Virus Réponse BBG à Chrifleur
BBG
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour, Chrifleur
D'abord un grand MERCI pou tes précieux conseils puisque j'ai pu reprendre la main hier soir sur mon PC.
Le loup étant peut-être toujours dans la bergerie, je te joints les rapports demandés pour contrôle (report.txte et rapport.txt.
Encore une fois en majuscule un grand MERCI
SmitFraudFix v2.253
Rapport fait à 17:01:28.47, 25/11/2007
Executé à partir de F:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\boisgrosset bernard
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\boisgrosset bernard\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BOISGR~1\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{38881500-4037-485B-857E-2EE41F26DCB6}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{83E5C17B-1441-4E44-BFD1-84BDF2A78D19}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{38881500-4037-485B-857E-2EE41F26DCB6}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83E5C17B-1441-4E44-BFD1-84BDF2A78D19}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{38881500-4037-485B-857E-2EE41F26DCB6}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{83E5C17B-1441-4E44-BFD1-84BDF2A78D19}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SDFix: Version 1.115
Run by boisgrosset bernard on 25/11/2007 at 16:43
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\BOISGR~1\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\boisgrosset bernard\Favoris\Error Cleaner.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Bureau\Error Cleaner.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Favoris\Privacy Protector.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Bureau\Privacy Protector.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Favoris\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Bureau\Spyware&Malware Protection.url - Deleted
C:\Program Files\RichVideoCodec\install.ico - Deleted
C:\Program Files\RichVideoCodec\RichVideoCodec.ocx - Deleted
C:\Program Files\RichVideoCodec\Uninstall.exe - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\nethop.exe - Deleted
C:\WINDOWS\popnetnlf.dll - Deleted
C:\WINDOWS\rmvgor.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\sapnet.dll - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\system32\TFTP1548 - Deleted
C:\WINDOWS\system32\TFTP1752 - Deleted
C:\WINDOWS\system32\TFTP420 - Deleted
C:\WINDOWS\system32\TFTP308 - Deleted
C:\WINDOWS\system32\TFTP540 - Deleted
C:\WINDOWS\system32\TFTP3468 - Deleted
C:\WINDOWS\system32\TFTP3484 - Deleted
C:\WINDOWS\system32\TFTP3700 - Deleted
C:\WINDOWS\system32\TFTP3756 - Deleted
C:\WINDOWS\system32\TFTP812 - Deleted
C:\WINDOWS\system32\TFTP3212 - Deleted
C:\WINDOWS\system32\TFTP288 - Deleted
Folder C:\Program Files\RichVideoCodec - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 16:51:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Automation = mslaugh.exe?I dedicate this particular strain to m
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\BOISGR~1\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 1 Sep 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Fri 15 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007 1,294,336 A.SH. --- "C:\Documents and Settings\boisgrosset bernard\Mes documents\Photo Nantes IBM 251007\SIV12.tmp"
Thu 29 Jul 2004 1,206 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg_old.reg"
Thu 29 Jul 2004 12,368 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient_old.reg"
Thu 19 Aug 2004 1,206 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg.reg"
Thu 19 Aug 2004 12,368 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient.reg"
Sat 27 May 2006 1,018 A..H. --- "C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\gPyPTksr\btY76jCyyv06.tmp"
Tue 9 Oct 2007 154,624 A..H. --- "C:\boisgrosset bernard\G7-083\BUREAUTIQUE\PIECES ECRITES\01 -Faisabilit‚\~WRL2764.tmp"
Mon 15 Oct 2007 174,080 A..H. --- "C:\boisgrosset bernard\G7-083\BUREAUTIQUE\PIECES ECRITES\01 -Faisabilit‚\~WRL0004.tmp"
Finished!
En attente de ta réponse en espérant que le virus est bien parti.
MERCI
D'abord un grand MERCI pou tes précieux conseils puisque j'ai pu reprendre la main hier soir sur mon PC.
Le loup étant peut-être toujours dans la bergerie, je te joints les rapports demandés pour contrôle (report.txte et rapport.txt.
Encore une fois en majuscule un grand MERCI
SmitFraudFix v2.253
Rapport fait à 17:01:28.47, 25/11/2007
Executé à partir de F:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\boisgrosset bernard
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\boisgrosset bernard\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\BOISGR~1\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{38881500-4037-485B-857E-2EE41F26DCB6}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{83E5C17B-1441-4E44-BFD1-84BDF2A78D19}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{38881500-4037-485B-857E-2EE41F26DCB6}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83E5C17B-1441-4E44-BFD1-84BDF2A78D19}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{38881500-4037-485B-857E-2EE41F26DCB6}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{83E5C17B-1441-4E44-BFD1-84BDF2A78D19}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SDFix: Version 1.115
Run by boisgrosset bernard on 25/11/2007 at 16:43
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\BOISGR~1\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\boisgrosset bernard\Favoris\Error Cleaner.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Bureau\Error Cleaner.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Favoris\Privacy Protector.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Bureau\Privacy Protector.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Favoris\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\boisgrosset bernard\Bureau\Spyware&Malware Protection.url - Deleted
C:\Program Files\RichVideoCodec\install.ico - Deleted
C:\Program Files\RichVideoCodec\RichVideoCodec.ocx - Deleted
C:\Program Files\RichVideoCodec\Uninstall.exe - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\nethop.exe - Deleted
C:\WINDOWS\popnetnlf.dll - Deleted
C:\WINDOWS\rmvgor.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\sapnet.dll - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\system32\TFTP1548 - Deleted
C:\WINDOWS\system32\TFTP1752 - Deleted
C:\WINDOWS\system32\TFTP420 - Deleted
C:\WINDOWS\system32\TFTP308 - Deleted
C:\WINDOWS\system32\TFTP540 - Deleted
C:\WINDOWS\system32\TFTP3468 - Deleted
C:\WINDOWS\system32\TFTP3484 - Deleted
C:\WINDOWS\system32\TFTP3700 - Deleted
C:\WINDOWS\system32\TFTP3756 - Deleted
C:\WINDOWS\system32\TFTP812 - Deleted
C:\WINDOWS\system32\TFTP3212 - Deleted
C:\WINDOWS\system32\TFTP288 - Deleted
Folder C:\Program Files\RichVideoCodec - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 16:51:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Windows Automation = mslaugh.exe?I dedicate this particular strain to m
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\BOISGR~1\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 1 Sep 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Fri 15 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 26 Oct 2007 1,294,336 A.SH. --- "C:\Documents and Settings\boisgrosset bernard\Mes documents\Photo Nantes IBM 251007\SIV12.tmp"
Thu 29 Jul 2004 1,206 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg_old.reg"
Thu 29 Jul 2004 12,368 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient_old.reg"
Thu 19 Aug 2004 1,206 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg.reg"
Thu 19 Aug 2004 12,368 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient.reg"
Sat 27 May 2006 1,018 A..H. --- "C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\gPyPTksr\btY76jCyyv06.tmp"
Tue 9 Oct 2007 154,624 A..H. --- "C:\boisgrosset bernard\G7-083\BUREAUTIQUE\PIECES ECRITES\01 -Faisabilit‚\~WRL2764.tmp"
Mon 15 Oct 2007 174,080 A..H. --- "C:\boisgrosset bernard\G7-083\BUREAUTIQUE\PIECES ECRITES\01 -Faisabilit‚\~WRL0004.tmp"
Finished!
En attente de ta réponse en espérant que le virus est bien parti.
MERCI
A voir également:
- Virus Réponse BBG à Chrifleur
- Réponse automatique thunderbird - Guide
- Virus mcafee - Accueil - Piratage
- Réponse automatique gmail - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
