Sujet Précédent Sujet Suivant

AU SECOUR GUSANO BAGLE

Résolu
DORIANGF Messages postés 59 Statut Membre -  
DORIANGF Messages postés 59 Statut Membre -
Bonjour, tout le monde et bonne année
je commence l'année avec un gusano bagle, celui ci as désactivé mon antivirus ainsi que quelque programme, j'ai téléchargé elibagla et voici le rapport

Fri Jan 16 20:22:55 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\107625.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\110015.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\126343.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\127312.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\142796.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\145390.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\151781.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\152171.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\152328.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\162187.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\165375.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\166328.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\166406.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\182515.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\187156.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\189281.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\190984.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\196421.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\198375.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\201812.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\209078.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\217500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\225265.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\238093.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\247937.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\263250.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\284609.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\304843.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\319468.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\322515.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\342828.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\343000.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\348500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\348515.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\357375.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\368140.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\369531.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\375875.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\401718.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\422859.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\446484.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\476593.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\DOWNLD\487484.EXE --> Eliminado Bagle

Fri Jan 16 20:24:03 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:23:48 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:55:46 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:56:51 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:57:16 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:58:34 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:58:53 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 21:58:59 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Fri Jan 16 22:00:00 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DORIAN MORIN\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Jan 16 22:00:25 2009
EliBagle v12.11b (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 12 de Enero del 2009)
-----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\WINDOWS"

eh oui c'est en espagnol deja que j'ai un peu de mal avec le francais lol, comment m'en debarasser j'ai un ordi windows XP. Merci pour vos reponse. Encore autre chose mon ordi refuse depuis de redemarré en mode sans echec, j'ai un ecran bleu d'erreur qui m'empeche d'aller plus loin.

63 réponses

Réponse 1 / 63
Utilisateur anonyme
 
Salut,

FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
1
Réponse 2 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
merci je laisse donc le compte rendue de findkill

----------------- FindyKill V4.713 ------------------

* User : DORIAN MORIN - SN100177990248
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 17/01/09 par Chiquitine29
* Recherche effectuée à 1:47:52 le 17/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\fichiers communs\aol\1209822846\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1209822846\ee\aolsoftware.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\DORIAN MORIN\Bureau\Antibagle-fr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

Found ! [16/01/2009 20:22] - "C:\Muestras"
Found ! [16/01/2009 19:48] - "C:\Avenger"
Found ! [16/01/2009 22:35] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\107625.EXE-1428301B.pf
Found ! - C:\WINDOWS\prefetch\127312.EXE-0E2473E0.pf
Found ! - C:\WINDOWS\prefetch\142796.EXE-1DB877E3.pf
Found ! - C:\WINDOWS\prefetch\151781.EXE-2A050572.pf
Found ! - C:\WINDOWS\prefetch\152171.EXE-004FD173.pf
Found ! - C:\WINDOWS\prefetch\165375.EXE-15A964ED.pf
Found ! - C:\WINDOWS\prefetch\166328.EXE-00AA7B16.pf
Found ! - C:\WINDOWS\prefetch\182515.EXE-055E840B.pf
Found ! - C:\WINDOWS\prefetch\189281.EXE-35297986.pf
Found ! - C:\WINDOWS\prefetch\190984.EXE-0AB33FD9.pf
Found ! - C:\WINDOWS\prefetch\196421.EXE-096324C8.pf
Found ! - C:\WINDOWS\prefetch\209078.EXE-284BB15B.pf
Found ! - C:\WINDOWS\prefetch\263250.EXE-02326F4C.pf
Found ! - C:\WINDOWS\prefetch\304843.EXE-1A81ED06.pf
Found ! - C:\WINDOWS\prefetch\319468.EXE-182CAB81.pf
Found ! - C:\WINDOWS\prefetch\342828.EXE-19C44D16.pf
Found ! - C:\WINDOWS\prefetch\343000.EXE-19AA868E.pf
Found ! - C:\WINDOWS\prefetch\348500.EXE-210AFC84.pf
Found ! - C:\WINDOWS\prefetch\348515.EXE-05BD2F72.pf
Found ! - C:\WINDOWS\prefetch\357375.EXE-20A31B9B.pf
Found ! - C:\WINDOWS\prefetch\368140.EXE-1D88A5A3.pf
Found ! - C:\WINDOWS\prefetch\375875.EXE-25B382DB.pf
Found ! - C:\WINDOWS\prefetch\422859.EXE-010E1987.pf
Found ! - C:\WINDOWS\prefetch\446484.EXE-30DBBB6F.pf
Found ! - C:\WINDOWS\prefetch\476593.EXE-216ACA02.pf
Found ! - C:\WINDOWS\prefetch\487484.EXE-2E043BE5.pf
Found ! - C:\WINDOWS\prefetch\685921.EXE-0137CD3B.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-3688F26E.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-10910089.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-1D52764A.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-1D52764A.pf
Found ! - C:\WINDOWS\Prefetch\NBKEYSCAN.EXE-2E1DB169.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [16/01/2009 22:47] - C:\WINDOWS\system32\mdelk.exe
Found ! [16/01/2009 22:47] - C:\WINDOWS\system32\wintems.exe
Found ! [17/01/2009 00:56] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\DORIAN MORIN\Application Data

Found ! [16/01/2009 20:08] - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\flec006.exe"
Found ! [16/01/2009 22:36] - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\list.oct"
Found ! [16/01/2009 22:37] - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\data.oct"
Found ! [16/01/2009 22:37] - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\srvlist.oct"
Found ! [16/01/2009 22:44] - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared"
Found ! [16/01/2009 22:37] - "C:\Documents and Settings\DORIAN MORIN\Application Data\m"
Found ! [16/01/2009 22:42] - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers"
Found ! [16/01/2009 22:42] - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\srosa2.sys"
Found ! [16/01/2009 22:42] - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\wfsintwq.sys"
Found ! [10/08/2006 07:09] - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\winupgro.exe"
Found ! [16/01/2009 22:49] - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
AOL=C:\PROGRA~1\AOL9~1.0VR\aol.exe -smailbox
Neuf Media Center="C:\Program Files\Neuf\Media Center\MediaCenter.exe"
AOL Fast Start="C:\PROGRA~1\AOL9~1.0VR\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon="RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
SoundMan=SOUNDMAN.EXE
HostManager="C:\Program Files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe"
UserFaultCheck=%systemroot%\system32\dumprep 0 -u
NeroFilterCheck=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\dfgdfgdfgghjkhjykhjykhjgfhgfhgfhgfh]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DocUnins]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\keygen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MediaCenter]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NMBgMonitor]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\SmaPanel]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\keygen
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4
1
Réponse 3 / 63
Utilisateur anonyme
 
Re,

Findykill de chiquitine29 option 2:

▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

▶ Double-clique sur le raccourci FindyKill sur ton bureau

▶ Au menu principal, choisisl'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

▶ Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
1
Réponse 4 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut V-X,

Les infections ayant déjà été déplacées dans la quarantaine de ComboFix, il n'est pas utile de les redéplacer dans la quarantaine d'OTMoveIt.
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 63
Utilisateur anonyme
 
salut

c:\qoobox ->>quarantaine combofix (toolcleaner)
1
Réponse 6 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
alors voila le rapport apres le deuxieme netoyage

----------------- FindyKill V4.713 ------------------

* User : DORIAN MORIN - SN100177990248
* Executed from : C:\Program Files\FindyKill
* Update on 17/01/09 by Chiquitine29
* Start at 11:08:40 the 17/01/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

Deleted ! - "C:\Muestras"
Deleted ! - C:\InfoSat.txt
Deleted ! - "C:\Avenger\m\shared"
Deleted ! - "C:\Avenger\m"
Deleted ! - C:\Avenger\flec006.exe
Deleted ! - C:\Avenger\wintems.exe
Deleted ! - "C:\Avenger"

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\107625.EXE-1428301B.pf
Deleted ! - C:\WINDOWS\prefetch\127312.EXE-0E2473E0.pf
Deleted ! - C:\WINDOWS\prefetch\142796.EXE-1DB877E3.pf
Deleted ! - C:\WINDOWS\prefetch\151781.EXE-2A050572.pf
Deleted ! - C:\WINDOWS\prefetch\152171.EXE-004FD173.pf
Deleted ! - C:\WINDOWS\prefetch\165375.EXE-15A964ED.pf
Deleted ! - C:\WINDOWS\prefetch\166328.EXE-00AA7B16.pf
Deleted ! - C:\WINDOWS\prefetch\182515.EXE-055E840B.pf
Deleted ! - C:\WINDOWS\prefetch\189281.EXE-35297986.pf
Deleted ! - C:\WINDOWS\prefetch\190984.EXE-0AB33FD9.pf
Deleted ! - C:\WINDOWS\prefetch\196421.EXE-096324C8.pf
Deleted ! - C:\WINDOWS\prefetch\209078.EXE-284BB15B.pf
Deleted ! - C:\WINDOWS\prefetch\263250.EXE-02326F4C.pf
Deleted ! - C:\WINDOWS\prefetch\304843.EXE-1A81ED06.pf
Deleted ! - C:\WINDOWS\prefetch\319468.EXE-182CAB81.pf
Deleted ! - C:\WINDOWS\prefetch\342828.EXE-19C44D16.pf
Deleted ! - C:\WINDOWS\prefetch\343000.EXE-19AA868E.pf
Deleted ! - C:\WINDOWS\prefetch\348500.EXE-210AFC84.pf
Deleted ! - C:\WINDOWS\prefetch\348515.EXE-05BD2F72.pf
Deleted ! - C:\WINDOWS\prefetch\357375.EXE-20A31B9B.pf
Deleted ! - C:\WINDOWS\prefetch\368140.EXE-1D88A5A3.pf
Deleted ! - C:\WINDOWS\prefetch\375875.EXE-25B382DB.pf
Deleted ! - C:\WINDOWS\prefetch\422859.EXE-010E1987.pf
Deleted ! - C:\WINDOWS\prefetch\446484.EXE-30DBBB6F.pf
Deleted ! - C:\WINDOWS\prefetch\476593.EXE-216ACA02.pf
Deleted ! - C:\WINDOWS\prefetch\487484.EXE-2E043BE5.pf
Deleted ! - C:\WINDOWS\prefetch\685921.EXE-0137CD3B.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-3688F26E.pf
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-1D52764A.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\NBKEYSCAN.EXE-2E1DB169.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-10910089.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\DORIAN MORIN\Application Data

Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\2.Panda.Antivirus.Titanium.2004.v3.0---Crack.Username.Y.Password.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\2_Norton.Ghost.2004.Symantec..serial.txt.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\310-051 - Sun Certified Enterprise Architect for J2EE Technology Practice Test Questions 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\4Musics WMA to WAV Converter 4.2.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AB Commander XP 6.96.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Access Password 11.0.8051.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AccessPatrol 2.0.1100.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Address Book Recovery 1.2.18.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AlmerShredder 1.05.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Alpha Flight 1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Apnoti for IE 1.2.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Avast.Antivirus.Pro.v4.7.817.FR.Incl-Keygen.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\AVG_internetsecurity7.5.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Basketball 1.6.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Beautiful Cactus 3.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\BitDefender.Internet.Security.v9.FR.Incl-Keygen.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Blaxton Video Capture 1.1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Cambodge Angkor Screensaver EV.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Check Book Reconciliation 2.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Chinup - Chinese Popup Translator 0.1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\CompuSpy KeyLogger 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Convert Word to HTML COM 1.50.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Count Source Lines 1.3.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\CraigsPalFree - Craigslist Reader Pro 3.21.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DB Mail 2.5.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Dealio Comparison Shopping Toolbar 3.4.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Declare 1.0.6.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Desktop Icons Arranger 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Disk benchmark 2006 1.0.2.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DiveVisions 2.2.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DocFetcher 0.9.5.1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DriveClone Pro 3.5.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\DriveXplorer 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\eMule Turbo Accelerator 2.6.1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Eudora Password Recovery 1.4.1.50.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\FastSum Command Line Edition 1.9.0.149.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\FileStorage 3.0.4.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\FilmLoop 2.0.1.1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Flourish Player 0.01.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Free HTTP Sniffer 1.1 Build 20080704.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Freeze Burn 2.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Fuzzy File Find 1.13.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\FXTrade Ticker 1.2.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\GDataPipe 1.0.0.750.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\GemX eBook Reader 4.5.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Happy Note! Valentine 1.00.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Heather Graham Screensaver2.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Hixus Drop Down Menu Builder 2.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\How To Study and Teaching How To Study 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\HyperAdmin 1.2.4886.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\JLC's UPX GUI 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\JSecureConnect 2.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Kaspersky.Anti-Virus.v6.0.0.303.+.Key.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Kaspersky.Anti-Virus.V6.0.300.CHT(Personal).zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Kastrul 1.0.004.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Keep It Simple Timer 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Kigo Image Converter 2.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Killer 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\KinderMail 1.0.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Kingdia DVD to Zune Converter 3.5.1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Koala Bear Screensaver 4 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\LanSpeed2 3.0.7.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\LineTally 1.7.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Lite Photos 1.3.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\LogMeIn Ignition 1.1.22.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Lookbao 2005 1.1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\MailCheck 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Matrix zeroizer 1.2.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\McAfee.Viruscan.2005.V9.0.Fr_Firewall.plus.2005.Fr.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Mercury Document System Portable 2.2.0.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Mihov Info Saver 0.3.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Multi-Instrument Pro 3.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\My Privacy 3.8.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Naked on a mobile Phone 27 (AmadoresReais).zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Nebula Accounting for Access 2003 ADP 1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Newton's Aquarium 1.0b2.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Norton.Antivirus.2007.complet.FR.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Odtu Radio 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Old Fashioned Halloween Slide Show.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Panda.Titanium.Antivirus.2004.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PC SMS Bulk Sender 1.7 build 1405.5.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PDF Vision .NET 1.2.1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PHARMACY 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PhotoArtist 2.0.4.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Pianito MicroStudio 3.1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Portable Celestia 1.5.1.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Portable IrfanView 4.20.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PQ iPod Video Converter 2.6 build 01.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Precision CW Tutor 4.6.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\PrefixNE Pinger 3.5.0.154.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Project Buzz 1.01.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ProLingo English Dutch Dictionary 1.4.8.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Protected Storage Explorer 2.0.0.12.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\QuickDelete 3.1.0.9.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Remote Script 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Remove noise for After Effects 1.5.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ria RTL 2 radio player 1.5.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Sea Dive3D Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\SimAQUARIUM 2 Screensaver 2.5.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Spell Catcher Plus 3.0 build 1842.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Spell Helper 3.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\spimage 2.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\SpinXpress 1.00.1140.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Step Into Chinese 0.5.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Studio Necessities 2.5.2.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Symantec.Ghost.8.3.0.1331.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Synttari 1.3.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\TaskPatrol Personal 2.0.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\The Rapture 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\The Rusted Clock 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\TomTom Mobile 2005 - Navigator Map of Finland.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\TrafficRefine 2.02.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\TrueBell 1.5.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\USPS Signature Confirmation Tool 1.32.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\VB Build Manager 1.0.8.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\ViewCompanion Standard 4.15.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Virtual Drillmaster 3.6.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\VirusCop 2.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Vista Game Explorer Editor 2.14a Beta.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Voice Tune Master.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Watcher1 Pro 1.05.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Website Rank Info 1.0.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Windows Registry Guide.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\WinFR 4.40.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Wise Optimizer 1.00.01.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\WS Matrix Screensaver 2.zip
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared\Xming 6.9.0.31.zip
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\m"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\DORIAN MORIN\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\1Y8YUXZU\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\1Y8YUXZU\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\35ALNY9D\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\35ALNY9D\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\35ALNY9D\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\35ALNY9D\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\35ALNY9D\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\6MPPKCT0\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\6MPPKCT0\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\6MPPKCT0\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\6MPPKCT0\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\6MPPKCT0\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\8024EDNG\b64[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\8024EDNG\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\8024EDNG\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\8024EDNG\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\8024EDNG\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\8024EDNG\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\8024EDNG\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\9BEOEMBL\b64[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\9BEOEMBL\mxd[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\I73HGNL3\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\J0KXIFQQ\b64[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\J0KXIFQQ\b64[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\J0KXIFQQ\b64[3].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\MQ6DD63F\b64[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\MQ6DD63F\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\MQ6DD63F\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\MQ6DD63F\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\MQ6DD63F\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\MQ6DD63F\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\MQ6DD63F\file[1].txt
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\NWPTD843\b64[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\NWPTD843\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\NWPTD843\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\NWPTD843\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\NWPTD843\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\NWPTD843\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\R2SDKH7S\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\R2SDKH7S\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\R2SDKH7S\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\RNJGOPRM\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\RNJGOPRM\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\SFNZ16P8\b64[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\UCAMYGLT\b64[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\UCAMYGLT\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\UCAMYGLT\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\UCAMYGLT\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\UCAMYGLT\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\WADB8YLS\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\WADB8YLS\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\ZC8IS8HW\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\DORIAN MORIN\Local Settings\Temporary Internet Files\Content.IE5\ZC8IS8HW\b64_3[2].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\Local AppWizard-Generated Applications\keygen
Deleted ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-2441644796-1140342021-2939365127-1006\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
23759c3885093ce20351c89bf7d7c792 C:\Documents and Settings\DORIAN MORIN\Application Data\drivers\winupgro.exe
23759c3885093ce20351c89bf7d7c792 C:\Muestras\WINUPGRO.EXE.Muestra EliBagle v12.11b
5d641d5e744ad9aca087e8dae68e7822 C:\Avenger\wintems.exe

Suspect ! - 23759c3885093ce20351c89bf7d7c792 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
Suspect ! - 23759c3885093ce20351c89bf7d7c792 C:\Program Files\Neuf\Media Center\MediaCenter.exe
Suspect ! - 64f497dace34ea0c38569c4c0549fe03 C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP17\A0001693.exe
Suspect ! - 806c29d6f39e4cecad64d0d99cb10746 C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP42\A0010207.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010909.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010910.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010917.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010918.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010919.exe
Suspect ! - 9c498d9305a5014caf113709499e093a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010923.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010926.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010928.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010929.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010930.exe
Suspect ! - 9c498d9305a5014caf113709499e093a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010931.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010933.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010939.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0010940.exe
Suspect ! - 23759c3885093ce20351c89bf7d7c792 C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011066.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011111.exe
Suspect ! - 9c498d9305a5014caf113709499e093a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011158.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011159.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011206.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011291.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011316.exe
Suspect ! - 2ee1faebb127647063aaef58a992519a C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP44\A0011330.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\DORIAN MORIN\Application Data\Microsoft\Office\Fichiers r‚cents\comment cracker les Allo Pass (sexe,argent,jeu,divx,mpg,fraudes,fille, m‚sanges,fente,euro,baise,amusement,pl.doc.lnk
C:\Documents and Settings\DORIAN MORIN\Recent\comment cracker les Allo Pass (sexe,argent,jeu,divx,mpg,fraudes,fille, m‚sanges,fente,euro,baise,amusement,pl.doc.lnk

---------------- ! End of report ! ------------------

merci d'ailleur j'ai une question je n'ai pas fait de telechargement depuis quelque temps ni recu de mail suspect alors comment j'aurai pu etre infecté, mais enfin j'ai mon fils qui se sert de mon ordi alors je ne sais pas s'il s'en ai servi mais comment faire pour savoir si c'est lui qui n'a pas telchargé ce baqle. Quelle aurait ete le fichier incriminé je ne vais pas le sermoné pas d'inquietude mais c juste pour savoir. Merci encore
0
Réponse 7 / 63
Utilisateur anonyme
 
Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :


:files
C:\Documents and Settings\DORIAN MORIN\Application Data\Microsoft\Office\Fichiers r‚cents\comment cracker les Allo Pass (sexe,argent,jeu,divx,mpg,fraudes,fille, m‚sanges,fente,euro,baise,amusement,pl.doc.lnk
C:\Documents and Settings\DORIAN MORIN\Recent\comment cracker les Allo Pass (sexe,argent,jeu,divx,mpg,fraudes,fille, m‚sanges,fente,euro,baise,amusement,pl.doc.lnk

:commands
[purity]
[emptytemp]


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 8 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
OK MERCI VOILA LE RAPPORT

========== FILES ==========
File/Folder C:\Documents and Settings\DORIAN MORIN\Application Data\Microsoft\Office\Fichiers r‚cents\comment cracker les Allo Pass (sexe,argent,jeu,divx,mpg,fraudes,fille, m‚sanges,fente,euro,baise,amusement,pl.doc.lnk not found.
File/Folder C:\Documents and Settings\DORIAN MORIN\Recent\comment cracker les Allo Pass (sexe,argent,jeu,divx,mpg,fraudes,fille, m‚sanges,fente,euro,baise,amusement,pl.doc.lnk not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp\etilqs_FqKaV5XJb9SjmTc0erd8 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01172009_160849
0
Réponse 9 / 63
Utilisateur anonyme
 
Re,

A pas prit.

▶ Télécharge hijackthis

▶ Enregistre la cible sous .... "le bureau"

▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

▶ Clique sur Install ensuite sur "I Accept"

▶ Clique sur" Do a scan system and save log file"

▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

▶ Tuto hijackthis(Merci à Balltrap34)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 10 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
oups desolé j'ai envoyé le post avant qu'il redemmarre alors voila de nouveau le rapport apres le reboot

========== FILES ==========
File/Folder C:\Documents and Settings\DORIAN MORIN\Application Data\Microsoft\Office\Fichiers r‚cents\comment cracker les Allo Pass (sexe,argent,jeu,divx,mpg,fraudes,fille, m‚sanges,fente,euro,baise,amusement,pl.doc.lnk not found.
File/Folder C:\Documents and Settings\DORIAN MORIN\Recent\comment cracker les Allo Pass (sexe,argent,jeu,divx,mpg,fraudes,fille, m‚sanges,fente,euro,baise,amusement,pl.doc.lnk not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp\etilqs_FqKaV5XJb9SjmTc0erd8 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01172009_160849

Files moved on Reboot...
File C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp\etilqs_FqKaV5XJb9SjmTc0erd8 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ moved successfully.
File C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ not found!
File C:\Documents and Settings\DORIAN MORIN\Local Settings\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\Cache\_CACHE_001_ not found!
0
Réponse 11 / 63
Utilisateur anonyme
 
Re,

Fait ce que je t'ai demander ICI
0
Réponse 12 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
il m'indique:
hijackthis.exe n'est pas une application Win32 valide
0
Réponse 13 / 63
Utilisateur anonyme
 
Re,

OKI.

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Renomme le au téléchargement en "KILLBAGLE".

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 14 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
voila le rapport fait par combofix

ComboFix 09-01-16.04 - DORIAN MORIN 2009-01-17 17:26:11.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.244 [GMT 1:00]
Lancé depuis: c:\documents and settings\DORIAN MORIN\Bureau\KILLBAGLE.exe
AV: G DATA InternetSecurity 2008 *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\148937.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\164687.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\164718.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\170656.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\177250.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\177296.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\185296.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\185359.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\191750.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\192171.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\193718.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\194890.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\195250.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\198515.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\210703.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\212093.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\212765.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\218671.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\228906.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\230968.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\237921.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\238484.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\239281.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\239484.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\243562.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\243750.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\246796.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\251671.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\254531.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\270859.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\272234.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\273187.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\273671.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\289500.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\306718.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\326281.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\326828.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\326859.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\344359.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\346296.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\346812.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\347734.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\349296.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\349781.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\373593.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\374500.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\374859.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\375421.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\380078.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\394937.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\395000.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\408765.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\410453.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\411375.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\411968.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\412250.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\412718.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\412796.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\413281.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\413328.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\413796.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\414140.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\414187.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\419843.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\420859.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\420921.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\428390.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\429515.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\430125.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\431281.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\432328.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\433015.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\438421.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\439687.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\439718.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\440343.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\440828.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\441312.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\442406.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\443218.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\444437.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\449656.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\455218.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\456093.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\456718.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\465437.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\472671.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\473718.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\474265.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\487781.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\512671.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\516687.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\517203.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\517421.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\525265.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\583343.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\585234.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\586281.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\588718.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\637171.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\638437.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\downld\640078.exe
c:\documents and settings\DORIAN MORIN\Application Data\drivers\srosa2.sys
c:\documents and settings\DORIAN MORIN\Application Data\drivers\winupgro.exe
c:\documents and settings\DORIAN MORIN\Application Data\m\data.oct
c:\documents and settings\DORIAN MORIN\Application Data\m\list.oct
c:\documents and settings\DORIAN MORIN\Application Data\m\shared
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\3Q DVD to PSP Converter 2.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\602Pro PC SUITE 7.1.100.1248.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\AbsoluteShield Internet Eraser Pro 3.65.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Acronis True Image Home 2009 12.0.9646.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Actual Live 7.0.9.32.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\AgataSoft Shutdown Pro 2.9.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Alchemy SDK 0.4a.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\American Glory Screensaver.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Aplus DivX to H.264 1.00.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Apple iPhone DVD Converter 3.22.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Art Appreciation 1.4.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Automatically Push My Buttons 2.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\AutoSysBot 3.03.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Avaide MPEG Converter 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Avira_Antivir_Premium_HBEDV_Serial_Licence.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Berthside 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\BitTorrent Toolbar - TorrentSeek 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Bluescreen 3.2.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Bug Cursors 1.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Cafezee 3.8.5.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Calc Pro 1.6.7.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\CDSurf.Net Professional 3.0.8.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Chronos 1.2.2.5.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\ClockWatch Radio Sync Server 3.0.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\ColorClipse Clock 1.0.0.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Complete Anonymous Internet 1.0.2.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\DataWatch 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Desktop Lock 7.2.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Desktop Netstat 1.3a.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\deviantArtAdsKiller! 0.9.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\DF Encryption Pad 2.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Diode Processor 1185.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\discoDSP Vertigo 2.6.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\DracoSoftware Process Killer 0.9.7.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Drive Folder 7.6.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Dup Filter 2.30.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Dutch Radar Widget 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\EA.Mobile.The.Simpsons.Minutes.To.Meltdown.v4.1.79.S60v2.webpleasure.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Easiestutils Video to Zune Converter 2.9.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\ERC (Email Redirecting Client) 2.02.01.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Exilty 0.86.7.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\F-Prot.Antivirus.para.Windows.3.14a.espa%C3%B1ol.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\False Teeth.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\File by OCR 1.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\File Renamer Basic 5.0.5.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\File Valet 1.2.1.5.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Folder Customiser 2.0.5.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Folder Pilot 1.00.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Forewave Audio Converter 2.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Freewire TV 2.1.2.0 Beta.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\GoogImager Browser 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Handy Recovery 4.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\HP0-242 Practice Exam Testing Software 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\IdealWeightCalculator 1.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\IE Flower 1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\IFAebook 8.6.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\iFolder 3.2.5347.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\imgcnvrt.dll - Image Converter DLL 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\inCard 1.1.0.55.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\InstantLyric 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\inStep 1.4.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\iSeeSong Player 2.5.1.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\iWellsoft Audio to AMR MP3 AAC AC3 Converter 1.6.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\JSpecView 1.0.20060627-2100.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Just Watching 2.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Kaspersky.Anti-Virus.2006.Keys.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\LI Matrix calculator 1.6.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\LottoRocket 5.05.03.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\macedonia toolbar for IE 4.5.132.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\MBRtool 2.2.100.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\McAfee.AntiSpyware.v2.0.0.167-ZWT.[nfoil.com].[WarezFaw.Com].zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\MemoryCards 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Morgan Stream Switcher v0.99.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Mp3Works 1.00.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Navier 1.03.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Neuron Visual Java 1.0 b6.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\NGM 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\NHL Team Schedule 1.6.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Nocturnal Elusions 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Norpath Elements Studio 3.2 build 390.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\NTFS Streams Info 2.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Obsidian 1.04.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Off The Road Winch Load Calculator 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Oracle Delete (Remove) Duplicate Entries Software 7.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Password Policy Manager 1.0.0.26.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\PDF4U Pro 2.00.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Personal Budgeting Tool 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Personal Inventory Organiser 2.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\PictoGrab 1.1.2.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Pismo Trace Monitor SDK 1.0.0 Build 045.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\ProofGoogler.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Protected Storage PassView 1.63.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Protocol Reader 1.0.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\QMR.FM Radio Player 1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\QRYCLIENTIP 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Reeves Photo Assistant 1.0 Build 2006-06-03-1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Resolve for Alcra-B 1.07.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\RevLib PDF Edition 1.4.8.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\River Past Crazi Video for Blackberry 2.7.16.1904.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\RM-X Mov To DivX 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Seekyou 4.32.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Serial.Avg.7.Free.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Simplest Clock Screensaver 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\SmartAudio Console 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\SpyDefy 2.0.291.725.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\StarCauldron 14.3.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Starry Night 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Stock Explorer 1.2.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\SuperStorm 1.5.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Superversion French PPC 3.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Swiftpage for Lotus Notes 1.7.3.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Symantec Mail Security v4.6 Server for MS Exchange Crack - Keygen - Serial.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Symantec.Norton.Ghost.2003.ITA.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Synclosure 0.1.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Tiger Envelopes 0.8.9.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Toon Filter 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Trustix AntiVirus 2005 Edition.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\TSLogins 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\TurboVBLite 3.3.6.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\UK Map Locator 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Undelete for Floppy 2.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Unerase for NTFS 2.7.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\usingGuestBook 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\VRMultimedia.dll 1.0.2227.41406.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Winrental 868.00.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Withes Tarot 1.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\shared\Zip-I-Mage 2.0.zip
c:\documents and settings\DORIAN MORIN\Application Data\m\srvlist.oct
c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
c:\program files\Neuf\Media Center\MediaCenter.exe
c:\windows\system32\a.bat
c:\windows\system32\mdelk.exe
c:\windows\system32\win32.dll
c:\windows\system32\wintems.exe
c:\documents and settings\DORIAN MORIN\Application Data\m . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 ))))))))))))))))))))))))))))))))))))
.

2009-01-17 17:07 . 2009-01-17 17:07 <REP> d-------- C:\32788R22FWJFW.0.tmp
2009-01-17 16:48 . 2009-01-17 16:48 <REP> d-------- c:\program files\Trend Micro
2009-01-17 16:08 . 2009-01-17 16:08 <REP> d-------- C:\_OTMoveIt
2009-01-17 11:48 . 2009-01-17 17:33 <REP> d--h----- c:\documents and settings\DORIAN MORIN\Application Data\m
2009-01-17 11:38 . 2009-01-17 17:40 <REP> d--h----- c:\documents and settings\DORIAN MORIN\Application Data\drivers
2009-01-17 01:46 . 2009-01-17 13:46 <REP> d-------- c:\program files\FindyKill
2009-01-16 21:40 . 2009-01-16 21:40 <REP> d-------- c:\windows\system32\Kaspersky Lab
2008-12-20 14:29 . 2008-12-20 14:29 <REP> d-------- c:\program files\Bonjour
2008-12-18 23:55 . 2009-01-17 17:42 <REP> d-------- c:\documents and settings\DORIAN MORIN\Tracing
2008-12-18 23:25 . 2008-12-18 23:25 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-18 23:25 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2008-12-18 23:23 . 2008-12-18 23:23 <REP> d-------- c:\program files\Microsoft Sync Framework
2008-12-18 23:21 . 2008-12-18 23:21 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-18 23:21 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-18 23:15 . 2008-12-18 23:15 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-18 23:15 . 2008-12-18 23:25 <REP> d-------- c:\program files\Microsoft
2008-12-18 23:07 . 2008-12-18 23:07 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-17 00:23 . 2008-12-17 00:23 <REP> d-------- c:\program files\EasyFlirt Messenger

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 14:49 --------- d-----w c:\program files\TuneUp Utilities 2008
2009-01-16 18:52 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-16 16:09 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-16 12:34 --------- d-----w c:\program files\eMule
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-06 10:19 --------- d-----w c:\program files\DivX
2008-12-29 17:03 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 22:25 --------- d-----w c:\program files\Windows Live
2008-12-13 06:37 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-29 14:43 --------- d-----w c:\documents and settings\DORIAN MORIN\Application Data\Apple Computer
2008-11-29 14:33 --------- d-----w c:\program files\Safari
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-21 19:56 --------- d-----w c:\program files\iTunes
2008-11-21 19:56 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 19:55 --------- d-----w c:\program files\iPod
2008-11-21 19:55 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-21 19:50 --------- d-----w c:\program files\QuickTime
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-04-21 19:08 39,136 ----a-w c:\documents and settings\DORIAN MORIN\Application Data\GDIPFONTCACHEV1.DAT
2008-04-21 12:04 39,136 ----a-w c:\documents and settings\MARIE ROUXEL\Application Data\GDIPFONTCACHEV1.DAT
2008-08-06 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080620080807\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-17 1833296]
"AOL"="c:\progra~1\AOL9~1.0VR\aol.exe" [2007-06-21 50480]
"AOL Fast Start"="c:\progra~1\AOL9~1.0VR\AOL.EXE" [2007-06-21 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-12-17 3059712]
"HostManager"="c:\program files\Fichiers communs\AOL\1209822846\ee\AOLSoftware.exe" [2006-09-26 50736]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-01-17 81000]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL]
--a------ 2007-06-21 12:44 50480 c:\progra~1\AOL9~1.0VR\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2007-06-21 12:44 50480 c:\progra~1\AOL9~1.0VR\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-26 01:52 50736 c:\program files\Fichiers communs\aol\1209822846\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-12-02 22:41 3882312 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steekup]
--a------ 2007-01-04 13:51 7952048 c:\program files\Steek\Steekup\Steekup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steekup"="C:/Program Files/Steek/Steekup/Steekup.exe" /delayed
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EPSON Stylus CX6400"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0L2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\GetData\\Recover My Files\\RecoverMyFiles.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=

R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-18 55136]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S1 aswSP;avast! Self Protection; [x]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-23 33752]
S4 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - SROSA
*Deregistered* - srosa

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'

2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-17 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
HKCU-Run-Neuf Media Center - c:\program files\Neuf\Media Center\MediaCenter.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1231966182&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FInboxLight.aspx%3FFolderID%3D00000000-0000-0000-0000-000000000001%26InboxSortAscending%3DFalse%26InboxSortBy%3DDate%26n%3D1942590590&id=64855
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
Trusted Zone: www.5-a-7.com
Trusted Zone: www.sexfunlove.com
FF - ProfilePath - c:\documents and settings\DORIAN MORIN\Application Data\Mozilla\Firefox\Profiles\yq6t7akl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 17:41:43
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

c:\documents and settings\DORIAN MORIN\Application Data\m\flec006.exe [2520] 0x825952D0

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\system32\winupgro.exe 3588 bytes executable
c:\documents and settings\DORIAN MORIN\Application Data\drivers\wfsintwq.sys 121548 bytes executable
c:\documents and settings\DORIAN MORIN\Application Data\m\flec006.exe 95027 bytes executable

Scan terminé avec succès
Fichiers cachés: 3

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="c:\\Documents and Settings\\DORIAN MORIN\\Application Data\\drivers\\winupgro.exe"
"german.exe"="c:\\WINDOWS\\system32\\wintems.exe"
"mule_st_key"="c:\\Documents and Settings\\DORIAN MORIN\\Application Data\\m\\flec006.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srosa]
"ImagePath"="\??\c:\documents and settings\DORIAN MORIN\Application Data\drivers\wfsintwq.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\netdde.exe
c:\program files\Fichiers communs\aol\acs\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\clipsrv.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\AOL9~1.0VR\waol.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\aol\1209822846\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\progra~1\AOL9~1.0VR\shellmon.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2009-01-17 18:01:51 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-17 17:01:32

Avant-CF: 43 331 629 056 octets libres
Après-CF: 43,179,737,088 octets libres

467 --- E O F --- 2009-01-14 13:07:51

un grand merci pour ton aide
0
Réponse 15 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
un programme nommée flec006 a voulu se connecter j'ai pu le bloquer avec le pare feu mais je ne connais pas ce programme est ce un nuisible encore, tu le connait?
0
Réponse 16 / 63
Utilisateur anonyme
 
Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :


:files
c:\documents and settings\dorian morin\application data\drivers\winupgro.exe
c:\documents and settings\dorian morin\application data\m\shared\imgcnvrt.dll
c:\documents and settings\dorian morin\application data\m\shared\vrmultimedia.dll
c:\windows\system32\mdelk.exe
c:\windows\system32\win32.dll
c:\windows\system32\wintems.exe
c:\documents and settings\dorian morin\application data\m\flec006.exe

:commands
[purity]
[emptytemp]
[reboot]


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 17 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
voila de nouveau rapport

========== FILES ==========
File/Folder c:\documents and settings\dorian morin\application data\drivers\winupgro.exe not found.
File/Folder c:\documents and settings\dorian morin\application data\m\shared\imgcnvrt.dll not found.
File/Folder c:\documents and settings\dorian morin\application data\m\shared\vrmultimedia.dll not found.
File/Folder c:\windows\system32\mdelk.exe not found.
File/Folder c:\windows\system32\win32.dll not found.
File/Folder c:\windows\system32\wintems.exe not found.
File move failed. c:\documents and settings\dorian morin\application data\m\flec006.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp\etilqs_g67ucfTT1ZQfxtiEnl57 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01172009_182655

Files moved on Reboot...
File move failed. c:\documents and settings\dorian morin\application data\m\flec006.exe scheduled to be moved on reboot.
File C:\DOCUME~1\DORIAN~1\LOCALS~1\Temp\etilqs_g67ucfTT1ZQfxtiEnl57 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
0
Réponse 18 / 63
Utilisateur anonyme
 
Re,

fait hijackthis .
0
Réponse 19 / 63
DORIANGF Messages postés 59 Statut Membre 1
 
comme precedent il me note
hijackthis.exe n'est pas une application Win32 valide
0
Réponse 20 / 63
Utilisateur anonyme
 
Re,

Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

Mets le à jour

▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait

▶ clique sur Rechercher

▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Tutoriel pour MalwareByte's
0