Winupgro

Résolu/Fermé
hadeslechat - 10 janv. 2009 à 01:44
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 - 28 janv. 2009 à 18:35
Bonjour,
j'ai chopé le virus "winupgro", apres avoir lu vos reponses aux messages precedents, j'ai telecharger findykill, et voici le rapport de l'analyse n°1


----------------- FindyKill V4.711 ------------------

* User : SYSTEM - TONYETLILIE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 19:38:57 le 09/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\60538203.EXE-E976ACEA.pf
Found ! - C:\Windows\prefetch\60659359.EXE-51330642.pf
Found ! - C:\Windows\prefetch\60665265.EXE-6524FD67.pf
Found ! - C:\Windows\prefetch\60937609.EXE-52EDB8E3.pf
Found ! - C:\Windows\prefetch\68009343.EXE-CA13A268.pf
Found ! - C:\Windows\prefetch\68124343.EXE-39B4E8AE.pf
Found ! - C:\Windows\prefetch\68346875.EXE-55DF5556.pf
Found ! - C:\Windows\prefetch\68377984.EXE-85DC485F.pf
Found ! - C:\Windows\prefetch\73750953.EXE-D231CFB6.pf
Found ! - C:\Windows\prefetch\73866437.EXE-A0F31357.pf
Found ! - C:\Windows\prefetch\73888171.EXE-9BD80232.pf
Found ! - C:\Windows\prefetch\74112906.EXE-FAE3FE41.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-585C97BD.pf
Found ! - C:\Windows\prefetch\MDELK.EXE-DC6EBAD6.pf
Found ! - C:\Windows\prefetch\WINTEMS.EXE-72D52E08.pf
Found ! - C:\Windows\prefetch\WINUPGRO.EXE-07A02A76.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [09/01/2009 18:49] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\drivers


»»»» Presence des fichiers dans


»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Local\Temp


»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5

Found ! [06/11/2008 16:33] - C:\Program Files\Rockstar Games\Grand Theft Auto IV\files.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
SoundMan=SOUNDMAN.EXE
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
LogitechCommunicationsManager="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
nod32kui="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe Photo Downloader="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=


--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

/!\ UAC is Disable

--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe

+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------

Merci d'avance pour vos reponses !

11 réponses

plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
10 janv. 2009 à 10:13
Bonjour

IMPORTANT : fait sa avnt toute chose :

tu vas désactiver l'uac : https://forum.malekal.com/viewtopic.php?f=59&t=6517

puis

Deconnecte toi d'internet, ferme toutes tes applications , branche tes clefs USB,disques dur externe, etc..
et relance findykill et execute le en administrateur puis en option 2 et poste le rapport

ensuite et après telecharge hijackthis ici :

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

execute le choisit "do a scan and save the log" et poste le rapport
0
voici le rapport de findykill option 2 :


----------------- FindyKill V4.711 ------------------

* User : Tony et Lilie - TONYETLILIE
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 13:24:52 the 10/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch

Deleted ! - C:\Windows\prefetch\60538203.EXE-E976ACEA.pf
Deleted ! - C:\Windows\prefetch\60659359.EXE-51330642.pf
Deleted ! - C:\Windows\prefetch\60665265.EXE-6524FD67.pf
Deleted ! - C:\Windows\prefetch\60937609.EXE-52EDB8E3.pf
Deleted ! - C:\Windows\prefetch\68009343.EXE-CA13A268.pf
Deleted ! - C:\Windows\prefetch\68124343.EXE-39B4E8AE.pf
Deleted ! - C:\Windows\prefetch\68346875.EXE-55DF5556.pf
Deleted ! - C:\Windows\prefetch\68377984.EXE-85DC485F.pf
Deleted ! - C:\Windows\prefetch\73750953.EXE-D231CFB6.pf
Deleted ! - C:\Windows\prefetch\73866437.EXE-A0F31357.pf
Deleted ! - C:\Windows\prefetch\73888171.EXE-9BD80232.pf
Deleted ! - C:\Windows\prefetch\74112906.EXE-FAE3FE41.pf
Deleted ! - C:\Windows\prefetch\FLEC006.EXE-585C97BD.pf
Deleted ! - C:\Windows\prefetch\MDELK.EXE-DC6EBAD6.pf
Deleted ! - C:\Windows\prefetch\WINTEMS.EXE-72D52E08.pf
Deleted ! - C:\Windows\prefetch\WINUPGRO.EXE-07A02A76.pf

»»»» Supression files in C:\Windows\system32

Deleted ! - C:\Windows\system32\mdelk.exe
Deleted ! - C:\Windows\system32\wintems.exe
Deleted ! - C:\Windows\system32\ban_list.txt

»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\Tony et Lilie\AppData\Roaming

Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\m\flec006.exe"
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\m\list.oct"
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\m\data.oct"
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\m\srvlist.oct"
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\3D Manatees in Rippling Waters 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\3DMasterKit 3.5.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\4Leaf WMV Video Converter 1.5.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\@PROMT Spanish-Russian Internet Translator 7.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Adusoft DVD Creator 2.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Afree FLV MP4 iPhone iPod AVI DIVX WMV Converter 5.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\AlbumEasy 2.2.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\ALIVE CLOCK 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Altair 1.0 Rev.16.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Americanassist 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\AntlerTek Photo Recovery 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\AppGini Freeware Version 3.3.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Auth 1.01.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Automatic DJ 1.10 beta.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Avast!.Antivirus.4.6.691.Professional.Edition.Crack.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Avast.Profesional.4.7.serial.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Avex Video Converter Platinum 4.06.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\B-Log 1.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Bet Arbitrage Calculator 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Binary Desktop Clock 1.4.2.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Bitdefender.Internet.Security.v10.-.FR.by.stitch_ALLTEAM.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\BlueCap Icons 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Camp Granada Font 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Caps Lock Changer 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Captain Podd.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\CDG 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\clarus the dogcow 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Class Reunion Almanac 2.7.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Construction Sigma Style.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Cournol 0.3.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Crack.para.la.SuscripciÇün.de.Norton.antivirus.&.internet.security.2002-2003.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\CT Mystified 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\CTC 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\CyberSky 4.0.3.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\DC AppProtector 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\DIZipWriter 2.3.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\DJBCP DVD Rip Pack 2.1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Dreamscape Analysis 2.2.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Drive Info Gadget 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Duplicate Cleaner 1.3.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\DVD to PSP Video Converter Suite 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Easy Album Manager 1.01.01.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\eConsumersearch Toolbar 4.5.171.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Email Director 9.2.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\ExtraMp3 Renamer 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\EZ Backup IE Basic 6.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\FaceMorpher Lite 2.5.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Fixed Width File Pro 3.0.13.2766.12.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\FreeSpamFilter Screensaver 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\GenoSwatch 2.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\GMail Extract e-mail addresses from G-Mail Account 1.0.0.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\GMSI.NET Instrumentation Library 1.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\GoodOK iPod Converter 6.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Hexbin interconverter 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Homeland Security Monitor 2.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\IBLMExport 1.2.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\ie7ReplaceTabTitle 1.1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Image Gallery Assistant 1.3b.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Jason DVD Video to MPEG Converter 5.00.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\JustBoot Password Cleaner 7.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\KeyDB 1.50.03.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Konst Pinger 1.31.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Konvertor xxx2pdf 1.07.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\LastChance 1.03.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Link Buzz 1.01.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Lyrics2Search toolbar 1.0.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\M8 Cell Pre-Filler Demo 1.00.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Manage PC Startup 1.00.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Mappa TomTom mobile Italia v6.75.1429 (maggio 2007) updated-fixed 05-2008.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\MIDI Workplace 2.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Misty Lakeside 3D 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Mnemo 4.3.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\More Space Sanitizer 5.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\mRNA 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\naBBit 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Navicat MySQL 8.0.28.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\NeonJax 3D 1.0.2.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Net Orbit 2.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\NOD32.FiX.v1.0-nsane.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\NOD32.FiX.v2.1-XLifes.ru.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\NoTrax 1.5.0.34.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Nubs 1.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\OLSR daemon 0.4.10.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\One Cat Viewer 4.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Outlook Tools 2.8.5.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Paradox to IBM DB2 Conversion Software 7.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\PatternPrint 17.4.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\PC-BugCleaner 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\PDF Create .NET 2.5.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Personal Organizer 1.0.1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Phantasm CS 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\PhotoKit Color 1.0.3.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Physics 101 SE 7.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Pingotron Pro 4.1.3.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Pivot4U 2.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\PM Eject 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\POV-Ray 3.7 Beta 29.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Power Article Rewriter 1.1.0.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\ReadPlease Plus 2003 1.10.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\rebuilt.Tomtom 6 wm6 + italia v6.507 by Windows Mobile 6 samsung omnia i900.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Request Slip Generator 1.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Secure Folder Hider 1.3.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Serial Device Test Utility 1.5.0.13.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Shark AVI Video Converter 6.8.1.6.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\SimpleDelicious 1.1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Singapore Next Bus Widget 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Smart Writings 1.0.19.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\SoftDisc 3.0.2.320.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Specifications Application 0.25.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Status Scroll 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Stitcher 3.5.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\SuperF4 0.9.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Symantec.Norton.Save.&.Restore.Installation.Key.Generator.Updated-Fixed.12-2006.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Sync 'Em! 2.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\The Book of Kells 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Time Flow Terminator 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Time Meter 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\ToDo Notes 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\TriggerChart 2.10.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\TubeMe 1.2.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Turbo File Uneraser 1.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\VersionLab 2.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Virtual Map StreetDirectory Gadget 1.0.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\VSO Burning SDK 2.1.12.353.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\WebESC 3.04.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\Willy's Htmlpad 2.09.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\XP Laptop Switcher 2.1.zip
Deleted ! - C:\Users\Tony et Lilie\AppData\Roaming\m\shared\[ITA].Avast!.Antivirus.4.6.691.Professional.Edition.+.Crack.zip
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\m\shared"
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\m"
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\drivers\srosa.sys"
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\drivers\srosa2.sys"
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\drivers\winupgro.exe"
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\Tony et Lilie\AppData\Roaming\drivers"

»»»» Supression files in C:\Users\TONYET~1\AppData\Local\Temp

je fais quoi maintenant ? car winupgro est resté actif ...
0
claudinus32 Messages postés 4 Date d'inscription samedi 21 juin 2008 Statut Membre Dernière intervention 23 janvier 2009
23 janv. 2009 à 16:27
--bonjour j ai le même problème alors j'ai suivi le tuto et voila le rapport qui apparait après l'étape 2 il na rien supprimer il y a une erreur


###################### [ FindyKill V4.714 ]

# User : Propri‚taire - CLAUDE
# Executed from : C:\Program Files\FindyKill
# Update on 19/01/09 by Chiquitine29
# Start at 16:13:20 the 23/01/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.714 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////


################## [ C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\1152625.EXE-06DF90DE.pf
Deleted ! - C:\WINDOWS\prefetch\1282046.EXE-14B14A3F.pf
Deleted ! - C:\WINDOWS\prefetch\506828.EXE-02B074ED.pf
Deleted ! - C:\WINDOWS\prefetch\522093.EXE-2A5EE48C.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-041A0D93.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]


################## [ C:\Documents and Settings\Propri‚taire\Application Data ]

Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\m"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\inst.exe"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\Propri‚taire\Application Data\drivers"

################## [ C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp ]


################## [ C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5 ]

Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64[3].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\1ARDYY8Y\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\b64[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\b64[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\file[1].txt
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\687P3NZW\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BCULGGPT\b64[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BCULGGPT\b64[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BCULGGPT\b64[3].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BCULGGPT\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BCULGGPT\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BCULGGPT\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BCULGGPT\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BCULGGPT\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BCULGGPT\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SX1YJC68\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SX1YJC68\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SX1YJC68\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SX1YJC68\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SX1YJC68\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SX1YJC68\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SX1YJC68\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\SX1YJC68\b64_2[3].jpg

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-527237240-1292428093-682003330-1003\Software\Local AppWizard-Generated Applications\patch
Deleted ! - HKEY_USERS\S-1-5-21-527237240-1292428093-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-527237240-1292428093-682003330-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-527237240-1292428093-682003330-1003\Software\MuleAppData

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Safe boot mode restored !

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 2

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2


\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Lecteur fixe

E: - Lecteur de CD-ROM


# deleting files :

Not deleted !! - E:\autorun.inf

\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////


-> Not found !


\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Suspect ! - 9ebb5ff4f4ee0e0da4db35071458afee C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Ares\My Shared Folder\photoshop cs3 activation key generator.exe
Suspect ! - d8a9e541edae327d4fd34bcd80d34eac C:\Program Files\avast\patch.exe
Suspect ! - ebe38e2fcd97bfaf184cd5386100b529 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\1062031.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\1063531.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\1071750.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\1110937.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\1152625.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\1320453.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\1739421.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\380859.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\401421.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\414875.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\420593.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\444421.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\499046.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\506828.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\575984.exe
Suspect ! - 2a2d6dfc1281dd5272403cf569d4aaae C:\RECYCLER\S-1-5-21-527237240-1292428093-682003330-1003\Dc47\downld\634984.exe

\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////


################## [ ! End of report # FindyKill V4.714 ! ]

merci beaucoup de votre aide

claude vous remercie et vous envoie un petit coucou
0
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
10 janv. 2009 à 15:58
Fait la suite du poste 1 poste un rapport hijackthis telecharge le à l'aide du 2eme lien du poste 1 et poste le rapport stp
0
je ne peut plus telecharger de fichiers, on me demande l'autorisation de l'administrateur reseaux, pourtant je suis administrateur de ma machine !
0
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
10 janv. 2009 à 20:07
Arrive tu as telechargé malwarebyte antimalware ici :

http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware

installe le , met le a jour si tu peut et fait un scan complet, supprime tout ce qui est trouvé et poste le raport
0
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1638
Windows 6.0.6000

10/01/2009 21:45:00
mbam-log-2009-01-10 (21-44-56).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 132271
Temps écoulé: 50 minute(s), 26 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Worm.Bagel) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sk9ou0s (Worm.Bagel) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Worm.Bagel) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe (Trojan.Spammer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe (Trojan.Spammer) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> No action taken.
C:\Users\Tony et Lilie\AppData\Roaming\drivers\srosa2.sys (Worm.Bagel) -> No action taken.
C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> No action taken.
C:\Windows\System32\wintems.exe (Trojan.Spammer) -> No action taken.

voici le rapport de malwarebytes
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
10 janv. 2009 à 22:40
ok as tu supprimer les infections trouvées si non va dans la quarantaine de malwarebyte et supprime tout puis réessaye de telecharger hijackthis et de poster un rapport (voir poste 1)
0
ok hijackthis telechargé mais je ne peut pas le mettre en route " hijackthis n'est pas une application win32 valide"
0
dsl j'ai fini par reussir a lance hijackthis, voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:22, on 10/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nosibay\VPbubble\Launcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Nosibay\VPbubble\VPbubble.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tony et Lilie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6ROOJT0\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [VPbubble] "C:\Program Files\Nosibay\VPbubble\launcher.exe"
O4 - HKCU\..\Run: [e-COMO] C:\Program Files\ColiPoste\eCOMO\ecomo.lnk
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
0
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
11 janv. 2009 à 08:45
ok

telecharge GENPROC dezippe l'archive dans un dossier prevu GENPROC

http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

execute execute GENproc en administrateur (clik droit puis executer en admin) et poste le rapport
0
Rapport GenProc 2.323 [1] - 12/01/2009 - Windows Vista

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo)
Ce logiciel va permettre de supprimer tous les fichiers temporaires.
Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- FindyKill http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe (Chiquitine29) sur le Bureau.


Note importante : l'infection bagle s'installant au moyen d'un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

# Etape 2/

Lance l'installation avec les paramètres par défaut
- Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu'Administrateur)
- Au menu principal, sélectionne l'option 1 (Recherche)
- Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt )
Avant de faire quoi que ce soit d'autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l'avis d'un spécialiste.Après confirmation par un intervenant qualifié du forum, passe au nettoyage

# Etape 3/

Branche toutes tes sources de données externes au PC (clés USB, disques durs externes, lecteurs mp3, iPod...) sans les ouvrir- Relance FindyKill,
- Cette fois, sélectionne l'option 2 (Suppression) au menu principal.
- Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "Nettoyage effectué !"
- Ensuite poste le rapport C:\FindyKill.txt
0
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
12 janv. 2009 à 11:23
ok donc suis le rapport exactement et relance findykill en option 1 et poste le rapport
0
----------------- FindyKill V4.711 ------------------

* User : Tony et Lilie - TONYETLILIE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 11:37:17 le 12/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Nosibay\VPbubble\Launcher.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Nosibay\VPbubble\VPbubble.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\2426218.EXE-48E44C48.pf
Found ! - C:\Windows\prefetch\2536906.EXE-0D3369F6.pf
Found ! - C:\Windows\prefetch\2910187.EXE-558BF6D7.pf
Found ! - C:\Windows\prefetch\2932781.EXE-43A3299B.pf
Found ! - C:\Windows\prefetch\MDELK.EXE-DC6EBAD6.pf
Found ! - C:\Windows\prefetch\WINTEMS.EXE-72D52E08.pf
Found ! - C:\Windows\prefetch\WINUPGRO.EXE-07A02A76.pf
Found ! - C:\Windows\prefetch\WINUPGRO.EXE-8BE33A6C.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [12/01/2009 10:46] - C:\Windows\system32\mdelk.exe
Found ! [12/01/2009 10:46] - C:\Windows\system32\wintems.exe
Found ! [12/01/2009 10:47] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\drivers


»»»» Presence des fichiers dans C:\Users\Tony et Lilie\AppData\Roaming

Found ! [11/01/2009 13:46] - "C:\Users\Tony et Lilie\AppData\Roaming\m\flec006.exe"
Found ! [12/01/2009 10:46] - "C:\Users\Tony et Lilie\AppData\Roaming\m\list.oct"
Found ! [12/01/2009 10:47] - "C:\Users\Tony et Lilie\AppData\Roaming\m\data.oct"
Found ! [12/01/2009 10:47] - "C:\Users\Tony et Lilie\AppData\Roaming\m\srvlist.oct"
Found ! [12/01/2009 10:47] - "C:\Users\Tony et Lilie\AppData\Roaming\m\shared"
Found ! [10/01/2009 22:05] - "C:\Users\Tony et Lilie\AppData\Roaming\m"
Found ! [10/01/2009 22:01] - "C:\Users\Tony et Lilie\AppData\Roaming\drivers"
Found ! [12/01/2009 10:46] - "C:\Users\Tony et Lilie\AppData\Roaming\drivers\srosa.sys"
Found ! [12/01/2009 10:46] - "C:\Users\Tony et Lilie\AppData\Roaming\drivers\srosa2.sys"
Found ! [25/10/2005 02:02] - "C:\Users\Tony et Lilie\AppData\Roaming\drivers\winupgro.exe"
Found ! [12/01/2009 10:46] - "C:\Users\Tony et Lilie\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Users\TONYET~1\AppData\Local\Temp


»»»» Presence des fichiers dans C:\Users\Tony et Lilie\Local Settings\Temporary Internet Files\Content.IE5

Found ! [06/11/2008 16:33] - C:\Program Files\Rockstar Games\Grand Theft Auto IV\files.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ehTray.exe=C:\Windows\ehome\ehTray.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
Nokia.PCSync="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
PC Suite Tray="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
VPbubble="C:\Program Files\Nosibay\VPbubble\launcher.exe"
NVIDIA nTune=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe resetprofile
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
SoundMan=SOUNDMAN.EXE
LogitechQuickCamRibbon="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
LogitechCommunicationsManager="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
nod32kui="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe Photo Downloader="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-2649530482-2426422276-2481061213-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-2649530482-2426422276-2481061213-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2649530482-2426422276-2481061213-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-2649530482-2426422276-2481061213-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-2649530482-2426422276-2481061213-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-2649530482-2426422276-2481061213-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-2649530482-2426422276-2481061213-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Found ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Found ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Found ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

/!\ UAC is Disable

--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe

+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
12 janv. 2009 à 12:34
relance findykill en option 2 en fermant tout, en te deconnectant d'internet et en branchant tes clefs usb, disque dur etc... et poste le rapport
0
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
23 janv. 2009 à 16:31
repond à la suite des message stp car la on comprend moins bien


reposte un hijackthis stp
0
claudinus32 Messages postés 4 Date d'inscription samedi 21 juin 2008 Statut Membre Dernière intervention 23 janvier 2009
23 janv. 2009 à 23:34
probleme resolu mais mon antivirus trouve encore des traces de cette blagues en nesperent quelle ne fait pâs de petit merci a vous tous
0
desolé j'ai demenagé et je n'avais plus internet depuis le 12 janvier, mon infection a bien disparue, mon antivirus et windows refonctionnent normalement, merci encore pour votre aide, a bientot sur "commentcamarche" !!
0
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
24 janv. 2009 à 09:35
re

il doit rester des choses

Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Clique sur Continue
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront poste les 2 rapports SEPAREMENT
0
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
28 janv. 2009 à 18:35
ok ben met ton sujet en résolu si tu veux pas continuer...
0