration du système, Désactiver la restauration du système, puis Appliquer et ok, ok.
(N'oublie pas la manipulation inverse pour la réactiver).

**********

As-tu d'autres questions ?
0
Réponse 19 / 20
mattdusud Messages postés 277 Statut Membre 27
 
Non c'est bon plus de question. Merci beaucoup de ton aide et surtout de ta rapidité!!
Tout foncionne à merveille!!
Encore mille merci et heuresement qu'il y à des gars comme toi pour aider les autres!

Bonne continuation.
0
Réponse 20 / 20
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
A ton service.
Bonne continuation également et soit vigilant !
Crapoulou.
0