exe n'est pas une application win32 Résolu

Question

Bonjour,
je n'arrive pas à lancer antivir le fenetre apparrait (exe  n'est pas une application win32)
pouvez vous  m'aider svp ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:44, on 16/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32
vsvc32.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\PROGRA~1\JAVA\JRE16~1.0_0\bin\java.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin	bmux32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\GWDUS3WB\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT78\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5\MediaDetector.exe"
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Automatic selection of topic template - C:\Program Files\PRMT78\PRMTIE\aot.htm
O8 - Extra context menu item: Customize translation options - C:\Program Files\PRMT78\PRMTIE\options.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Search the Web - C:\Program Files\PRMT78\PRMTIE\search.htm
O8 - Extra context menu item: Translate - C:\Program Files\PRMT78\PRMTIE	ranslat.htm
O8 - Extra context menu item: Translate page - C:\Program Files\PRMT78\PRMTIE\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:  
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service d'assistance Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\BHROOT\BIN\monitor.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell - C:\BHROOT\BIN\DBMANG.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\BHROOT\BIN\PORTMAP.EXE
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe
O23 - Service: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe

bluesky67 · Accepted Answer

j'ai installé votre nouvelle version de findykill et fait un scan

----------------- FindyKill V4.713 ------------------

* User : ERIC - ERIC-F9BB705F64
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/01/09 par Chiquitine29
* Recherche effectuée à 12:31:56 le 17/01/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\PROGRA~1\JAVA\JRE16~1.0_0\bin\java.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin\tbmux32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

»»»» Presence des fichiers dans C:\WINDOWS\system32

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\ERIC\Application Data

Found ! [16/01/2009 01:34] - "C:\Documents and Settings\ERIC\Application Data\drivers"
Found ! [16/01/2009 00:41] - "C:\Documents and Settings\ERIC\Application Data\drivers\wfsintwq.sys"

»»»» Presence des fichiers dans C:\DOCUME~1\ERIC\LOCALS~1\Temp

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
DAEMON Tools="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Packard Bell Software Suite=C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HPDJ Taskbar Utility=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
SoundMan=SOUNDMAN.EXE
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
WatchDog=C:\Program Files\mobile PhoneTools\WatchDog.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
ORAHSSSessionManager=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\AOLReger]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\CFP_Setup_3.0.13.268_XP_Vista_x32]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Comodo_firewall_setup_x32]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\CPFFileSubmission]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Données du véhicule]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\EDLauncher]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hphupd05]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Jerrycan 7.0 Key]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Jerrycan_6.28]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NMBgMonitor]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\playplus]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Procédure de contrôle]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Registrar]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Security Access]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Service Information]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Système de programmation d'entretien]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Techline Print]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Transfert logiciel]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Transfert/Lecture d'instantané]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\vscap]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Wcescomm]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Wiring Diagram Application]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-776561741-573735546-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

InfernO.vir · Answer

Bonjour,

Tu es infecté par Bagle !



Telecharge FindyKill sur ton Bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisis l'option 1 (Recherche)

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque


Reposte un rapport hijackthis apres stp.

bluesky67 · Answer

----------------- FindyKill V4.095 ------------------

* User : ERIC - ERIC-F9BB705F64
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Recherche effectuée à 16:50:28 le 16/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
((((((((((((((((( *** Recherche *** ))))))))))))))))))  
 
 
--------------- [ Processus actifs ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\WINDOWS\ATKKBService.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32
vsvc32.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\PROGRA~1\JAVA\JRE16~1.0_0\bin\java.exe
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin	bmux32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
 
--------------- [ Fichiers/Dossiers infectieux ] ----------------  
 
 
»»»» Presence des fichiers dans C: 
 
 
»»»» Presence des fichiers dans C:\WINDOWS 
 
 
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch 
 
Present ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf 
 
»»»» Presence des fichiers dans C:\WINDOWS\system32 
 
 
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers 
 
 
»»»» Presence des fichiers dans C:\Documents and Settings\ERIC\Application Data 
 
Présent ! [16/01/2009 01:56] - "C:\Documents and Settings\ERIC\Application Data\m\list.oct" 
Présent ! [16/01/2009 01:56] - "C:\Documents and Settings\ERIC\Application Data\m\data.oct" 
Présent ! [16/01/2009 01:56] - "C:\Documents and Settings\ERIC\Application Data\m\srvlist.oct" 
Présent ! [16/01/2009 01:57] - "C:\Documents and Settings\ERIC\Application Data\m\shared" 
Présent ! [16/01/2009 11:12] - "C:\Documents and Settings\ERIC\Application Data\m" 
 
»»»» Presence des fichiers dans C:\DOCUME~1\ERIC\LOCALS~1\Temp 
 
 
--------------- [ Registre / Startup ] ----------------  
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    NvCplDaemon	REG_SZ	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz	REG_SZ	nwiz.exe /install
    NvMediaCenter	REG_SZ	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    HPDJ Taskbar Utility	REG_SZ	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    SoundMan	REG_SZ	SOUNDMAN.EXE
    NeroFilterCheck	REG_SZ	C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    SunJavaUpdateSched	REG_SZ	"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    WatchDog	REG_SZ	C:\Program Files\mobile PhoneTools\WatchDog.exe
    Adobe Reader Speed Launcher	REG_SZ	"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    ORAHSSSessionManager	REG_SZ	C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    avgnt	REG_SZ	"C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    DAEMON Tools	REG_SZ	"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    BlazeServoTool	REG_SZ	"C:\Program Files\BlazeVideo\BlazeDTV 2.5\MediaDetector.exe"
    Packard Bell Software Suite	REG_SZ	C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
 
--------------- [ Registre / Clés infectieuses ] ----------------  
 
 
Présent ! - HKEY_USERS\S-1-5-21-776561741-573735546-725345543-1004\Software\MuleAppData 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA 
 
--------------- [ Etat / Services ] ---------------- 
 


+- Services : [ Auto=2 Demande=3 Désactivé=4 ]

 /!\ Ndisuio - Type de démarrage = 4 
 
 EapHost - Type de démarrage = 2 
 
 /!\ Ip6Fw - Type de démarrage = 4 
 
 SharedAccess - Type de démarrage = 2 
 
 wuauserv - Type de démarrage = 2 
 
 wscsvc - Type de démarrage = 2 
 
 
 
--------------- [ Recherche dans supports amovibles] ----------------  
 
 
+- Informations : 

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

 
+- presence des fichiers :  

 
 
--------------- [ Registre / Moutpoint2 ] ----------------  
 
 
 -> Recherche négative. 
 
 
------------------- ! Fin du rapport ! --------------------

bluesky67 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:16, on 16/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\WINDOWS\ATKKBService.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32
vsvc32.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\PROGRA~1\JAVA\JRE16~1.0_0\bin\java.exe
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin	bmux32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\GWDUS3WB\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT78\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5\MediaDetector.exe"
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Automatic selection of topic template - C:\Program Files\PRMT78\PRMTIE\aot.htm
O8 - Extra context menu item: Customize translation options - C:\Program Files\PRMT78\PRMTIE\options.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Search the Web - C:\Program Files\PRMT78\PRMTIE\search.htm
O8 - Extra context menu item: Translate - C:\Program Files\PRMT78\PRMTIE	ranslat.htm
O8 - Extra context menu item: Translate page - C:\Program Files\PRMT78\PRMTIE\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:  
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service d'assistance Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\BHROOT\BIN\monitor.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell - C:\BHROOT\BIN\DBMANG.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\BHROOT\BIN\PORTMAP.EXE
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe
O23 - Service: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe

InfernO.vir · Answer

Ok,

Relance findykil option 2  et poste le rapport.

bluesky67 · Answer

----------------- FindyKill V4.095 ------------------

* User : ERIC - ERIC-F9BB705F64
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Suppression effectuée à 17:01:36 le 16/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
 
((((((((((((((( *** Suppression *** ))))))))))))))))))  
 
 
--------------- [ Processus actifs ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
 
--------------- [ Fichiers/Dossiers infectieux ] ----------------  
 
 
»»»» Suppression des fichiers dans C: 
 
 
»»»» Suppression des fichiers dans C:\WINDOWS 
 
 
»»»» Suppression des fichiers dans C:\WINDOWS\Prefetch 
 
Supprimé ! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf 
Supprimé ! - C:\WINDOWS\Prefetch\TBKERN32.EXE-2E0F4702.pf 
Supprimé ! - C:\WINDOWS\Prefetch\WINTEMS.EXE-26D98C75.pf 
Supprimé ! - C:\WINDOWS\Prefetch\MDELK.EXE-238AA5EF.pf 
 
»»»» Suppression des fichiers dans C:\WINDOWS\system32 
 
 
»»»» Suppression des fichiers dans C:\WINDOWS\system32\drivers 
 
Supprimé ! - C:\WINDOWS\system32\drivers\srosa.sys  
 
»»»» Suppression des fichiers dans C:\Documents and Settings\ERIC\Application Data 
 
Supprimé ! - "C:\Documents and Settings\ERIC\Application Data\m\list.oct"  
Supprimé ! - "C:\Documents and Settings\ERIC\Application Data\m\data.oct"  
Supprimé ! - "C:\Documents and Settings\ERIC\Application Data\m\srvlist.oct"  
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\1Y0-962 Downloadable Exam Simulator 2.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\3D Matrix Screensaver 1.4.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Activation.McAfee.Internet.Security.2006.+.Cracks.&.Super.Infos.2006.fr.updated-fixed.05-2006.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Adam DesAutels YouTube Search 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Adsense Status 1.1.0.5 Beta.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Advanced Cookie Manager 2.31.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\AES Free 2.7.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\African Animals 1.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Air Cleaners Screensaver 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Akti Album 1.2.35.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Amavisd+Mcafee sobre PostFix.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Amorphous Maze 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Anasoft Scheduler PE 2.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\AT Font Genet 2.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Audio and Video Recorder 2.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\AUTOption Graphic 8.0.0.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\BG.-.Dajana.(2006).-.Pravo.v.celta.(by.PANDA_1960).zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Bitdefender.Professional.v9.0.Build.9.Crack.-.Keygen.-.Serial.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\BlunderDelay 0.5.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Brad Pitt Screensaver.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Browser Form Filler 1.13.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Buzzamp 1.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Cache and Save 3.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Cain & Abel 4.9.25.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\CaveDB 0.28 Beta.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\CLAmp 0.0.10.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Compound File Tools 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\ContourCube VCL 3.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\CoolWatermark 1.2.0504.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Crystal Report Folio 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\CyberCrime Security Forum '08 Countdown Gadget 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\David's Image Viewer 2.2.2.17.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\DBConvert for MSSQL & MySQL 2.1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Delinkydink 1.1.6.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Dorame 0.13.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Driven.ProcessScheduler 1.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\DVD to MP3 Converter 1.00.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Encrypted Button Generator for PayPal 2.3.5.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Ewido.Networks.Ewido.Anti-Spyware.4.0.0.172.serial.keygen.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\FlashHunter 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Flashtuning Progress Bar 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Flobo CD DVD Recovery Multimedia 1.5.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\FLV to Video Converter Lite 1.30.1.13.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\FolderSlice 0.9.6.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Form 1099-MISC Miscellaneous Income 1.01.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Frutty Bar 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Gisborne Font TrueType 1.51.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\GLCD Bitmap Converter 1.6.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Google Analytics Manager 1.0.3.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\GPS Mapper 0.1.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Gravetat 0.9.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\html2fo 0.4.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\HTTP Debugger SDK 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Inbox Protector OE 2.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Internet Collection 3.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Internet Password Manager 1.0 Beta.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Irish To The max Screensaver 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\iTunes Media Keys 1.0 Alpha.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\iView Media 2.7.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Jar Explorer 2.2.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Kasperski.Antivirus.Key.2005.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Kaspersky.Anti-Virus.Personal.v6.0.0.299.TWK.(osloskop.net).zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Krenamer 1.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Legal Billing 6.0.5.4.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 German - Polish 2.3.90.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\LingvoSoft Suite 2008 English - Turkish 2.1.28.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\LingvoSoft Suite 2008 Spanish - German 2.1.28.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\London Collective 2.0.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Mail Checker 1.1.1.18.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Media Exchange 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Media Player Classic 6.4.9.1 Build 20081005.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\MelodyComposer 1.45 for Sony-Ericsson.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\MEmaster standard 3.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Milkify 0.6.229.27680.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Mindful 1.2.6.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Mk-1 Licensor 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Moot 2.3.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Multi Meter (Dual Core) 1.25.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\MultiPagez 2.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\My IPs 2.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\NameSwapper 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\NetDuster 2.3.4.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Networx 4.5.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Newest Forgotten Places 1.0.0.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Norton.Antivirus.2004.crack.e.seriale.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\OctoTools 5.3.2.36.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Panda.Platinum.Internet.Security.2005.crack[Spanish].zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Parent folder 4.5.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Password Creator 2.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Peace Pack.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\peerTranet Business 2008 3.5.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Penn State Nittany Lions 2.76.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Perfect Privacy 2.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\PitPad 3.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Radius Test 2.4.3.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Ren2Title 1.01.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\ResGrabber 1.0 Beta.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Resistor Color Coder 1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\RZ DVD COPY 3.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Scheduler 3.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\SearchTray 1.15.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\SecurityLogger 1.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Serial.Avg.7.0.290.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\SIDDecode 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Simply Mail 1.4.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\SIRIUS Internet Radio Player 2.1.1.63.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\SkinBench 0.65.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\SpaceCheck 1.3.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Speak & Mail 2000 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Splendid Butterflies Free Screensaver 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\St. Croix Live Harbor Cam 1.25.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Stalker_CommuniGate_McAfee_VirusScan_Plugin_v2.7.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\SumsWizard 1.0 build 73.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\SWF Printer Pro 1.00.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Tinnitus Masker Pro 2.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Triplehash Site2Exe 1.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Trojan Killer 1.4.0.2.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\txt2palm 1.6.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Ultra DVD Creator 2.6.1123.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\VBS Interpreter 1.0.0.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Weather Addin for Outlook 1.1.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Windows Vista NTFS Data Recovery 3.0.1.5.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\WindStation 1.0.0.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Wizardbrush 6.7.4.9e.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\XBaseCatalog Professional 1.01.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\Xotics 4.1.23.zip 
Supprimé ! - C:\Documents and Settings\ERIC\Application Data\m\shared\XproMill 2.1.6.zip 
Supprimé ! - "C:\Documents and Settings\ERIC\Application Data\m\shared"  
Supprimé ! - "C:\Documents and Settings\ERIC\Application Data\m"  
 
»»»» Suppression des fichiers dans C:\DOCUME~1\ERIC\LOCALS~1\Temp 
 
 
--------------- [ Registre / Clés infectieuses ] ---------------- 
 
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA   
 
      -> Certaines clés ont été supprimées au premier reboot ...  
 
--------------- [ Etat / Redémarage des services ] ---------------- 
 

+- Services : [ Auto=2 Demande=3 Désactivé=4 ] 

 Ndisuio - Type de démarrage = 3 
 
 EapHost - Type de démarrage = 2 
 
 Ip6Fw - Type de démarrage = 2 
 
 SharedAccess - Type de démarrage = 2 
 
 wuauserv - Type de démarrage = 2 
 
 wscsvc - Type de démarrage = 2 
 
 
---------------   [ Nettoyage des supports amovibles ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

 
+- Suppression des fichiers : 
 
 
--------------- [ Registre / Moutpoint2 ] ----------------  
 
 
 -> Recherche négative. 
 
 
--------------- [ Recherche Cracks / Keygen ] ----------------  
 
C:\Documents and Settings\ERIC\Application Data\BitTorrent\Promt.Expert.Giant.v8.0.442.Incl.KeyGen-DVT[ENGLISH].By.PaShTeX.rar.torrent
C:\Documents and Settings\ERIC\Mes documents\logiciels\(Logiciel PC + Crack) MaGic TranSlator (traducteur anglais, francais, italien, allemand).rar
 
 
---------------- ! Fin du rapport ! ------------------

niuaduab · Answer

Bonjour,
Je pense que j'ai le même problème.
Mon antivirus n'est plus activé (McAfee) et je ne peux plus installé aucun antivirus.
Je fais la même chose et je poste les rapports?
Merci d'avance si vous pouvez m'aider

InfernO.vir · Answer

slt niuaduab, non tu créer ton propre sujet mais tu ne poste pas sur un sujet d'un autre stp.

Poste un hijackthis bluesky stp.

bluesky67 · Answer

----------------- FindyKill V4.095 ------------------

* User : ERIC - ERIC-F9BB705F64
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Suppression effectuée à 17:16:03 le 16/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
 
((((((((((((((( *** Suppression *** ))))))))))))))))))  
 
 
--------------- [ Processus actifs ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
 
--------------- [ Fichiers/Dossiers infectieux ] ----------------  
 
 
»»»» Suppression des fichiers dans C: 
 
 
»»»» Suppression des fichiers dans C:\WINDOWS 
 
 
»»»» Suppression des fichiers dans C:\WINDOWS\Prefetch 
 
Supprimé ! - C:\WINDOWS\Prefetch\TBKERN32.EXE-2E0F4702.pf 
Supprimé ! - C:\WINDOWS\Prefetch\WINTEMS.EXE-26D98C75.pf 
 
»»»» Suppression des fichiers dans C:\WINDOWS\system32 
 
 
»»»» Suppression des fichiers dans C:\WINDOWS\system32\drivers 
 
Supprimé ! - C:\WINDOWS\system32\drivers\srosa.sys  
 
»»»» Suppression des fichiers dans C:\Documents and Settings\ERIC\Application Data 
 
 
»»»» Suppression des fichiers dans C:\DOCUME~1\ERIC\LOCALS~1\Temp 
 
 
--------------- [ Registre / Clés infectieuses ] ---------------- 
 
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA   
 
      -> Certaines clés ont été supprimées au premier reboot ...  
 
--------------- [ Etat / Redémarage des services ] ---------------- 
 

+- Services : [ Auto=2 Demande=3 Désactivé=4 ] 

 Ndisuio - Type de démarrage = 3 
 
 EapHost - Type de démarrage = 2 
 
 Ip6Fw - Type de démarrage = 2 
 
 SharedAccess - Type de démarrage = 2 
 
 wuauserv - Type de démarrage = 2 
 
 wscsvc - Type de démarrage = 2 
 
 
---------------   [ Nettoyage des supports amovibles ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

 
+- Suppression des fichiers : 
 
 
--------------- [ Registre / Moutpoint2 ] ----------------  
 
 
 -> Recherche négative. 
 
 
--------------- [ Recherche Cracks / Keygen ] ----------------  
 
C:\Documents and Settings\ERIC\Application Data\BitTorrent\Promt.Expert.Giant.v8.0.442.Incl.KeyGen-DVT[ENGLISH].By.PaShTeX.rar.torrent
C:\Documents and Settings\ERIC\Mes documents\logiciels\(Logiciel PC + Crack) MaGic TranSlator (traducteur anglais, francais, italien, allemand).rar
 
 
---------------- ! Fin du rapport ! ------------------

bluesky67 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:59, on 16/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\ATKKBService.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32
vsvc32.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\JAVA\JRE16~1.0_0\bin\java.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin	bmux32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\4FCZGP1W\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT78\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5\MediaDetector.exe"
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Automatic selection of topic template - C:\Program Files\PRMT78\PRMTIE\aot.htm
O8 - Extra context menu item: Customize translation options - C:\Program Files\PRMT78\PRMTIE\options.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Search the Web - C:\Program Files\PRMT78\PRMTIE\search.htm
O8 - Extra context menu item: Translate - C:\Program Files\PRMT78\PRMTIE	ranslat.htm
O8 - Extra context menu item: Translate page - C:\Program Files\PRMT78\PRMTIE\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:  
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service d'assistance Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\BHROOT\BIN\monitor.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell - C:\BHROOT\BIN\DBMANG.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\BHROOT\BIN\PORTMAP.EXE
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe
O23 - Service: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe

InfernO.vir · Answer

Comment va le pc ?


-Télécharge Combofix de sUBs

-Enregistre-le impérativement sur ton bureau

-Déconnecte-toi du net et désactive ton antivirus (juste le temps de la procédur]).

-Ferme toutes les fenêtres.

-Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre).

-Appuie sur Y pour lancer le scan.

-A la fin du scan (cela peut prendre du temps), un rapport sera créé.

-Poste ce rapport dans ton / tes prochain(s) message(s).

bluesky67 · Answer

ComboFix 09-01-13.04 - ERIC 2009-01-16 17:51:02.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.580 [GMT 1:00]
Lancé depuis: c:\documents and settings\ERIC\Bureau\TRISTAN.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-16 au 2009-01-16 ))))))))))))))))))))))))))))))))))))
.

2009-01-16 11:34 . 2009-01-16 11:34 <REP> d-------- c:\program files\AntiVir PersonalEdition Premium
2009-01-16 11:34 . 2009-01-16 11:34 <REP> d-------- c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Premium
2009-01-16 10:51 . 2009-01-16 10:51 <REP> d-------- c:\program files\Avira
2009-01-16 02:09 . 2009-01-16 11:34 108,330 --a------ c:\documents and settings\All Users\Application Data\firstlsp.reg.dat
2009-01-15 23:28 . 2009-01-16 01:34 <REP> d--h----- c:\documents and settings\ERIC\Application Data\drivers
2009-01-15 22:35 . 2009-01-15 22:35 <REP> d-------- c:\program files\Western Railway 3D Screensaver
2009-01-15 22:35 . 2008-10-09 13:07 31,456,256 --a------ c:\windows\system32\Western Railway 3D Screensaver.exe
2009-01-15 22:35 . 2008-10-09 13:07 856,064 --a------ c:\windows\system32\Western_Railway_3D_Screensaver.scr
2009-01-15 22:31 . 2009-01-15 22:31 <REP> d-------- c:\program files\Deep Space 3D Screensaver
2009-01-15 22:31 . 2008-10-09 13:04 12,268,544 --a------ c:\windows\system32\Deep Space 3D Screensaver.exe
2009-01-15 22:31 . 2008-10-09 13:04 843,264 --a------ c:\windows\system32\Deep_Space_3D_Screensaver.scr
2009-01-15 22:27 . 2008-10-09 12:44 13,419,520 --a------ c:\windows\system32\Earth 3D Screensaver.exe
2009-01-15 22:27 . 2008-10-09 12:44 855,040 --a------ c:\windows\system32\Earth_3D_Screensaver.scr
2009-01-15 22:24 . 2009-01-15 22:24 <REP> d-------- c:\program files\The Lost Watch 3D Screensaver
2009-01-15 22:22 . 2009-01-15 22:22 <REP> d-------- c:\program files\Fantasy Moon 3D Screensaver
2009-01-15 22:14 . 2009-01-15 22:14 <REP> d-------- c:\program files\Discovery 3D Screensaver
2009-01-13 19:55 . 2009-01-16 02:05 <REP> d-------- c:\program files\Calendrier Automatique
2009-01-13 19:30 . 2009-01-14 15:29 <REP> d-------- c:\program files\Kalender
2009-01-13 19:30 . 2009-01-13 19:36 <REP> d-------- c:\documents and settings\ERIC\Application Data\UK's Kalender
2009-01-13 15:11 . 2009-01-13 15:11 <REP> d-------- c:\program files\Packard Bell External HDD
2009-01-13 15:11 . 2009-01-13 15:11 <REP> d-------- c:\program files\Packard Bell
2009-01-02 12:54 . 2009-01-02 12:54 <REP> d-------- c:\program files\Securitoo
2009-01-02 12:53 . 2006-03-01 18:53 94,208 --a------ c:\windows\system32\w32n50.dll
2009-01-02 12:53 . 2007-12-11 20:22 65,536 --a------ c:\windows\system32\Autodial2000.dll
2009-01-02 12:53 . 2003-09-23 10:38 34,688 --a------ c:\windows\system32\pcampr5.sys
2009-01-02 12:53 . 2006-03-01 18:53 32,128 --a------ c:\windows\system32\pcandis5.sys
2009-01-02 12:52 . 2009-01-02 13:03 <REP> d-------- c:\program files\OrangeHSS
2009-01-02 12:51 . 2009-01-02 12:51 <REP> d-------- c:\program files\Fichiers communs\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 16:20 --------- d-----w c:\program files\FindyKill
2009-01-16 16:10 --------- d-----w c:\program files\eMule
2009-01-16 10:33 --------- d-----w c:\program files\Kaspersky Lab
2009-01-16 10:33 --------- d-----w c:\program files\Fichiers communs\Kaspersky Lab
2009-01-16 09:51 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-01-16 00:29 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-15 21:27 --------- d-----w c:\program files\Earth 3D Screensaver
2009-01-15 21:27 --------- d-----w c:\program files\3Planesoft Screensaver Manager
2009-01-14 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 17:49 --------- d-----w c:\documents and settings\ERIC\Application Data\BitTorrent
2009-01-09 22:50 --------- d-----w c:\documents and settings\All Users\Application Data\BlazeVideo
2009-01-09 22:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 19:57 --------- d-----w c:\program files\BlazeVideo
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-01 00:30 --------- d-----w c:\program files\Acoustica CD Label Maker
2008-12-01 00:29 --------- d-----w c:\documents and settings\ERIC\Application Data\Acoustica
2008-11-26 22:18 --------- d-----w c:\program files\Windows Live
2008-11-26 22:15 --------- d-----w c:\program files\ClickToConvert
2008-11-25 23:28 --------- d-----w c:\program files\Maïdo Production
2008-11-24 20:49 --------- d-----w c:\program files\PhotoFiltre
2008-11-23 01:33 --------- d-----w c:\program files\BitTorrent Fastest Tool
2008-11-20 12:25 --------- d-----w c:\program files\ImageConverter Plus
2008-11-19 12:21 --------- d-----w c:\program files\Magic Picture Converter
2008-11-19 12:20 --------- d-----w c:\program files\Devious Codeworks
2008-11-19 12:15 --------- d-----w c:\program files\IrfanView
2008-11-16 23:11 --------- d-----w c:\documents and settings\ERIC\Application Data\PROject MT
2008-11-16 23:03 --------- d-----w c:\program files\PRMT78
2008-11-16 23:03 --------- d-----w c:\program files\Fichiers communs\PROject MT
2008-11-16 23:03 --------- d-----w c:\documents and settings\All Users\Application Data\PROject MT
2008-11-16 23:00 --------- d-----w c:\program files\Macromedia
2008-11-16 23:00 --------- d-----w c:\program files\Fichiers communs\Macromedia
2008-11-16 22:57 --------- d-----w c:\program files\Auction Sentry
2008-11-16 22:22 --------- d-----w c:\documents and settings\ERIC\Application Data\Uniblue
2008-10-28 15:46 49,152 ----a-r c:\windows\system32\inetwh32.dll
2008-10-28 15:46 1,044,480 ----a-r c:\windows\system32\roboex32.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-06-15 09:38 92,064 ----a-w c:\documents and settings\ERIC\mqdmmdm.sys
2008-06-15 09:38 9,232 ----a-w c:\documents and settings\ERIC\mqdmmdfl.sys
2008-06-15 09:38 79,328 ----a-w c:\documents and settings\ERIC\mqdmserd.sys
2008-06-15 09:38 66,656 ----a-w c:\documents and settings\ERIC\mqdmbus.sys
2008-06-15 09:38 6,208 ----a-w c:\documents and settings\ERIC\mqdmcmnt.sys
2008-06-15 09:38 5,936 ----a-w c:\documents and settings\ERIC\mqdmwhnt.sys
2008-06-15 09:38 4,048 ----a-w c:\documents and settings\ERIC\mqdmcr.sys
2008-06-15 09:38 25,600 ----a-w c:\documents and settings\ERIC\usbsermptxp.sys
2008-06-15 09:38 22,768 ----a-w c:\documents and settings\ERIC\usbsermpt.sys
2007-10-23 21:44 19,864 ----a-w c:\documents and settings\ERIC\Application Data\GDIPFONTCACHEV1.DAT
2008-09-26 20:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092620080927\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-16_ 1.41.14.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-02 14:34:58 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2008-06-27 14:03:52 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"Packard Bell Software Suite"="c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-06-27 1934656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WatchDog"="c:\program files\mobile PhoneTools\WatchDog.exe" [2009-01-16 36864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248]
"avgnt"="c:\program files\AntiVir PersonalEdition Premium\avgnt.exe" [2009-01-16 229416]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\TrackMaker\\trackmaker.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Documents and Settings\\ERIC\\Local Settings\\Temporary Internet Files\\Content.IE5\\21SO1A1K\\magentic_install[1].exe"=
"c:\\Documents and Settings\\ERIC\\Local Settings\\Temporary Internet Files\\Content.IE5\\21SO1A1K\\magentic_install[1].exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2009-01-16 22336]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-01-16 45376]
R4 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [2008-09-14 165376]
R4 pqeauto.database.dbmonitor.GMG;pqeauto.database.dbmonitor.GMG;c:\program files\BHPS\Gmg\bin\DBMonService.exe -sn"pqeauto.database.dbmonitor.GMG" -f"c:\program files\BHPS\Gmg\bin\DBMonitorCmds.ini" --> c:\program files\BHPS\Gmg\bin\DBMonService.exe -snpqeauto.database.dbmonitor.GMG [?]
R4 pqeauto.energy.mappermonitor;pqeauto.energy.mappermonitor;c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -sn"pqeauto.energy.mappermonitor" -f"c:\program files\BHPS\Pmap1\bin\MapperMonitorCmds.ini" --> c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -snpqeauto.energy.mappermonitor [?]
R4 pqeauto.engine.tomcatmonitor.GMG;pqeauto.engine.tomcatmonitor.GMG;c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -sn"pqeauto.engine.tomcatmonitor.GMG" --> c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -snpqeauto.engine.tomcatmonitor.GMG [?]
S3 CE9500;CE9500.Sys (Enh) driver;c:\windows\system32\drivers\ce9500enh.sys [2008-04-30 172672]
S3 FTD2XX;OPCOMUSB.SYS OP-COM USB device driver;c:\windows\system32\drivers\OPCOMUSB.sys [2008-10-29 34639]
S3 MBAMCatchMe;MBAMCatchMe;c:\windows\system32\drivers\mbamcatchme.sys [2008-05-27 27048]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-03-31 42112]
S4 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-01-16 164097]
S4 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-01-16 258305]
S4 AVEService;Service d'assistance Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-01-16 41217]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TIS 2000 Apache Web Server
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contenu du dossier 'Tâches planifiées'

2009-01-16 c:\windows\Tasks\User_Feed_Synchronization-{7BB38C85-D383-4014-880D-23749B21DB21}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 2.5\MediaDetector.exe

.
------- Examen supplémentaire -------
.
uStart Page = www.orange.fr
mStart Page = hxxp://www.01net.com/telecharger/
IE: Automatic selection of topic template - c:\program files\PRMT78\PRMTIE\aot.htm
IE: Customize translation options - c:\program files\PRMT78\PRMTIE\options.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Search the Web - c:\program files\PRMT78\PRMTIE\search.htm
IE: Translate - c:\program files\PRMT78\PRMTIE\translat.htm
IE: Translate page - c:\program files\PRMT78\PRMTIE\page.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PRMT78\PRMTIE\prmtie5.htm
IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PRMT78\PRMTIE\options.htm
LSP: avsda.dll
Trusted Zone: *.mappy.com
Trusted Zone: *.orange.fr
Trusted Zone: rw.search.ke.voila.fr
Trusted Zone: orange.weborama.fr

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_12.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 17:57:39
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\documents and settings\ERIC\Application Data\drivers\wfsintwq.sys 121548 bytes executable
c:\documents and settings\ERIC\Application Data\Symantec\Shared
c:\documents and settings\ERIC\Application Data\Symantec\Shared\MyProfile.UserProfile 1023 bytes
c:\documents and settings\ERIC\Application Data\Symantec\Shared\Sessions
c:\documents and settings\ERIC\Application Data\Symantec\Shared\Sessions\20071001214816468.liveReg 13257 bytes

Scan terminé avec succès
Fichiers cachés: 5

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="c:\\Documents and Settings\\ERIC\\Application Data\\drivers\\winupgro.exe"
"german.exe"="c:\\WINDOWS\\system32\\wintems.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]
"ImagePath"="\??\c:\documents and settings\ERIC\Application Data\drivers\wfsintwq.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-776561741-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*Ç*%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\avsda.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\ATKKBService.exe
c:\bhroot\BIN\NT611SVC.EXE
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
c:\program files\LEC\LogoMedia TranslateDotNet Server.exe
c:\windows\system32\nvsvc32.exe
c:\bhroot\BIN\PORTMAP.EXE
c:\program files\BHPS\Pmap1\bin\MapperMonService.exe
c:\program files\BHPS\JRE142\bin\javaw.exe
c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\progra~1\cosids\APACHE~1\Apache\ApchT2kW.exe
c:\progra~1\cosids\APACHE~1\Apache\ApchT2kW.exe
c:\bhroot\BIN\DBMANG.EXE
c:\program files\BHPS\Gmg\bin\DBMonService.exe
c:\program files\BHPS\Gmg\bin\TomcatMonService.exe
c:\program files\Java\jre1.6.0_07\bin\java.exe
c:\program files\BHPS\Gmg\bin\tbmux32.exe
.
**************************************************************************
.
Heure de fin: 2009-01-16 18:05:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-16 17:05:14
ComboFix2.txt 2009-01-16 00:48:49

Avant-CF: 12 111 904 768 octets libres
Après-CF: 12,095,606,784 octets libres

266 --- E O F --- 2009-01-14 18:01:25

InfernO.vir · Answer

1) Imprime ces instructions ou sauvegarde les sur ton Bureau car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain teps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche. 
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Ferme le bloc-note. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

bluesky67 · Answer

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 791

Type de recherche: Examen rapide
Eléments examinés: 36605
Temps écoulé: 4 minute(s), 20 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

InfernO.vir · Answer

Poste un rapport hijackthis !


Comment va ton pc ?

bluesky67 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:12, on 16/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32
vsvc32.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\PROGRA~1\JAVA\JRE16~1.0_0\bin\java.exe
C:\Program Files\BHPS\Gmg\bin	bmux32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\4FCZGP1W\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT78\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Automatic selection of topic template - C:\Program Files\PRMT78\PRMTIE\aot.htm
O8 - Extra context menu item: Customize translation options - C:\Program Files\PRMT78\PRMTIE\options.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Search the Web - C:\Program Files\PRMT78\PRMTIE\search.htm
O8 - Extra context menu item: Translate - C:\Program Files\PRMT78\PRMTIE	ranslat.htm
O8 - Extra context menu item: Translate page - C:\Program Files\PRMT78\PRMTIE\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:  
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service d'assistance Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\BHROOT\BIN\monitor.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell - C:\BHROOT\BIN\DBMANG.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\BHROOT\BIN\PORTMAP.EXE
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe
O23 - Service: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe

bluesky67 · Answer

avez vous encore une solution au problème ?

InfernO.vir · Answer

Faudrait peut-etre me repondre ca fait 3 fois que je demande comment va le pc ??

télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau 

dézippe le dossier, double-clique sur GenProc.bat 
et poste le contenu du rapport qui s'ouvre 

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

InfernO.vir · Answer

Slt Afideg :)

J'attends son rapport et je lui fait faire :)

InfernO.vir · Answer

Slt moé, la flemme de te logguer ? :)

bluesky67 · Answer

Rapport GenProc 2.333 [1] - 16/01/2009 - Windows XP 
 
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. C'est tout. 


# Etape 1/ Télécharge :
 
- FindyKill http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe (Chiquitine29) sur le Bureau.


Note importante : l'infection bagle s'installant au moyen d'un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

# Etape 2/ 

 Lance l'installation avec les paramètres par défaut
- Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu'Administrateur)
- Au menu principal, sélectionne l'option 1 (Recherche)
- Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt )
Avant de faire quoi que ce soit d'autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l'avis d'un spécialiste.Après confirmation par un intervenant qualifié du forum, passe au nettoyage 

# Etape 3/ 

 Branche toutes tes sources de données externes au PC (clés USB, disques durs externes, lecteurs mp3, iPod...) sans les ouvrir- Relance FindyKill,
- Cette fois, sélectionne l'option 2 (Suppression) au menu principal.
- Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "Nettoyage effectué !" 
- Ensuite poste le rapport C:\FindyKill.txt

InfernO.vir · Answer

Fait ce qu'il y a de marqué stp et poste les rapport.

InfernO.vir · Answer

Vire tous tes cracks sinon l'infection se regenerera !!

Utilisateur anonyme · Answer

re ,

non pas mis a jours , c est en cours 

bonne soirée

Utilisateur anonyme · Answer

OK Merci ,

je vais rectifier ça 

c partit pour les tests wfsintwq.sys -;)

@+

Utilisateur anonyme · Answer

re,

un test rapide en plus et je upload 

bonne nuit Olivier

----------------- FindyKill V4.713 ------------------

* User : Cedric - PC-DE-CEDRIC
* executed from : C:\Program Files\FindyKill
* Update on 17/01/09 par Chiquitine29
* Start at  0:16:42 the 17/01/2009
* Windows Vista - Internet Explorer 7.0.6000.16764
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in C: 
 
 
»»»» Supression files in C:\Windows 
 
 
»»»» Supression files in C:\Windows\Prefetch 
 
Deleted ! - C:\Windows\prefetch\2526982.EXE-B9509BD0.pf 
Deleted ! - C:\Windows\prefetch\KEY_GENERATOR.EXE-20C0E23C.pf 
Deleted ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf 
Deleted ! - C:\Windows\prefetch\WINTEMS.EXE-85AF748B.pf 
Deleted ! - C:\Windows\prefetch\WINUPGRO.EXE-FDBEDA71.pf 
 
»»»» Supression files in C:\Windows\system32 
 
Deleted ! - C:\Windows\system32\mdelk.exe  
Deleted ! - C:\Windows\system32\wintems.exe  
Deleted ! - C:\Windows\system32\ban_list.txt  
 
»»»» Supression files in C:\Windows\system32\drivers 
 
 
»»»» Supression files in C:\Users\Cedric\AppData\Roaming 
 
Deleted ! - "C:\Users\Cedric\AppData\Roaming\m\flec006.exe"  
Deleted ! - "C:\Users\Cedric\AppData\Roaming\m\list.oct"  
Deleted ! - "C:\Users\Cedric\AppData\Roaming\m\data.oct"  
Deleted ! - "C:\Users\Cedric\AppData\Roaming\m\srvlist.oct"  
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Abcc Free MPEG4 MP4 Video Converter 3.2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Acoo Browser 1.91 Build 814.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Active Link Exchange 1.39.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Adulthelp 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Advanced PDF Generator 1.1.4.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Advanced search Vista Gadget 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Agent Smith 1.3.2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Alive DVD Ripper 3.0.1.8.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\AnyUnit 1.2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\AOL Instant Messenger (AIM) 5.9.6089.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Audio X Converter 2.20.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Australia and New Zealand 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Avast 4.7 Professional + keygen.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\avast.ita.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Avatar Sathya Sai Baba Slideshow 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Avg.Anti.Virus.V7.0.143.Keymaker-Core.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Backup Plus DVD Edition 1.1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\BetaSys Data Extractor 0.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Blaze Audio Voice Cloak 1.0.47.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\boson.computer.associates.tests.v4.85.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Car Screen Saver 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\CipherCoder Plus 3.201.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Convert String for C++ 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Copy Attachment To Clipboard 0.3.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\CyoRand 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\DataLinks 1.6 build 128.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Demand 2.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\DeskewHelper 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Desktop Stopper.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\DIFFstudios 1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Digital Media Converter Pro 2.31.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Directory Scope 1.5.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\dotTV 0.1 beta 2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\dvdauthor 0.6.9.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Dziobas Rar Player 0.009.37.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\EASE DVD TO MP3 Ripper 1.10.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\EmuleVista 1.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\ePassBook Password Repository 1.6.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\ExCalc 1.0.0.6.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Fasphere 1.1.2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\First Grade Words 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Fotosizer 1.19.0.293.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\French Spacing 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\FullSync 0.9.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\GPLIGC 1.5.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Hamburg cam 1.9.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Heybaby for Palm OS 2.51.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Houston TranStar Traffic 2.2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\HP0-091 Practice Exam Testing Engine Software 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\iceCDInfo 1.5.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Icy Radio 0.5.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\IDBE Ribbon Creator 1.1015.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\IMAware 1.2.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\IMterrupt Professional 2006 2.5.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Insert a Bible Verse 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Instant Eyedropper Free 1.75.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Investment Analyzer InvAn-3 2008.04.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\ISC INFOCon 1.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\JBMail 3.3 beta 2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Johannes Vermeer Screensaver 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Kaspersky.AntiVirus.Personal.5.0.388.Ita.+Key.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Kaspersky.Avp.5.0.142.Key.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Kids space screensaver 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Leros 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\LimSee3 1.0.5.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\LingvoSoft Dictionary 2006 English - Bengali 3.1.51.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\LucidScan ActiveX Component 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Lvbs X Professional 2.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Mcafee_NetShield_4.5_for_NT_WIN2k_Servers.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Movica Beta 6.6.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\MSN Display Picture Adder 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\My Ebook Library 1.02 Beta.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\My Favorite Recipes 9.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\myNewton 0.3.1.34.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\MySecurityCenter Antivirus 2006 7.1.501.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\NickGen 1.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\NOKIA-Symantec.Antivirus.for.Nokia_S60.6600-6630-6680_cracked_by_pennello.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\NotifyMe 2.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\OpenOffice Calc Password Recovery 1.0.4.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Overhead Wave Match Maker 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Panda.Antivirus.Firewall.2007.Beta.-.Valid.Crack.July.2007.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\PasteIP 1.7.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Pengsdata File Categorizer & Filter 2.40.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Pepsky iPhone Converter 4.3.6.916.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Phranc SimpleTimer 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Political one liners and Bushisms2 1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\PopUp Destroyer Pro 2.10.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Portable Taskbar++ 1.2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Pretty Schedule 1.4.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Publish Query to HTML for SQL Server Pro 1.02.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Purchase Tracker 2.0.9.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\PW0-205 - Wireless LAN Analysis Practice Test Questions 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Regular Expressions Checker 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Resizer XT 1.2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Revit Architecture 2009 Build 20080602 1900.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\RoboOrganizer 1.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Sanmaxi KeyLogger 5.0.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Scramby FunVocoder 2.0.40.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\SDT2CUE 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\SimpleDesktop 2.16.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Sitemap Writer Pro 4.3.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Sleepy Time Kitty Screensaver 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\SnipZip 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Storm Riders 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Super Sound Joiner 3.1.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Symbol Selector 2.24.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\TeeChart Pro VCL for Delphi 2005 7.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Text Capture Library 2.5.4.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Text Files to PDF Convert Software 7.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\The Lotto Experiment 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\ThumbsUp 4.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Timelapse Recorder 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Traffic Grapher 1.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Travel Dictionary Swedish Palm 2.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\U.S. Army Screensaver.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Video DeNoise for VirtualDub 2.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Vinade Reminder 2.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\WebChange 1.1.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\WinADV 2.0.25.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Word Cleaner 4.2.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\WorkManager 2.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\X10 Controller 1.0.0.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\Ximple Wine Cellar 1.08.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\ZIPCodeWorld United States Gold Multi-Country Edition November 2006.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\ZZip Utilities Plugin 0.3.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\[Nokia N70 Game - ITA] Brain Juice Energy.zip 
Deleted ! - C:\Users\Cedric\AppData\Roaming\m\shared\[PS][SLPS-03213].Yasoukyoku.2.(J).(AVG).(Victor.Interactive.Software).†Ïo‘Ÿü‘>ý.2.zip 
Deleted ! - "C:\Users\Cedric\AppData\Roaming\m\shared"  
Deleted ! - "C:\Users\Cedric\AppData\Roaming\m"  
Deleted ! - "C:\Users\Cedric\AppData\Roaming\drivers\srosa2.sys"  
Deleted ! - "C:\Users\Cedric\AppData\Roaming\drivers\wfsintwq.sys"  
Deleted ! - "C:\Users\Cedric\AppData\Roaming\drivers\winupgro.exe"  
Deleted ! - "C:\Users\Cedric\AppData\Roaming\drivers\downld"  
Deleted ! - "C:\Users\Cedric\AppData\Roaming\drivers"  
 
»»»» Supression files in C:\Users\Cedric\AppData\Local\Temp 
 
 
»»»» Supression files in C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5 
 
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\B29BBTL0\b64[1].jpg    
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\B29BBTL0\b64_2[1].jpg    
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\B29BBTL0\file[1].txt    
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\CLUTGBJD\b64_1[1].jpg    
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\S16YHKLA\b64_3[1].jpg    
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\S16YHKLA\b64_3[2].jpg    
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\S7DOW5DD\b64_1[1].jpg    
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\S7DOW5DD\b64_1[2].jpg    
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\S7DOW5DD\b64_3[1].jpg    
Deleted ! - C:\Users\Cedric\Local Settings\Temporary Internet Files\Content.IE5\S7DOW5DD\b64_3[2].jpg    
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA    
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S   
Deleted ! - HKEY_CURRENT_USER\Software\bisoft   
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4   
Deleted ! - HKEY_CURRENT_USER\Software\FirtR   
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData     
Deleted ! - HKEY_CURRENT_USER\Software\FFC    
Deleted ! - HKEY_USERS\S-1-5-21-736404550-297896800-1946505236-1000\Software\Local AppWizard-Generated Applications\key_generator   
Deleted ! - HKEY_USERS\S-1-5-21-736404550-297896800-1946505236-1000\Software\Local AppWizard-Generated Applications\winupgro   
Deleted ! - HKEY_USERS\S-1-5-21-736404550-297896800-1946505236-1000\Software\FFC   
Deleted ! - HKEY_USERS\S-1-5-21-736404550-297896800-1946505236-1000\Software\MuleAppData   
 
--------------- [ States / Restarting of services ] ---------------- 
 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

Ndisuio - Type of startup  = 3 
 
EapHost - Type of startup  = 2 
 
Wlansvc - Type of startup  = 2 
 
SharedAccess - Type of startup  = 2 
 
wuauserv - Type of startup  = 2 
 
wscsvc - Type of startup  = 2 
 
WinDefend - Type of startup  = 2 
 
-> UAC is Enable  
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixe
E: - Lecteur amovible
F: - Lecteur fixe
G: - Lecteur amovible
H: - Lecteur fixe
 
+- deleting files : 
 
Not deleted !! - C:\autorun.inf  
Not deleted !! - E:\autorun.inf  
Not deleted !! - F:\autorun.inf  
Not deleted !! - G:\autorun.inf  
Not deleted !! - H:\autorun.inf  
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
 
 -> Not found ! 
 
 
--------------- [ Searching Other Infections ] ----------------  
 
 
Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4  C:\Windows\system32\mdelk.exe 
113ac36b77630a2f67dd6cb7844406a4  C:\Windows\system32\wintems.exe 
23759c3885093ce20351c89bf7d7c792  C:\Users\Cedric\AppData\Roaming\drivers\winupgro.exe 

Suspect ! - 23759c3885093ce20351c89bf7d7c792  C:\Users\Cedric\Desktop\Sophos_Anti-Virus_v4.06_Br_(XP-2000-2003).Util.RoboCop\key_generator.exe  
 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
C:\Users\Cedric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P4QOSM2J\284751-11-fenetre-intempestive-demarage-keygen[1].htm
 
 
---------------- ! End of report ! ------------------

Utilisateur anonyme · Answer

re Olivier ,

la maj est faite 

j ai fais aussi une maj pour usbfix (pour vamsoft)

je cherche raila , je sais pas si t as ça en stock -;) si oui je prend 

@+

Utilisateur anonyme · Answer

Salut jfk

bluesky fais ceci :


Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pc-system.fr/ 
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

ensuite :

Telecharge FindyKill sur ton bureau :

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Tuto : malekal
Tuto : 01net

bluesky67 · Answer

bonjour à tous,
[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\Infosat.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\ERIC\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\ERIC\Bureau\GenProc: trouvé !
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\4FCZGP1W\hijackthis.log: trouvé !
C:\WINDOWS\Gmer.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\ERIC\Bureau\HijackThis.exe: supprimé !
C:\WINDOWS\Gmer.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Infosat.txt: supprimé !
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\4FCZGP1W\hijackthis.log: supprimé !
C:\Qoobox: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\ERIC\Bureau\GenProc: supprimé !




----------------- FindyKill V4.095 ------------------

* User : ERIC - ERIC-F9BB705F64
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Recherche effectuée à  9:14:00 le 17/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
((((((((((((((((( *** Recherche *** ))))))))))))))))))  
 
 
--------------- [ Processus actifs ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\WINDOWS\ATKKBService.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32
vsvc32.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\JAVA\JRE16~1.0_0\bin\java.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin	bmux32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
 
--------------- [ Fichiers/Dossiers infectieux ] ----------------  
 
 
»»»» Presence des fichiers dans C: 
 
 
»»»» Presence des fichiers dans C:\WINDOWS 
 
 
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch 
 
Present ! - C:\WINDOWS\prefetch\MDELK.EXE-238AA5EF.pf 
 
»»»» Presence des fichiers dans C:\WINDOWS\system32 
 
 
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers 
 
 
»»»» Presence des fichiers dans C:\Documents and Settings\ERIC\Application Data 
 
 
»»»» Presence des fichiers dans C:\DOCUME~1\ERIC\LOCALS~1\Temp 
 
 
--------------- [ Registre / Startup ] ----------------  
 

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    NvCplDaemon	REG_SZ	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz	REG_SZ	nwiz.exe /install
    NvMediaCenter	REG_SZ	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    HPDJ Taskbar Utility	REG_SZ	C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    SoundMan	REG_SZ	SOUNDMAN.EXE
    NeroFilterCheck	REG_SZ	C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    SunJavaUpdateSched	REG_SZ	"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    WatchDog	REG_SZ	C:\Program Files\mobile PhoneTools\WatchDog.exe
    Adobe Reader Speed Launcher	REG_SZ	"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    ORAHSSSessionManager	REG_SZ	C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    avgnt	REG_SZ	"C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    DAEMON Tools	REG_SZ	"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    Packard Bell Software Suite	REG_SZ	C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
 
--------------- [ Registre / Clés infectieuses ] ----------------  
 
 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA 
Présent ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA 
 
--------------- [ Etat / Services ] ---------------- 
 


+- Services : [ Auto=2 Demande=3 Désactivé=4 ]

 Ndisuio - Type de démarrage = 3 
 
 EapHost - Type de démarrage = 2 
 
 Ip6Fw - Type de démarrage = 2 
 
 SharedAccess - Type de démarrage = 2 
 
 wuauserv - Type de démarrage = 2 
 
 wscsvc - Type de démarrage = 2 
 
 
 
--------------- [ Recherche dans supports amovibles] ----------------  
 
 
+- Informations : 

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

 
+- presence des fichiers :  

 
 
--------------- [ Registre / Moutpoint2 ] ----------------  
 
 
 -> Recherche négative. 
 
 
------------------- ! Fin du rapport ! --------------------

bluesky67 · Answer

----------------- FindyKill V4.095 ------------------

* User : ERIC - ERIC-F9BB705F64
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 24/10/08 par Chiquitine29
* Suppression effectuée à  9:34:46 le 17/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
 
((((((((((((((( *** Suppression *** ))))))))))))))))))  
 
 
--------------- [ Processus actifs ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
 
--------------- [ Fichiers/Dossiers infectieux ] ----------------  
 
 
»»»» Suppression des fichiers dans C: 
 
 
»»»» Suppression des fichiers dans C:\WINDOWS 
 
 
»»»» Suppression des fichiers dans C:\WINDOWS\Prefetch 
 
Supprimé ! - C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf 
Supprimé ! - C:\WINDOWS\Prefetch\SNDREC32.EXE-309776A8.pf 
Supprimé ! - C:\WINDOWS\Prefetch\TBKERN32.EXE-2E0F4702.pf 
Supprimé ! - C:\WINDOWS\Prefetch\TOOLSCLEANER2.EXE-22161486.pf 
Supprimé ! - C:\WINDOWS\Prefetch\WINTEMS.EXE-26D98C75.pf 
Supprimé ! - C:\WINDOWS\Prefetch\MDELK.EXE-238AA5EF.pf 
 
»»»» Suppression des fichiers dans C:\WINDOWS\system32 
 
 
»»»» Suppression des fichiers dans C:\WINDOWS\system32\drivers 
 
Supprimé ! - C:\WINDOWS\system32\drivers\srosa.sys  
 
»»»» Suppression des fichiers dans C:\Documents and Settings\ERIC\Application Data 
 
 
»»»» Suppression des fichiers dans C:\DOCUME~1\ERIC\LOCALS~1\Temp 
 
 
--------------- [ Registre / Clés infectieuses ] ---------------- 
 
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Supprimé ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA   
 
      -> Certaines clés ont été supprimées au premier reboot ...  
 
--------------- [ Etat / Redémarage des services ] ---------------- 
 

+- Services : [ Auto=2 Demande=3 Désactivé=4 ] 

 Ndisuio - Type de démarrage = 3 
 
 EapHost - Type de démarrage = 2 
 
 Ip6Fw - Type de démarrage = 2 
 
 SharedAccess - Type de démarrage = 2 
 
 wuauserv - Type de démarrage = 2 
 
 wscsvc - Type de démarrage = 2 
 
 
---------------   [ Nettoyage des supports amovibles ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

 
+- Suppression des fichiers : 
 
 
--------------- [ Registre / Moutpoint2 ] ----------------  
 
 
 -> Recherche négative. 
 
 
--------------- [ Recherche Cracks / Keygen ] ----------------  
 
C:\Documents and Settings\ERIC\Application Data\BitTorrent\Promt.Expert.Giant.v8.0.442.Incl.KeyGen-DVT[ENGLISH].By.PaShTeX.rar.torrent
C:\Documents and Settings\ERIC\Mes documents\logiciels\(Logiciel PC + Crack) MaGic TranSlator (traducteur anglais, francais, italien, allemand).rar
 
 
---------------- ! Fin du rapport ! ------------------

InfernO.vir · Answer

Slt,

Merci a vous et a toi Chiquitine29 :-)

Findykill a pourtant trouvé et supprimé srosa.sys !

bluesky67 · Answer

bonjour InfernO.vir ,

est ce que mon BAGLE est véritablement supprimé ?

InfernO.vir · Answer

Je prefere ne pas donner de verdict encore, car comme l'ont dis chiquitne29 et moe, c'est une nouvelle variante de Bagle visiblement un peu plus coriace mais bon. Tu est mon premier cas concernant cette nouvelle variante :).

Poste un hijackthis stp.


Dis moi comment  va le pc ?

bluesky67 · Answer

Au moment au findykill fesait son nettoyage une fenetre apparaissait ou c'etait inscrit  ( il n'y a pas de dique dans la 

lecteur ...) dont  3 onglets en dessous : annuler , recommencer , continuer  lors des nettyage précedent  j' ai cliker 

sur continuer et le dernier j'ai cliker sur abandonner .

y a t'il un rapport pour cette suppression?

InfernO.vir · Answer

"y a t'il un rapport pour cette suppression?" c'est a dire ?

Et ce message d'erreur est bien lié a Bagle !

sinon le pc est comment ? poste moi hijackthis stp

bluesky67 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:16, on 17/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32
vsvc32.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\PROGRA~1\JAVA\JRE16~1.0_0\bin\java.exe
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin	bmux32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\Program Files\BHPS\Gmg\bin	bkern32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5\GWDUS3WB\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT78\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Automatic selection of topic template - C:\Program Files\PRMT78\PRMTIE\aot.htm
O8 - Extra context menu item: Customize translation options - C:\Program Files\PRMT78\PRMTIE\options.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Search the Web - C:\Program Files\PRMT78\PRMTIE\search.htm
O8 - Extra context menu item: Translate - C:\Program Files\PRMT78\PRMTIE	ranslat.htm
O8 - Extra context menu item: Translate page - C:\Program Files\PRMT78\PRMTIE\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:  
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Planificateur Avira AntiVir Premium (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service d'assistance Avira AntiVir Premium MailGuard (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\BHROOT\BIN\monitor.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell - C:\BHROOT\BIN\DBMANG.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\BHROOT\BIN\PORTMAP.EXE
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe
O23 - Service: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe

bluesky67 · Answer

il va bien mais j'ai toujours la fenetre win32 quand je clik sur hisjackthis ou antivir sur le bureau

bluesky67 · Answer

j'ai écrit cette phrase  précédement ;  chez moi elle était en sous brillance ,  est ce que vous la voyait ?

InfernO.vir · Answer

Oui je la vois.

J'ai appelé du renfort, en esperant qu'il puisse venir.

bluesky67 · Answer

merci  InfernO.vir

afideg · Answer

Salut à tous,
Un salut particulier à mOe   ;)

Euh ...  http://www.commentcamarche.net/forum/affich 10525227 exe n est pas une application win32#18
J'aurais aimé voir ce qui en sort (par comparaison).
Désactiver Antivir durant ce scan.

Merci
Al.

InfernO.vir · Answer

Slt afideg :)

J'espere que ce scan seera fructueux !

InfernO.vir · Answer

Ok tres bien bonne initiative !

Passe findykill option 2

PS : chiquitine29 bravo la mAj a l'air de marcher !

jfkpresident · Answer

Found ! [16/01/2009 01:34] - "C:\Documents and Settings\ERIC\Application Data\drivers"
Found ! [16/01/2009 00:41] - "C:\Documents and Settings\ERIC\Application Data\drivers\wfsintwq.sys" 
--

Nickel chiKi -;)

**si je ne réponds pas de suite, c'est que moi aussi j'ai un métier et une famille **

bluesky67 · Answer

----------------- FindyKill V4.713 ------------------

* User : ERIC - ERIC-F9BB705F64
* Executed from : C:\Program Files\FindyKill
* Update on 17/01/09 by Chiquitine29
* Start at 12:40:31 the 17/01/2009
* Windows XP - Internet Explorer 7.0.5730.11
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in C: 
 
 
»»»» Supression files in C:\WINDOWS 
 
 
»»»» Supression files in C:\WINDOWS\Prefetch 
 
 
»»»» Supression files in C:\WINDOWS\system32 
 
 
»»»» Supression files in C:\WINDOWS\system32\drivers 
 
 
»»»» Supression files in C:\Documents and Settings\ERIC\Application Data 
 
Deleted ! - "C:\Documents and Settings\ERIC\Application Data\drivers\wfsintwq.sys"  
Deleted ! - "C:\Documents and Settings\ERIC\Application Data\drivers"  
 
»»»» Supression files in C:\DOCUME~1\ERIC\LOCALS~1\Temp 
 
 
»»»» Supression files in C:\Documents and Settings\ERIC\Local Settings\Temporary Internet Files\Content.IE5 
 
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa   
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! - HKEY_USERS\S-1-5-21-776561741-573735546-725345543-1004\Software\Local AppWizard-Generated Applications\winupgro   
 
--------------- [ States / Restarting of services ] ---------------- 
 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

Ndisuio - Type of startup  = 3 
 
EapHost - Type of startup  = 2 
 
Ip6Fw - Type of startup  = 2 
 
SharedAccess - Type of startup  = 2 
 
wuauserv - Type of startup  = 2 
 
wscsvc - Type of startup  = 2 
 
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

 
+- deleting files : 
 
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
 
 -> Not found ! 
 
 
--------------- [ Searching Other Infections ] ----------------  
 
 
Références de comparaison Bagle MD5 :

33401e357ca50bb899eb290e996ea1bb  C:\Qoobox\Quarantine\C\Documents and Settings\ERIC\Application Data\drivers\winupgro.exe.vir 
89cd052b70d69555fa064fd85685f9d6  C:\Qoobox\Quarantine\C\Documents and Settings\ERIC\Application Data\drivers\_winupgro_.exe.zip 

 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
C:\Documents and Settings\ERIC\Application Data\BitTorrent\Promt.Expert.Giant.v8.0.442.Incl.KeyGen-DVT[ENGLISH].By.PaShTeX.rar.torrent
C:\Documents and Settings\ERIC\Mes documents\logiciels\(Logiciel PC + Crack) MaGic TranSlator (traducteur anglais, francais, italien, allemand).rar
 
 
---------------- ! End of report ! ------------------

InfernO.vir · Answer

Nikel, de l'amelioration ?

Fait un scan rapide de mbam et poste le rapport ainsi qu'un nouveau hijackthis !

bluesky67 · Answer

en attendant le scan mab ,  pourquoi antivir ne détecte pas le bagle quand je fais " analyser le fichier avec antivir " ?

bluesky67 · Answer

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 791

Type de recherche: Examen rapide
Eléments examinés: 36424
Temps écoulé: 15 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

bluesky67 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:51, on 17/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
C:\WINDOWS\system32
vsvc32.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\PROGRA~1\JAVA\JRE16~1.0_0\bin\java.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin	bmux32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\avira\antivir personaledition premium\avcenter.exe
c:\program files\avira\antivir personaledition premium\avscan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\ERIC\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Translator - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT78\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\ERIC\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Automatic selection of topic template - C:\Program Files\PRMT78\PRMTIE\aot.htm
O8 - Extra context menu item: Customize translation options - C:\Program Files\PRMT78\PRMTIE\options.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Search the Web - C:\Program Files\PRMT78\PRMTIE\search.htm
O8 - Extra context menu item: Translate - C:\Program Files\PRMT78\PRMTIE	ranslat.htm
O8 - Extra context menu item: Translate page - C:\Program Files\PRMT78\PRMTIE\page.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT78\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT78\PRMTIE\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:  
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\BHROOT\BIN\monitor.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell - C:\BHROOT\BIN\DBMANG.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\LEC\LogoMedia TranslateDotNet Server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\BHROOT\BIN\PORTMAP.EXE
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe
O23 - SeMalwarebytes' Anti-Malware 1.12
Version de la base de données: 791

Type de recherche: Examen rapide
Eléments examinés: 36424
Temps écoulé: 15 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
rvice: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

InfernO.vir · Answer

Il s'accroche encore:

O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\ERIC\Application Data\drivers\winupgro.exe 
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe


Chiquitine besoin d'aide :(

Utilisateur anonyme · Answer

re,

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

bluesky67 · Answer

je pense que le BAGLE est supprimé car maintenant je peux ouvrir normalement mes programes de sécurité sur le bureau .

je te remercie beaucoup InfernO.vir et aussi tes collègues de m'avoir sortie ce vers .

Cordialement,

Eric

Utilisateur anonyme · Answer

re,

oui il l est mais tu as des fichiers infectés

ce qui explique la recréation de clé 

passe combofix

bluesky67 · Answer

ComboFix 09-01-16.03 - ERIC 2009-01-17 14:20:35.10 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.594 [GMT 1:00] Running from: c:\documents and settings\ERIC\Bureau\ComboFix.exe FW: ZoneAlarm Firewall *disabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 ))))))))))))))))))))))))))))))) . 2009-01-17 13:08 . 2009-01-17 14:24 485,408 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-01-17 13:08 . 2009-01-17 13:44 3,032 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-01-17 13:04 . 2009-01-17 13:04 d-------- c:\documents and settings\All Users\Application Data\MailFrontier 2009-01-17 13:04 . 2008-07-09 09:05 54,672 --a------ c:\windows\system32\vsutil_loc040c.dll 2009-01-17 13:04 . 2008-07-09 09:05 42,384 --a------ c:\windows\zllsputility_loc040c.dll 2009-01-17 13:04 . 2008-07-09 09:05 21,904 --a------ c:\windows\system32\imsinstall_loc040c.dll 2009-01-17 13:04 . 2008-07-09 09:05 17,808 --a------ c:\windows\system32\imslsp_install_loc040c.dll 2009-01-17 13:04 . 2009-01-17 13:06 4,212 ---h----- c:\windows\system32\zllictbl.dat 2009-01-17 13:03 . 2008-07-09 09:05 75,248 --a------ c:\windows\zllsputility.exe 2009-01-17 13:03 . 2004-04-27 04:40 11,264 --a------ c:\windows\system32\SpOrder.dll 2009-01-16 21:45 . 2009-01-16 21:45 d-------- c:\windows\system32\Kaspersky Lab 2009-01-16 20:08 . 2009-01-17 13:04 d-------- c:\windows\system32\ZoneLabs 2009-01-16 20:08 . 2009-01-16 20:08 d-------- c:\program files\Zone Labs 2009-01-16 20:08 . 2008-07-09 09:05 1,086,952 --a------ c:\windows\system32\zpeng24.dll 2009-01-16 20:08 . 2009-01-17 13:46 358,381 --a------ c:\windows\system32\vsconfig.xml 2009-01-16 20:05 . 2009-01-17 14:10 d-------- c:\windows\Internet Logs 2009-01-16 10:51 . 2009-01-16 10:51 d-------- c:\program files\Avira 2009-01-16 02:09 . 2009-01-16 11:34 108,330 --a------ c:\documents and settings\All Users\Application Data\firstlsp.reg.dat 2009-01-15 22:35 . 2009-01-15 22:35 d-------- c:\program files\Western Railway 3D Screensaver 2009-01-15 22:35 . 2008-10-09 13:07 31,456,256 --a------ c:\windows\system32\Western Railway 3D Screensaver.exe 2009-01-15 22:35 . 2008-10-09 13:07 856,064 --a------ c:\windows\system32\Western_Railway_3D_Screensaver.scr 2009-01-15 22:31 . 2009-01-15 22:31 d-------- c:\program files\Deep Space 3D Screensaver 2009-01-15 22:31 . 2008-10-09 13:04 12,268,544 --a------ c:\windows\system32\Deep Space 3D Screensaver.exe 2009-01-15 22:31 . 2008-10-09 13:04 843,264 --a------ c:\windows\system32\Deep_Space_3D_Screensaver.scr 2009-01-15 22:27 . 2008-10-09 12:44 13,419,520 --a------ c:\windows\system32\Earth 3D Screensaver.exe 2009-01-15 22:27 . 2008-10-09 12:44 855,040 --a------ c:\windows\system32\Earth_3D_Screensaver.scr 2009-01-15 22:24 . 2009-01-15 22:24 d-------- c:\program files\The Lost Watch 3D Screensaver 2009-01-15 22:22 . 2009-01-15 22:22 d-------- c:\program files\Fantasy Moon 3D Screensaver 2009-01-15 22:14 . 2009-01-15 22:14 d-------- c:\program files\Discovery 3D Screensaver 2009-01-13 19:55 . 2009-01-16 02:05 d-------- c:\program files\Calendrier Automatique 2009-01-13 19:30 . 2009-01-14 15:29 d-------- c:\program files\Kalender 2009-01-13 19:30 . 2009-01-13 19:36 d-------- c:\documents and settings\ERIC\Application Data\UK's Kalender 2009-01-13 15:11 . 2009-01-13 15:11 d-------- c:\program files\Packard Bell External HDD 2009-01-13 15:11 . 2009-01-17 13:55 d-------- c:\program files\Packard Bell 2009-01-02 12:54 . 2009-01-02 12:54 d-------- c:\program files\Securitoo 2009-01-02 12:53 . 2006-03-01 18:53 94,208 --a------ c:\windows\system32\w32n50.dll 2009-01-02 12:53 . 2007-12-11 20:22 65,536 --a------ c:\windows\system32\Autodial2000.dll 2009-01-02 12:53 . 2003-09-23 10:38 34,688 --a------ c:\windows\system32\pcampr5.sys 2009-01-02 12:53 . 2006-03-01 18:53 32,128 --a------ c:\windows\system32\pcandis5.sys 2009-01-02 12:52 . 2009-01-02 13:03 d-------- c:\program files\OrangeHSS 2009-01-02 12:51 . 2009-01-02 12:51 d-------- c:\program files\Fichiers communs\France Telecom . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-17 12:14 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-01-17 11:51 --------- d-----w c:\program files\FindyKill 2009-01-16 20:48 --------- d-----w c:\program files\eMule 2009-01-16 10:33 --------- d-----w c:\program files\Kaspersky Lab 2009-01-16 10:33 --------- d-----w c:\program files\Fichiers communs\Kaspersky Lab 2009-01-16 00:29 --------- d-----w c:\program files\Microsoft ActiveSync 2009-01-15 21:27 --------- d-----w c:\program files\Earth 3D Screensaver 2009-01-15 21:27 --------- d-----w c:\program files\3Planesoft Screensaver Manager 2009-01-14 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-12 17:49 --------- d-----w c:\documents and settings\ERIC\Application Data\BitTorrent 2009-01-09 22:50 --------- d-----w c:\documents and settings\All Users\Application Data\BlazeVideo 2009-01-09 22:46 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-02 19:57 --------- d-----w c:\program files\BlazeVideo 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-01 00:30 --------- d-----w c:\program files\Acoustica CD Label Maker 2008-12-01 00:29 --------- d-----w c:\documents and settings\ERIC\Application Data\Acoustica 2008-11-26 22:18 --------- d-----w c:\program files\Windows Live 2008-11-26 22:15 --------- d-----w c:\program files\ClickToConvert 2008-11-24 20:49 --------- d-----w c:\program files\PhotoFiltre 2008-11-23 01:33 --------- d-----w c:\program files\BitTorrent Fastest Tool 2008-11-20 12:25 --------- d-----w c:\program files\ImageConverter Plus 2008-11-19 12:21 --------- d-----w c:\program files\Magic Picture Converter 2008-11-19 12:20 --------- d-----w c:\program files\Devious Codeworks 2008-11-19 12:15 --------- d-----w c:\program files\IrfanView 2008-10-28 15:46 49,152 ----a-r c:\windows\system32\inetwh32.dll 2008-10-28 15:46 1,044,480 ----a-r c:\windows\system32 oboex32.dll 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-06-15 09:38 92,064 ----a-w c:\documents and settings\ERIC\mqdmmdm.sys 2008-06-15 09:38 9,232 ----a-w c:\documents and settings\ERIC\mqdmmdfl.sys 2008-06-15 09:38 79,328 ----a-w c:\documents and settings\ERIC\mqdmserd.sys 2008-06-15 09:38 66,656 ----a-w c:\documents and settings\ERIC\mqdmbus.sys 2008-06-15 09:38 6,208 ----a-w c:\documents and settings\ERIC\mqdmcmnt.sys 2008-06-15 09:38 5,936 ----a-w c:\documents and settings\ERIC\mqdmwhnt.sys 2008-06-15 09:38 4,048 ----a-w c:\documents and settings\ERIC\mqdmcr.sys 2008-06-15 09:38 25,600 ----a-w c:\documents and settings\ERIC\usbsermptxp.sys 2008-06-15 09:38 22,768 ----a-w c:\documents and settings\ERIC\usbsermpt.sys 2007-10-23 21:44 19,864 ----a-w c:\documents and settings\ERIC\Application Data\GDIPFONTCACHEV1.DAT 2008-09-26 20:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092620080927\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WatchDog"="c:\program files\mobile PhoneTools\WatchDog.exe" [2009-01-17 36864] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497] "nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32 wiz.exe] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\Program Files\eMule\emule.exe"= "c:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"= "c:\Program Files\Messenger\msmsgs.exe"= "c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "c:\program files\Microsoft ActiveSync apimgr.exe"= c:\program files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\Program Files\TrackMaker\trackmaker.exe"= "c:\Program Files\Motorola\Software Update\msu.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\Program Files\Windows Live\Messenger\livecall.exe"= "c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"= "c:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"= "c:\Program Files\BitTorrent\bittorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R4 COSIDS_TB;COSIDS_TB;c:\progra~1\COSIDS\BIN\TbMux32.exe [2008-09-14 165376] R4 pqeauto.database.dbmonitor.GMG;pqeauto.database.dbmonitor.GMG;c:\program files\BHPS\Gmg\bin\DBMonService.exe -sn"pqeauto.database.dbmonitor.GMG" -f"c:\program files\BHPS\Gmg\bin\DBMonitorCmds.ini" --> c:\program files\BHPS\Gmg\bin\DBMonService.exe -snpqeauto.database.dbmonitor.GMG [?] R4 pqeauto.energy.mappermonitor;pqeauto.energy.mappermonitor;c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -sn"pqeauto.energy.mappermonitor" -f"c:\program files\BHPS\Pmap1\bin\MapperMonitorCmds.ini" --> c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -snpqeauto.energy.mappermonitor [?] R4 pqeauto.engine.tomcatmonitor.GMG;pqeauto.engine.tomcatmonitor.GMG;c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -sn"pqeauto.engine.tomcatmonitor.GMG" --> c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -snpqeauto.engine.tomcatmonitor.GMG [?] S3 CE9500;CE9500.Sys (Enh) driver;c:\windows\system32\drivers\ce9500enh.sys [2008-04-30 172672] S3 FTD2XX;OPCOMUSB.SYS OP-COM USB device driver;c:\windows\system32\drivers\OPCOMUSB.sys [2008-10-29 34639] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-03-31 42112] S4 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-01-16 258305] --- Other Services/Drivers In Memory --- *NewlyCreated* - AVGIO . Contents of the 'Scheduled Tasks' folder 2009-01-17 c:\windows\Tasks\User_Feed_Synchronization-{7BB38C85-D383-4014-880D-23749B21DB21}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 12:58] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Packard Bell Software Suite - c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe . ------- Supplementary Scan ------- . uStart Page = www.orange.fr mStart Page = hxxp://www.01net.com/telecharger/ IE: Automatic selection of topic template - c:\program files\PRMT78\PRMTIE\aot.htm IE: Customize translation options - c:\program files\PRMT78\PRMTIE\options.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm IE: Search the Web - c:\program files\PRMT78\PRMTIE\search.htm IE: Translate - c:\program files\PRMT78\PRMTIE ranslat.htm IE: Translate page - c:\program files\PRMT78\PRMTIE\page.htm IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - c:\program files\PRMT78\PRMTIE\prmtie5.htm IE: {{7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - c:\program files\PRMT78\PRMTIE\options.htm LSP: avsda.dll O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_12.cab c:\windows\Downloaded Program Files\hardwaredetection.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-17 14:24:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-776561741-573735546-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*Ç*%\OpenWithList] @Class="Shell" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(704) c:\windows\system32\avsda.dll . Completion time: 2009-01-17 14:26:06 ComboFix-quarantined-files.txt 2009-01-17 13:26:03 Pre-Run: 11 737 501 696 octets libres Post-Run: 11,782,041,600 octets libres 196 --- E O F --- 2009-01-14 18:01:25

Utilisateur anonyme · Answer

ok

Télécharge ToolsCleaner sur ton bureau. 
--> 
http://pc-system.fr/ 
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 



Purge de la restauration système 
*Désactive ta restauration : 
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK 
---> Redémarre ton PC ... 

*Réactive ta restauration : 
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK 
--->Redémarre ton PC ... 

( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ). 



Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924


ensuite lance un scan antivir , il s occupera de supprimer les dernieres traces de ton infection

bluesky67 · Answer

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\ERIC\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\ERIC\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\ERIC\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Program Files\FindyKill: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\ERIC\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\ERIC\Bureau\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\ERIC\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\FindyKill: supprimé !


Encore merci à toi , je dois partir en se  recontacte lundi , je ferais l'analyse ce jour là .

bon week end à toi  

Slt

Utilisateur anonyme · Answer

ok @++ et supprime combofix de ton bureau

InfernO.vir · Answer

Merci tchiki :-)


Tu pourras continuer lundi ? moi= lycée :(

gen-hackman · Answer

salut merci a tous pour cette conversation tres instructive

Exe n'est pas une application win32

59 réponses

Votre réponse

Discussions similaires

Newsletters