Virus win32 bagle problème

Résolu
hatebagle -  
 Utilisateur anonyme -
Bonjour,
j'ai suivi les instruction de se post ( http://www.commentcamarche.net/forum/affich 2286680 comment suprimer win32 bagle gen) mais après 6h de galère je n'arrive toujours a me débarrasser de cette merde de virus
qui colle encore et toujours ...
donc juste pour info , il me bloc hijackthis , c cleaner , a squared ainsi que ewido et je ne peut lancer le mode sans echec ...

le reste je l'ais fait et bitfender a bien trouver et supprimé mais le problèeme persiste toujours :s

voici pour info des résultat optenu a des scan :

SAVEBOOTKEYREAPAIR :

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

========================

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
~~\SafeBoot\Minimal\Base
~~\SafeBoot\Minimal\Boot Bus Extender
~~\SafeBoot\Minimal\Boot file system
~~\SafeBoot\Minimal\dmboot.sys
~~\SafeBoot\Minimal\dmio.sys
~~\SafeBoot\Minimal\dmload.sys
~~\SafeBoot\Minimal\dmserver
~~\SafeBoot\Minimal\File system
~~\SafeBoot\Minimal\Filter
~~\SafeBoot\Minimal\PCI Configuration
~~\SafeBoot\Minimal\Primary disk
~~\SafeBoot\Minimal\RpcSs
~~\SafeBoot\Minimal\SCSI Class
~~\SafeBoot\Minimal\sermouse.sys
~~\SafeBoot\Minimal\System Bus Extender
~~\SafeBoot\Minimal\vga.sys
~~\SafeBoot\Minimal\vgasave.sys
~~\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

========================

Error: Key: system\currentcontrolset\control\safeboot\minimal does not exist!

SMITHFRAUDFIX :

1ER ETAPE :

SmitFraudFix v2.381

Rapport fait à 22:11:27,51, 05/12/2008
Executé à partir de D:\Documents and Settings\Mickael\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Mumble\bin\dbus-daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» D:\

D:\autorun.inf PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Mickael

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Mickael\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Mickael\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Mickael\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FAA3F0D3-C8F4-445D-928B-D3D887F2A206}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FAA3F0D3-C8F4-445D-928B-D3D887F2A206}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{03EDA9FB-D581-4BB9-A7D0-7D63EDA24C7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{03EDA9FB-D581-4BB9-A7D0-7D63EDA24C7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

2EME ETAPE :

SmitFraudFix v2.381

Rapport fait à 22:42:33,65, 05/12/2008
Executé à partir de D:\Documents and Settings\Mickael\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia"

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

D:\autorun.inf supprimé
C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FAA3F0D3-C8F4-445D-928B-D3D887F2A206}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FAA3F0D3-C8F4-445D-928B-D3D887F2A206}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{03EDA9FB-D581-4BB9-A7D0-7D63EDA24C7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{03EDA9FB-D581-4BB9-A7D0-7D63EDA24C7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

et BIDTDEFENDER :

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002377.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002377.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002378.exe

Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002378.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002380.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002380.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002385.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002385.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002387.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002387.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002394.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002394.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002398.exe

Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002398.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002402.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002402.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002403.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002403.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002405.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002405.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002415.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002415.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002416.exe

Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002416.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002419.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002419.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002425.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002425.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002429.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002429.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002449.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002449.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002451.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002451.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002460.exe

Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002460.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002461.exe

Infected with: MemScan:Trojan.PWS.LdPinch.TSE

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002461.exe

Deleted

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002471.exe

Infected with: Win32.Bagle.SUQ@mm

C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002471.exe

Deleted

C:\WINDOWS\system32\drivers\winfilse.exe

Infected with: DeepScan:Generic.Bagle.7D0BF57D

C:\WINDOWS\system32\drivers\winfilse.exe

Disinfection failed

C:\WINDOWS\system32\drivers\winfilse.exe

Delete failed

D:\Documents and Settings\Mickael\Application Data\m\data.oct

Infected with: DeepScan:Generic.Bagle.CB959E6F

D:\Documents and Settings\Mickael\Application Data\m\data.oct

Disinfection failed

D:\Documents and Settings\Mickael\Application Data\m\data.oct

Deleted

D:\Documents and Settings\Mickael\Local Settings\Application Data\jvaayvvbi.exe

Infected with: Trojan.Generic.782254

D:\Documents and Settings\Mickael\Local Settings\Application Data\jvaayvvbi.exe

Deleted

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP1\A0001136.exe

Infected with: Win32.Bagle.SUQ@mm

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP1\A0001136.exe

Deleted

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP1\A0001159.exe

Infected with: Win32.Bagle.SUQ@mm

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP1\A0001159.exe

Deleted

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001215.exe

Infected with: DeepScan:Generic.Bagle.7D0BF57D

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001215.exe

Disinfection failed

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001215.exe

Deleted

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001224.exe

Infected with: Win32.Bagle.SUQ@mm

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001224.exe

Deleted

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001262.exe

Infected with: DeepScan:Generic.Bagle.7D0BF57D

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001262.exe

Disinfection failed

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001262.exe

Deleted

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001310.exe

Infected with: Win32.Bagle.SUQ@mm

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0001310.exe

Deleted

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002348.exe

Infected with: Win32.Bagle.SUQ@mm

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP2\A0002348.exe

Deleted

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP4\A0002644.exe

Infected with: Trojan.Generic.782254

D:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP4\A0002644.exe

Deleted

MERCI D'AVOIR DES REPONSES ET DE L'AIDE ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

bonne nuit ... vu l'heure :)
Configuration: Windows XP
Firefox 3.0.4

45 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection Win32.Bagle persiste malgré les scans, bloque l’accès à certains outils de sécurité et empêche le démarrage en mode sans échec, tout en perturbant plusieurs programmes de sécurité.
Plusieurs solutions ont été tentées, dont SmitFraudFix et le nettoyage des registres et fichiers temporaires, mais les éléments malveillants restent présents dans les sauvegardes et restaurations système.
Des symptômes techniques apparaissent, avec des clés SafeBoot corrompues et des fichiers infectés détectés dans les restaurations, tandis que plusieurs tentatives de désinfection échouent sur des éléments critiques comme winfilse.exe.
En cas de persistance, il peut être utile de sauvegarder les données essentielles et envisager une réinstallation propre du système, tout en vérifiant l’intégrité du disque et les mises à jour des définitions.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Salut hatebagle,

    Sois patient, geoffrey5 va revenir.
    Il est tenace.
    Et ton PC est déjà bien désinfecté.
    Encore quelques vérifications à faire.

    Bonne chance
    Al.
    2
  2. Utilisateur anonyme
     
    Hello,

    je vais prendre la suite :

    Télécharge HijackThis (outils de diagnostic) ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau

    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    -> HijackThis

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

    PS : Salut Al.
    1
    1. hatebagle
       
      d'accord je vais le faire et je vois déjà une évolution car je peux enfin le lancer
      il n'est plus bloqué ...

      je post le résultat des fini !

      merci :)
      0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    ▶ Telecharge FindyKill sur ton bureau :

    ▶ Lance l installation avec les parametres par default

    ▶ Double clic sur le raccourci FindyKill sur ton bureau

    ▶ Au menu principal,choisi l option 1 (Recherche)

    ▶ Post le rapport FindyKill.txt

    * Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    0
    1. hatebagle
       
      ok je vais faire sa et merci répondre si rapidement !

      j'espere que cela va marcher mais sa consiste en quoi en gros ?
      0
  4. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    C est un outil de désinfection traitant bagle ;-)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. hatebagle
     
    c'est good voila la réponse :

    ----------------- FindyKill V4.706 ------------------

    * User : Mickael - mick
    * Emplacement : C:\Program Files\FindyKill
    * Outils Mis a jours le 27/11/08 par Chiquitine29
    * Recherche effectuée à 2:21:49 le 06/12/2008
    * Windows XP - Internet Explorer 7.0.5730.11

    ((((((((((((((((( *** Recherche *** ))))))))))))))))))

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Apps\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\drivers\downld\164125.exe

    --------------- [ Processus infectieux stoppés ] ----------------

    "C:\WINDOWS\system32\drivers\downld\164125.exe" (4056)

    --------------- [ Fichiers/Dossiers infectieux ] ----------------

    »»»» Presence des fichiers dans C:

    Found ! [05/12/2008 21:11] - C:\InfoSat.txt

    »»»» Presence des fichiers dans C:\WINDOWS

    »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

    Found ! - C:\WINDOWS\prefetch\107984.EXE-1CD163DA.pf
    Found ! - C:\WINDOWS\prefetch\108500.EXE-25C137EE.pf
    Found ! - C:\WINDOWS\prefetch\109031.EXE-0F3E1332.pf
    Found ! - C:\WINDOWS\prefetch\111687.EXE-000A6396.pf
    Found ! - C:\WINDOWS\prefetch\11419593.EXE-12CF61C6.pf
    Found ! - C:\WINDOWS\prefetch\11463265.EXE-19CD6D41.pf
    Found ! - C:\WINDOWS\prefetch\116218.EXE-30D83BC0.pf
    Found ! - C:\WINDOWS\prefetch\120656.EXE-05A499B0.pf
    Found ! - C:\WINDOWS\prefetch\122093.EXE-3A8C6404.pf
    Found ! - C:\WINDOWS\prefetch\138359.EXE-37D42258.pf
    Found ! - C:\WINDOWS\prefetch\149875.EXE-327130FF.pf
    Found ! - C:\WINDOWS\prefetch\176921.EXE-3A050DBE.pf
    Found ! - C:\WINDOWS\prefetch\177843.EXE-03CF08EA.pf
    Found ! - C:\WINDOWS\prefetch\178968.EXE-3A0DC066.pf
    Found ! - C:\WINDOWS\prefetch\192203.EXE-033A1163.pf
    Found ! - C:\WINDOWS\prefetch\201812.EXE-0A22AEBA.pf
    Found ! - C:\WINDOWS\prefetch\210390.EXE-391214A5.pf
    Found ! - C:\WINDOWS\prefetch\219187.EXE-3A79D2F0.pf
    Found ! - C:\WINDOWS\prefetch\52421000.EXE-20B652E6.pf
    Found ! - C:\WINDOWS\prefetch\52430578.EXE-2B802437.pf
    Found ! - C:\WINDOWS\prefetch\52460625.EXE-174FA68E.pf
    Found ! - C:\WINDOWS\prefetch\79531.EXE-19F7542D.pf
    Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-2C4619D0.pf
    Found ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
    Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-0C5BAB91.pf
    Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

    »»»» Presence des fichiers dans C:\WINDOWS\system32

    Found ! [06/12/2008 01:55] - C:\WINDOWS\system32\mdelk.exe
    Found ! [06/12/2008 01:55] - C:\WINDOWS\system32\wintems.exe
    Found ! [06/12/2008 01:59] - C:\WINDOWS\system32\ban_list.txt

    »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

    Found ! [06/12/2008 01:59] - C:\WINDOWS\system32\drivers\srosa.sys
    Found ! [06/12/2008 01:59] - C:\WINDOWS\system32\drivers\srosa2.sys
    Found ! [04/07/2005 06:04] - C:\WINDOWS\system32\drivers\winfilse.exe
    Found ! [06/12/2008 02:02] - "C:\WINDOWS\system32\drivers\downld"
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\129468.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\131671.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\155234.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\164125.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\166140.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\171671.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\172843.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\176281.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\193109.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\205843.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\206968.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\208750.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\210093.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\218734.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\241890.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\250343.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\75171.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\83750.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\84250.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\84562.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\85687.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\87906.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\93718.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\94640.exe
    Found ! [06/12/2008 02:02] - C:\WINDOWS\system32\drivers\downld\96421.exe

    »»»» Presence des fichiers dans D:\Documents and Settings\Mickael\Application Data

    Found ! [06/12/2008 02:01] - "D:\Documents and Settings\Mickael\Application Data\m\flec006.exe"
    Found ! [06/12/2008 02:01] - "D:\Documents and Settings\Mickael\Application Data\m\list.oct"
    Found ! [06/12/2008 02:01] - "D:\Documents and Settings\Mickael\Application Data\m\data.oct"
    Found ! [06/12/2008 02:01] - "D:\Documents and Settings\Mickael\Application Data\m\srvlist.oct"
    Found ! [06/12/2008 02:01] - "D:\Documents and Settings\Mickael\Application Data\m\shared"
    Found ! [06/12/2008 01:55] - "D:\Documents and Settings\Mickael\Application Data\m"

    »»»» Presence des fichiers dans D:\DOCUME~1\Mickael\LOCALS~1\Temp

    »»»» Presence des fichiers dans D:\Documents and Settings\Mickael\Local Settings\Temporary Internet Files\Content.IE5

    --------------- [ Registre / Startup ] ----------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

    a-squared="C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    avast!=D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\flec006]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\m3SrchMn]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\Registrar]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\RtlRack]
    [HKEY_CURRENT_USER\software\local appwizard-generated applications\winfilse]

    --------------- [ Registre / Clés infectieuses ] ----------------

    Found ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\Local AppWizard-Generated Applications\flec006
    Found ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\Local AppWizard-Generated Applications\winfilse
    Found ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\bisoft
    Found ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\DateTime4
    Found ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\FFC
    Found ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\FirtR
    Found ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\MuleAppData
    Found ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\UBISOFT
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\flec006
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\DateTime4
    Found ! - HKEY_CURRENT_USER\Software\FirtR

    --------------- [ Etat / Services ] ----------------

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

    - sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

    - sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

    - sans echec non fonctionnel !!

    +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - Type de démarrage = 4

    EapHost - Type de démarrage = 3

    /!\ Ip6Fw - Type de démarrage = 4

    /!\ SharedAccess - Type de démarrage = 4

    /!\ wuauserv - Type de démarrage = 4

    /!\ wscsvc - Type de démarrage = 4

    --------------- [ Recherche dans supports amovibles] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    +- presence des fichiers :

    --------------- [ Registre / Mountpoint2 ] ----------------

    -> Not found !

    ------------------- ! Fin du rapport ! --------------------

    je fais quoi maintenant , c'est bon ?
    0
  7. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Dsl je n ai pas reçu d alerte email me signalant que tu avais répondu :s

    maintenant fais ceci stp :

    ▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    ▶ Double clic sur le raccourci FindyKill sur ton bureau

    ▶ Au menu principal,choisi l option 2 (Suppression)

    /!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

    /!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

    ▶ ensuite post le rapport FindyKill.txt

    * Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    * Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
    0
  8. hatebagle
     
    merci de la réponse je ferais sa demain étant donné que ji suis depuis 8h30 voir plus
    donc je commence a être exténue , je publierais sa demain donc et j'aimerais savoir pourquoi
    je n'ais plus de son non plus ainsi que mediaplayer qui ne repond pas ...
    es bagle qui fait des sienne un peut partout ?

    merci en tt cas et bonne nuit
    0
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Ok pas de problèmes, on continuera demain ;-)

    Bonne fin de soirée @+
    0
  10. hatebagle
     
    re bonjour :)

    voila je l'ais donc fait avec mn mp4 disque dur brancher et sa donne ceci : bonne lectur :)

    ----------------- FindyKill V4.706 ------------------

    * User : Mickael - mick
    * executed from : C:\Program Files\FindyKill
    * Update on 27/11/08 par Chiquitine29
    * Start at 12:11:45 the 06/12/2008
    * Windows XP - Internet Explorer 7.0.5730.11

    ((((((((((((((( *** deleting *** ))))))))))))))))))

    --------------- [ Active Processes ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Apps\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    --------------- [ Infected files / folders ] ----------------

    »»»» Supression files in C:

    Deleted ! - C:\InfoSat.txt

    »»»» Supression files in C:\WINDOWS

    »»»» Supression files in C:\WINDOWS\Prefetch

    Deleted ! - C:\WINDOWS\prefetch\107984.EXE-1CD163DA.pf
    Deleted ! - C:\WINDOWS\prefetch\108500.EXE-25C137EE.pf
    Deleted ! - C:\WINDOWS\prefetch\109031.EXE-0F3E1332.pf
    Deleted ! - C:\WINDOWS\prefetch\111687.EXE-000A6396.pf
    Deleted ! - C:\WINDOWS\prefetch\11419593.EXE-12CF61C6.pf
    Deleted ! - C:\WINDOWS\prefetch\11463265.EXE-19CD6D41.pf
    Deleted ! - C:\WINDOWS\prefetch\116218.EXE-30D83BC0.pf
    Deleted ! - C:\WINDOWS\prefetch\120656.EXE-05A499B0.pf
    Deleted ! - C:\WINDOWS\prefetch\122093.EXE-3A8C6404.pf
    Deleted ! - C:\WINDOWS\prefetch\138359.EXE-37D42258.pf
    Deleted ! - C:\WINDOWS\prefetch\149875.EXE-327130FF.pf
    Deleted ! - C:\WINDOWS\prefetch\176921.EXE-3A050DBE.pf
    Deleted ! - C:\WINDOWS\prefetch\177843.EXE-03CF08EA.pf
    Deleted ! - C:\WINDOWS\prefetch\178968.EXE-3A0DC066.pf
    Deleted ! - C:\WINDOWS\prefetch\192203.EXE-033A1163.pf
    Deleted ! - C:\WINDOWS\prefetch\201812.EXE-0A22AEBA.pf
    Deleted ! - C:\WINDOWS\prefetch\210390.EXE-391214A5.pf
    Deleted ! - C:\WINDOWS\prefetch\219187.EXE-3A79D2F0.pf
    Deleted ! - C:\WINDOWS\prefetch\52421000.EXE-20B652E6.pf
    Deleted ! - C:\WINDOWS\prefetch\52430578.EXE-2B802437.pf
    Deleted ! - C:\WINDOWS\prefetch\52460625.EXE-174FA68E.pf
    Deleted ! - C:\WINDOWS\prefetch\79531.EXE-19F7542D.pf
    Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-2C4619D0.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-0EF461CE.pf
    Deleted ! - C:\WINDOWS\prefetch\WINFILSE.EXE-0C5BAB91.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

    »»»» Supression files in C:\WINDOWS\system32

    Deleted ! - C:\WINDOWS\system32\mdelk.exe
    Deleted ! - C:\WINDOWS\system32\wintems.exe
    Deleted ! - C:\WINDOWS\system32\ban_list.txt

    »»»» Supression files in C:\WINDOWS\system32\drivers

    Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
    Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
    Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\126203.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\127843.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\129468.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\131671.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\155234.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\155640.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\164125.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\166140.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\169125.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\170250.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\171671.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\172843.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\174515.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\176281.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\193109.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\205796.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\205843.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\206968.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\208750.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\210093.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\217687.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\218734.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\241890.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\250343.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\75171.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\82734.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\83750.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\84250.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\84562.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\85687.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\87906.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\90703.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\91812.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\93718.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\94640.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\96421.exe
    Deleted ! - "C:\WINDOWS\system32\drivers\downld"

    »»»» Supression files in D:\Documents and Settings\Mickael\Application Data

    Deleted ! - "D:\Documents and Settings\Mickael\Application Data\m\flec006.exe"
    Deleted ! - "D:\Documents and Settings\Mickael\Application Data\m\list.oct"
    Deleted ! - "D:\Documents and Settings\Mickael\Application Data\m\data.oct"
    Deleted ! - "D:\Documents and Settings\Mickael\Application Data\m\srvlist.oct"
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\2003 FasterInternet PRO 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\3D Sound Tester 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\3D Topicscape Student Edition 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\642-432_Practice_Exam_Testing_Engine_Software_1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\A1 SpeechTRON 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Abander MP3 Lyrics Extractor 1.1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Abykus_1.02.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Apex_AVI_Converter_6.26_Patch.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Argus_Surveillance_DVR_1.7.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Art of Monet's Garden Screensaver.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Auto Mail Sender 3.20 Build 20080228#55.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\AutoReply 2.2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\BeeMizer NG 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\BK_ReplaceEm_2.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Blaze_Editor_1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Canada_Map_Locator_1.0_Crack.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\cCalc_1.08.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\CD-Ejector 1.0 Crack.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Change Case of Directory Names Software 7.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Change_Wallpaper_4.0.0.2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\CharProbe_1.0_(Key).zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Check_Designer_Home_&_Business_7.0.0.0_[KeyGen].zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Chilkat_Email_ActiveX_Component_7.3.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Cistone Media Burner 2.4.2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\CoffeeCup_Image_Mapper_4.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Contact Container 1.0.2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Convene 4.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Declan's_Japanese_Dictionary_1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\DEKSI_Network_Monitor_4.6.4.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Desktop_Flash_Template_1.0_build_2007.02.21_With_Crack.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\DHL_Tracking_Tool_1.28.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Diego Vel zquez Screensaver 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\DriveOnWeb_4.01.01.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\DVD Pro 5.0.1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\DVD_Region+CSS_Free_5.9.8.5.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\EAHide Advanced 1.3.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Easiestutils DVD to iPhone converter 4.9.0.65.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Easy_Sweeper_1.0_Key+Serial.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\eBay.ca Search 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Excel_Invoice_Manager_Platinum_2.5.1009.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\eXInbox 1.0.0.7.519.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Fax4Outlook_2.60.02.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\FileGrapher_1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Fin_Calc_1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Flash Desktop 4.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Flashant SWF2Video Pro 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Flux_Screensaver_5.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Freeship_2.6.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\GeoBase 0.8.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\GhostSurf 2006 Platinum.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Gunamoi Nixie Clock 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Halo_Combat_Evolved_1.0_to_1.03_patch.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\HOSTSed 1.51.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\HP_ScanJet_5300c_1.3.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Hungry_Cat_1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\ImTOO Video Splitter 1.0.28.0418.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\ImTOO_MOV_Converter_3.1.28.0413b_With_Crack.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\InstantCharts_Market_Browser_for_Traders_1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\iPod_Encoder_Filter_1.0_(Key).zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Kill or Be Killed 1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\KookieJar_6.3.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\LingvoSoft_Talking_Picture_Dictionary_2007_Spanish_-_Chinese_Mandarin_Traditional_1.1.20.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Magic MP3 To WAV Converter 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\MagicWake_1.0.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Mail Notifier Firefox Add-on 0.6.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Mailman_RSS_Reader_3.28.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\MarsEdit_1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\MCE_Display_1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\MetaProject 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Midlet_Pascal_2.0.2_[Patch].zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\mp3Tag 5.2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Mute_MFC_0.0.7.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\MyMusicMachine 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Name Extractor 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\NetChanger_2.32_[Key].zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Netspyer_2_[With_Crack].zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Network_Eagle_Monitor_Pro_4.9_build_410.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\NOD32_Antivirus_System_v2.70.23_Full.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\OJOsoft MP4 Converter 2.0.0.0430.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Organic Studio 1.1.130.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\PackMan - Package Manager 2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\PEdit 0.9.1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\PHP Clean 1.2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\PixBuilder_Studio_1.35.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\PLT_Import_for_SolidWorks_1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\PowerShape-e_7080.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Primary_Care_Clinic_Followup_Template_Patch.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Puzzle_Master_Holiday_Edition.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Quick Keylogger 2.1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Registry_Space_Profiler_1.0.18_Beta_2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Romanian Language Pack for Winamp 2.7x.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SavePicNoAsk_PRO_2.1.11.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SA_System_Info_ActiveX_1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Scorecard 1.2.4 Build 230.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Screen Beagle 1.31.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\ScreenRecord_1.6.2_[KeyGen].zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\ScummVM_0.9.1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SE Image Extractor 3.14.52.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Search_Pro_Deluxe_Legal_Edition_1.02.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Sharepoint_Quick_Launch_2007_1.0_(Patch).zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SignGo 1.11.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Simple_File_Splitter_1.4.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Softinabox Paste Fast 1.2.0 Build 30.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Sold_and_Closed_2.0_Serial.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Spam Protector 2003.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SpeedFiler_1.1.2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SpywareKill 2.5.2117.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Spyware_Terminator_2.0.0.193.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SSS_DJ_1.1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SunRav_TestOfficePro.WEB_2.3.2_[Serial].zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SuperStorm_1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\SVN Backup Widget 1.1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Symantec Norton Internet Security 2004 v7.00 GERMAN.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Symantec.Client.Security.Enterprise.With.Manage.Center.Full.CN.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Telist_Pro_6.0.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\The Oud Tutor 1.4.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Time Palette 5.4.2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\TimeCard_Standard_3.4.1_build_303.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Tool Bucket 1.2.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\TryEmail 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\UnFREEz 2.1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Video_To_WMV_Converter_1.20.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Virtual_Domain_Name_Services_2.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Visage Surveillance 2.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Win Desktop Manager Pro 1.0.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\WinLauncher 2.95.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\winMd5Sum.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Zebulon_1.1.zip
    Deleted ! - D:\Documents and Settings\Mickael\Application Data\m\shared\Zoo Tycoon 2 demo.zip
    Deleted ! - "D:\Documents and Settings\Mickael\Application Data\m\shared"
    Deleted ! - "D:\Documents and Settings\Mickael\Application Data\m"

    »»»» Supression files in D:\DOCUME~1\Mickael\LOCALS~1\Temp

    »»»» Supression files in D:\Documents and Settings\Mickael\Local Settings\Temporary Internet Files\Content.IE5

    --------------- [ Registry / Infected keys ] ----------------

    Deleted ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\Local AppWizard-Generated Applications\flec006
    Deleted ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\Local AppWizard-Generated Applications\winfilse
    Deleted ! - HKEY_USERS\S-1-5-21-4185374654-3385403312-474837433-1005\Software\UBISOFT

    --------------- [ States / Restarting of services ] ----------------

    +- Safe boot mode restored !

    +- Services : [ Auto=2 / Request=3 / Disable=4 ]

    Ndisuio - Type of startup = 3

    EapHost - Type of startup = 2

    Ip6Fw - Type of startup = 2

    SharedAccess - Type of startup = 2

    wuauserv - Type of startup = 2

    wscsvc - Type of startup = 2

    --------------- [ Cleaning removable drives ] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    E: - Lecteur amovible

    +- deleting files :

    --------------- [ Registry / Mountpoint2 ] ----------------

    -> Not found !

    --------------- [ Searching Cracks / Keygen ] ----------------

    D:\Documents and Settings\Mickael\Bureau\brush\new brushes\cracks.abr
    D:\Documents and Settings\Mickael\Bureau\brush\new brushes\IceCrack.abr
    D:\Documents and Settings\Mickael\Mes documents\Ma musique\Four_Letter_Lie-Let_Your_Body_Take_Over-(Advance)-2006-uF\09-four_letter_lie-firecracker_four_letter_lie.mp3
    D:\Documents and Settings\Mickael\Mes documents\persOnnel\new\xara3d\keygen.exe

    ---------------- ! End of report ! ------------------

    que faire maintenant , je ne suis pas totalement novice mais
    tte mes tentatives ont échoué donc je préfère avoir d'autre avis et choix plus pertinent !

    si ont n'arrive pas a l'éradiquer , si je branche le dde d'un amis pour récupéré des données importante
    et formater en suite , cela risque-t-il d'endommager celui ci ?
    et que faire pour ce problème de son ?
    et j'ai 2 maj window je les faits ?

    merci d'avance en tt cas pour des réponses constructive et
    m'aidant ciao !
    bonne appétit pour ce qui mange :)
    0
  11. hatebagle
     
    j'aurais vraiment besoin d'aide donc je relance un peux le sujet ....

    merci a tous d'avance ! :)
    0
  12. Tutos-Info.fr Messages postés 44 Statut Membre
     
    En effet, ça n'a pas l'air d'être facile =S
    Moi dans ces cas la, j'aurais formaté, car un virus n'est jamais 100% supprimé avec aucun logiciel.
    Après il faudrait que quelqu'un de doué étudie ton rapport avec soin

    TùTù
    0
    1. hatebagle
       
      d'accord !

      oui surtout ce virus apparemment il colle bien :s

      et bien j'avais prévu de formater cette après midi
      mais j'aimerais éviter cela quand même pour limiter des pertes ...
      donc j'attends un peu des réponses et le retour de mon 1er sauveur :D

      merci quand même bonne journée
      0
  13. hatebagle
     
    Okey merci ouf !

    sa me rassure deja un minimum et merci de la réponse :)

    vu ce que se virus peut faire j'ai tout de même flippé un peux
    et j'aimerais bien qu'il sois éradiquer pour faire des commandes pour noël
    en tte sécurité :)
    0
  14. Tutos-Info.fr Messages postés 44 Statut Membre
     
    Je te comprends, c'est jamais simple un virus , et on ne sait jamais à quoi s'attendre.

    Dsl du HS ^^

    TùTù
    0
  15. hatebagle
     
    pas grave sa me fait passer le temps vu je préfère pas faire grand chose pour ne pas risquer une surinfection...

    je vais être patient merci a tous et vivement le retour de Geoffrey :)
    0
  16. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Salut Chiquitine29,

    Ton outil C:\Program Files\FindyKill (* Update on 27/11/08 par Chiquitine29) fait du beau boulot.
    Félicitations.

    Bon W-E
    Albert
    0
  17. Utilisateur anonyme
     
    -;)

    merci Al

    bon week end egalement
    0
  18. hatebagle
     
    voici le résultat :)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:19:14, on 06/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Apps\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes0.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes0.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes0.dll
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSman000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  19. Utilisateur anonyme
     
    réinstal ton antivirus ,

    je te conseil vivement antivir :

    ->Antivir le telecharger

    -> http://www.commentcamarche.net/telecharger/telecharger 55 antivir

    tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
    tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

    ensuite :

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)

    Tuto : https://sites.google.com/site/toolbarsd/aideenimages
    0
  20. gen-hackman
     
    salut.......;hatebagle je te conseille de faire ce que te demande chiquitine(createur d'outils de desinfection)
    0
  • 1
  • 2
  • 3