Win.32.bagle.suq@mm

Résolu
Dewi007 Messages postés 138 Statut Membre -  
Dewi007 Messages postés 138 Statut Membre -
Bonjour,
mon PC est infecté par Win32.bagle.suq@mm.
Après avoir fouillé dans les posts, j'ai utilisé EliBagle, puis BitDefender.
Voici les rapports:
-pour EliBagle:

Wed Feb 04 21:26:01 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\465781.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\771187.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1227750.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1482125.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1544500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\15675609.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\16245234.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\16514718.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\16866078.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\17250609.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\242703.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\32009234.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\36353546.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\399312.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\424093.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\597828.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\606421.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\622390.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\913359.EXE --> Eliminado Bagle

Wed Feb 04 21:27:51 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Eliminada Carpeta "%WinSys%\Drivers\Down"
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:12 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Wed Feb 04 21:28:19 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Wed Feb 04 21:28:28 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\1073625.EXE.Muestra EliBagle v12.18
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1073625.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:40 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:42 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:28:49 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:51 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:28:58 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:01 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:08 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:12 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:18 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:27 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:30 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:37 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:47 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:50 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:57 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:00 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:08 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:11 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:19 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:22 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:30 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:33 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:42 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:45 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:53 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:56 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:31:05 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:08 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:31:18 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:20 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:31:30 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:40 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:49 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:52 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:01 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:04 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:14 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:17 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:26 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:29 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:40 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:43 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:52 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:55 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:35:49 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:35:51 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:56:23 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\2262062.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:56:31 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:56:33 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Thu Feb 05 20:26:57 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Feb 05 20:27:00 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3203
Nº Total de Ficheros: 42307
Nº de Ficheros Analizados: 10557
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Thu Feb 05 20:32:22 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3203
Nº Total de Ficheros: 42305
Nº de Ficheros Analizados: 10556
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Désolé, c'est en espagnol.

-pour BitDefender:
BitDefender Online Scanner

Rapport d'analyse généré à: Thu, Feb 05, 2009 - 21:40:20

Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistiques

Temps
00:37:22

Fichiers
75938

Directoires
3215

Secteurs de boot
0

Archives
880

Paquets programmes
5707

Résultats

Virus identifiés
4

Fichiers infectés
21

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
21

Info sur les moteurs

Définition virus
2639975

Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins
17

Archive des plugins
45

Unpack des plugins
7

E-mail plugins
6

Système plugins
4

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000182.sys
Infecté par: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000182.sys
Echec de la désinfection

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000182.sys
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000191.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000191.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000194.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000194.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000195.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000195.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000196.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000196.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000197.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000197.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000198.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000198.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000199.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000199.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000200.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000200.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000201.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000201.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000202.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000202.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000203.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000203.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000204.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000204.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000205.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000205.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000206.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000206.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000207.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000207.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000208.exe
Infecté par: Win32.Bagle.2678

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000208.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000209.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000209.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000216.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000216.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000217.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000217.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000243.exe
Infecté par: DeepScan:Generic.Bagle.A9502F49

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000243.exe
Echec de la désinfection

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000243.exe
Supprimé

Que dois-je faire de plus pour être définitivement débarrassé de ce virus ?

Merci de votre aide.
Configuration: Windows XP
Internet Explorer 7.0

41 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Win32.bagle.suq@mm est l'infection détectée; les rapports décrivent l'emploi consécutif d'EliBagle puis BitDefender afin d'analyser, neutraliser les composants malveillants et nettoyer le système présent sur le poste. Des actions d'EliBagle ont bloqué l'accès, supprimé de nombreux fichiers Bagle et rootkit; des composants comme des dldr ont été éliminés, le répertoire Down supprimé et des clés SafeBoot Minimal et Network restaurées. Des indications répétées soulignent qu'un redémarrage est nécessaire pour finaliser le nettoyage et que certains éléments, notamment des drivers et le répertoire Down, ont été restaurés ou supprimés au cours du processus. Une étape supplémentaire mentionnée est l'envoi d'un échantillon du fichier infecté, C:\Muestras\1073625.EXE.Muestra, à virus@satinfo.es pour analyse et la consolidation des informations recueillies pour améliorer les défenses.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Bonjour,

    Télécharge FindyKill de ( Chiquitine29 )
    http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

    Important : Installe le sur le bureau

    Supprime Elibagla si tu l’as téléchargé ( risque de conflit entre les deux outils )

    --> Lance l' installation avec les paramètres par defaut
    --> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

    --> Double clic sur le raccourci FindyKill sur ton bureau
    --> Au menu principal,choisis l'option 1 (Recherche)

    --> Poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

    A+
    0
  2. Dewi007 Messages postés 138 Statut Membre
     
    Voici le rapport:

    ###################### [ FindyKill V4.715 ]

    # User : David - THO
    # Emplacement : C:\Program Files\FindyKill
    # Outils Mis a jours 29/01/09 par Chiquitine29
    # Recherche effectuée à 22:13:53 le 05/02/2009
    # Windows XP - Internet Explorer 7.0.5730.13

    # [ FindyKill V4.715 - Scan ] ##############

    \\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\wintems.exe
    C:\Documents and Settings\David\Application Data\m\flec006.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\explorer.exe

    \\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////

    "C:\WINDOWS\system32\wintems.exe" (580)
    "C:\Documents and Settings\David\Application Data\m\flec006.exe" (1872)

    \\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////

    ################## [ C:\ ]

    Found ! [05/02/2009 22:10] - "C:\Muestras"
    Found ! [05/02/2009 21:56] - C:\InfoSat.txt

    ################## [ C:\WINDOWS ]

    ################## [ C:\WINDOWS\Prefetch ]

    Found ! - C:\WINDOWS\prefetch\1073625.EXE-378C4BF2.pf
    Found ! - C:\WINDOWS\prefetch\1083468.EXE-0A8D4DC4.pf
    Found ! - C:\WINDOWS\prefetch\1193562.EXE-178D235A.pf
    Found ! - C:\WINDOWS\prefetch\1264812.EXE-300B6FE7.pf
    Found ! - C:\WINDOWS\prefetch\1321062.EXE-32C2F445.pf
    Found ! - C:\WINDOWS\prefetch\1441218.EXE-1B06FBBB.pf
    Found ! - C:\WINDOWS\prefetch\1445421.EXE-2C250D53.pf
    Found ! - C:\WINDOWS\prefetch\1482125.EXE-01F8725D.pf
    Found ! - C:\WINDOWS\prefetch\1544500.EXE-2A9F550A.pf
    Found ! - C:\WINDOWS\prefetch\15595671.EXE-19D6BA2D.pf
    Found ! - C:\WINDOWS\prefetch\15675609.EXE-2B46263C.pf
    Found ! - C:\WINDOWS\prefetch\15999078.EXE-00F9B70E.pf
    Found ! - C:\WINDOWS\prefetch\16072750.EXE-3821981A.pf
    Found ! - C:\WINDOWS\prefetch\16245234.EXE-290D1B17.pf
    Found ! - C:\WINDOWS\prefetch\16435000.EXE-0D669A77.pf
    Found ! - C:\WINDOWS\prefetch\1645890.EXE-1BD69AD7.pf
    Found ! - C:\WINDOWS\prefetch\16510046.EXE-3B5EF7D6.pf
    Found ! - C:\WINDOWS\prefetch\16514718.EXE-0EED4681.pf
    Found ! - C:\WINDOWS\prefetch\16519718.EXE-1C93753C.pf
    Found ! - C:\WINDOWS\prefetch\16700500.EXE-115D0320.pf
    Found ! - C:\WINDOWS\prefetch\16710609.EXE-2306F4DD.pf
    Found ! - C:\WINDOWS\prefetch\16775765.EXE-2BA8F5D7.pf
    Found ! - C:\WINDOWS\prefetch\16829250.EXE-35B71D98.pf
    Found ! - C:\WINDOWS\prefetch\16866078.EXE-20977EA8.pf
    Found ! - C:\WINDOWS\prefetch\16952953.EXE-3763C11E.pf
    Found ! - C:\WINDOWS\prefetch\1714687.EXE-16C7D991.pf
    Found ! - C:\WINDOWS\prefetch\17250609.EXE-3708E76C.pf
    Found ! - C:\WINDOWS\prefetch\2064375.EXE-373797D2.pf
    Found ! - C:\WINDOWS\prefetch\213171.EXE-08C53C27.pf
    Found ! - C:\WINDOWS\prefetch\2262062.EXE-21484537.pf
    Found ! - C:\WINDOWS\prefetch\2360500.EXE-2E6D43DF.pf
    Found ! - C:\WINDOWS\prefetch\242703.EXE-004200E9.pf
    Found ! - C:\WINDOWS\prefetch\31955968.EXE-32448A15.pf
    Found ! - C:\WINDOWS\prefetch\32009234.EXE-04C40D3E.pf
    Found ! - C:\WINDOWS\prefetch\346781.EXE-1838B1BE.pf
    Found ! - C:\WINDOWS\prefetch\35933093.EXE-321C1839.pf
    Found ! - C:\WINDOWS\prefetch\36072625.EXE-2F1E12DD.pf
    Found ! - C:\WINDOWS\prefetch\36219593.EXE-02C4B30C.pf
    Found ! - C:\WINDOWS\prefetch\36353546.EXE-26CE414F.pf
    Found ! - C:\WINDOWS\prefetch\366359.EXE-38EDDF9E.pf
    Found ! - C:\WINDOWS\prefetch\399312.EXE-23A77427.pf
    Found ! - C:\WINDOWS\prefetch\400343.EXE-15E47CF4.pf
    Found ! - C:\WINDOWS\prefetch\424093.EXE-012B3755.pf
    Found ! - C:\WINDOWS\prefetch\503390.EXE-22EFC096.pf
    Found ! - C:\WINDOWS\prefetch\546218.EXE-2D4E4358.pf
    Found ! - C:\WINDOWS\prefetch\550218.EXE-05ED32AD.pf
    Found ! - C:\WINDOWS\prefetch\597828.EXE-053173CC.pf
    Found ! - C:\WINDOWS\prefetch\606421.EXE-3372BBF7.pf
    Found ! - C:\WINDOWS\prefetch\609906.EXE-2EDD2165.pf
    Found ! - C:\WINDOWS\prefetch\622390.EXE-0C691474.pf
    Found ! - C:\WINDOWS\prefetch\650140.EXE-2237F5EE.pf
    Found ! - C:\WINDOWS\prefetch\807515.EXE-2BF10E68.pf
    Found ! - C:\WINDOWS\prefetch\913359.EXE-1CC48BFC.pf
    Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-16BCD688.pf
    Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
    Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-00B28C46.pf
    Found ! - C:\WINDOWS\Prefetch\PATCH.EXE-1A6CEA50.pf

    ################## [ C:\WINDOWS\system32 ]

    Found ! [04/02/2009 21:50] - C:\WINDOWS\system32\mdelk.exe
    Found ! [04/02/2009 21:50] - C:\WINDOWS\system32\wintems.exe
    Found ! [05/02/2009 22:01] - C:\WINDOWS\system32\ban_list.txt

    ################## [ C:\WINDOWS\system32\drivers ]

    ################## [ C:\Documents and Settings\David\Application Data ]

    Found ! [04/02/2009 21:20] - "C:\Documents and Settings\David\Application Data\m\flec006.exe"
    Found ! [05/02/2009 21:10] - "C:\Documents and Settings\David\Application Data\m\shared"
    Found ! [05/02/2009 21:55] - "C:\Documents and Settings\David\Application Data\m"
    Found ! [04/02/2009 21:26] - "C:\Documents and Settings\David\Application Data\drivers"
    Found ! [04/02/2009 21:10] - "C:\Documents and Settings\David\Application Data\drivers\wfsintwq.sys"
    Found ! [07/01/2006 05:08] - "C:\Documents and Settings\David\Application Data\drivers\winupgro.exe"
    Found ! [04/02/2009 21:56] - "C:\Documents and Settings\David\Application Data\drivers\downld"

    ################## [ C:\DOCUME~1\David\LOCALS~1\Temp ]

    \\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

    \\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////

    Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\msnmsgr
    Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\FirtR
    Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\MuleAppData
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
    Found ! - HKEY_CURRENT_USER\Software\FirtR
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
    Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

    /!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
    /!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

    \\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

    # Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - # Type de démarrage = 4

    EapHost - # Type de démarrage = 3

    /!\ Ip6Fw - # Type de démarrage = 4

    SharedAccess - # Type de démarrage = 2

    wuauserv - # Type de démarrage = 2

    /!\ wscsvc - # Type de démarrage = 4

    \\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////

    # Informations :

    C: - Lecteur fixe

    # presence des fichiers :

    \\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////

    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e4cdb0-9244-11dd-8366-00e0a66641e1}\Shell\AutoRun\command
    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ec3b-99ab-11dd-837c-00e0a66641e1}\Shell\AutoRun\command
    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f979b59c-c10f-11dd-8404-00e0a66641e1}\Shell\AutoRun\command

    ################## [ ! Fin du rapport # FindyKill V4.715 ! ]
    0
  3. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

    --> Double clic sur le raccourci FindyKill sur ton bureau
    --> Au menu principal,choisi l'option 2 (Suppression)

    /!\ Le pc va redémarrer, laisse travailler l'outil jusqu'à l apparition du message "nettoyage effectué"
    /!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

    Ensuite poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
    0
  4. Dewi007 Messages postés 138 Statut Membre
     
    Rapport:

    ###################### [ FindyKill V4.715 ]

    # User : David - THO
    # Executed from : C:\Program Files\FindyKill
    # Update on 29/01/09Nby Chiquitine29
    # Start at 22:28:16 the 05/02/2009
    # Windows XP - Internet Explorer 7.0.5730.13

    # [ FindyKill V4.715 - Deleting ] ###############

    \\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe

    \\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

    ################## [ C:\ ]

    Deleted ! - C:\InfoSat.txt

    ################## [ C:\WINDOWS ]

    ################## [ C:\WINDOWS\Prefetch ]

    Deleted ! - C:\WINDOWS\prefetch\1073625.EXE-378C4BF2.pf
    Deleted ! - C:\WINDOWS\prefetch\1083468.EXE-0A8D4DC4.pf
    Deleted ! - C:\WINDOWS\prefetch\1193562.EXE-178D235A.pf
    Deleted ! - C:\WINDOWS\prefetch\1264812.EXE-300B6FE7.pf
    Deleted ! - C:\WINDOWS\prefetch\1321062.EXE-32C2F445.pf
    Deleted ! - C:\WINDOWS\prefetch\1441218.EXE-1B06FBBB.pf
    Deleted ! - C:\WINDOWS\prefetch\1445421.EXE-2C250D53.pf
    Deleted ! - C:\WINDOWS\prefetch\1482125.EXE-01F8725D.pf
    Deleted ! - C:\WINDOWS\prefetch\1544500.EXE-2A9F550A.pf
    Deleted ! - C:\WINDOWS\prefetch\15595671.EXE-19D6BA2D.pf
    Deleted ! - C:\WINDOWS\prefetch\15675609.EXE-2B46263C.pf
    Deleted ! - C:\WINDOWS\prefetch\15999078.EXE-00F9B70E.pf
    Deleted ! - C:\WINDOWS\prefetch\16072750.EXE-3821981A.pf
    Deleted ! - C:\WINDOWS\prefetch\16245234.EXE-290D1B17.pf
    Deleted ! - C:\WINDOWS\prefetch\16435000.EXE-0D669A77.pf
    Deleted ! - C:\WINDOWS\prefetch\1645890.EXE-1BD69AD7.pf
    Deleted ! - C:\WINDOWS\prefetch\16510046.EXE-3B5EF7D6.pf
    Deleted ! - C:\WINDOWS\prefetch\16514718.EXE-0EED4681.pf
    Deleted ! - C:\WINDOWS\prefetch\16519718.EXE-1C93753C.pf
    Deleted ! - C:\WINDOWS\prefetch\16700500.EXE-115D0320.pf
    Deleted ! - C:\WINDOWS\prefetch\16710609.EXE-2306F4DD.pf
    Deleted ! - C:\WINDOWS\prefetch\16775765.EXE-2BA8F5D7.pf
    Deleted ! - C:\WINDOWS\prefetch\16829250.EXE-35B71D98.pf
    Deleted ! - C:\WINDOWS\prefetch\16866078.EXE-20977EA8.pf
    Deleted ! - C:\WINDOWS\prefetch\16952953.EXE-3763C11E.pf
    Deleted ! - C:\WINDOWS\prefetch\1714687.EXE-16C7D991.pf
    Deleted ! - C:\WINDOWS\prefetch\17250609.EXE-3708E76C.pf
    Deleted ! - C:\WINDOWS\prefetch\2064375.EXE-373797D2.pf
    Deleted ! - C:\WINDOWS\prefetch\213171.EXE-08C53C27.pf
    Deleted ! - C:\WINDOWS\prefetch\2262062.EXE-21484537.pf
    Deleted ! - C:\WINDOWS\prefetch\2360500.EXE-2E6D43DF.pf
    Deleted ! - C:\WINDOWS\prefetch\242703.EXE-004200E9.pf
    Deleted ! - C:\WINDOWS\prefetch\31955968.EXE-32448A15.pf
    Deleted ! - C:\WINDOWS\prefetch\32009234.EXE-04C40D3E.pf
    Deleted ! - C:\WINDOWS\prefetch\346781.EXE-1838B1BE.pf
    Deleted ! - C:\WINDOWS\prefetch\35933093.EXE-321C1839.pf
    Deleted ! - C:\WINDOWS\prefetch\36072625.EXE-2F1E12DD.pf
    Deleted ! - C:\WINDOWS\prefetch\36219593.EXE-02C4B30C.pf
    Deleted ! - C:\WINDOWS\prefetch\36353546.EXE-26CE414F.pf
    Deleted ! - C:\WINDOWS\prefetch\366359.EXE-38EDDF9E.pf
    Deleted ! - C:\WINDOWS\prefetch\399312.EXE-23A77427.pf
    Deleted ! - C:\WINDOWS\prefetch\400343.EXE-15E47CF4.pf
    Deleted ! - C:\WINDOWS\prefetch\424093.EXE-012B3755.pf
    Deleted ! - C:\WINDOWS\prefetch\503390.EXE-22EFC096.pf
    Deleted ! - C:\WINDOWS\prefetch\546218.EXE-2D4E4358.pf
    Deleted ! - C:\WINDOWS\prefetch\550218.EXE-05ED32AD.pf
    Deleted ! - C:\WINDOWS\prefetch\597828.EXE-053173CC.pf
    Deleted ! - C:\WINDOWS\prefetch\606421.EXE-3372BBF7.pf
    Deleted ! - C:\WINDOWS\prefetch\609906.EXE-2EDD2165.pf
    Deleted ! - C:\WINDOWS\prefetch\622390.EXE-0C691474.pf
    Deleted ! - C:\WINDOWS\prefetch\650140.EXE-2237F5EE.pf
    Deleted ! - C:\WINDOWS\prefetch\807515.EXE-2BF10E68.pf
    Deleted ! - C:\WINDOWS\prefetch\913359.EXE-1CC48BFC.pf
    Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-16BCD688.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
    Deleted ! - C:\WINDOWS\prefetch\PATCH.EXE-1A6CEA50.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
    Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-00B28C46.pf

    ################## [ C:\WINDOWS\system32 ]

    Deleted ! - C:\WINDOWS\system32\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\wintems.exe
    Deleted ! - C:\WINDOWS\system32\ban_list.txt

    ################## [ C:\WINDOWS\system32\drivers ]

    ################## [ C:\Documents and Settings\David\Application Data ]

    Deleted ! - "C:\Documents and Settings\David\Application Data\m\flec006.exe"
    Deleted ! - "C:\Documents and Settings\David\Application Data\m\shared"
    Deleted ! - "C:\Documents and Settings\David\Application Data\m"
    Deleted ! - "C:\Documents and Settings\David\Application Data\drivers\wfsintwq.sys"
    Deleted ! - "C:\Documents and Settings\David\Application Data\drivers\winupgro.exe"
    Deleted ! - "C:\Documents and Settings\David\Application Data\drivers\downld"
    Deleted ! - "C:\Documents and Settings\David\Application Data\drivers"

    ################## [ C:\DOCUME~1\David\LOCALS~1\Temp ]

    ################## [ C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5 ]

    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_2[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_3[3].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[3].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[4].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\file[1].txt
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[4].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[5].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_6[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_6[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_6[3].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_1[3].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_1[4].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\mxd[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\mxd[3].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\servernames[1].htm
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64[3].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_1[2].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_2[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_6[1].jpg

    \\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_CURRENT_USER\Software\FirtR
    Deleted ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\msnmsgr
    Deleted ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
    Deleted ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\MuleAppData

    \\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - # Type of startup = 3

    EapHost - # Type of startup = 2

    Ip6Fw - # Type of startup = 2

    SharedAccess - # Type of startup = 2

    wuauserv - # Type of startup = 2

    wscsvc - # Type of startup = 2

    \\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

    # Informations :

    C: - Lecteur fixe

    # deleting files :

    \\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e4cdb0-9244-11dd-8366-00e0a66641e1}\Shell\AutoRun\command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ec3b-99ab-11dd-837c-00e0a66641e1}\Shell\AutoRun\command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f979b59c-c10f-11dd-8404-00e0a66641e1}\Shell\AutoRun\command

    \\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

    Références de comparaison Bagle MD5 :

    17943dcf C:\Documents and Settings\David\Application Data\drivers\winupgro.exe
    f901975df1c7e8638d08a0f0f11c823d C:\Documents and Settings\David\Application Data\drivers\winupgro.exe

    \\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

    C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\CALL\keygen+nocd
    C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\CALL\keygen+nocd\Call Of Duty Keygen.exe
    C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\CALL\keygen+nocd\codsp.exe
    C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\Call Of Duty La Grande Offensive (ADD ON) PC-CCD-ISO-2CDS Version Fr Int‚grale + Cover DVD Par Selfa\Serial\keygen+nocd call of duty
    C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\Call Of Duty La Grande Offensive (ADD ON) PC-CCD-ISO-2CDS Version Fr Int‚grale + Cover DVD Par Selfa\Serial\keygen+nocd call of duty\Call Of Duty Keygen.exe
    C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\Call Of Duty La Grande Offensive (ADD ON) PC-CCD-ISO-2CDS Version Fr Int‚grale + Cover DVD Par Selfa\Serial\keygen+nocd call of duty\codsp.exe
    C:\Program Files\eMule\Incoming\Call Of Duty Fr - Pc Iso - Cd1 Cd2 - Keygen Nocd -Par 357 Mag Le Gitan.rar
    C:\Program Files\eMule\Incoming\explications.installation.call.of.duty.la.grande.offensive.crack.nocd.serial.by.rar
    C:\Program Files\eMule\Incoming\[PC GAME] Worms 3D + crack.zip

    ################## [ ! End of report # ! ]
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    L'infection qui a touché ton PC est du aux cracks et keygens que tu as téléchargé.
    Supprime les.

    1) Installe la console de récupération .
    Fais ceci :
    Démarrer --> Exécuter --> tape c:\i386\winnt32.exe /cmdcons

    2) Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Lance Combofix.exe et suis les invites.<
    Il te sera demandé d’installer la console de récupération comme sur le lien suivant :

    Il est possible que ComBoFix redémarre l’ordinateur pour supprimer certains fichiers.

    déconnecte toi du net.
    Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
    Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.

    Une fois le scan fini, un rapport va apparaitre.
    Copie/colle ce rapport dans ta prochaine réponse.
    Si tu ne le trouves pas, il est à C:\ComboFix.txt.

    A+
    0
  7. Dewi007 Messages postés 138 Statut Membre
     
    Impossible d'installer la console de récupération: "c:\i386 fait référence à un emplacement non disponible..."
    Je lance Combofix quand même ?
    0
  8. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    On va installer la console de récupération d'une autre manière.

    Choisis le lien suivant ta version de XP ( familiale ou professionnelle ) :

    Windows XP Édition familiale
    http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464&displaylang=fr
    Windows XP Professionnel
    http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=fr

    Télécharges la console sur ton bureau ( Important ).

    Glisse/Dépose ce fichier sur l'icone de ComBoFix.
    Regarde le lien suivant si tu ne sais pas ce qu'est un Glisser/Déposer
    http://img.bleepingcomputer.com/combofix/usage/rc.gif

    Ceci va lancer Combofix.
    Suis les invites et poste le rapport une fois fini le scan.

    A+
    0
  9. Dewi007 Messages postés 138 Statut Membre
     
    ComBoFix émet un message d'alerte comme quoi le scanner en temps réel d'avast est actif et peut perturber l'analyse.
    Comment arrêter Avast ? (il n'apparait plus dans la barre de taches et ne fonctionne plus depuis l'arrivée du virus)
    0
  10. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Attends un instant, je fais les recherches sur les processus à arrêter.

    A+
    0
  11. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Ouvre le gestionnaire de taches ( appuie simultanément sur CTRL+ALT+SUPP )
    dans l'onglet processus, sélectionne les fichiers suivants et tu les arrêtes l'un après l'autre ( click droit sur le fichier --> terminer le processus )

    ashDisp.exe
    aswUpdSv.exe
    ashServ.exe
    ashMaiSv.exe
    ashWebSv.exe


    Si cela ne marche pas, on essaiera d'une autre manière.

    A+
    0
  12. Dewi007 Messages postés 138 Statut Membre
     
    Je n'ai aucun de ces processus !
    0
  13. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Lance ComboFix sans la console.

    Vu que le bagle a été nettoyé, il ne devrait pas y avoir de problème.

    A+
    0
  14. Dewi007 Messages postés 138 Statut Membre
     
    Quand j'ai lancé Combofix, il m'a proposé d'installer la console. Ce qui a été fait.
    Voici le rapport:
    ComboFix 09-02-05.02 - David 2009-02-05 23:33:14.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.296 [GMT -10:00]
    Lancé depuis: c:\documents and settings\David\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\David\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    AV: avast! antivirus 4.8.1296 [VPS 090202-1] *On-access scanning enabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
    c:\documents and settings\LocalService\Application Data\twain_32
    c:\documents and settings\LocalService\Application Data\twain_32\user.ds
    c:\documents and settings\NetworkService\Application Data\twain_32
    c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
    c:\windows\system32\twain_32
    c:\windows\system32\twain_32\local.ds
    c:\windows\system32\twain_32\user.ds
    c:\windows\system32\twain_32\user.ds.cla

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-05 22:13 . 2009-02-05 22:36 <REP> d-------- c:\program files\FindyKill
    2009-02-03 20:55 . 2009-02-03 20:55 <REP> d-------- c:\windows\system32\Kaspersky Lab
    2009-02-03 07:50 . 2009-02-05 21:02 <REP> d-------- c:\windows\BDOSCAN8
    2009-02-03 06:51 . 2009-02-03 06:51 <REP> d-------- c:\program files\AxBx
    2009-02-02 20:26 . 2009-02-04 21:53 <REP> d-------- c:\documents and settings\David\.housecall6.6
    2009-02-02 20:24 . 2009-02-02 20:24 <REP> d-------- c:\windows\Sun
    2009-02-02 20:23 . 2005-04-13 03:48 49,265 --a------ c:\windows\system32\jpicpl32.cpl
    2009-02-02 20:21 . 2009-02-02 20:23 <REP> d-------- c:\program files\Java
    2009-02-02 20:18 . 2009-02-02 20:18 <REP> d-------- c:\program files\Fichiers communs\Java
    2009-02-02 18:59 . 2009-02-02 19:28 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
    2009-02-02 18:42 . 2009-02-02 19:40 <REP> d-------- c:\program files\UT2004
    2009-01-22 16:22 . 2009-01-22 16:22 268 --ah----- C:\sqmdata11.sqm
    2009-01-22 16:22 . 2009-01-22 16:22 244 --ah----- C:\sqmnoopt11.sqm
    2009-01-22 16:08 . 2009-01-22 16:08 268 --ah----- C:\sqmdata10.sqm
    2009-01-22 16:08 . 2009-01-22 16:08 244 --ah----- C:\sqmnoopt10.sqm
    2009-01-22 13:15 . 2009-01-22 13:15 268 --ah----- C:\sqmdata09.sqm
    2009-01-22 13:15 . 2009-01-22 13:15 244 --ah----- C:\sqmnoopt09.sqm
    2009-01-22 12:43 . 2009-01-22 12:43 268 --ah----- C:\sqmdata08.sqm
    2009-01-22 12:43 . 2009-01-22 12:43 244 --ah----- C:\sqmnoopt08.sqm
    2009-01-22 12:26 . 2009-01-22 12:26 268 --ah----- C:\sqmdata07.sqm
    2009-01-22 12:26 . 2009-01-22 12:26 244 --ah----- C:\sqmnoopt07.sqm
    2009-01-22 12:20 . 2009-01-22 12:20 268 --ah----- C:\sqmdata06.sqm
    2009-01-22 12:20 . 2009-01-22 12:20 244 --ah----- C:\sqmnoopt06.sqm
    2009-01-22 12:11 . 2009-01-22 12:11 268 --ah----- C:\sqmdata05.sqm
    2009-01-22 12:11 . 2009-01-22 12:11 244 --ah----- C:\sqmnoopt05.sqm
    2009-01-22 11:56 . 2009-01-22 11:56 268 --ah----- C:\sqmdata04.sqm
    2009-01-22 11:56 . 2009-01-22 11:56 244 --ah----- C:\sqmnoopt04.sqm
    2009-01-22 11:40 . 2009-01-22 11:40 268 --ah----- C:\sqmdata03.sqm
    2009-01-22 11:40 . 2009-01-22 11:40 244 --ah----- C:\sqmnoopt03.sqm
    2009-01-22 11:12 . 2009-01-22 11:12 268 --ah----- C:\sqmdata02.sqm
    2009-01-22 11:12 . 2009-01-22 11:12 244 --ah----- C:\sqmnoopt02.sqm
    2009-01-22 11:04 . 2009-01-22 11:04 268 --ah----- C:\sqmdata01.sqm
    2009-01-22 11:04 . 2009-01-22 11:04 244 --ah----- C:\sqmnoopt01.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-03 17:07 --------- d-----w c:\documents and settings\David\Application Data\Skype
    2009-02-03 16:41 --------- d-----w c:\documents and settings\David\Application Data\skypePM
    2009-02-03 04:37 --------- d-----w c:\program files\eMule
    2009-02-01 22:42 --------- d-----w c:\program files\Call of Duty
    2009-01-23 09:10 --------- d-----w c:\program files\TuneUp Utilities 2008
    2008-12-15 05:36 --------- d-----w c:\program files\QuickTime
    2008-12-15 05:33 --------- d-----w c:\program files\Lucas Learning
    2008-12-14 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-11-15 18:09 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
    2008-09-23 04:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091520080922\index.dat
    2008-09-23 04:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092320080924\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"= ctwdm32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Call of Duty\\CoDMP.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2008-12-12 54272]
    S1 aswSP;avast! Self Protection; [x]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - EAPHOST
    *NewlyCreated* - IP6FW

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18fcba16-9e74-11dd-839b-00e0a66641e1}]
    \Shell\AutoRun\command - J:\setupSNK.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-31 c:\windows\Tasks\Maintenance en 1 clic.job
    - c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:23]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.mana.pf/
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: {DCF71F5C-1FB7-40FC-AD66-1F3FC8B472DB} = 202.3.225.115,202.3.225.125
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-05 23:34:33
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2009-02-05 23:36:38
    ComboFix-quarantined-files.txt 2009-02-06 09:36:29

    Avant-CF: 27 970 781 184 octets libres
    Après-CF: 27,962,322,944 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

    144 --- E O F --- 2008-12-14 11:15:05

    Merci de ton aide précieuse. Je serai de retour dans une dizaine d'heures.
    0
  15. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    1) Une dernière vérification pour le bagle :
    Retélécharge Elibagla :
    http://www.zonavirus.com/datos/descargas/95/elibagla.asp

    Téléchargement en bas de page : descargar Elibagla
    Enregistre-le sur ton bureau.

    Double-clique sur l'exécutable pour l'ouvrir.
    Assure-toi que dans le menu déroulant Unidad, tu as bien C:\

    Vérifie également que Eliminar Ficheros Automaticamente est cochée
    Clique sur le bouton Explorar pour lancer l'analyse

    Tu utilises cet outil et lance le plusieurs fois ( 3 à 4 fois ).
    Tu postes le rapport qui se trouve en C:\Infosat.txt.

    2) Désinstallation d'Avast et installation d'un antivirus.
    Soit tu réinstalles Avast ou alors tu installes Antivir, le meilleur antivirus gratuit ( mais tu devras aussi installer un parefeu ).
    Je te conseille cette deuxième solution.

    Pour désinstaller Avast:
    Télécharge cet outil sur ton bureau.
    https://www.avast.com/fr-fr/uninstall-utility

    Redémarre en mode sans échec.
    Va dans Ajout/supp de programmes et désinstalle Avast.

    Puis lance l'outil que tu as téléchargé.

    3) Installe Antivir.
    https://www.avira.com/fr/free-antivirus-windows

    Suis le tuto pour installer Antivir :
    https://www.malekal.com/avira-free-security-antivirus-gratuit/

    * Mets à jour Antivir et lance un scan complet
    * Pour cela, clique sur l'onglet Protection Locale puis Contrôler
    * Choisis les éléments à scanner ( disques durs locaux ).
    * Lance le scan en cliquant sur la loupe.

    Lorsque le scan est terminé, tu as la possibilité de générer un rapport en cliquant sur le bouton rapport.
    Poste le rapport.

    A+
    0
  16. Dewi007 Messages postés 138 Statut Membre
     
    Bonjour verni29,
    voici le rapport pour EliBagle:

    Fri Feb 06 06:17:50 2009
    EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Fri Feb 06 06:17:53 2009
    EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Nº Total de Directorios: 3174
    Nº Total de Ficheros: 40778
    Nº de Ficheros Analizados: 10647
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Fri Feb 06 06:23:56 2009
    EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Nº Total de Directorios: 3174
    Nº Total de Ficheros: 40778
    Nº de Ficheros Analizados: 10647
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Fri Feb 06 06:28:43 2009
    EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando "C:\"

    Nº Total de Directorios: 3174
    Nº Total de Ficheros: 40778
    Nº de Ficheros Analizados: 10647
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    A présent je m'occupe de l'antivirus.
    0
  17. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    OK, pour Elibagla.

    poste le rapport d'Antivir.

    A+
    0
  18. Dewi007 Messages postés 138 Statut Membre
     
    Rapport du scan Antivir:

    Avira AntiVir Personal
    Report file date: vendredi 6 février 2009 07:03

    Scanning for 1319923 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: David
    Computer name: THÉO

    Version information:
    BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 19:21:26
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 18:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 23:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 18:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:30:36
    ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 17:00:16
    ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 30/01/2009 17:00:43
    ANTIVIR3.VDF : 7.1.1.238 266752 Bytes 06/02/2009 17:00:52
    Engineversion : 8.2.0.76
    AEVDF.DLL : 8.1.1.0 106868 Bytes 06/02/2009 17:01:38
    AESCRIPT.DLL : 8.1.1.43 344442 Bytes 06/02/2009 17:01:31
    AESCN.DLL : 8.1.1.6 127348 Bytes 06/02/2009 17:01:27
    AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 00:58:38
    AEPACK.DLL : 8.1.3.8 397684 Bytes 06/02/2009 17:01:25
    AEOFFICE.DLL : 8.1.0.33 196987 Bytes 06/02/2009 17:01:19
    AEHEUR.DLL : 8.1.0.90 1573237 Bytes 06/02/2009 17:01:13
    AEHELP.DLL : 8.1.2.0 119159 Bytes 06/02/2009 17:01:01
    AEGEN.DLL : 8.1.1.14 332148 Bytes 06/02/2009 17:00:59
    AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 21:05:56
    AECORE.DLL : 8.1.6.4 176501 Bytes 06/02/2009 17:00:54
    AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 21:05:56
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 19:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 20:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 23:02:15
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 22:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 19:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 23:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 04:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 23:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 23:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 13/06/2008 00:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 28/06/2008 00:34:37

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 6 février 2009 07:03

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'devldr32.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'DkService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    26 processes with 26 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '51' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\eMule\Temp\002.part
    [0] Archive type: ZIP
    --> Crack e Keygen/Star Wars Battlefront - Keygen.exe
    [DETECTION] Contains recognition pattern of the DIAL/29181.A dialer
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26001
    [WARNING] Failed!
    [NOTE] Attempting to perform action using the ARK lib.
    [NOTE] The file was moved to '4be6a590.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    End of the scan: vendredi 6 février 2009 11:02
    Used time: 3:59:09 Hour(s)

    The scan has been done completely.

    3180 Scanning directories
    200882 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    200879 Files not concerned
    1874 Archives were scanned
    4 Warnings
    1 Notes
    0
  19. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Stars wars, Call Of Duty.
    Tes problèmes viennent de ces téléchargements de jeux.
    Pourquoi ne pas payer 40 € pour avoir un jeu sans virus ?

    1) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    Double-clique sur OTMoveIt.exe pour le lancer.
    Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

    :Files
    C:\*.sqm


    clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaitra dans le cadre "Results".
    Clique sur Exit pour fermer.

    Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.
    Il est possible que ton ordinateur redémarre pour supprimer les fichiers.

    2) Télécharges Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
    http://images.malwareremoval.com/random/RSIT.exe

    Double-clique sur " RSIT.exe " pour le lancer .
    dans la fenêtre qui va s’ouvrir choisis 2 months pour l'option "List files/folders created ..." ,
    cliques ensuite sur " Continue " pour lancer l'analyse ...

    Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.

    Attends jusqu’à la fin de l’analyse.
    deux rapports vont être generés.

    Poste le contenu de " log.txt ", ainsi que de " info.txt " ( dans la barre des tâches), pour analyse et attends la suite ...

    Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.

    A+
    0
  20. Dewi007 Messages postés 138 Statut Membre
     
    Rapport OTMoveIt:

    ========== FILES ==========
    C:\sqmdata00.sqm moved successfully.
    C:\sqmdata01.sqm moved successfully.
    C:\sqmdata02.sqm moved successfully.
    C:\sqmdata03.sqm moved successfully.
    C:\sqmdata04.sqm moved successfully.
    C:\sqmdata05.sqm moved successfully.
    C:\sqmdata06.sqm moved successfully.
    C:\sqmdata07.sqm moved successfully.
    C:\sqmdata08.sqm moved successfully.
    C:\sqmdata09.sqm moved successfully.
    C:\sqmdata10.sqm moved successfully.
    C:\sqmdata11.sqm moved successfully.
    C:\sqmdata12.sqm moved successfully.
    C:\sqmdata13.sqm moved successfully.
    C:\sqmnoopt00.sqm moved successfully.
    C:\sqmnoopt01.sqm moved successfully.
    C:\sqmnoopt02.sqm moved successfully.
    C:\sqmnoopt03.sqm moved successfully.
    C:\sqmnoopt04.sqm moved successfully.
    C:\sqmnoopt05.sqm moved successfully.
    C:\sqmnoopt06.sqm moved successfully.
    C:\sqmnoopt07.sqm moved successfully.
    C:\sqmnoopt08.sqm moved successfully.
    C:\sqmnoopt09.sqm moved successfully.
    C:\sqmnoopt10.sqm moved successfully.
    C:\sqmnoopt11.sqm moved successfully.
    C:\sqmnoopt12.sqm moved successfully.
    C:\sqmnoopt13.sqm moved successfully.

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02062009_191232

    A suivre le rapport de RSIT
    0
  21. Dewi007 Messages postés 138 Statut Membre
     
    A priori HijackThis n'a pas été téléchargé (?).
    Il y a 2 rapports dans la barre de tâche:

    info.txt logfile of random's system information tool 1.05 2009-02-06 19:18:19

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Call of Duty - United Offensive-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
    Call of Duty Dawnville Demo-->C:\PROGRA~1\CALLOF~2\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~2\Uninstall\Install.log
    Call of Duty Single Player Demo-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
    Call of Duty-->C:\PROGRA~1\CALLOF~3\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~3\Uninstall\Install.log
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Diskeeper 2008 Pro Premier-->MsiExec.exe /X{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Nero 7 Demo-->MsiExec.exe /I{ABDA708A-5180-207F-30CE-675965461036}
    NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    ProfNOTE 2007-->C:\Program Files\InstallShield Installation Information\{E221E6B0-3A55-4F68-8E49-2D243343AA09}\setup.exe -runfromtemp -l0x040c -uninst -removeonly
    QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
    Unreal Tournament 2004-->C:\program files\UT2004\System\Setup.exe uninstall "UT2004"
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
    VIMICRO USB PC Camera-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x9
    VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
    VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Security center information======

    AV: Avira AntiVir PersonalEdition

    System event log

    Computer Name: THÉO
    Event Code: 7036
    Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

    Record Number: 7560
    Source Name: Service Control Manager
    Time Written: 20081130093027.000000-600
    Event Type: Informations
    User:

    Computer Name: THÉO
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

    Record Number: 7559
    Source Name: Service Control Manager
    Time Written: 20081130093027.000000-600
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: THÉO
    Event Code: 7036
    Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

    Record Number: 7558
    Source Name: Service Control Manager
    Time Written: 20081130093027.000000-600
    Event Type: Informations
    User:

    Computer Name: THÉO
    Event Code: 26
    Message: Application popup :  : Machine Check: Regs

    Record Number: 7557
    Source Name: Application Popup
    Time Written: 20081130093026.000000-600
    Event Type: Informations
    User:

    Computer Name: THÉO
    Event Code: 26
    Message: Application popup :  : Machine Check:

    Record Number: 7556
    Source Name: Application Popup
    Time Written: 20081130093026.000000-600
    Event Type: Informations
    User:

    Application event log

    Computer Name: THÉO
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 830
    Source Name: SecurityCenter
    Time Written: 20081014053938.000000-600
    Event Type: Informations
    User:

    Computer Name: THÉO
    Event Code: 2
    Message: Le centre de contrôle de Diskeeper a été activé.
    Diskeeper service started.

    Record Number: 829
    Source Name: Diskeeper
    Time Written: 20081014053937.000000-600
    Event Type: Informations
    User:

    Computer Name: THÉO
    Event Code: 1517
    Message: Windows a sauvegardé le Registre utilisateur THÉO\David alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.

    Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

    Record Number: 828
    Source Name: Userenv
    Time Written: 20081013213505.000000-600
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: THÉO
    Event Code: 101
    Message: msnmsgr (3364) Le moteur de base de données est arrêté.

    Record Number: 827
    Source Name: ESENT
    Time Written: 20081013212749.000000-600
    Event Type: Informations
    User:

    Computer Name: THÉO
    Event Code: 103
    Message: msnmsgr (3364) \\.\C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Messenger\dewi007@live.fr\SharingMetadata\Working\database_D2D0_1F6F_D01F_58D5\dfsr.db: Le moteur de base de données a arrêté une instance (0).

    Record Number: 826
    Source Name: ESENT
    Time Written: 20081013212749.000000-600
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRA~1\DISKEE~1\DISKEE~1
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=0602
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO

    -----------------EOF-----------------

    ...et le second:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by David at 2009-02-06 19:17:43
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 27 GB (34%) free of 78 GB
    Total RAM: 511 MB (59% free)

    HijackThis download failed

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Maintenance en 1 clic.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-19 328752]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18fcba16-9e74-11dd-839b-00e0a66641e1}]
    shell\AutoRun\command - J:\setupSNK.exe

    ======List of files/folders created in the last 2 months======

    2009-02-06 19:17:44 ----D---- C:\Program Files\trend micro
    2009-02-06 19:17:43 ----D---- C:\rsit
    2009-02-06 19:12:32 ----D---- C:\_OTMoveIt
    2009-02-06 06:56:35 ----D---- C:\Program Files\Avira
    2009-02-06 06:56:35 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-02-06 06:40:11 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-02-06 06:17:50 ----A---- C:\InfoSat.txt
    2009-02-06 00:00:43 ----D---- C:\Program Files\Fichiers communs\Windows Live
    2009-02-05 23:55:37 ----D---- C:\WINDOWS\system32\appmgmt
    2009-02-05 23:45:45 ----SHD---- C:\RECYCLER
    2009-02-05 23:36:43 ----D---- C:\WINDOWS\temp
    2009-02-05 23:36:40 ----A---- C:\ComboFix.txt
    2009-02-05 23:33:01 ----A---- C:\Boot.bak
    2009-02-05 23:32:57 ----RASHD---- C:\cmdcons
    2009-02-05 23:28:46 ----A---- C:\WINDOWS\zip.exe
    2009-02-05 23:28:46 ----A---- C:\WINDOWS\VFIND.exe
    2009-02-05 23:28:46 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-02-05 23:28:46 ----A---- C:\WINDOWS\SWSC.exe
    2009-02-05 23:28:46 ----A---- C:\WINDOWS\SWREG.exe
    2009-02-05 23:28:46 ----A---- C:\WINDOWS\sed.exe
    2009-02-05 23:28:46 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-02-05 23:28:46 ----A---- C:\WINDOWS\grep.exe
    2009-02-05 23:28:46 ----A---- C:\WINDOWS\fdsv.exe
    2009-02-05 22:55:36 ----D---- C:\WINDOWS\ERDNT
    2009-02-05 22:55:36 ----D---- C:\Qoobox
    2009-02-05 22:28:16 ----A---- C:\FindyKill.txt
    2009-02-05 22:13:03 ----D---- C:\Program Files\FindyKill
    2009-02-04 21:09:14 ----D---- C:\Program Files\GRISOFT
    2009-02-03 20:55:55 ----D---- C:\WINDOWS\system32\Kaspersky Lab
    2009-02-03 07:50:06 ----D---- C:\WINDOWS\BDOSCAN8
    2009-02-02 20:24:50 ----D---- C:\WINDOWS\Sun
    2009-02-02 20:24:50 ----D---- C:\Documents and Settings\David\Application Data\Sun
    2009-02-02 20:23:42 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-02-02 20:23:42 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-02-02 20:23:42 ----A---- C:\WINDOWS\system32\java.exe
    2009-02-02 20:21:35 ----D---- C:\Program Files\Java
    2009-02-02 20:18:03 ----D---- C:\Program Files\Fichiers communs\Java
    2009-02-02 18:59:14 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
    2009-02-02 18:42:15 ----D---- C:\Program Files\UT2004
    2008-12-14 19:36:14 ----A---- C:\WINDOWS\unvise32qt.exe
    2008-12-14 19:35:57 ----D---- C:\WINDOWS\system32\QuickTime
    2008-12-14 19:35:54 ----D---- C:\Program Files\QuickTime
    2008-12-14 19:33:37 ----D---- C:\Program Files\Lucas Learning
    2008-12-14 19:33:17 ----A---- C:\WINDOWS\IsUn040c.exe
    2008-12-13 03:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-13 03:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-13 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-13 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

    ======List of files/folders modified in the last 2 months======

    2009-02-06 19:17:44 ----RD---- C:\Program Files
    2009-02-06 19:16:45 ----D---- C:\WINDOWS\Prefetch
    2009-02-06 12:23:30 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-02-06 12:01:42 ----SHD---- C:\WINDOWS\Installer
    2009-02-06 12:01:34 ----D---- C:\WINDOWS\system32
    2009-02-06 12:01:28 ----D---- C:\WINDOWS\WinSxS
    2009-02-06 12:01:01 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2009-02-06 11:54:52 ----HD---- C:\WINDOWS\inf
    2009-02-06 11:54:52 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-02-06 11:54:39 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2009-02-06 06:56:38 ----HD---- C:\WINDOWS\system32\drivers
    2009-02-06 06:42:53 ----D---- C:\Program Files\Alwil Software
    2009-02-06 06:40:11 ----D---- C:\WINDOWS
    2009-02-06 00:00:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-02-05 23:34:55 ----A---- C:\WINDOWS\system.ini
    2009-02-05 23:33:58 ----D---- C:\WINDOWS\AppPatch
    2009-02-05 23:33:58 ----D---- C:\Program Files\Fichiers communs
    2009-02-05 23:33:01 ----RASH---- C:\boot.ini
    2009-02-05 22:31:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-02-04 07:01:03 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-02-03 20:56:09 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-02-03 20:08:12 ----SHD---- C:\System Volume Information
    2009-02-03 20:08:12 ----D---- C:\WINDOWS\system32\Restore
    2009-02-03 07:07:14 ----D---- C:\Documents and Settings\David\Application Data\Skype
    2009-02-03 06:41:48 ----D---- C:\Documents and Settings\David\Application Data\skypePM
    2009-02-02 20:28:49 ----D---- C:\Program Files\Internet Explorer
    2009-02-02 19:34:31 ----SD---- C:\Documents and Settings\David\Application Data\Microsoft
    2009-02-02 18:37:05 ----D---- C:\Program Files\eMule
    2009-02-01 12:42:51 ----D---- C:\Program Files\Call of Duty
    2009-01-22 23:10:38 ----D---- C:\Program Files\TuneUp Utilities 2008
    2008-12-14 01:15:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-12-14 01:13:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-14 01:13:43 ----D---- C:\WINDOWS\ie7updates
    2008-12-14 01:13:18 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-13 03:04:50 ----A---- C:\WINDOWS\imsins.BAK
    2008-12-12 13:49:40 ----D---- C:\WINDOWS\network diagnostic
    2008-12-09 13:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 41856]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
    R3 DM9USB;DM9601 USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2006-12-28 54272]
    R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
    R3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-10 14604]
    R3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USB_RNDIS;DSL Router USB; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2008-04-13 12800]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 ZSMC301b;VIMICRO USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-08-17 91263]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-10-16 1094936]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-10-22 159810]
    R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-15 355584]
    S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

    -----------------EOF-----------------
    0
  • 1
  • 2
  • 3