VIRUS

Question

Bonjour,

Jai un virus qui se fait passer pour system protector. Il a réussi à empecher le demarrage de MC AFEE et CCLEANER et tous les spywares que je telecharge sont bloqué . Comment forcer le demarrage de mc afee pour virer cette saloperie. De plus , il controle ma souris. J'ai vraiment du mal à la positionner où je veux. Une solution sans formater le PC SVP. Il controle aussi mon clavier car je n'arrive plus à écrire une phrase sans oublier une lettre dans un mot.
Il doit aussi controler internet explorer car il ouvre des sites et il souhaite que j'installe un anti-virus car il dit que mon pc est complement verolé. Il lance même le chargement du programme seul.

HELP!!!!!!!!!!

jlpjlp · Answer

slt,


scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

GAZODUC · Answer

Salut

Ok j'ai fait un scan avec RSIT.exe
J'ai suavegardé le fichier txt sur le bureau.
Par contre je coince pour DISCLAIMER.
C'est quoi et c'est où??

Merci

A+

GAZODUC · Answer

Bon j'aitelecharger HIJACK THIS
Impossible de lancer le programme.

Snifffffffffffffffffffff

HELP!!!!!!!!!!!!!!!!!!!

jlpjlp · Answer

colle les rapports que tu as pour avancer!

GAZODUC · Answer

Tiens voila le rapport c'est la bible!!!!
Si tu y arrives le resto s'impose.

Logfile of random's system information tool 1.06 (written by random/random)
Run by LOUIS at 2009-05-17 16:25:27
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 47 GB (32%) free of 149 GB
Total RAM: 958 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:07, on 17/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\LOUIS\Mes documents\PROGRAMMES\RSIT.exe
C:\Program Files	rend micro\LOUIS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {8BF51ADC-EBDB-4A85-B01C-DC8082085B62} - C:\WINDOWS\system32\avica.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {20f61c10-fe49-fea8-e344-cfa1794ce1e9} - {9e1ec497-1afc-443e-8aef-94ef01c16f02} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: (no name) - {FD70A6F2-80BB-4614-9F8B-1AED5A05D727} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [A00F131C325.exe] C:\DOCUME~1\LOUIS\LOCALS~1\Temp\_A00F131C325.exe
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreezeegfreeze.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://louk.solidworks.com/...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)
O20 - AppInit_DLLs: qvndvd.dll
O20 - Winlogon Notify: __c0054E04 - C:\WINDOWS\system32\__c0054E04.dat
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe

jlpjlp · Answer

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

GAZODUC · Answer

bonjour

J'ai installé comboFix sur le bureau.
Impossible à démarrer.
Application Win32 non valide.


Qu'en penses tu ??

jlpjlp · Answer

essaie avec ce combofix nommé killfix:

http://sd-1.archive-host.com/membres/up/193094576412487685/Killfix.exe

gazoduc · Answer

Bonsoir

C'est OK j'ai pu télécharger KILLFIX.
J'ai lancé le programme.
Il a stoppé.
Il a détecté que mc afee virus scan était actif.
Comment je peux stopper mc afee , sachant que quand je clique sur l'icone mc afee ,  il s'ouvre et il disparait.

Merci

LN

jlpjlp · Answer

si tu as les codes vire le complètement

________________

sinon près de l'horloge tu dois pouvoir en cliquant sur le bouton droit le désactiver



_____________

ou sinon va dans DEMARRER puis EXECUTEr puis  tape    msconfig         puis clique sur ok

puis dans l'onglet démarrer décoche tout ce qui a rapport avec mcafee puis valide et comme demandé redémarre ton ordi, mcafee ne sert pas lancé au démarrage, tu peux faire combofix
puis tu pourras réactiver via msconfig mcafee

gazoduc · Answer

Bonjour

Voici le rapport

c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old
c:\windows\pack.epk
c:\windows\system32\avica.dll
c:\windows\system32\drivers\asc3550p.sys
c:\windows\system32\drivers\down
c:\windows\system32\drivers\down\855718.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe
C:\xcrashdump.dat

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-04-20 au 2009-05-20  ))))))))))))))))))))))))))))))))))))
.

2009-05-19 17:37 . 2009-05-19 17:37	125440	----a-w	c:\windows\system32\__c006134E.exe
2009-05-19 17:34 . 2009-05-19 17:34	125440	----a-w	c:\windows\system32\__c00BAD99.exe
2009-05-19 17:25 . 2009-05-19 17:25	125440	----a-w	c:\windows\system32\__c00C49C4.exe
2009-05-18 15:44 . 2009-05-18 15:44	125440	----a-w	c:\windows\system32\__c009B3FA.exe
2009-05-18 15:42 . 2009-05-18 15:42	125440	----a-w	c:\windows\system32\__c00E9105.exe
2009-05-17 14:23 . 2009-05-17 14:31	--------	d-----w	c:\program files\trend micro
2009-05-17 14:23 . 2009-05-17 14:26	--------	d-----w	C:\rsit
2009-05-17 08:56 . 2009-05-20 18:00	23132256	--sha-w	c:\windows\system32\drivers\fidbox.dat
2009-05-17 08:55 . 2008-07-08 12:54	148496	----a-w	c:\windows\system32\drivers\[u]0/u1470499.sys
2009-05-17 08:22 . 2009-05-17 08:22	--------	d-----w	c:\windows\FCC07EEAFA184A2191059666603C6885.TMP
2009-05-17 08:13 . 2009-05-17 08:13	737280	----a-w	c:\windows\iun6002.exe
2009-05-17 08:13 . 2009-05-18 16:31	--------	d-----w	C:\spywarebegone
2009-05-17 08:00 . 2009-05-17 08:00	--------	d-----w	c:\documents and settings\LOUIS\Application Data\Yahoo!
2009-05-17 08:00 . 2009-05-18 16:37	--------	d-----w	c:\program files\Yahoo!
2009-05-17 04:22 . 2009-05-17 04:22	125440	----a-w	c:\windows\system32\__c006EC14.exe
2009-05-17 04:20 . 2009-05-17 04:20	125440	----a-w	c:\windows\system32\__c0083216.exe
2009-05-16 16:10 . 2009-05-16 16:10	--------	d--h--w	c:\documents and settings\LOUIS\Application Data\m
2009-05-16 15:20 . 2009-05-16 15:27	--------	d--h--w	c:\documents and settings\LOUIS\Application Data\drivers
2009-05-16 14:48 . 2009-05-16 14:48	58904	----a-w	c:\windows\system32\__c0073E49.exe
2009-05-16 14:43 . 2009-05-19 17:26	29184	----a-w	c:\windows\system32\__c0054E04.dat
2009-05-16 10:26 . 2009-05-16 10:26	286720	----a-w	c:\windows\iun505.exe
2009-05-16 10:26 . 2009-05-16 10:26	--------	d-----w	c:\program files\PC Drummer Pro
2009-05-16 08:24 . 2009-05-16 08:24	--------	d-----w	c:\program files\WinZix
2009-05-10 16:18 . 2009-05-12 16:07	--------	d-----w	c:\program files\ASIO4ALL v2
2009-05-10 15:27 . 2009-05-10 15:27	--------	dc-h--w	c:\documents and settings\All Users\Application Data\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
2009-05-10 15:27 . 2009-05-10 15:27	--------	d-----w	c:\program files\Fichiers communs\Digidesign
2009-05-10 15:27 . 2009-05-10 15:27	--------	dc-h--w	c:\documents and settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
2009-05-10 15:27 . 2009-05-10 15:27	--------	d-----w	c:\program files\Fichiers communs\Native Instruments
2009-05-10 15:27 . 2009-05-10 15:27	--------	d-----w	c:\program files\Native Instruments
2009-05-10 07:20 . 2009-05-10 07:20	--------	d-----w	c:\program files\Guitar Pro 5
2009-05-10 04:50 . 2009-05-10 04:50	--------	d-----w	c:\documents and settings\LOUIS\Application Data\Renoise
2009-05-10 04:50 . 2009-05-10 04:50	--------	d-----w	c:\program files\Renoise 1.9.0
2009-05-08 07:32 . 2009-05-08 07:32	--------	d-----w	c:\documents and settings\LOUIS\Application Data\COWON
2009-05-08 07:31 . 2009-05-08 07:31	--------	d-----w	c:\program files\Fichiers communs\COWON
2009-05-08 07:31 . 2009-05-08 08:09	--------	d-----w	c:\program files\JetAudio

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 17:57 . 2009-05-17 08:56	270884	--sha-w	c:\windows\system32\drivers\fidbox.idx
2009-05-17 17:03 . 2004-08-20 10:24	84538	----a-w	c:\windows\system32\perfc00C.dat
2009-05-17 17:03 . 2004-08-20 10:24	510116	----a-w	c:\windows\system32\perfh00C.dat
2009-05-17 10:33 . 2007-01-05 07:40	32768	----a-w	c:\windows\system32\instlsp.exe
2009-05-17 09:05 . 2006-12-06 02:27	--------	d-----w	c:\program files\Dell Network Assistant
2009-05-17 07:33 . 2009-04-12 04:06	--------	d-----w	c:\program files\EasySearch
2009-05-17 07:02 . 2006-12-06 02:30	--------	d-----w	c:\program files\McAfee
2009-05-16 16:49 . 2006-12-06 02:31	--------	d-----w	c:\program files\Google
2009-05-16 15:51 . 2008-01-27 09:24	--------	d-----w	c:\program files\eMule
2009-05-08 08:01 . 2008-07-06 16:33	664	----a-w	c:\windows\system32\d3d9caps.dat
2009-05-08 07:31 . 2006-12-08 18:46	--------	d--h--w	c:\program files\InstallShield Installation Information
2009-05-08 07:07 . 2009-03-21 05:24	--------	d-----w	c:\program files\midi2mp3
2009-04-19 05:38 . 2007-12-27 09:39	--------	d-----w	c:\program files\NCH Swift Sound
2009-04-12 15:59 . 2006-12-06 02:20	--------	d-----w	c:\program files\Java
2009-04-12 15:35 . 2008-07-06 08:23	--------	d-----w	c:\program files\Microsoft.NET
2009-04-12 15:30 . 2009-02-01 10:15	--------	d-----w	c:\program files\Microsoft Small Business
2009-04-12 04:07 . 2009-04-12 04:07	--------	d-----w	c:\program files\GooglePlusVideos
2009-04-11 05:43 . 2009-02-07 05:21	--------	d-----w	c:\program files\Loop12 V2
2009-04-07 13:40 . 2009-04-07 13:40	--------	d-----w	c:\program files\USB Disk Win98 Driver
2009-04-05 06:35 . 2009-04-05 06:35	--------	d-----w	c:\program files\NetPumper
2009-04-03 07:10 . 2008-11-12 11:46	--------	d-----w	c:\program files\MSECache
2009-03-29 04:07 . 2006-12-08 18:02	84800	----a-w	c:\documents and settings\LOUIS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 06:48 . 2009-02-14 17:38	--------	d-----w	c:\program files\Audacity
2009-03-25 09:06 . 2007-02-03 12:56	40552	----a-w	c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 09:06 . 2007-02-03 12:56	35272	----a-w	c:\windows\system32\drivers\mfebopk.sys
2009-03-25 09:06 . 2007-02-03 12:56	79880	----a-w	c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 09:06 . 2007-02-03 12:56	214024	----a-w	c:\windows\system32\drivers\mfehidk.sys
2009-03-25 09:05 . 2007-02-03 12:56	34216	----a-w	c:\windows\system32\drivers\mferkdk.sys
2009-03-07 17:33 . 2009-03-07 17:33	3311	----a-w	c:\windows\system32\SpoonUninstall-dBpowerAMP Windows Media Audio 9 Codec.dat
2009-03-07 17:32 . 2008-02-10 09:18	133632	----a-w	c:\windows\system32\SpoonUninstall.exe
2009-03-07 16:28 . 2009-03-07 16:28	13783	----a-w	c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-03-06 14:20 . 2004-08-20 10:24	286720	----a-w	c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2004-08-20 10:24	826368	----a-w	c:\windows\system32\wininet.dll
2009-02-28 10:16 . 2006-12-30 08:19	5018	--sha-w	c:\windows\system32\KGyGaAvL.sys
2009-02-20 17:10 . 2004-08-20 10:23	78336	----a-w	c:\windows\system32\ieencode.dll
2008-05-15 07:59 . 2006-12-30 08:19	168	--sh--r	c:\windows\system32\4386993B34.sys
2009-01-22 20:28 . 2009-01-18 04:02	406499	--sha-w	c:\windows\system32\hgjkRqss.ini2
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-13 847872]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-05-20 645328]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-21 185872]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172544]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-24 68856]

c:\documents and settings\CECILE.XAVIER.000\Menu D‚marrer\Programmes\D‚marrage\
Portail Orange.mht [2008-8-10 409734]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-6 7168]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-10-13 118784]
Logiciel de Synchronisation Orange.lnk - c:\program files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe [2007-6-7 507904]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 262944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-11-21 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0054E04]
2009-05-19 17:26	29184	----a-w	c:\windows\system32\__c0054E04.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 c:\windows\system32\ssqRkjgh

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"msvsmon80"=2 (0x2)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"hnmsvc"=2 (0x2)
"gusvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\Program Files\eMule\emule.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\WINDOWS\system32\dxdiag.exe"=
"c:\Program Files\Real\RealPlayer\realplay.exe"=
"c:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"=
"c:\WINDOWS\system32\sessmgr.exe"=
"c:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"=
"c:\Documents and Settings\LOUIS\Application Data\m\flec006.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 is-EHQ8Gdrv;is-EHQ8Gdrv;c:\windows\system32\drivers\[u]0/u1470499.sys [17/05/2009 10:55 148496]
R1 sK9Ou0s;sK9Ou0s;c:\documents and settings\LOUIS\Application Data\drivers\srosa2.sys [16/05/2009 17:27 7168]
S2 asc3550p;asc3550p; [x]
S3 b169eca9-b18c-4fc7-a41c-67557bad1fd8;b169eca9-b18c-4fc7-a41c-67557bad1fd8;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 oflpydin;oflpydin;\??\c:\docume~1\LOUIS\LOCALS~1\Temp\oflpydin.sys --> c:\docume~1\LOUIS\LOCALS~1\Temp\oflpydin.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23/09/2005 08:01 2799808]
.
Contenu du dossier 'Tâches planifiées'

2009-05-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-09 15:44]

2009-05-17 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 09:53]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-03 09:53]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{8BF51ADC-EBDB-4A85-B01C-DC8082085B62} - c:\windows\system32\avica.dll
BHO-{9e1ec497-1afc-443e-8aef-94ef01c16f02} - (no file)
BHO-{FD70A6F2-80BB-4614-9F8B-1AED5A05D727} - (no file)
HKCU-Run-A00F131C325.exe - c:\docume~1\LOUIS\LOCALS~1\Temp\_A00F131C325.exe


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 20:00
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\__c0054E04.dat

- - - - - - - > 'explorer.exe'(1464)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\netdde.exe
c:\windows\system32\clipsrv.exe
c:\windows\system32\imapi.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Heure de fin: 2009-05-20 20:03 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-05-20 18:03

Avant-CF: 49 688 051 712 octets libres
Après-CF: 50 092 093 440 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

255	--- E O F ---	2009-05-16 01:00

jlpjlp · Answer

Telecharge FindyKill sur ton bureau : 

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

--> Lance l installation avec les parametres par default 

--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 1 (Recherche) 

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque 

manuel ici :
http://pagesperso-orange.fr/FindyKill.Ad.Remover/fyk_recherche.html

gazoduc · Answer

Bonjour

Voici le rapport option 1 de FINYKILL

AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : McAfee VirusScan  [ Enabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# C:\ # Disque fixe local # 145,96 Go (46,58 Go free) # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32
etdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux ]

Found ! C:\WINDOWS\Prefetch\453125.EXE-1B39FF80.pf 
Found ! C:\WINDOWS\Prefetch\FLEC006.EXE-0EAFFD6B.pf 
Found ! "C:\Documents and Settings\LOUIS\Application Data\drivers" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\drivers\downld" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\drivers\srosa2.sys" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\drivers\wfsintwq.sys" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\drivers\winupgro.exe" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\m" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\m\data.oct" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\m\flec006.exe" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\m\list.oct" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\m\shared" 
Found ! "C:\Documents and Settings\LOUIS\Application Data\m\srvlist.oct" 

################## [ Infected Temp Files ]


################## [ Registre / Clés infectieuses ]

Found ! HKEY_USERS\S-1-5-21-3559037898-936633957-197132334-1006\Software\Local AppWizard-Generated Applications\serial  
Found ! HKEY_USERS\S-1-5-21-3559037898-936633957-197132334-1006\Software\Local AppWizard-Generated Applications\winupgro  
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial  
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S  
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S  


################## [ Recherche dans supports amovibles]


################## [ Registre / Mountpoints2 ]

# -> Not found !  

################## [ ! Fin du rapport # FindyKill V4.729 ! ]

jlpjlp · Answer

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir 


--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 2 (Suppression) 


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué" 

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal ! 

-------> ensuite post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque 
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides 

______________________________




scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­­

______________________


 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

______________________

a plus

gazoduc · Answer

Voici le rapport option 2 de FINDKILL

Nota / Il a détruit des systems infectés. Mais pour moi pas de changement. La souris est incontrolable. Et les ouvertures intempestives du net ( pub ) sont tjrs présentes. Le message de syteme protector est tjrs present dés que j'utilise le net.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32
etdde.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\453125.EXE-1B39FF80.pf  
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-0EAFFD6B.pf  
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-0F8DCEDB.pf  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\drivers\srosa2.sys"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\drivers\wfsintwq.sys"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\drivers\winupgro.exe"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\m\data.oct"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\m\flec006.exe"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\m\list.oct"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\m\srvlist.oct"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\drivers\downld"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\drivers"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\m\shared"  
Deleted ! "C:\Documents and Settings\LOUIS\Application Data\m"  

################## [ Infected Temp Files ]


################## [ Registry / Infected keys ] 

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S   
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S   
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\serial   
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro   

################## [ Cleaning Removable drives ] 


################## [ Registry / Mountpoint2 ]

# -> Not found !  

################## [ States / Restarting of services ]  

# Services : [ Auto=2 / Request=3 / Disable=4 ]

# Ndisuio -> # Type of startup =3  
# EapHost -> # Type of startup =2  
# Ip6Fw -> # Type of startup =2  
# SharedAccess -> # Type of startup =2  
# wuauserv -> # Type of startup =2  
# wscsvc -> # Type of startup =2  

################## [ Searching Other Infections ]

# Références de comparaison Bagle MD5 :

File ... : C:\Documents and Settings\LOUIS\Application Data\drivers\winupgro.exe
CRC32 .. : 52feb486
MD5 .... : cd151d780a3aadfa99ccf2b1069adb52 
 
Deleted ! : C:\Documents and Settings\LOUIS\Mes documents\Ma musique\Nouveau dossier\Beatbox MIDI Drum Sequencer 2.8a [Key].zip
Contain key_gen.exe [847872] with Bagle CRC32 : 52FEB486

Deleted ! : C:\Documents and Settings\LOUIS\Mes documents\Ma musique\XAV\Nouveau dossier\serial.exe
# Taille : 847872 # MD5 : CD151D780A3AADFA99CCF2B1069ADB52

Deleted ! : C:\Documents and Settings\LOUIS\Mes documents\Ma musique\XAV\Nouveau dossier (2)\CD Sequencer 1.0.zip
Contain keygen.exe [847872] with Bagle CRC32 : 52FEB486

Deleted ! : C:\Program Files\eMule\Incoming\Beatbox MIDI Drum Sequencer 2.8a(3).zip
Contain serial.exe [843776] with Bagle CRC32 : A46E6C57

Deleted ! : C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
# Taille : 847872 # MD5 : CD151D780A3AADFA99CCF2B1069ADB52

Deleted ! : C:\Qoobox\Quarantine\C\WINDOWS\system32\_mdelk_.exe.zip
Contain mdelk.exe [67667] with Bagle CRC32 : 2144DF1C

Deleted ! : C:\Qoobox\Quarantine\C\WINDOWS\system32\_wintems_.exe.zip
Contain wintems.exe [67667] with Bagle CRC32 : 2144DF1C

 
################## [ Corrupted files # Re-Installation required ] 
 
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgam.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgdiag.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgnsx.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgtray.exe
C:\Documents and Settings\All Users\Application Data\avg8\update\backup\avgwdsvc.exe
C:\Documents and Settings\LOUIS\Mes documents\PROGRAMMES\HiJackThis.exe
C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe
C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\VirusScan\mcvsmap.exe
C:\Program Files\McAfee\VirusScan\mcvsshld.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\Agent\mcregwiz.exe
C:\Program Files\McAfee.com\Agent\mcupdate.exe
C:\Program Files\Samsung\Samsung PC Studio 3\LiveUpdate.exe
C:\Program Files\Samsung\Samsung PC Studio 3\Update\LiveUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files	rend micro\hijackthis.exe
C:\Program Files	rend micro\LOUIS.exe
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
C:\WINDOWS\$hf_mig$\KB896424\update\update.exe
C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
C:\WINDOWS\$hf_mig$\KB899588\update\update.exe
C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
C:\WINDOWS\$hf_mig$\KB911567\update\update.exe
C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
C:\WINDOWS\$hf_mig$\KB912945\update\update.exe
C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
C:\WINDOWS\$hf_mig$\KB917159\update\update.exe
C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
C:\WINDOWS\$hf_mig$\KB917422\update\update.exe
C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
C:\WINDOWS\$hf_mig$\KB918899\update\update.exe
C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
C:\WINDOWS\$hf_mig$\KB920214\update\update.exe
C:\WINDOWS\$hf_mig$\KB920342\update\update.exe
C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
C:\WINDOWS\$hf_mig$\KB921398\update\update.exe
C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
C:\WINDOWS\$hf_mig$\KB922616\update\update.exe
C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
C:\WINDOWS\$hf_mig$\KB923561\update\update.exe
C:\WINDOWS\$hf_mig$\KB923694\update\update.exe
C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
C:\WINDOWS\$hf_mig$\KB924191\update\update.exe
C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
C:\WINDOWS\$hf_mig$\KB925486\update\update.exe
C:\WINDOWS\$hf_mig$\KB925720\update\update.exe
C:\WINDOWS\$hf_mig$\KB925876\update\update.exe
C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
C:\WINDOWS\$hf_mig$\KB931768-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB931836\update\update.exe
C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
C:\WINDOWS\$hf_mig$\KB933566-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
C:\WINDOWS\$hf_mig$\KB952004\update\update.exe
C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
C:\WINDOWS\$hf_mig$\KB954211\update\update.exe
C:\WINDOWS\$hf_mig$\KB954459\update\update.exe
C:\WINDOWS\$hf_mig$\KB954600\update\update.exe
C:\WINDOWS\$hf_mig$\KB955069\update\update.exe
C:\WINDOWS\$hf_mig$\KB955839\update\update.exe
C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB956391\update\update.exe
C:\WINDOWS\$hf_mig$\KB956572\update\update.exe
C:\WINDOWS\$hf_mig$\KB956802\update\update.exe
C:\WINDOWS\$hf_mig$\KB956803\update\update.exe
C:\WINDOWS\$hf_mig$\KB956841\update\update.exe
C:\WINDOWS\$hf_mig$\KB957095\update\update.exe
C:\WINDOWS\$hf_mig$\KB957097\update\update.exe
C:\WINDOWS\$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB958644\update\update.exe
C:\WINDOWS\$hf_mig$\KB958687\update\update.exe
C:\WINDOWS\$hf_mig$\KB958690\update\update.exe
C:\WINDOWS\$hf_mig$\KB959426\update\update.exe
C:\WINDOWS\$hf_mig$\KB960225\update\update.exe
C:\WINDOWS\$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB960715\update\update.exe
C:\WINDOWS\$hf_mig$\KB960803\update\update.exe
C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB961373\update\update.exe
C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe
C:\WINDOWS\$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\$NtUninstallKB890046$\update.exe
C:\WINDOWS\ie7updates\KB937143-IE7\update.exe
C:\WINDOWS\SoftwareDistribution\Download\732b519dd7ab510353c345c37063c2b3\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\update\update.exe
C:\WINDOWS\system32\instlsp.exe

################################### [ Cracks / Keygens / Serials ]

# -> Nothing found !  

################## [ ! End of Report # FindyKill V4.729 ! ]

jlpjlp · Answer

ok fais le reste

gazoduc · Answer

OK c'est fait !!! Le reste sur FINDYKILL option 1 à 4
Pas d'amélioration.
Tu as une idée?

jlpjlp · Answer

ton antivirus, mcafee et avg8 sont foutu! tu peux virer

il ne faudra en remettre qu'un! c'est normal tu etait infecté par bagle





j'avais mis ceci:

scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­­

______________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

______________________

a plus

gazoduc · Answer

Voici le rapport.
Il faut que tu m'expliques comment les virer!
A+

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2162
Windows 5.1.2600 Service Pack 3

21/05/2009 17:50:13
mbam-log-2009-05-21 (17-50-02).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 197354
Temps écoulé: 58 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 48

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\__c0054E04.dat (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0054e04 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsservicesstartup (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Documents and Settings\LOUIS\Application Data
idle (Trojan.Agent) -> No action taken.
C:\Program Files\WinZix (Trojan.Lop) -> No action taken.
C:\Program Files\NetPumper (Adware.NetPumper) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\config\49899136.Evt (Rootkit.Agent.H) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWeb) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old.vir (Adware.MyWeb) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\avica.dll.vir (Trojan.Downloader) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down\855718.exe.vir (Trojan.Packed) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0006816.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008814.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008837.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009099.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010069.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010087.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011086.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011163.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011179.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011254.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011253.DLL (Adware.MyWeb) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011256.exe (Trojan.Packed) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011386.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP2\A0000048.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002107.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002124.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0003124.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0004141.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004155.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004227.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004259.dll (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004272.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004331.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004472.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0004789.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005792.sys (Rootkit.Bagle) -> No action taken.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0005814.sys (Rootkit.Bagle) -> No action taken.
C:\WINDOWS\system32\bthser.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\bootvi.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\browseui(2.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\__c0041E8F.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c006134E.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c006EC14.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c0083216.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c009B3FA.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c00A5148.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c00BAD99.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c00C49C4.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c00DF8C7.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c00E9105.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c00FB0C4.exe (Trojan.Vundo.V) -> No action taken.
C:\WINDOWS\system32\__c0054E04.dat (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\__c0073E49.exe (Trojan.Vundo) -> No action taken.

jlpjlp · Answer

ok vire ce qui est en quarnatiane dans malwarebyte


et colle le scan en ligne

a plus

gazoduc · Answer

OK.Voici le rapport.
Pour le net ces mieux. Plus d'ouverture intempestives.
Pour la souris. Une horreur! Le clavier OK.

A+

alwarebytes' Anti-Malware 1.36
Version de la base de données: 2162
Windows 5.1.2600 Service Pack 3

21/05/2009 17:51:22
mbam-log-2009-05-21 (17-51-22).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 197354
Temps écoulé: 58 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 48

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\__c0054E04.dat (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0054e04 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsservicesstartup (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\LOUIS\Application Data
idle (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WinZix (Trojan.Lop) -> Quarantined and deleted successfully.
C:\Program Files\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\config\49899136.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\avica.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down\855718.exe.vir (Trojan.Packed) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0006816.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008814.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008837.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009099.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010069.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010087.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011086.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011163.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011179.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011254.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011253.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011256.exe (Trojan.Packed) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011386.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP2\A0000048.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002107.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002124.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0003124.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0004141.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004155.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004227.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004259.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004272.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004331.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004472.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0004789.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005792.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0005814.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bthser.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bootvi.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browseui(2.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0041E8F.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006134E.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006EC14.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0083216.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009B3FA.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00A5148.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00BAD99.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C49C4.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00DF8C7.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00E9105.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00FB0C4.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0054E04.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c0073E49.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

jlpjlp · Answer

colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

______________________


essaie de reinstaller ton antivirus et dis si il marche

gazoduc · Answer

Bonjour

Voici le scan avec PANDA

A+

PROTECTIONS: 1
MALWARE: 31
SUSPECTS: 16
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
McAfee VirusScan                                                           Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@doubleclick[1].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\CECILE.XAVIER.000\Cookies\cecile@doubleclick[1].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@doubleclick[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@atdmt[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@atdmt[2].txt
00145393  Cookie/Tradedoubler                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@tradedoubler[2].txt
00145393  Cookie/Tradedoubler                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@tradedoubler[1].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\CECILE.XAVIER.000\Cookies\cecile@mediaplex[1].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@mediaplex[2].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@xiti[1].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@xiti[1].txt
00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@statcounter[2].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@ad.yieldmanager[1].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@ad.yieldmanager[1].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@apmebf[2].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\CECILE.XAVIER.000\Cookies\cecile@apmebf[1].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@serving-sys[1].txt
00168093  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@bs.serving-sys[2].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@weborama[1].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\CECILE.XAVIER.000\Cookies\cecile@weborama[1].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@weborama[1].txt
00168109  Cookie/Adtech                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@adtech[2].txt
00168110  Cookie/Server.iad.Liveperson       TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@server.iad.liveperson[2].txt
00168116  Cookie/Comclick                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@fl01.ct2.comclick[1].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@advertising[1].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@advertising[2].txt
00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@zedo[2].txt
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@bluestreak[2].txt
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@bluestreak[2].txt
00184846  Cookie/Adrevolver                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@adrevolver[2].txt
00207936  Cookie/Adviva                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@adviva[1].txt
00266415  application/regfreeze              HackTools           No        0         Yes            No           hkey_current_user\software\actualresearchegistryfreeze
00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@smartadserver[1].txt
00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@smartadserver[2].txt
00590315  Rootkit/Agent.LNB                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011789.sys
00701452  W32/SdBot.MCB.worm                 Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011686.exe
01185375  Application/Psexec.A               HackTools           No        0         Yes            No           C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011271.EXE
02870155  Application/VirusRanger            HackTools           No        0         Yes            No           C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009090.dll
02885963  Rootkit/Booto.C                    Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011263.sys
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008821.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008822.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008820.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008840.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008843.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005798.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004474.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005795.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005799.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010090.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011088.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004335.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011685.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011261.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011262.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008844.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011670.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011395.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011419.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011423.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011475.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011493.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011579.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011597.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011598.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011599.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011618.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011619.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011635.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011651.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011652.exe
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011387.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011180.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002108.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002125.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0003125.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0004142.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004154.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004228.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004273.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004332.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011164.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011087.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0005815.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010088.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010070.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008838.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008815.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004473.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0006817.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009100.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0004790.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005793.sys
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004760.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011394.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011689.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0004800.exe
03919024  Generic Malware                    Virus/Trojan        No        0         Yes            Yes          C:\WINDOWS\UbiSoft\SetupUbi.exe
05471009  Generic Trojan                     Virus/Trojan        No        0         No             No           C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002068.exe[C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002068.exe][Setup_00.exe][Setup_00.exe][NETPUM~1.EXE][NetPumper-1.50-setup.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              I
;===================================================================================================================================================================================
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009076.exe[32788R22FWJFW
.com]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009076.exe[32788R22FWJFW\NirCmd.cfexe]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010068.exe[32788R22FWJFW
.com]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010068.exe[32788R22FWJFW\NirCmd.cfexe]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010079.exe[32788R22FWJFW
.com]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010079.exe[32788R22FWJFW\NirCmd.cfexe]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010093.exe[32788R22FWJFW
.com]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010093.exe[32788R22FWJFW\NirCmd.cfexe]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011138.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011140.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011222.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011224.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011332.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011334.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011752.dll                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\WINDOWS\NIRCMD.exe                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 I
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                I
;===================================================================================================================================================================================
;===================================================================================================================================================================================

gazoduc · Answer

Bonjour

Voici le scan avec PANDA

A+

PROTECTIONS: 1
MALWARE: 31
SUSPECTS: 16
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
McAfee VirusScan                                                           Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@doubleclick[1].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\CECILE.XAVIER.000\Cookies\cecile@doubleclick[1].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@doubleclick[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@atdmt[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@atdmt[2].txt
00145393  Cookie/Tradedoubler                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@tradedoubler[2].txt
00145393  Cookie/Tradedoubler                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@tradedoubler[1].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\CECILE.XAVIER.000\Cookies\cecile@mediaplex[1].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@mediaplex[2].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@xiti[1].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@xiti[1].txt
00167753  Cookie/Statcounter                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@statcounter[2].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@ad.yieldmanager[1].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@ad.yieldmanager[1].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@apmebf[2].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\CECILE.XAVIER.000\Cookies\cecile@apmebf[1].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@serving-sys[1].txt
00168093  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@bs.serving-sys[2].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@weborama[1].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\CECILE.XAVIER.000\Cookies\cecile@weborama[1].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@weborama[1].txt
00168109  Cookie/Adtech                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@adtech[2].txt
00168110  Cookie/Server.iad.Liveperson       TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@server.iad.liveperson[2].txt
00168116  Cookie/Comclick                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@fl01.ct2.comclick[1].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@advertising[1].txt
00169190  Cookie/Advertising                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@advertising[2].txt
00172221  Cookie/Zedo                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@zedo[2].txt
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@bluestreak[2].txt
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@bluestreak[2].txt
00184846  Cookie/Adrevolver                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@adrevolver[2].txt
00207936  Cookie/Adviva                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@adviva[1].txt
00266415  application/regfreeze              HackTools           No        0         Yes            No           hkey_current_user\software\actualresearchegistryfreeze
00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOU.XAVIER.000\Cookies\lou@smartadserver[1].txt
00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\LOUIS\Cookies\louis@smartadserver[2].txt
00590315  Rootkit/Agent.LNB                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011789.sys
00701452  W32/SdBot.MCB.worm                 Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011686.exe
01185375  Application/Psexec.A               HackTools           No        0         Yes            No           C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011271.EXE
02870155  Application/VirusRanger            HackTools           No        0         Yes            No           C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009090.dll
02885963  Rootkit/Booto.C                    Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011263.sys
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008821.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008822.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008820.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008840.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008843.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005798.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004474.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005795.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005799.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010090.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011088.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004335.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011685.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011261.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011262.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008844.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011670.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011395.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011419.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011423.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011475.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011493.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011579.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011597.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011598.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011599.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011618.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011619.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011635.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011651.exe
02898934  W32/Bagle.RP.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011652.exe
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011387.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011180.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002108.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002125.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0003125.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0004142.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004154.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004228.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004273.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP5\A0004332.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011164.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011087.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP8\A0005815.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010088.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010070.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008838.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0008815.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004473.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0006817.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009100.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0004790.sys
02898935  W32/Bagle.RC.worm                  Virus/Worm          No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0005793.sys
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP6\A0004760.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011394.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011689.exe
03074964  Trj/CI.A                           Virus/Trojan        No        0         Yes            Yes          C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP7\A0004800.exe
03919024  Generic Malware                    Virus/Trojan        No        0         Yes            Yes          C:\WINDOWS\UbiSoft\SetupUbi.exe
05471009  Generic Trojan                     Virus/Trojan        No        0         No             No           C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002068.exe[C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP4\A0002068.exe][Setup_00.exe][Setup_00.exe][NETPUM~1.EXE][NetPumper-1.50-setup.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              I
;===================================================================================================================================================================================
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009076.exe[32788R22FWJFW
.com]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP11\A0009076.exe[32788R22FWJFW\NirCmd.cfexe]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010068.exe[32788R22FWJFW
.com]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010068.exe[32788R22FWJFW\NirCmd.cfexe]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010079.exe[32788R22FWJFW
.com]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010079.exe[32788R22FWJFW\NirCmd.cfexe]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010093.exe[32788R22FWJFW
.com]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP12\A0010093.exe[32788R22FWJFW\NirCmd.cfexe]
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011138.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011140.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011222.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011224.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011332.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP13\A0011334.com                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP15\A0011752.dll                                                                                                                                                                                                                                                                                                                                                                                                                         I
Yes       C:\WINDOWS\NIRCMD.exe                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 I
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                I
;===================================================================================================================================================================================
;===================================================================================================================================================================================

jlpjlp · Answer

ok

vire le fichier quarantine en suivant le lien:

C:\Qoobox\Quarantine\

_____________

ce fichier si c'est un jeu legal est un faux positif  donc pas de souci:

C:\WINDOWS\UbiSoft\SetupUbi.exe

_______________
lance ccleaner pour virer les cookies

https://www.malekal.com/tutoriel-ccleaner/


________________

désactive ta restauration puis redemarre ton ordi puis réactive la
http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924


_________________


remets un rapport RSIT et dis comment va ton pc

GAZODUC · Answer

T'es génial !!!!!!!!!!!!!!!!!!!

Tout fonctionne nickel Chrome.

CCleaner et Mc Afee  ont repris le boulot.

Merci à toi !!

Bon Week

LN

jlpjlp · Answer

ok fais gaffe aux cracks!


pour virer ce qui a été utilisé lance tool cleaner:

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

VIRUS

27 réponses

Votre réponse

Discussions similaires

Newsletters