Win.32.bagle.suq@mm

Résolu

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention -
Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention - 10 févr. 2009 à 08:10

Bonjour,
mon PC est infecté par Win32.bagle.suq@mm.
Après avoir fouillé dans les posts, j'ai utilisé EliBagle, puis BitDefender.
Voici les rapports:
-pour EliBagle:

Wed Feb 04 21:26:01 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\SROSA2.SYS --> Eliminado Bagle(rootkit)
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\LIST.OCT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\465781.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\DOWN\771187.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1227750.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1482125.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1544500.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\15675609.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\16245234.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\16514718.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\16866078.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\17250609.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\242703.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\32009234.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\36353546.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\399312.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\424093.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\597828.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\606421.EXE --> Eliminado Bagle.dldr
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\622390.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\913359.EXE --> Eliminado Bagle

Wed Feb 04 21:27:51 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Eliminada Carpeta "%WinSys%\Drivers\Down"
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:12 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Wed Feb 04 21:28:19 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.

Wed Feb 04 21:28:28 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\1073625.EXE.Muestra EliBagle v12.18
a "virus@satinfo.es". Gracias.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\1073625.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:40 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:42 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:28:49 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:28:51 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:28:58 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:01 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:08 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:12 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:18 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:27 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:30 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:37 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:47 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:29:50 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:29:57 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:00 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:08 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:11 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:19 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:22 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:30 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:33 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:42 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:45 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:30:53 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:30:56 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:31:05 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:08 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:31:18 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:20 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:31:30 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:40 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:49 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:31:52 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:01 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:04 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:14 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:17 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:26 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:29 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:40 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:43 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:32:52 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:32:55 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:35:49 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:35:51 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Wed Feb 04 21:56:23 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\DOWNLD\2262062.EXE --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:56:31 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Feb 04 21:56:33 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Thu Feb 05 20:26:57 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\MDELK.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\DRIVERS\WINUPGRO.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\DAVID\APPLICATION DATA\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Feb 05 20:27:00 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
C:\Program Files\Windows Live\Messenger\MSNMSGR.EXE --> Eliminado Bagle.dldr

Nº Total de Directorios: 3203
Nº Total de Ficheros: 42307
Nº de Ficheros Analizados: 10557
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Thu Feb 05 20:32:22 2009
EliBagle v12.18 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 4 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3203
Nº Total de Ficheros: 42305
Nº de Ficheros Analizados: 10556
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Désolé, c'est en espagnol.

-pour BitDefender:
BitDefender Online Scanner

Rapport d'analyse généré à: Thu, Feb 05, 2009 - 21:40:20

Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistiques

Temps
00:37:22

Fichiers
75938

Directoires
3215

Secteurs de boot
0

Archives
880

Paquets programmes
5707

Résultats

Virus identifiés
4

Fichiers infectés
21

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
21

Info sur les moteurs

Définition virus
2639975

Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins
17

Archive des plugins
45

Unpack des plugins
7

E-mail plugins
6

Système plugins
4

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000182.sys
Infecté par: Rootkit.Bagle.Gen

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000182.sys
Echec de la désinfection

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000182.sys
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000191.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000191.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000194.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000194.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000195.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000195.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000196.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000196.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000197.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000197.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000198.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000198.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000199.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000199.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000200.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000200.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000201.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000201.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000202.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000202.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000203.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000203.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000204.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000204.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000205.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000205.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000206.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000206.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000207.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000207.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000208.exe
Infecté par: Win32.Bagle.2678

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000208.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000209.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000209.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000216.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000216.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000217.exe
Infecté par: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000217.exe
Supprimé

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000243.exe
Infecté par: DeepScan:Generic.Bagle.A9502F49

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000243.exe
Echec de la désinfection

C:\System Volume Information\_restore{317320F7-F598-4BA2-AD11-342963E281E5}\RP1\A0000243.exe
Supprimé

Que dois-je faire de plus pour être définitivement débarrassé de ce virus ?

Merci de votre aide.

Afficher la suite

A voir également:

Win.32.bagle.suq@mm
Power iso 32 bit - Télécharger - Gravure
32 bits - Guide
Win rar - Télécharger - Compression & Décompression
Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
Win dir stat - Télécharger - Gestion de fichiers

41 réponses

Réponse 1 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

Bonjour,

Télécharge FindyKill de ( Chiquitine29 )
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

Important : Installe le sur le bureau

Supprime Elibagla si tu l’as téléchargé ( risque de conflit entre les deux outils )

--> Lance l' installation avec les paramètres par defaut
--> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisis l'option 1 (Recherche)

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

A+

Réponse 2 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

Voici le rapport:

###################### [ FindyKill V4.715 ]

# User : David - THO
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours 29/01/09 par Chiquitine29
# Recherche effectuée à 22:13:53 le 05/02/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\David\Application Data\m\flec006.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe

\\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////

"C:\WINDOWS\system32\wintems.exe" (580)
"C:\Documents and Settings\David\Application Data\m\flec006.exe" (1872)

\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////

################## [ C:\ ]

Found ! [05/02/2009 22:10] - "C:\Muestras"
Found ! [05/02/2009 21:56] - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\1073625.EXE-378C4BF2.pf
Found ! - C:\WINDOWS\prefetch\1083468.EXE-0A8D4DC4.pf
Found ! - C:\WINDOWS\prefetch\1193562.EXE-178D235A.pf
Found ! - C:\WINDOWS\prefetch\1264812.EXE-300B6FE7.pf
Found ! - C:\WINDOWS\prefetch\1321062.EXE-32C2F445.pf
Found ! - C:\WINDOWS\prefetch\1441218.EXE-1B06FBBB.pf
Found ! - C:\WINDOWS\prefetch\1445421.EXE-2C250D53.pf
Found ! - C:\WINDOWS\prefetch\1482125.EXE-01F8725D.pf
Found ! - C:\WINDOWS\prefetch\1544500.EXE-2A9F550A.pf
Found ! - C:\WINDOWS\prefetch\15595671.EXE-19D6BA2D.pf
Found ! - C:\WINDOWS\prefetch\15675609.EXE-2B46263C.pf
Found ! - C:\WINDOWS\prefetch\15999078.EXE-00F9B70E.pf
Found ! - C:\WINDOWS\prefetch\16072750.EXE-3821981A.pf
Found ! - C:\WINDOWS\prefetch\16245234.EXE-290D1B17.pf
Found ! - C:\WINDOWS\prefetch\16435000.EXE-0D669A77.pf
Found ! - C:\WINDOWS\prefetch\1645890.EXE-1BD69AD7.pf
Found ! - C:\WINDOWS\prefetch\16510046.EXE-3B5EF7D6.pf
Found ! - C:\WINDOWS\prefetch\16514718.EXE-0EED4681.pf
Found ! - C:\WINDOWS\prefetch\16519718.EXE-1C93753C.pf
Found ! - C:\WINDOWS\prefetch\16700500.EXE-115D0320.pf
Found ! - C:\WINDOWS\prefetch\16710609.EXE-2306F4DD.pf
Found ! - C:\WINDOWS\prefetch\16775765.EXE-2BA8F5D7.pf
Found ! - C:\WINDOWS\prefetch\16829250.EXE-35B71D98.pf
Found ! - C:\WINDOWS\prefetch\16866078.EXE-20977EA8.pf
Found ! - C:\WINDOWS\prefetch\16952953.EXE-3763C11E.pf
Found ! - C:\WINDOWS\prefetch\1714687.EXE-16C7D991.pf
Found ! - C:\WINDOWS\prefetch\17250609.EXE-3708E76C.pf
Found ! - C:\WINDOWS\prefetch\2064375.EXE-373797D2.pf
Found ! - C:\WINDOWS\prefetch\213171.EXE-08C53C27.pf
Found ! - C:\WINDOWS\prefetch\2262062.EXE-21484537.pf
Found ! - C:\WINDOWS\prefetch\2360500.EXE-2E6D43DF.pf
Found ! - C:\WINDOWS\prefetch\242703.EXE-004200E9.pf
Found ! - C:\WINDOWS\prefetch\31955968.EXE-32448A15.pf
Found ! - C:\WINDOWS\prefetch\32009234.EXE-04C40D3E.pf
Found ! - C:\WINDOWS\prefetch\346781.EXE-1838B1BE.pf
Found ! - C:\WINDOWS\prefetch\35933093.EXE-321C1839.pf
Found ! - C:\WINDOWS\prefetch\36072625.EXE-2F1E12DD.pf
Found ! - C:\WINDOWS\prefetch\36219593.EXE-02C4B30C.pf
Found ! - C:\WINDOWS\prefetch\36353546.EXE-26CE414F.pf
Found ! - C:\WINDOWS\prefetch\366359.EXE-38EDDF9E.pf
Found ! - C:\WINDOWS\prefetch\399312.EXE-23A77427.pf
Found ! - C:\WINDOWS\prefetch\400343.EXE-15E47CF4.pf
Found ! - C:\WINDOWS\prefetch\424093.EXE-012B3755.pf
Found ! - C:\WINDOWS\prefetch\503390.EXE-22EFC096.pf
Found ! - C:\WINDOWS\prefetch\546218.EXE-2D4E4358.pf
Found ! - C:\WINDOWS\prefetch\550218.EXE-05ED32AD.pf
Found ! - C:\WINDOWS\prefetch\597828.EXE-053173CC.pf
Found ! - C:\WINDOWS\prefetch\606421.EXE-3372BBF7.pf
Found ! - C:\WINDOWS\prefetch\609906.EXE-2EDD2165.pf
Found ! - C:\WINDOWS\prefetch\622390.EXE-0C691474.pf
Found ! - C:\WINDOWS\prefetch\650140.EXE-2237F5EE.pf
Found ! - C:\WINDOWS\prefetch\807515.EXE-2BF10E68.pf
Found ! - C:\WINDOWS\prefetch\913359.EXE-1CC48BFC.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-16BCD688.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-00B28C46.pf
Found ! - C:\WINDOWS\Prefetch\PATCH.EXE-1A6CEA50.pf

################## [ C:\WINDOWS\system32 ]

Found ! [04/02/2009 21:50] - C:\WINDOWS\system32\mdelk.exe
Found ! [04/02/2009 21:50] - C:\WINDOWS\system32\wintems.exe
Found ! [05/02/2009 22:01] - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\David\Application Data ]

Found ! [04/02/2009 21:20] - "C:\Documents and Settings\David\Application Data\m\flec006.exe"
Found ! [05/02/2009 21:10] - "C:\Documents and Settings\David\Application Data\m\shared"
Found ! [05/02/2009 21:55] - "C:\Documents and Settings\David\Application Data\m"
Found ! [04/02/2009 21:26] - "C:\Documents and Settings\David\Application Data\drivers"
Found ! [04/02/2009 21:10] - "C:\Documents and Settings\David\Application Data\drivers\wfsintwq.sys"
Found ! [07/01/2006 05:08] - "C:\Documents and Settings\David\Application Data\drivers\winupgro.exe"
Found ! [04/02/2009 21:56] - "C:\Documents and Settings\David\Application Data\drivers\downld"

################## [ C:\DOCUME~1\David\LOCALS~1\Temp ]

\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////

Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - # Type de démarrage = 4

EapHost - # Type de démarrage = 3

/!\ Ip6Fw - # Type de démarrage = 4

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2

/!\ wscsvc - # Type de démarrage = 4

\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////

# Informations :

C: - Lecteur fixe

# presence des fichiers :

\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e4cdb0-9244-11dd-8366-00e0a66641e1}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ec3b-99ab-11dd-837c-00e0a66641e1}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f979b59c-c10f-11dd-8404-00e0a66641e1}\Shell\AutoRun\command

################## [ ! Fin du rapport # FindyKill V4.715 ! ]

Réponse 3 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l'option 2 (Suppression)

/!\ Le pc va redémarrer, laisse travailler l'outil jusqu'à l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

Ensuite poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide

Réponse 4 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

Rapport:

###################### [ FindyKill V4.715 ]

# User : David - THO
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 22:28:16 the 05/02/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

################## [ C:\ ]

Deleted ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\1073625.EXE-378C4BF2.pf
Deleted ! - C:\WINDOWS\prefetch\1083468.EXE-0A8D4DC4.pf
Deleted ! - C:\WINDOWS\prefetch\1193562.EXE-178D235A.pf
Deleted ! - C:\WINDOWS\prefetch\1264812.EXE-300B6FE7.pf
Deleted ! - C:\WINDOWS\prefetch\1321062.EXE-32C2F445.pf
Deleted ! - C:\WINDOWS\prefetch\1441218.EXE-1B06FBBB.pf
Deleted ! - C:\WINDOWS\prefetch\1445421.EXE-2C250D53.pf
Deleted ! - C:\WINDOWS\prefetch\1482125.EXE-01F8725D.pf
Deleted ! - C:\WINDOWS\prefetch\1544500.EXE-2A9F550A.pf
Deleted ! - C:\WINDOWS\prefetch\15595671.EXE-19D6BA2D.pf
Deleted ! - C:\WINDOWS\prefetch\15675609.EXE-2B46263C.pf
Deleted ! - C:\WINDOWS\prefetch\15999078.EXE-00F9B70E.pf
Deleted ! - C:\WINDOWS\prefetch\16072750.EXE-3821981A.pf
Deleted ! - C:\WINDOWS\prefetch\16245234.EXE-290D1B17.pf
Deleted ! - C:\WINDOWS\prefetch\16435000.EXE-0D669A77.pf
Deleted ! - C:\WINDOWS\prefetch\1645890.EXE-1BD69AD7.pf
Deleted ! - C:\WINDOWS\prefetch\16510046.EXE-3B5EF7D6.pf
Deleted ! - C:\WINDOWS\prefetch\16514718.EXE-0EED4681.pf
Deleted ! - C:\WINDOWS\prefetch\16519718.EXE-1C93753C.pf
Deleted ! - C:\WINDOWS\prefetch\16700500.EXE-115D0320.pf
Deleted ! - C:\WINDOWS\prefetch\16710609.EXE-2306F4DD.pf
Deleted ! - C:\WINDOWS\prefetch\16775765.EXE-2BA8F5D7.pf
Deleted ! - C:\WINDOWS\prefetch\16829250.EXE-35B71D98.pf
Deleted ! - C:\WINDOWS\prefetch\16866078.EXE-20977EA8.pf
Deleted ! - C:\WINDOWS\prefetch\16952953.EXE-3763C11E.pf
Deleted ! - C:\WINDOWS\prefetch\1714687.EXE-16C7D991.pf
Deleted ! - C:\WINDOWS\prefetch\17250609.EXE-3708E76C.pf
Deleted ! - C:\WINDOWS\prefetch\2064375.EXE-373797D2.pf
Deleted ! - C:\WINDOWS\prefetch\213171.EXE-08C53C27.pf
Deleted ! - C:\WINDOWS\prefetch\2262062.EXE-21484537.pf
Deleted ! - C:\WINDOWS\prefetch\2360500.EXE-2E6D43DF.pf
Deleted ! - C:\WINDOWS\prefetch\242703.EXE-004200E9.pf
Deleted ! - C:\WINDOWS\prefetch\31955968.EXE-32448A15.pf
Deleted ! - C:\WINDOWS\prefetch\32009234.EXE-04C40D3E.pf
Deleted ! - C:\WINDOWS\prefetch\346781.EXE-1838B1BE.pf
Deleted ! - C:\WINDOWS\prefetch\35933093.EXE-321C1839.pf
Deleted ! - C:\WINDOWS\prefetch\36072625.EXE-2F1E12DD.pf
Deleted ! - C:\WINDOWS\prefetch\36219593.EXE-02C4B30C.pf
Deleted ! - C:\WINDOWS\prefetch\36353546.EXE-26CE414F.pf
Deleted ! - C:\WINDOWS\prefetch\366359.EXE-38EDDF9E.pf
Deleted ! - C:\WINDOWS\prefetch\399312.EXE-23A77427.pf
Deleted ! - C:\WINDOWS\prefetch\400343.EXE-15E47CF4.pf
Deleted ! - C:\WINDOWS\prefetch\424093.EXE-012B3755.pf
Deleted ! - C:\WINDOWS\prefetch\503390.EXE-22EFC096.pf
Deleted ! - C:\WINDOWS\prefetch\546218.EXE-2D4E4358.pf
Deleted ! - C:\WINDOWS\prefetch\550218.EXE-05ED32AD.pf
Deleted ! - C:\WINDOWS\prefetch\597828.EXE-053173CC.pf
Deleted ! - C:\WINDOWS\prefetch\606421.EXE-3372BBF7.pf
Deleted ! - C:\WINDOWS\prefetch\609906.EXE-2EDD2165.pf
Deleted ! - C:\WINDOWS\prefetch\622390.EXE-0C691474.pf
Deleted ! - C:\WINDOWS\prefetch\650140.EXE-2237F5EE.pf
Deleted ! - C:\WINDOWS\prefetch\807515.EXE-2BF10E68.pf
Deleted ! - C:\WINDOWS\prefetch\913359.EXE-1CC48BFC.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-16BCD688.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\PATCH.EXE-1A6CEA50.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-00B28C46.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\David\Application Data ]

Deleted ! - "C:\Documents and Settings\David\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\David\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\David\Application Data\m"
Deleted ! - "C:\Documents and Settings\David\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\David\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\David\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\David\Application Data\drivers"

################## [ C:\DOCUME~1\David\LOCALS~1\Temp ]

################## [ C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5 ]

Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\b64_6[4].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\016XT8OM\file[1].txt
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_1[5].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_6[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_6[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\IBTO6615\b64_6[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\mxd[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\mxd[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\mxd[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\SCPS62S8\servernames[1].htm
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64[3].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\XYSGLR0M\b64_6[1].jpg

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-2000478354-583907252-682003330-1003\Software\MuleAppData

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 2

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Lecteur fixe

# deleting files :

\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32e4cdb0-9244-11dd-8366-00e0a66641e1}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a76ec3b-99ab-11dd-837c-00e0a66641e1}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f979b59c-c10f-11dd-8404-00e0a66641e1}\Shell\AutoRun\command

\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

Références de comparaison Bagle MD5 :

17943dcf C:\Documents and Settings\David\Application Data\drivers\winupgro.exe
f901975df1c7e8638d08a0f0f11c823d C:\Documents and Settings\David\Application Data\drivers\winupgro.exe

\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\CALL\keygen+nocd
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\CALL\keygen+nocd\Call Of Duty Keygen.exe
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\CALL\keygen+nocd\codsp.exe
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\Call Of Duty La Grande Offensive (ADD ON) PC-CCD-ISO-2CDS Version Fr Int‚grale + Cover DVD Par Selfa\Serial\keygen+nocd call of duty
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\Call Of Duty La Grande Offensive (ADD ON) PC-CCD-ISO-2CDS Version Fr Int‚grale + Cover DVD Par Selfa\Serial\keygen+nocd call of duty\Call Of Duty Keygen.exe
C:\Documents and Settings\David\Mes documents\Mes fichiers re‡us\Call Of Duty La Grande Offensive (ADD ON) PC-CCD-ISO-2CDS Version Fr Int‚grale + Cover DVD Par Selfa\Serial\keygen+nocd call of duty\codsp.exe
C:\Program Files\eMule\Incoming\Call Of Duty Fr - Pc Iso - Cd1 Cd2 - Keygen Nocd -Par 357 Mag Le Gitan.rar
C:\Program Files\eMule\Incoming\explications.installation.call.of.duty.la.grande.offensive.crack.nocd.serial.by.rar
C:\Program Files\eMule\Incoming\[PC GAME] Worms 3D + crack.zip

################## [ ! End of report # ! ]

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

L'infection qui a touché ton PC est du aux cracks et keygens que tu as téléchargé.
Supprime les.

1) Installe la console de récupération .
Fais ceci :
Démarrer --> Exécuter --> tape c:\i386\winnt32.exe /cmdcons

2) Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( important pour la suite )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Lance Combofix.exe et suis les invites.<
Il te sera demandé d’installer la console de récupération comme sur le lien suivant :

Il est possible que ComBoFix redémarre l’ordinateur pour supprimer certains fichiers.

déconnecte toi du net.
Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.

Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.

A+

Réponse 6 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

Impossible d'installer la console de récupération: "c:\i386 fait référence à un emplacement non disponible..."
Je lance Combofix quand même ?

Réponse 7 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

On va installer la console de récupération d'une autre manière.

Choisis le lien suivant ta version de XP ( familiale ou professionnelle ) :

Windows XP Édition familiale
http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464&displaylang=fr
Windows XP Professionnel
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=fr

Télécharges la console sur ton bureau ( Important ).

Glisse/Dépose ce fichier sur l'icone de ComBoFix.
Regarde le lien suivant si tu ne sais pas ce qu'est un Glisser/Déposer
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Ceci va lancer Combofix.
Suis les invites et poste le rapport une fois fini le scan.

A+

Réponse 8 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

ComBoFix émet un message d'alerte comme quoi le scanner en temps réel d'avast est actif et peut perturber l'analyse.
Comment arrêter Avast ? (il n'apparait plus dans la barre de taches et ne fonctionne plus depuis l'arrivée du virus)

Réponse 9 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

Attends un instant, je fais les recherches sur les processus à arrêter.

A+

Réponse 10 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

Ouvre le gestionnaire de taches ( appuie simultanément sur CTRL+ALT+SUPP )
dans l'onglet processus, sélectionne les fichiers suivants et tu les arrêtes l'un après l'autre ( click droit sur le fichier --> terminer le processus )

ashDisp.exe
aswUpdSv.exe
ashServ.exe
ashMaiSv.exe
ashWebSv.exe

Si cela ne marche pas, on essaiera d'une autre manière.

A+

Réponse 11 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

Je n'ai aucun de ces processus !

Réponse 12 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

Lance ComboFix sans la console.

Vu que le bagle a été nettoyé, il ne devrait pas y avoir de problème.

A+

Réponse 13 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

Quand j'ai lancé Combofix, il m'a proposé d'installer la console. Ce qui a été fait.
Voici le rapport:
ComboFix 09-02-05.02 - David 2009-02-05 23:33:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.296 [GMT -10:00]
Lancé depuis: c:\documents and settings\David\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\David\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: avast! antivirus 4.8.1296 [VPS 090202-1] *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 ))))))))))))))))))))))))))))))))))))
.

2009-02-05 22:13 . 2009-02-05 22:36 <REP> d-------- c:\program files\FindyKill
2009-02-03 20:55 . 2009-02-03 20:55 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-02-03 07:50 . 2009-02-05 21:02 <REP> d-------- c:\windows\BDOSCAN8
2009-02-03 06:51 . 2009-02-03 06:51 <REP> d-------- c:\program files\AxBx
2009-02-02 20:26 . 2009-02-04 21:53 <REP> d-------- c:\documents and settings\David\.housecall6.6
2009-02-02 20:24 . 2009-02-02 20:24 <REP> d-------- c:\windows\Sun
2009-02-02 20:23 . 2005-04-13 03:48 49,265 --a------ c:\windows\system32\jpicpl32.cpl
2009-02-02 20:21 . 2009-02-02 20:23 <REP> d-------- c:\program files\Java
2009-02-02 20:18 . 2009-02-02 20:18 <REP> d-------- c:\program files\Fichiers communs\Java
2009-02-02 18:59 . 2009-02-02 19:28 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-02-02 18:42 . 2009-02-02 19:40 <REP> d-------- c:\program files\UT2004
2009-01-22 16:22 . 2009-01-22 16:22 268 --ah----- C:\sqmdata11.sqm
2009-01-22 16:22 . 2009-01-22 16:22 244 --ah----- C:\sqmnoopt11.sqm
2009-01-22 16:08 . 2009-01-22 16:08 268 --ah----- C:\sqmdata10.sqm
2009-01-22 16:08 . 2009-01-22 16:08 244 --ah----- C:\sqmnoopt10.sqm
2009-01-22 13:15 . 2009-01-22 13:15 268 --ah----- C:\sqmdata09.sqm
2009-01-22 13:15 . 2009-01-22 13:15 244 --ah----- C:\sqmnoopt09.sqm
2009-01-22 12:43 . 2009-01-22 12:43 268 --ah----- C:\sqmdata08.sqm
2009-01-22 12:43 . 2009-01-22 12:43 244 --ah----- C:\sqmnoopt08.sqm
2009-01-22 12:26 . 2009-01-22 12:26 268 --ah----- C:\sqmdata07.sqm
2009-01-22 12:26 . 2009-01-22 12:26 244 --ah----- C:\sqmnoopt07.sqm
2009-01-22 12:20 . 2009-01-22 12:20 268 --ah----- C:\sqmdata06.sqm
2009-01-22 12:20 . 2009-01-22 12:20 244 --ah----- C:\sqmnoopt06.sqm
2009-01-22 12:11 . 2009-01-22 12:11 268 --ah----- C:\sqmdata05.sqm
2009-01-22 12:11 . 2009-01-22 12:11 244 --ah----- C:\sqmnoopt05.sqm
2009-01-22 11:56 . 2009-01-22 11:56 268 --ah----- C:\sqmdata04.sqm
2009-01-22 11:56 . 2009-01-22 11:56 244 --ah----- C:\sqmnoopt04.sqm
2009-01-22 11:40 . 2009-01-22 11:40 268 --ah----- C:\sqmdata03.sqm
2009-01-22 11:40 . 2009-01-22 11:40 244 --ah----- C:\sqmnoopt03.sqm
2009-01-22 11:12 . 2009-01-22 11:12 268 --ah----- C:\sqmdata02.sqm
2009-01-22 11:12 . 2009-01-22 11:12 244 --ah----- C:\sqmnoopt02.sqm
2009-01-22 11:04 . 2009-01-22 11:04 268 --ah----- C:\sqmdata01.sqm
2009-01-22 11:04 . 2009-01-22 11:04 244 --ah----- C:\sqmnoopt01.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 17:07 --------- d-----w c:\documents and settings\David\Application Data\Skype
2009-02-03 16:41 --------- d-----w c:\documents and settings\David\Application Data\skypePM
2009-02-03 04:37 --------- d-----w c:\program files\eMule
2009-02-01 22:42 --------- d-----w c:\program files\Call of Duty
2009-01-23 09:10 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-12-15 05:36 --------- d-----w c:\program files\QuickTime
2008-12-15 05:33 --------- d-----w c:\program files\Lucas Learning
2008-12-14 11:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-15 18:09 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-09-23 04:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091520080922\index.dat
2008-09-23 04:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092320080924\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Call of Duty\\CoDMP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2008-12-12 54272]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - EAPHOST
*NewlyCreated* - IP6FW

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18fcba16-9e74-11dd-839b-00e0a66641e1}]
\Shell\AutoRun\command - J:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-31 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.mana.pf/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {DCF71F5C-1FB7-40FC-AD66-1F3FC8B472DB} = 202.3.225.115,202.3.225.125
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 23:34:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-02-05 23:36:38
ComboFix-quarantined-files.txt 2009-02-06 09:36:29

Avant-CF: 27 970 781 184 octets libres
Après-CF: 27,962,322,944 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

144 --- E O F --- 2008-12-14 11:15:05

Merci de ton aide précieuse. Je serai de retour dans une dizaine d'heures.

Réponse 14 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

1) Une dernière vérification pour le bagle :
Retélécharge Elibagla :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp

Téléchargement en bas de page : descargar Elibagla
Enregistre-le sur ton bureau.

Double-clique sur l'exécutable pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, tu as bien C:\

Vérifie également que Eliminar Ficheros Automaticamente est cochée
Clique sur le bouton Explorar pour lancer l'analyse

Tu utilises cet outil et lance le plusieurs fois ( 3 à 4 fois ).
Tu postes le rapport qui se trouve en C:\Infosat.txt.

2) Désinstallation d'Avast et installation d'un antivirus.
Soit tu réinstalles Avast ou alors tu installes Antivir, le meilleur antivirus gratuit ( mais tu devras aussi installer un parefeu ).
Je te conseille cette deuxième solution.

Pour désinstaller Avast:
Télécharge cet outil sur ton bureau.
https://www.avast.com/fr-fr/uninstall-utility

Redémarre en mode sans échec.
Va dans Ajout/supp de programmes et désinstalle Avast.

Puis lance l'outil que tu as téléchargé.

3) Installe Antivir.
https://www.avira.com/fr/free-antivirus-windows

Suis le tuto pour installer Antivir :
https://www.malekal.com/avira-free-security-antivirus-gratuit/

* Mets à jour Antivir et lance un scan complet
* Pour cela, clique sur l'onglet Protection Locale puis Contrôler
* Choisis les éléments à scanner ( disques durs locaux ).
* Lance le scan en cliquant sur la loupe.

Lorsque le scan est terminé, tu as la possibilité de générer un rapport en cliquant sur le bouton rapport.
Poste le rapport.

A+

Réponse 15 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

Bonjour verni29,
voici le rapport pour EliBagle:

Fri Feb 06 06:17:50 2009
EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Feb 06 06:17:53 2009
EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3174
Nº Total de Ficheros: 40778
Nº de Ficheros Analizados: 10647
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Feb 06 06:23:56 2009
EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3174
Nº Total de Ficheros: 40778
Nº de Ficheros Analizados: 10647
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Fri Feb 06 06:28:43 2009
EliBagle v12.19 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 5 de Febrero del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"

Nº Total de Directorios: 3174
Nº Total de Ficheros: 40778
Nº de Ficheros Analizados: 10647
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

A présent je m'occupe de l'antivirus.

Réponse 16 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

OK, pour Elibagla.

poste le rapport d'Antivir.

A+

Réponse 17 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

Rapport du scan Antivir:

Avira AntiVir Personal
Report file date: vendredi 6 février 2009 07:03

Scanning for 1319923 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: David
Computer name: THÉO

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 19:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 18:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 23:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 18:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:30:36
ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 17:00:16
ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 30/01/2009 17:00:43
ANTIVIR3.VDF : 7.1.1.238 266752 Bytes 06/02/2009 17:00:52
Engineversion : 8.2.0.76
AEVDF.DLL : 8.1.1.0 106868 Bytes 06/02/2009 17:01:38
AESCRIPT.DLL : 8.1.1.43 344442 Bytes 06/02/2009 17:01:31
AESCN.DLL : 8.1.1.6 127348 Bytes 06/02/2009 17:01:27
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 00:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 06/02/2009 17:01:25
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 06/02/2009 17:01:19
AEHEUR.DLL : 8.1.0.90 1573237 Bytes 06/02/2009 17:01:13
AEHELP.DLL : 8.1.2.0 119159 Bytes 06/02/2009 17:01:01
AEGEN.DLL : 8.1.1.14 332148 Bytes 06/02/2009 17:00:59
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 21:05:56
AECORE.DLL : 8.1.6.4 176501 Bytes 06/02/2009 17:00:54
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 21:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 19:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 20:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 23:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 22:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 19:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 23:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 04:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 23:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 23:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 13/06/2008 00:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 28/06/2008 00:34:37

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 6 février 2009 07:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '51' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule\Temp\002.part
[0] Archive type: ZIP
--> Crack e Keygen/Star Wars Battlefront - Keygen.exe
[DETECTION] Contains recognition pattern of the DIAL/29181.A dialer
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26001
[WARNING] Failed!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4be6a590.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: vendredi 6 février 2009 11:02
Used time: 3:59:09 Hour(s)

The scan has been done completely.

3180 Scanning directories
200882 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
200879 Files not concerned
1874 Archives were scanned
4 Warnings
1 Notes

Réponse 18 / 41

verni29 Messages postés 6699 Date d'inscription Statut Contributeur sécurité Dernière intervention 180

Stars wars, Call Of Duty.
Tes problèmes viennent de ces téléchargements de jeux.
Pourquoi ne pas payer 40 € pour avoir un jeu sans virus ?

1) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

:Files
C:\*.sqm

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.

Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.
Il est possible que ton ordinateur redémarre pour supprimer les fichiers.

2) Télécharges Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur " RSIT.exe " pour le lancer .
dans la fenêtre qui va s’ouvrir choisis 2 months pour l'option "List files/folders created ..." ,
cliques ensuite sur " Continue " pour lancer l'analyse ...

Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.

Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés.

Poste le contenu de " log.txt ", ainsi que de " info.txt " ( dans la barre des tâches), pour analyse et attends la suite ...

Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.

A+

Réponse 19 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

Rapport OTMoveIt:

========== FILES ==========
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02062009_191232

A suivre le rapport de RSIT

Réponse 20 / 41

Dewi007 Messages postés 132 Date d'inscription Statut Membre Dernière intervention

A priori HijackThis n'a pas été téléchargé (?).
Il y a 2 rapports dans la barre de tâche:

info.txt logfile of random's system information tool 1.05 2009-02-06 19:18:19

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Call of Duty - United Offensive-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty Dawnville Demo-->C:\PROGRA~1\CALLOF~2\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~2\Uninstall\Install.log
Call of Duty Single Player Demo-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty-->C:\PROGRA~1\CALLOF~3\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~3\Uninstall\Install.log
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Diskeeper 2008 Pro Premier-->MsiExec.exe /X{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Nero 7 Demo-->MsiExec.exe /I{ABDA708A-5180-207F-30CE-675965461036}
NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
ProfNOTE 2007-->C:\Program Files\InstallShield Installation Information\{E221E6B0-3A55-4F68-8E49-2D243343AA09}\setup.exe -runfromtemp -l0x040c -uninst -removeonly
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Unreal Tournament 2004-->C:\program files\UT2004\System\Setup.exe uninstall "UT2004"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
VIMICRO USB PC Camera-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x9
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition

System event log

Computer Name: THÉO
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 7560
Source Name: Service Control Manager
Time Written: 20081130093027.000000-600
Event Type: Informations
User:

Computer Name: THÉO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 7559
Source Name: Service Control Manager
Time Written: 20081130093027.000000-600
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: THÉO
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 7558
Source Name: Service Control Manager
Time Written: 20081130093027.000000-600
Event Type: Informations
User:

Computer Name: THÉO
Event Code: 26
Message: Application popup : : Machine Check: Regs

Record Number: 7557
Source Name: Application Popup
Time Written: 20081130093026.000000-600
Event Type: Informations
User:

Computer Name: THÉO
Event Code: 26
Message: Application popup : : Machine Check:

Record Number: 7556
Source Name: Application Popup
Time Written: 20081130093026.000000-600
Event Type: Informations
User:

Application event log

Computer Name: THÉO
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 830
Source Name: SecurityCenter
Time Written: 20081014053938.000000-600
Event Type: Informations
User:

Computer Name: THÉO
Event Code: 2
Message: Le centre de contrôle de Diskeeper a été activé.
Diskeeper service started.

Record Number: 829
Source Name: Diskeeper
Time Written: 20081014053937.000000-600
Event Type: Informations
User:

Computer Name: THÉO
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur THÉO\David alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.

Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

Record Number: 828
Source Name: Userenv
Time Written: 20081013213505.000000-600
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: THÉO
Event Code: 101
Message: msnmsgr (3364) Le moteur de base de données est arrêté.

Record Number: 827
Source Name: ESENT
Time Written: 20081013212749.000000-600
Event Type: Informations
User:

Computer Name: THÉO
Event Code: 103
Message: msnmsgr (3364) \\.\C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Messenger\dewi007@live.fr\SharingMetadata\Working\database_D2D0_1F6F_D01F_58D5\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 826
Source Name: ESENT
Time Written: 20081013212749.000000-600
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\PROGRA~1\DISKEE~1\DISKEE~1
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

...et le second:

Logfile of random's system information tool 1.05 (written by random/random)
Run by David at 2009-02-06 19:17:43
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 27 GB (34%) free of 78 GB
Total RAM: 511 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-19 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18fcba16-9e74-11dd-839b-00e0a66641e1}]
shell\AutoRun\command - J:\setupSNK.exe

======List of files/folders created in the last 2 months======

2009-02-06 19:17:44 ----D---- C:\Program Files\trend micro
2009-02-06 19:17:43 ----D---- C:\rsit
2009-02-06 19:12:32 ----D---- C:\_OTMoveIt
2009-02-06 06:56:35 ----D---- C:\Program Files\Avira
2009-02-06 06:56:35 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-02-06 06:40:11 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-06 06:17:50 ----A---- C:\InfoSat.txt
2009-02-06 00:00:43 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-02-05 23:55:37 ----D---- C:\WINDOWS\system32\appmgmt
2009-02-05 23:45:45 ----SHD---- C:\RECYCLER
2009-02-05 23:36:43 ----D---- C:\WINDOWS\temp
2009-02-05 23:36:40 ----A---- C:\ComboFix.txt
2009-02-05 23:33:01 ----A---- C:\Boot.bak
2009-02-05 23:32:57 ----RASHD---- C:\cmdcons
2009-02-05 23:28:46 ----A---- C:\WINDOWS\zip.exe
2009-02-05 23:28:46 ----A---- C:\WINDOWS\VFIND.exe
2009-02-05 23:28:46 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-05 23:28:46 ----A---- C:\WINDOWS\SWSC.exe
2009-02-05 23:28:46 ----A---- C:\WINDOWS\SWREG.exe
2009-02-05 23:28:46 ----A---- C:\WINDOWS\sed.exe
2009-02-05 23:28:46 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-05 23:28:46 ----A---- C:\WINDOWS\grep.exe
2009-02-05 23:28:46 ----A---- C:\WINDOWS\fdsv.exe
2009-02-05 22:55:36 ----D---- C:\WINDOWS\ERDNT
2009-02-05 22:55:36 ----D---- C:\Qoobox
2009-02-05 22:28:16 ----A---- C:\FindyKill.txt
2009-02-05 22:13:03 ----D---- C:\Program Files\FindyKill
2009-02-04 21:09:14 ----D---- C:\Program Files\GRISOFT
2009-02-03 20:55:55 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2009-02-03 07:50:06 ----D---- C:\WINDOWS\BDOSCAN8
2009-02-02 20:24:50 ----D---- C:\WINDOWS\Sun
2009-02-02 20:24:50 ----D---- C:\Documents and Settings\David\Application Data\Sun
2009-02-02 20:23:42 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-02 20:23:42 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-02 20:23:42 ----A---- C:\WINDOWS\system32\java.exe
2009-02-02 20:21:35 ----D---- C:\Program Files\Java
2009-02-02 20:18:03 ----D---- C:\Program Files\Fichiers communs\Java
2009-02-02 18:59:14 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-02-02 18:42:15 ----D---- C:\Program Files\UT2004
2008-12-14 19:36:14 ----A---- C:\WINDOWS\unvise32qt.exe
2008-12-14 19:35:57 ----D---- C:\WINDOWS\system32\QuickTime
2008-12-14 19:35:54 ----D---- C:\Program Files\QuickTime
2008-12-14 19:33:37 ----D---- C:\Program Files\Lucas Learning
2008-12-14 19:33:17 ----A---- C:\WINDOWS\IsUn040c.exe
2008-12-13 03:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 03:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 03:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 2 months======

2009-02-06 19:17:44 ----RD---- C:\Program Files
2009-02-06 19:16:45 ----D---- C:\WINDOWS\Prefetch
2009-02-06 12:23:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-06 12:01:42 ----SHD---- C:\WINDOWS\Installer
2009-02-06 12:01:34 ----D---- C:\WINDOWS\system32
2009-02-06 12:01:28 ----D---- C:\WINDOWS\WinSxS
2009-02-06 12:01:01 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2009-02-06 11:54:52 ----HD---- C:\WINDOWS\inf
2009-02-06 11:54:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-06 11:54:39 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2009-02-06 06:56:38 ----HD---- C:\WINDOWS\system32\drivers
2009-02-06 06:42:53 ----D---- C:\Program Files\Alwil Software
2009-02-06 06:40:11 ----D---- C:\WINDOWS
2009-02-06 00:00:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-05 23:34:55 ----A---- C:\WINDOWS\system.ini
2009-02-05 23:33:58 ----D---- C:\WINDOWS\AppPatch
2009-02-05 23:33:58 ----D---- C:\Program Files\Fichiers communs
2009-02-05 23:33:01 ----RASH---- C:\boot.ini
2009-02-05 22:31:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-04 07:01:03 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-03 20:56:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-03 20:08:12 ----SHD---- C:\System Volume Information
2009-02-03 20:08:12 ----D---- C:\WINDOWS\system32\Restore
2009-02-03 07:07:14 ----D---- C:\Documents and Settings\David\Application Data\Skype
2009-02-03 06:41:48 ----D---- C:\Documents and Settings\David\Application Data\skypePM
2009-02-02 20:28:49 ----D---- C:\Program Files\Internet Explorer
2009-02-02 19:34:31 ----SD---- C:\Documents and Settings\David\Application Data\Microsoft
2009-02-02 18:37:05 ----D---- C:\Program Files\eMule
2009-02-01 12:42:51 ----D---- C:\Program Files\Call of Duty
2009-01-22 23:10:38 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-12-14 01:15:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-14 01:13:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-14 01:13:43 ----D---- C:\WINDOWS\ie7updates
2008-12-14 01:13:18 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 03:04:50 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 13:49:40 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 13:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 41856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 DM9USB;DM9601 USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\dm9usb.sys [2006-12-28 54272]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-10 14604]
R3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;DSL Router USB; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZSMC301b;VIMICRO USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-08-17 91263]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-10-16 1094936]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-10-22 159810]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-15 355584]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Discussions similaires

Voxbone ? qui est-ce ?

svp 32Gb est il egal a 32Go??

Votre réponse

Discussions similaires