4 virus trouvés Au secour

Résolu
alvince Messages postés 51 Statut Membre -  
alvince Messages postés 51 Statut Membre -
Bonjour,

Plus possible
- d'ouvrir C:\
- de voir fichiers cachés
- de lancer avast et spybot (win32 non valide)
- UC tourne en continue

j'ai lancé KASPERSKY ON-LINE SCANNER REPORT

4 virus trouvés
Trojan.Win32.Monderb.ackd
Backdoor.Win32.IRCBot.th
Trojan.Win32.Monder.ajla
Trojan-Downloader.Win32.Bagle.akq

c'est grave docteur

Au secours

Merci
Configuration: Windows XP
Internet Explorer 7.0

44 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Des infections multiples ont été détectées sur un PC Windows XP après un passage avec Kaspersky Online Scanner, révélant des trojans et backdoors tels que Trojan.Win32.Monderb.ackd et Backdoor.Win32.IRCBot.th. Plusieurs outils et pistes ont été évoqués, notamment FindyKill et HijackThis, afin d'identifier processus suspects, fichiers infectés et entrées de registre compromises, ainsi que des services critiques potentiellement touchés. Des conseils ont été donnés pour déconnecter les sources de données externes, lancer FindyKill en mode suppression et attendre le message indiquant le nettoyage, puis publier le rapport FindyKill.txt. Le dernier rapport FindyKill montre la suppression des fichiers infectés et du contenu dans C:, Windows et le dossier Prefetch, marquant une progression et nécessitant un nouveau contrôle.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. alvince Messages postés 51 Statut Membre 1
     
    nouveau rapport

    Thu Jan 08 13:26:04 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Thu Jan 08 13:26:35 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Nº Total de Directorios: 8506
    Nº Total de Ficheros: 68580
    Nº de Ficheros Analizados: 14628
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Thu Jan 08 13:35:10 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Thu Jan 08 13:35:16 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Nº Total de Directorios: 8505
    Nº Total de Ficheros: 68580
    Nº de Ficheros Analizados: 14628
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Thu Jan 08 13:41:14 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "D:\"

    Nº Total de Directorios: 2506
    Nº Total de Ficheros: 72118
    Nº de Ficheros Analizados: 531
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Thu Jan 08 13:42:25 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "N:\"

    Nº Total de Directorios: 1048
    Nº Total de Ficheros: 26170
    Nº de Ficheros Analizados: 3
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Thu Jan 08 13:42:59 2009
    EliBagle v12.07 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 30 de Diciembre del 2008)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Nº Total de Directorios: 8505
    Nº Total de Ficheros: 68580
    Nº de Ficheros Analizados: 14628
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0
    1
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Bonjour,

    Ton PC est infecté par Bagle, ce qui explique le disfonctionnement des logiciels de protection.

    Fais ceci stp :

    ▶ Telecharge FindyKill sur ton bureau :

    ▶ Lance l installation avec les parametres par default

    ▶ Double clic sur le raccourci FindyKill sur ton bureau

    ▶ Au menu principal,choisi l option 1 (Recherche)

    ▶ Post le rapport FindyKill.txt

    * Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    0
    1. alvince Messages postés 51 Statut Membre 1
       
      merci

      Ci joint rapport demandé



      ----------------- FindyKill V4.711 ------------------

      * User : AlexVince
      * Emplacement : C:\Program Files\FindyKill
      * Outils Mis a jours le 05/01/09 par Chiquitine29
      * Recherche effectuée à 12:14:41 le 08/01/2009
      * Windows XP - Internet Explorer 7.0.5730.13

      ((((((((((((((((( *** Recherche *** ))))))))))))))))))


      --------------- [ Processus actifs ] ----------------


      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\OrangeHSS\Launcher\Launcher.exe
      C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\winupgro.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\FinePixViewer\QuickDCF.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\OrangeHSS\systray\systrayapp.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
      C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
      C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
      C:\PROGRA~1\UpsPilot\Winpower.exe
      C:\Program Files\UpsPilot\jre\bin\javaw.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\1\FTCOMModule.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Outlook Express\msimn.exe

      --------------- [ Processus infectieux stoppés ] ----------------


      "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\winupgro.exe" (584)


      --------------- [ Fichiers/Dossiers infectieux ] ----------------


      »»»» Presence des fichiers dans C:

      Found ! [11/11/2008 00:09] - C:\fsc.tmp

      »»»» Presence des fichiers dans C:\WINDOWS


      »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

      Found ! - C:\WINDOWS\prefetch\15080890.EXE-0F59BBC4.pf
      Found ! - C:\WINDOWS\prefetch\15351968.EXE-31763EB6.pf
      Found ! - C:\WINDOWS\prefetch\15405796.EXE-0A7C8156.pf
      Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
      Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
      Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

      »»»» Presence des fichiers dans C:\WINDOWS\system32

      Found ! [08/01/2009 11:49] - C:\WINDOWS\system32\mdelk.exe
      Found ! [08/01/2009 11:49] - C:\WINDOWS\system32\wintems.exe
      Found ! [08/01/2009 11:50] - C:\WINDOWS\system32\ban_list.txt

      »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

      Found ! [12/06/2008 20:21] - "C:\WINDOWS\system32\drivers\downld"


      Found ! [08/01/2009 07:43] - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\flec006.exe"
      Found ! [08/01/2009 07:44] - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\list.oct"
      Found ! [08/01/2009 07:44] - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\data.oct"
      Found ! [08/01/2009 07:44] - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\srvlist.oct"
      Found ! [08/01/2009 07:45] - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared"
      Found ! [07/01/2009 23:12] - "C:\Documents and Settings\AlexVince&Paul\Application Data\m"
      Found ! [07/01/2009 21:48] - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers"
      Found ! [08/01/2009 07:41] - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\srosa.sys"
      Found ! [08/01/2009 07:41] - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\srosa2.sys"
      Found ! [22/09/2006 05:02] - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\winupgro.exe"
      Found ! [08/01/2009 11:59] - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\downld"

      »»»» Presence des fichiers dans C:\DOCUME~1\ALEXVI~1\LOCALS~1\Temp



      Found ! [08/01/2009 07:47] - C:\Documents and Settings\AlexVince&Paul\Local Settings\Temporary Internet Files\Content.IE5\0ILXP3FV\b64_1[1].jpg
      Found ! [08/01/2009 11:55] - C:\Documents and Settings\AlexVince&Paul\Local Settings\Temporary Internet Files\Content.IE5\0ILXP3FV\b64_5[1].jpg
      Found ! [08/01/2009 11:50] - C:\Documents and Settings\AlexVince&Paul\Local Settings\Temporary Internet Files\Content.IE5\0ILXP3FV\file[1].txt
      Found ! [08/01/2009 07:43] - C:\Documents and Settings\AlexVince&Paul\Local Settings\Temporary Internet Files\Content.IE5\59LADMJZ\b64[1].jpg
      Found ! [08/01/2009 11:49] - C:\Documents and Settings\AlexVince&Paul\Local Settings\Temporary Internet Files\Content.IE5\59LADMJZ\b64_3[1].jpg
      Found ! [08/01/2009 07:43] - C:\Documents and Settings\AlexVince&Paul\Local Settings\Temporary Internet Files\Content.IE5\829TMNFH\b64_1[1].jpg
      Found ! [08/01/2009 11:54] - C:\Documents and Settings\AlexVince&Paul\Local Settings\Temporary Internet Files\Content.IE5\829TMNFH\b64_1[2].jpg
      Found ! [08/01/2009 07:44] - C:\Documents and Settings\AlexVince&Paul\Local Settings\Temporary Internet Files\Content.IE5\829TMNFH\servernames[1].htm
      Found ! [08/01/2009 07:42] - C:\Documents and Settings\AlexVince&Paul\Local Settings\Temporary Internet Files\Content.IE5\X0CU9UTN\b64_3[1].jpg

      --------------- [ Registre / Startup ] ----------------

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
      SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
      Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
      FreeRAM XP="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
      AROReminder=C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
      ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      amd_dc_opt=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
      ORAHSSSessionManager=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
      StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      SoundMan=SOUNDMAN.EXE
      QuickTime Task="C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
      iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
      5cf86796=rundll32.exe "C:\WINDOWS\system32\tmkdyibl.dll",b
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      <NO NAME>=
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
      Installed=1
      <NO NAME>=
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
      NoChange=1
      Installed=1
      <NO NAME>=
      HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
      Installed=1
      <NO NAME>=

      [HKEY_CURRENT_USER\software\local appwizard-generated applications\75675678894534654655324324234234324235635344353465465445345345643645645]
      [HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
      [HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
      [HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
      [HKEY_CURRENT_USER\software\local appwizard-generated applications\SuperCopier2]
      [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

      --------------- [ Registre / Clés infectieuses ] ----------------


      Found ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\Local AppWizard-Generated Applications\install_patch
      Found ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\Local AppWizard-Generated Applications\key_generator
      Found ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
      Found ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\bisoft
      Found ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\DateTime4
      Found ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\FFC
      Found ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\FirtR
      Found ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\MuleAppData
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
      Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
      Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
      Found ! - HKEY_CURRENT_USER\Software\bisoft
      Found ! - HKEY_CURRENT_USER\Software\DateTime4
      Found ! - HKEY_CURRENT_USER\Software\FirtR

      /!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
      /!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

      --------------- [ Etat / Services ] ----------------

      Clé manquante : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

      /!\ Affichage des fichiers cachés non fonctionnel !!

      Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

      /!\ Mode sans echec non fonctionnel !!

      Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

      /!\ Mode sans echec non fonctionnel !!

      Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

      /!\ Mode sans echec non fonctionnel !!



      +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

      /!\ Ndisuio - Type de démarrage = 4

      EapHost - Type de démarrage = 3

      /!\ Ip6Fw - Type de démarrage = 4

      /!\ SharedAccess - Type de démarrage = 4

      /!\ wuauserv - Type de démarrage = 4

      /!\ wscsvc - Type de démarrage = 4


      --------------- [ Recherche dans supports amovibles] ----------------


      +- Informations :

      C: - Lecteur fixe

      D: - Lecteur fixe

      E: - Lecteur de CD-ROM


      +- Contenu de l'autorun : E:\autorun.inf

      [autorun]
      open = setup.exe
      icon = Livebox.ico

      +- presence des fichiers :

      Found ! [11/11/2008 00:09][d--------] - C:\fsc.tmp
      Found ! [30/01/2008 13:33][-r-------] - E:\autorun.inf


      --------------- [ Registre / Mountpoint2 ] ----------------


      -> Not found !


      ------------------- ! Fin du rapport ! --------------------
      0
  3. aymeric.moulin Messages postés 251 Date d'inscription   Statut Membre Dernière intervention   5
     
    Bonjour,

    NE nous affolons pas et restons calme. Voici comment tu peut procéder: Déja, change d'antivirus car avast n'est pas super super...
    Voici AVG qui est gratuit et plus performant. Tu va démarrer une analyse complète du PC et communique le raport.

    Lien de téléchargement: https://www.clubic.com/telecharger-fiche10997-avg-antivirus-free-edition.html
    0
  4. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    il ne doit pas changer d antivirus maintenant !!

    Son PC est infecté par Bagle... Ce qui fait que si il réinstalle un autre antivirus, il sera aussi infecté..

    Il faudra réinstaller un antivirus en fin de désinfection...

    Je m en occupe aymeric.moulin
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Ok... Beaucoup d infections à ce que je vois.

    ▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    ▶ Double clic sur le raccourci FindyKill sur ton bureau

    ▶ Au menu principal,choisi l option 2 (Suppression)

    /!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

    /!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

    ▶ ensuite post le rapport FindyKill.txt

    * Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    * Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
    0
  7. aymeric.moulin Messages postés 251 Date d'inscription   Statut Membre Dernière intervention   5
     
    re
    di-moi geoffrey 5, j'ai fait quelques recherches sur ce fameux virus et j'y ai trouvé quelques outils de désinsfection comme celui-ci http://www.commentcamarche.net/faq/sujet 2731 virus kit de desinfection pour eradiquer w32 beagle mm bagle . Pourquoi pas essayer de désinsfecter avec ça?

    Aymeric
    0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Il y a d'autres outils aussi bon que ceux là ;-)
    0
    1. alvince Messages postés 51 Statut Membre 1
       
      je ne peux plus poster
      0
  9. alvince Messages postés 51 Statut Membre 1
     
    voila le nouveau rapport

    ----------------- FindyKill V4.711 ------------------

    * User : AlexVince
    * executed from : C:\Program Files\FindyKill
    * Update on 05/01/09 par Chiquitine29
    * Start at 12:32:01 the 08/01/2009
    * Windows XP - Internet Explorer 7.0.5730.13

    ((((((((((((((( *** deleting *** ))))))))))))))))))

    --------------- [ Active Processes ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\WgaTray.exe

    --------------- [ Infected files / folders ] ----------------

    »»»» Supression files in C:

    Deleted ! - C:\fsc.tmp

    »»»» Supression files in C:\WINDOWS

    »»»» Supression files in C:\WINDOWS\Prefetch

    Deleted ! - C:\WINDOWS\prefetch\15080890.EXE-0F59BBC4.pf
    Deleted ! - C:\WINDOWS\prefetch\15351968.EXE-31763EB6.pf
    Deleted ! - C:\WINDOWS\prefetch\15405796.EXE-0A7C8156.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
    Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

    »»»» Supression files in C:\WINDOWS\system32

    Deleted ! - C:\WINDOWS\system32\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\wintems.exe
    Deleted ! - C:\WINDOWS\system32\ban_list.txt

    »»»» Supression files in C:\WINDOWS\system32\drivers

    Deleted ! - "C:\WINDOWS\system32\drivers\downld"

    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\flec006.exe"
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\list.oct"
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\data.oct"
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\srvlist.oct"
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\(CRACKED).Mcafee.Virus.Scan.Pro.8.02.2004.by.blizzardtwice.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\100 Bikini Babes Screen Saver 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\1015 saturday 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\1st Audio Splitter Extractor 1.25.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\3D Stairway to Turkey Heaven 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\3DS Import for SolidWorks 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\A White Christmas 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Abander MP3 Image Extractor 1.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Active Bulletin Screen Saver 1.10.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\AdManager 1.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Agree Free Rip DVD to 3GP iPod Zune iPhone MP4 Ripper 4.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Aloaha Fairy 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Area61 VideoBrowser 5.0.3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Astronomy Picture of the Day Opera Widget 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\AudioJPEG Studio 1.0.1.24.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Automation ActiveX Components 1.000.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\avast__Professional_Edition_4.7.892.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\AVG_AntiVirus_Professional_v7.1.371a669_Multilanguage.+.keygen.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\AVS Audio Tools 4.4.1.227.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Backup Utility 1.0.0.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Bell & Ross BR 01-92 Yellow 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Bill Serial Port Monitor 3.0T.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Brisbane Traffic Cams 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Brown Bear Screensaver 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Cartes du Ciel 2.76.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Copenhagen Traffic Cams 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\CrystalDiffract 1.0.3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Dariolius Column Splitter 2.7.506.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Deep Space 3D Screensaver 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Depleted Uranium The Killer that Keeps on Killing 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Desktop Sales Manager 6.7.2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Digital Dream Studio 2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Digital Secure Disk 1.5.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Disk Throughput Tester 1.2.9.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\DivX Web Player 1.4.2 Beta 2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Dropcloth 0.3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\DVD to AVI AC3 Ripper 1.0.0.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\EA.Mobile.Tiger.Woods.07.352x416.v4.3.90.S60v3.J2ME.Retail-BiNPDA.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Easy Collection 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Easy HR Date Calculator 1.09.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Easy-Pro Midi to Audio Converter 1.3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\easyStockDater 1.5.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\ECOMAC 0.100.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\EiffelStudio 6.1.7.1477.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Elektronika Live 2.12.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Excel Save Xlt As Xls Software 7.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\EZScan 1.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Firefox PasswordMaker 1.5.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Flash DVD Ripper 0.92.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\FoxTab 1.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Fresnel Reflection Plugin 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Goldbach 3.1c.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Great Artist Renoir 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Guyana Screen Saver 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Halloween Clock screensaver 2.3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Hide Window 1.40.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Honda CB Screensaver 1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\HTML CaseChanger 1.0.23.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Internet Access Scheduler 2.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Jans Act 10.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Joboshare DVD to Zune Converter 2.3.9.1129.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\JR Screen Ruler 1.5.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\JRelaxTimer 1.0.001.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\JWC CD Player 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Kernel Undelete 4.02.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\KingConvert For Epson P-3000 4.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Lite Edit 2.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\liteRecorder 1.7.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Locator Map of the New York City Districts 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\MCAFEE.SPAMKILLER.6.0.Fr.Crack.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Microsoft Application Request Routing for IIS 7 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Miraplacid Text Driver Terminal Edition 5.2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Morovia PDF417 Barcode Fontware 3.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Mozilla Addons toolbar for Firefox 1.0.1.30.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\MPEG4 Bitrate Calculator 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\New Zealand UV Index 1.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Norton.AntiVirus.2007.14.0.0.1+crack-multilenguaje-byzven.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Note Taker 2.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\NT340 1.0 Build 3188.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\O&O DiskStat Professional Edition 1.0.2687.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\OpenEditor 0.98 Beta Build 3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\PetLinx 2.5.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Pick n' Text 2002.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Picture Resizer Pro 2007 2.6.6.5.2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Power Equipment 1.03.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Prevx1.Pc.Security.Crack.Updated-Fixed.07-2006.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Public WEB PST for Outlook 1.2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\PuTTY Tray 0.60 r2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\R-Type v1.0 (Elite Systems) Multi-5 240x320 Nokia n73 n95 Byjj.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Reasonable Antiphishing 2.1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Regular Expression Checker 1.32.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Regular Expression Component Library for VC6 3.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Reminders 1.3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\RSS Writer 1.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\rss2mail 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Saga CD Ripper 1.04.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Seafood2 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Shaggy Bears Screensaver 2.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\SHARM 2.6.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Shell Extension Pack 4.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Site Sentry 2000 1.4.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\SmartInspect Professional 3.1.0.8000.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Snow Country Demo Screensaver 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Sony ACID Pro 7.0a Build 536.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Sony PSP Video Converter 6.0.2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\SoundClick Bot.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Source Code Organizer 1.o6.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\StillMotion PE 2 2.0 Build 3908.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\SuperPro Software 5.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Symantec_Mobile_Security_4.0.41_Aggiornamento.10_08_06_ByAngelo_.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Ted 2.52.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\TExcelDSNCreator 1.002.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\ThrottleWatch 2.02.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Toadnode 3.1.3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Tomtom Gps Crack Let All Gps Recievers Work For Tomtom Mobile.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Tracker Leader Enterprise 2.1.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Tray Launcher v1.51.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Universal Msn Polygamy 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Universal Plug-and-Play Tester 2.08 Build 53.5.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Usagecircle 2 Cores Gadget 0.5.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\VeryPDF Mini EMF Printer 2.01.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\VisioForge Video Edit ActiveX Version 3.2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Voice Call 4.2.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Windows Std Serial Comm Lib for Xbase++ 4.3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Wolves Screen Savers 6 1.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\X-Copy Media Center 3.0.0.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\XCPlan 1.3.zip
    Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\XMouse360 0.2 Beta.zip
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared"
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m"
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\srosa.sys"
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\srosa2.sys"
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\winupgro.exe"
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\downld"
    Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers"

    »»»» Supression files in C:\DOCUME~1\ALEXVI~1\LOCALS~1\Temp

    --------------- [ Registry / Infected keys ] ----------------

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Deleted ! - HKEY_CURRENT_USER\Software\bisoft
    Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
    Deleted ! - HKEY_CURRENT_USER\Software\FirtR
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
    Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
    Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\Local AppWizard-Generated Applications\install_patch
    Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\Local AppWizard-Generated Applications\key_generator
    Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
    Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\FFC
    Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\MuleAppData

    --------------- [ States / Restarting of services ] ----------------

    +- Safe boot mode restored !

    +- Showing of hidden files has been repaired !

    +- Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - Type of startup = 3

    EapHost - Type of startup = 2

    Ip6Fw - Type of startup = 2

    SharedAccess - Type of startup = 2

    wuauserv - Type of startup = 2

    wscsvc - Type of startup = 2

    --------------- [ Cleaning removable drives ] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    E: - Lecteur de CD-ROM

    N: - Lecteur fixe

    +- deleting files :

    Not deleted !! - E:\autorun.inf

    --------------- [ Registry / Mountpoint2 ] ----------------

    -> Not found !

    --------------- [ Searching Other Infections ] ----------------

    Références de comparaison Bagle MD5 :

    113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
    113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
    d532a42b8f3f3787529bfe86d6cf5f02 C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\winupgro.exe

    Suspect ! - d532a42b8f3f3787529bfe86d6cf5f02 C:\Program Files\SuperCopier2\SuperCopier2.exe

    --------------- [ Searching Cracks / Keygen ] ----------------

    ---------------- ! End of report ! ------------------
    0
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Oui je sais il y a un problème pour le moment, les messages avec des rapports ne s affichent plus, tu n es pas le seul dans ce cas là ;-)
    0
  11. alvince Messages postés 51 Statut Membre 1
     
    rapport posté avant ta dernière réponse

    voir au dessus
    0
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    très bien... Maintenant fais ceci stp :

    ▶ Rends toi sur ce site :
    http://www.zonavirus.com/datos/descargas/95/elibagla.asp
    ▶ tout en bas de cette page tu trouveras un outil
    à télécharger,clique sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)
    ▶ installe ce fichier sur le Bureau.
    ▶ ensuite double-clic sur Elibagla.exe
    ▶ laisse la case "eliminar ficheros automaticamente" coché
    ▶ clique sur"explorar"
    ▶ laisse-le travailler

    ▶ Redémarre en mode sans échec,

    *Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).

    ▶ relance 2 fois elibagla

    ▶ redémarre en mode normal

    ▶ poste le rapport final qui sera dans c:\infosat.txt
    0
    1. alvince Messages postés 51 Statut Membre 1
       
      Ci dessus dernier rapport

      Merci
      0
  13. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant :

    ▶ Telecharge UsbFix sur ton bureau

    ▶ Lance l installation avec les parametres par default

    ▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    ▶ Double clic sur le raccourci UsbFix sur ton bureau

    ▶ Le pc va redémarer

    ▶ Clique sur l'option 1 Nettoyage

    ▶ Apres redémarrage post le rapport UsbFix.txt

    * Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

    * Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" ,
    "Nouvelle tâche" , tapes explorer.exe et valides
    0
  14. alvince Messages postés 51 Statut Membre 1
     
    De retour

    rapport demandé => merci

    -------------- UsbFix V2.413.9 ---------------

    * User : AlexVince
    * Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8
    * Recherche effectuée à 20:52:42 le 08/01/2009
    * Windows Xp - Internet Explorer 7.0.5730.13

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe

    D: - Lecteur fixe

    E: - Lecteur de CD-ROM

    N: - Lecteur fixe

    +- Contenu de l'autorun : E:\autorun.inf

    [autorun]
    open = setup.exe
    icon = Livebox.ico

    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe

    +- Listing des fichiers présents :

    [15/11/2007 01:13][--a------] C:\AUTOEXEC.BAT
    [15/11/2007 01:13][--a------] C:\muxmp4.bat
    [05/08/2004 15:00][-rahs----] C:\NTDETECT.COM
    [15/01/2008 11:19][--a------] C:\md5.exe
    [23/11/2008 23:40][-r-hs----] C:\boot.ini
    [08/01/2009 12:40][--a------] C:\FindyKill.txt
    [08/01/2009 12:40][--a------] C:\InfoSat.txt
    [08/01/2009 12:40][--a------] C:\mkv.txt
    [08/01/2009 12:40][--a------] C:\mpeg.txt
    [08/01/2009 12:40][--a------] C:\rfc1321.txt
    [08/01/2009 12:40][--a------] C:\UsbFix.txt
    [15/11/2007 01:13][--a------] C:\CONFIG.SYS
    [15/11/2007 01:13][--a------] C:\IO.SYS
    [15/11/2007 01:13][--a------] C:\MSDOS.SYS
    [15/11/2007 01:13][--a------] C:\pagefile.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur fixe

    +- Listing des fichiers présents :

    --------------- [ Lecteur E ] ----------------

    E: - Lecteur de CD-ROM

    +- Listing des fichiers présents :

    [23/01/2008 21:25][-r-------] E:\livebox.exe
    [23/01/2008 21:25][-r-------] E:\Setup.exe
    [30/01/2008 13:33][-r-------] E:\setup.ini
    [30/01/2008 13:33][-r-------] E:\Autorun.inf

    --------------- [ Lecteur N ] ----------------

    N: - Lecteur fixe

    +- Listing des fichiers présents :

    --------------- [ Registre / Startup ] ----------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
    SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
    Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
    FreeRAM XP="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    AROReminder=C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    amd_dc_opt=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    ORAHSSSessionManager=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    SoundMan=SOUNDMAN.EXE
    QuickTime Task="C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
    5cf86796=rundll32.exe "C:\WINDOWS\system32\tmkdyibl.dll",b
    KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ffe6816-9305-11dc-b304-806d6172696f}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
    Echec de la supression !! - [31/05/2007 14:02] E:\Setup.exe
    Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
    Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
    Supprimé ! - [23/11/2008 17:13][--ahs----] N:\THUMBS.DB

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre interprété par un spécialiste /!\

    [15/11/2007 01:13][--a------] C:\AUTOEXEC.BAT
    [15/11/2007 01:13][--a------] C:\muxmp4.bat
    [05/08/2004 15:00][-rahs----] C:\NTDETECT.COM
    [15/01/2008 11:19][--a------] C:\md5.exe
    [23/11/2008 23:40][-r-hs----] C:\boot.ini
    [23/01/2008 21:25][-r-------] E:\livebox.exe
    [23/01/2008 21:25][-r-------] E:\Setup.exe
    [30/01/2008 13:33][-r-------] E:\setup.ini
    [30/01/2008 13:33][-r-------] E:\Autorun.inf

    --------------- [ Vaccination ] ----------------

    C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
    Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
    Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
    N:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

    --------------- ! Fin du rapport ! ----------------
    0
  15. alvince Messages postés 51 Statut Membre 1
     
    à l'aide
    0
  16. alvince Messages postés 51 Statut Membre 1
     
    help
    0
  17. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Re,

    ▶ Télécharge hijackthis

    ▶ Tout est expliqué sur mon site web pour l'installer et l'utiliser correctement.

    ▶ Poste le rapport obtenu dans le bloc note dans ta prochaine réponse.

    Comment copier/coller le rapport :

    ▶ Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

    ▶ ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
    0
  18. alvince Messages postés 51 Statut Membre 1
     
    C:\ non accessible pour renommer

    Plante ou m'éjecte
    0
  19. alvince Messages postés 51 Statut Membre 1
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:40:41, on 08/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\2\AlertModule.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\UpsPilot\Winpower.exe
    C:\Program Files\UpsPilot\jre\bin\javaw.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\1\FTCOMModule.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\Htj.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: (no name) - {00D29711-A271-4D99-8FAC-286D45C5E961} - C:\WINDOWS\system32\yayXRHwV.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: {94d37406-b235-3c0a-fdf4-07332d28df04} - {40fd82d2-3370-4fdf-a0c3-532b60473d49} - C:\WINDOWS\system32\cedoqb.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcYoNef.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [5cf86796] rundll32.exe "C:\WINDOWS\system32\bopvtjcp.dll",b
    O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O15 - Trusted Zone: http://*.mappy.com
    O15 - Trusted Zone: http://*.orange.fr
    O15 - Trusted Zone: http://rw.search.ke.voila.fr
    O15 - Trusted Zone: http://orange.weborama.fr
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.gbh.fr/dwa7W.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: cedoqb.dll
    O20 - Winlogon Notify: ddcYoNef - C:\WINDOWS\SYSTEM32\ddcYoNef.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Winpower - ZeroG Software - C:\PROGRA~1\UpsPilot\Winpower.exe
    O23 - Service: Winpowermanager - ZeroG Software - C:\PROGRA~1\UpsPilot\manager.exe
    O23 - Service: Winpowermonitor - ZeroG Software - C:\PROGRA~1\UpsPilot\monitor.exe
    O23 - Service: WinpowerRMI - ZeroG Software - C:\PROGRA~1\UpsPilot\wpRMI.exe
    0
  20. alvince Messages postés 51 Statut Membre 1
     
    HELP
    0
  • 1
  • 2
  • 3