Sujet Précédent Sujet Suivant

Virus winupgro

toto09 Messages postés 18 Statut Membre -  
 toto09 -
Bonjour,

infecté par wibnupgro depuis une heure environ, j'utilise lapplication findykill. mon rapport est arrivé mais je ne sait pas ce que je peux supprimer en tte confiance sans abimer l'ordinateur.

merci
A voir également:

44 réponses

Réponse 1 / 44
Utilisateur anonyme
 
re,

comme promis je passe ,

Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

ensuite :

Telecharge FindyKill sur ton bureau :

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Tuto : malekal
Tuto : 01net
0
Réponse 2 / 44
toto09 Messages postés 18 Statut Membre
 
ok donc je ferme findykill qui a déja scanné mon ordinateur la. jai déja le rapport sous les yeux. tant pis je le ferme quand mm ?
0
Réponse 3 / 44
Utilisateur anonyme
 
oué

tu suis la procédure stp
0
Réponse 4 / 44
toto09 Messages postés 18 Statut Membre
 
ok ca marche merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 44
toto09 Messages postés 18 Statut Membre
 
dsl dcasser les couilles avec ca mais une fois que le virus sera détruit (si cest possible bien sur), mon antivirus sera réinstallé et msn aussi ??
0
Réponse 6 / 44
Utilisateur anonyme
 
oui pas de soucis
0
Réponse 7 / 44
toto09 Messages postés 18 Statut Membre
 
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\FindyKill.txt: trouvé !
C:\Documents and Settings\nathan\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Program Files\FindyKill: trouvé !

---------------------------------
-->- Suppression:

C:\FindyKill.txt: supprimé !
C:\Documents and Settings\nathan\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\FindyKill: ERREUR DE SUPPRESSION !!
0
Réponse 8 / 44
toto09 Messages postés 18 Statut Membre
 
juste en attendant, pourquoi me faire désinstaller et réinstaller findykill ?(je suis novice et j'eassaie de comprendre un peu)
0
Réponse 9 / 44
Utilisateur anonyme
 
ok

recommence avec findykill avec le lien fourni
0
Réponse 10 / 44
Utilisateur anonyme
 
c juste au cas ou tu aurais pas la bonne version
0
Réponse 11 / 44
toto09 Messages postés 18 Statut Membre
 
ok pas dprise de risque. et c'est vous qui l'avez programmée cette appli ?
0
Réponse 12 / 44
Utilisateur anonyme
 
oui ,en effet avec l aide d une personne
0
Réponse 13 / 44
toto09 Messages postés 18 Statut Membre
 
----------------- FindyKill V4.712 ------------------

* User : nathan - PENTABOSS
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 14/01/09 par Chiquitine29
* Recherche effectuée à 22:01:34 le 15/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

Found ! [25/03/2007 10:37] - "C:\WINDOWS\exefld"

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\139250.EXE-0BA0215C.pf
Found ! - C:\WINDOWS\prefetch\177468.EXE-186CAC57.pf
Found ! - C:\WINDOWS\prefetch\192750.EXE-2753CF01.pf
Found ! - C:\WINDOWS\prefetch\5678421.EXE-2A173B90.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-19A758F6.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-041ABFAF.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [15/01/2009 20:59] - C:\WINDOWS\system32\mdelk.exe
Found ! [15/01/2009 20:59] - C:\WINDOWS\system32\wintems.exe
Found ! [15/01/2009 20:59] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [29/02/2008 20:49] - "C:\WINDOWS\system32\drivers\down"

»»»» Presence des fichiers dans C:\Documents and Settings\nathan\Application Data

Found ! [15/01/2009 21:00] - "C:\Documents and Settings\nathan\Application Data\m\flec006.exe"
Found ! [15/01/2009 21:00] - "C:\Documents and Settings\nathan\Application Data\m\list.oct"
Found ! [15/01/2009 21:00] - "C:\Documents and Settings\nathan\Application Data\m\data.oct"
Found ! [15/01/2009 21:00] - "C:\Documents and Settings\nathan\Application Data\m\srvlist.oct"
Found ! [15/01/2009 21:02] - "C:\Documents and Settings\nathan\Application Data\m\shared"
Found ! [15/01/2009 21:00] - "C:\Documents and Settings\nathan\Application Data\m"
Found ! [15/01/2009 20:55] - "C:\Documents and Settings\nathan\Application Data\drivers"
Found ! [15/01/2009 20:58] - "C:\Documents and Settings\nathan\Application Data\drivers\srosa.sys"
Found ! [15/01/2009 20:58] - "C:\Documents and Settings\nathan\Application Data\drivers\srosa2.sys"
Found ! [10/05/2005 02:07] - "C:\Documents and Settings\nathan\Application Data\drivers\winupgro.exe"
Found ! [15/01/2009 21:01] - "C:\Documents and Settings\nathan\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\nathan\LOCALS~1\Temp

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
DAEMON Tools-1033="C:\Program Files\D-Tools\daemon.exe" -lang 1033
CloneCDTray="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
WinampAgent=C:\Program Files\Winamp\winampa.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\install]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mule_st_key
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------
0
Réponse 14 / 44
Utilisateur anonyme
 
oki

en fait , t as des traces d une anciennes infection plus une des nouvelles

>>faudrait serieusement arreter les cracks

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "Cleaning complete"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
/!\ A lire dans tons cas 1 : http://www.libellules.ch/...
/!\ A lire dans tons cas 2 : http://forum.malekal.com/ftopic893.php
/!\ A visionner : http://secuboxlabs.fr/archives/computertoday.html
0
Réponse 15 / 44
toto09 Messages postés 18 Statut Membre
 
yahya kho

----------------- FindyKill V4.712 ------------------

* User : nathan - PENTABOSS
* executed from : C:\Program Files\FindyKill
* Update on 14/01/09 par Chiquitine29
* Start at 22:30:04 the 15/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

Deleted ! - "C:\WINDOWS\exefld"

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\139250.EXE-0BA0215C.pf
Deleted ! - C:\WINDOWS\prefetch\177468.EXE-186CAC57.pf
Deleted ! - C:\WINDOWS\prefetch\192750.EXE-2753CF01.pf
Deleted ! - C:\WINDOWS\prefetch\5678421.EXE-2A173B90.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-19A758F6.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-041ABFAF.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - "C:\WINDOWS\system32\drivers\down"

»»»» Supression files in C:\Documents and Settings\nathan\Application Data

Deleted ! - "C:\Documents and Settings\nathan\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\nathan\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\nathan\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\nathan\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\3DS Export for Inventor 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\@RISK 4.5.5.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\A.I.Studio WatzNew 1.9.5.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Aardvark News Desk 1.01.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Adam Brody Screensaver 3.5.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Amazon.co.uk 0.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Ambisonics Player 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Amethyst CIPHER 1.05.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Annuaire 3.23.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Antivir.Personal.Edition.2006.+.crack.by.PcM@ster1.&.PcM@ster2.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Apple Math 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Aptana 0.2.7.13425.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\ASAP Advanced FTP Password Recovery 1.2.6.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Avira.Antivir.Premium.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\AWS Desktop Clock 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\B+ Tree 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Beatles Vista Icons.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\BG.-.Kompilacija.(2005).-.Den.i.nosht.(by.PANDA_1960).zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Bill Central Time Billing 2004.05.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Birthday Calendar Reminder 3.6 Build 422.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\BitNami Roller Stack 4.0-4.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Black ModXP 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Bollywood Mantra Sidebar 0.1.3.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\CatsCradle 3.7.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Claros Downloader 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\ClearInfo 0.50 Final.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\ClubDJ Pro 3.0.2.5.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\COLORCUBE Snake Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Coloring Book 7
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\CTcontrol mini 1.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\dhtmlxTree 1.6.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Displaying 58001 - 60000 of 107598.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\DivX Cover Maker 2.2.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\DJ Java Decompiler 3.10.10.93.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\DSP Centercut 1.4.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\EasyPlay 1.0.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Email Extractor Websites N Mailer 1.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Express Talk VoIP Softphone 3.10.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Extract Data and Text from Multiple Text and HTML Files Software 9.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Ezy Invoice 7 Build 4.5.3.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Fast Bookmark 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\File Organiser 1.163.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\FSExplorer 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Gecko Programming Language 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\GetWebPics Home edition 2.9.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Glary Utilities PRO 2.9.518.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Gmail Icon Notifier 0.5 Beta.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Go to Selection 1.2.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Graphic-Chart ActiveX Components 3.000.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Grossout Shadow.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\GRSeo - Search Engine Optimizer 2.5.40.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Happy Diary 4.0.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Harry Potter Screen Saver 3.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Hartford Courant News 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Hex to Decimal Converter 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Home & Landscape Design Center 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\IE Cache Extractor 1.1 beta 6.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\JamDTA.net 4.0.3.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\jusqu'en.2041.Par.LE.GAU.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Katakana 1.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\kmAnywhere 2005 Pro 2005 build 060901.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\KUpTime 1.0.9.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\ListShares 1.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Locate Address in Israel 0.11.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Lockspam for Outlook 3.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Magic CHM Merge Home Edition 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Manual 30 Doctors 5 Calls Scheduler 3.33.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Mcafee.Internet.Security.Suite.2006.v8.0.113.3.no.shit.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Mcafee.Internet.Security.Suite.2006.v8.0.Fr_dreamteam.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\McAFee_Internet_Security_9_0_espaÇŸ¶ñol_2007.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Microsoft Research Search 1.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Moonlight Shadow Lake Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Movavi MP4 Video Suite 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Mp3 Tag Assistant Professional 2.91 Build 255.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\MusicRandomizer 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\NaNoWriMo Word Count 1.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\NOD32.v2.50.16.Admin.WinXP.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\NOD32_2.50.45_Standard_German_for_goldesel.6x.to_by_M0rpheuss.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\nVidia Vulcan Demo.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\OfficeHub 3.0.4.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\OsaSync Lite 8.2.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\OZItoFugawi 1.0.10.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\PageFocus Thumbnail 1.60.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Pager 0.9.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Panda_Platinum_Internet_Security_v8.03.00.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Peter Max 3.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\PhpGmailDrive 0.3.0a.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Pilgrim's theme 0.2.3.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Portabilizer 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Portable Offline Browser 5.2.2878 SR1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Psy Frame 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Quote Reader 4.0.575.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\RegSeeker 1.55.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Retouch Pilot Lite 3.0.4.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\SafeCache 0.9.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Sandtrap 1.6.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Secure Dial 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Shefinds 1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Simnor System Control 2007.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Site MonNak 2006 1.0.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\SOFTWIN.Bitdefender.Professional.Plus.v9.0.WinALL.Incl.License.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\SSCP Free Test Exam Questions 10.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Stuart Thompson Screensaver.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Symantec.Antivirus.10.1.5.5000.Corporate.Edition.German-MooBS.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Symantec.AntiVirus.Client.Corporate.8.1_kor.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Synopsis - Visual Programming Tool 2.0.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\SysSense 1.3.7.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\t-rox Studio 1.5.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\TalkItTypeIt 1.2.7.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\The Rocking One toolbar for IE 4.5.132.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\TimeCard Calc 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Tourism Malaysia - Sport Screensaver.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\toutes.les.clǸ.pour.avast.4.6.et.4.7.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\TreePad Size 1.21.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Trouts Talking Internet Clock 2.3.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Twilight Icon Pack.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\U&I Information Management System 3.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\UnAward 3.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\WatermarkIt 1.0.1.8.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\WebCam Video Plugin for Miranda 0.0.1.8.9.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Website Mentor 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Wel! QickLaunch 1.1.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\XataSoft Mail Notifier 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\XMLValidator4UE 1.0.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\YASA MP4 Video Converter 3.2.51.1827.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\Z-OpenLock 4.1 Build 07.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\ZIPCodeWorld United States Gold Edition November 2006.zip
Deleted ! - C:\Documents and Settings\nathan\Application Data\m\shared\ZoneAlarm Free 7.1.100.000.zip
Deleted ! - "C:\Documents and Settings\nathan\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\nathan\Application Data\m"
Deleted ! - "C:\Documents and Settings\nathan\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\nathan\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\nathan\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\nathan\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\nathan\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\nathan\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\nathan\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\nathan\Local Settings\Temporary Internet Files\Content.IE5\8BTLB79U\mxd[1].jpg
Deleted ! - C:\Documents and Settings\nathan\Local Settings\Temporary Internet Files\Content.IE5\E512NQ94\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\nathan\Local Settings\Temporary Internet Files\Content.IE5\FF5BVH8S\b64[1].jpg
Deleted ! - C:\Documents and Settings\nathan\Local Settings\Temporary Internet Files\Content.IE5\G1CMNS1R\servernames[1].htm
Deleted ! - C:\Documents and Settings\nathan\Local Settings\Temporary Internet Files\Content.IE5\WVKFEJE5\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\nathan\Local Settings\Temporary Internet Files\Content.IE5\XCUVUK4M\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\nathan\Local Settings\Temporary Internet Files\Content.IE5\ZDBZLT2H\file[1].txt

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1547161642-823518204-682003330-1011\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
0f9eeeada1694dde3b1817e2833e1a22 C:\Documents and Settings\nathan\Application Data\drivers\winupgro.exe

Suspect ! - 0f9eeeada1694dde3b1817e2833e1a22 C:\Program Files\MSN Messenger\msnmsgr.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r00
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r01
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r02
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r03
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r04
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r05
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r06
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r07
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r08
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r09
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.r10
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.rar
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK\fm2009-crack&patch.sfv

---------------- ! End of report ! ------------------
0
Réponse 16 / 44
Utilisateur anonyme
 
ok

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009

:commands
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 17 / 44
toto09 Messages postés 18 Statut Membre
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\MSN Messenger\msnmsgr.exe moved successfully.
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009\CRACK moved successfully.
C:\Documents and Settings\nathan\Bureau\FOOTBALL_MANAGER_2009 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\nathan\LOCALS~1\Temp\etilqs_dd6eHTyBzSipr6zNOO5m scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2b8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\vmware-vmount.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01152009_225455

Files moved on Reboot...
File C:\DOCUME~1\nathan\LOCALS~1\Temp\etilqs_dd6eHTyBzSipr6zNOO5m not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_2b8.dat moved successfully.
C:\WINDOWS\temp\vmware-vmount.log moved successfully.
C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\6bh4wyqx.default\XUL.mfl moved successfully.
0
Réponse 18 / 44
Utilisateur anonyme
 
ok réinstal msn

et ton antivirus , je te conseil celui ci :

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->Antivir le telecharger

-> http://www.commentcamarche.net/telecharger/telecharger 55 antivir

tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

ensuite désinstal findykill (option3)

et : ::

élécharge HijackThis (outils de diagnostic) ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> http://static.commentcamarche.net/www.commentcamarche.net/download/fichiers/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
0
Réponse 19 / 44
toto09 Messages postés 18 Statut Membre
 
en attendant, j'aimerai me pemcher un peu plus sur l'"univers" informatique afin d'éviter de renouveler ce genre de mésaventure mais cet "univers" est tellement vaste que je ne sais pas trop par ou commencer. jai trouver un site "le journal du geek" qui explique bcp de chose mais jai des grosses lacunes au niveau du vocabulaire comme vous pouvez vous en douter. vous ne savez pas par où je pourrai commencer pour etre un peu plus caller ?? genre trainer sur des forums, ou des sites qui me permettrai daméliorer un tant soi peu mes piètre connaissance en la matière ??
0
Réponse 20 / 44
toto09 Messages postés 18 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34:49, on 15/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\nathan\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\nathan\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: FireDaemon Service: jfwproxy (jfwproxy) - Sublime Solutions Pty Ltd - C:\Program Files\FireDaemon\FireDaemon.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: MySql - Unknown owner - C:/mysql44/bin/mysqld-nt.exe
O23 - Service: MySQL5 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: Privoxy (privoxy) (privoxy) - Unknown owner - "C:\Program Files\Privoxy\privoxy.exe" (file missing)
O23 - Service: Privoxy Internet Proxy - The Privoxy team - www.privoxy.org - C:\Program Files\Privoxy\privoxy.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses