Bonjour,

Ton PC est infecté par Bagle, ce qui explique le disfonctionnement des logiciels de protection.

Fais ceci stp :

▶ Telecharge FindyKill sur ton bureau :

▶ Lance l installation avec les parametres par default

▶ Double clic sur le raccourci FindyKill sur ton bureau

▶ Au menu principal,choisi l option 1 (Recherche)

▶ Post le rapport FindyKill.txt

* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

Bonjour,

NE nous affolons pas et restons calme. Voici comment tu peut procéder: Déja, change d'antivirus car avast n'est pas super super...
Voici AVG qui est gratuit et plus performant. Tu va démarrer une analyse complète du PC et communique le raport.

Lien de téléchargement: http://www.clubic.com/telecharger-fiche10997-avg-antivirus-f­ree-edition.html

Il ne doit pas changer d antivirus maintenant !!

Son PC est infecté par Bagle... Ce qui fait que si il réinstalle un autre antivirus, il sera aussi infecté..

Il faudra réinstaller un antivirus en fin de désinfection...

Je m en occupe aymeric.moulin

Ok... Beaucoup d infections à ce que je vois.

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


▶ Double clic sur le raccourci FindyKill sur ton bureau

▶ Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

▶ ensuite post le rapport FindyKill.txt

* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

Re
di-moi geoffrey 5, j'ai fait quelques recherches sur ce fameux virus et j'y ai trouvé quelques outils de désinsfection comme celui-ci http://www.commentcamarche.net/faq/sujet 2731 virus kit de desinfection pour eradiquer w32 beagle mm bagle . Pourquoi pas essayer de désinsfecter avec ça?

Aymeric

Il y a d'autres outils aussi bon que ceux là ;-)

Voila le nouveau rapport



----------------- FindyKill V4.711 ------------------

* User : AlexVince
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 12:32:01 the 08/01/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:

Deleted ! - C:\fsc.tmp

»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\15080890.EXE-0F59BBC4.pf
Deleted ! - C:\WINDOWS\prefetch\15351968.EXE-31763EB6.pf
Deleted ! - C:\WINDOWS\prefetch\15405796.EXE-0A7C8156.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - "C:\WINDOWS\system32\drivers\downld"


Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\(CRACKED).Mcafee.Virus.Scan.Pro.8.02.2004.by.blizzardtwice.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\100 Bikini Babes Screen Saver 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\1015 saturday 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\1st Audio Splitter Extractor 1.25.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\3D Stairway to Turkey Heaven 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\3DS Import for SolidWorks 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\A White Christmas 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Abander MP3 Image Extractor 1.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Active Bulletin Screen Saver 1.10.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\AdManager 1.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Agree Free Rip DVD to 3GP iPod Zune iPhone MP4 Ripper 4.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Aloaha Fairy 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Area61 VideoBrowser 5.0.3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Astronomy Picture of the Day Opera Widget 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\AudioJPEG Studio 1.0.1.24.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Automation ActiveX Components 1.000.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\avast__Professional_Edition_4.7.892.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\AVG_AntiVirus_Professional_v7.1.371a669_Multilanguage.+.keygen.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\AVS Audio Tools 4.4.1.227.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Backup Utility 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Bell & Ross BR 01-92 Yellow 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Bill Serial Port Monitor 3.0T.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Brisbane Traffic Cams 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Brown Bear Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Cartes du Ciel 2.76.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Copenhagen Traffic Cams 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\CrystalDiffract 1.0.3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Dariolius Column Splitter 2.7.506.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Deep Space 3D Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Depleted Uranium The Killer that Keeps on Killing 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Desktop Sales Manager 6.7.2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Digital Dream Studio 2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Digital Secure Disk 1.5.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Disk Throughput Tester 1.2.9.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\DivX Web Player 1.4.2 Beta 2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Dropcloth 0.3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\DVD to AVI AC3 Ripper 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\EA.Mobile.Tiger.Woods.07.352x416.v4.3.90.S60v3.J2ME.Retail-BiNPDA.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Easy Collection 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Easy HR Date Calculator 1.09.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Easy-Pro Midi to Audio Converter 1.3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\easyStockDater 1.5.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\ECOMAC 0.100.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\EiffelStudio 6.1.7.1477.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Elektronika Live 2.12.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Excel Save Xlt As Xls Software 7.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\EZScan 1.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Firefox PasswordMaker 1.5.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Flash DVD Ripper 0.92.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\FoxTab 1.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Fresnel Reflection Plugin 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Goldbach 3.1c.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Great Artist Renoir 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Guyana Screen Saver 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Halloween Clock screensaver 2.3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Hide Window 1.40.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Honda CB Screensaver 1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\HTML CaseChanger 1.0.23.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Internet Access Scheduler 2.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Jans Act 10.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Joboshare DVD to Zune Converter 2.3.9.1129.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\JR Screen Ruler 1.5.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\JRelaxTimer 1.0.001.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\JWC CD Player 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Kernel Undelete 4.02.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\KingConvert For Epson P-3000 4.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Lite Edit 2.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\liteRecorder 1.7.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Locator Map of the New York City Districts 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\MCAFEE.SPAMKILLER.6.0.Fr.Crack.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Microsoft Application Request Routing for IIS 7 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Miraplacid Text Driver Terminal Edition 5.2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Morovia PDF417 Barcode Fontware 3.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Mozilla Addons toolbar for Firefox 1.0.1.30.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\MPEG4 Bitrate Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\New Zealand UV Index 1.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Norton.AntiVirus.2007.14.0.0.1+crack-multilenguaje-byzven.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Note Taker 2.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\NT340 1.0 Build 3188.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\O&O DiskStat Professional Edition 1.0.2687.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\OpenEditor 0.98 Beta Build 3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\PetLinx 2.5.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Pick n' Text 2002.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Picture Resizer Pro 2007 2.6.6.5.2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Power Equipment 1.03.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Prevx1.Pc.Security.Crack.Updated-Fixed.07-2006.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Public WEB PST for Outlook 1.2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\PuTTY Tray 0.60 r2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\R-Type v1.0 (Elite Systems) Multi-5 240x320 Nokia n73 n95 Byjj.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Reasonable Antiphishing 2.1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Regular Expression Checker 1.32.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Regular Expression Component Library for VC6 3.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Reminders 1.3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\RSS Writer 1.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\rss2mail 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Saga CD Ripper 1.04.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Seafood2 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Shaggy Bears Screensaver 2.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\SHARM 2.6.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Shell Extension Pack 4.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Site Sentry 2000 1.4.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\SmartInspect Professional 3.1.0.8000.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Snow Country Demo Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Sony ACID Pro 7.0a Build 536.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Sony PSP Video Converter 6.0.2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\SoundClick Bot.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Source Code Organizer 1.o6.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\StillMotion PE 2 2.0 Build 3908.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\SuperPro Software 5.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Symantec_Mobile_Security_4.0.41_Aggiornamento.10_08_06_ByAngelo_.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Ted 2.52.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\TExcelDSNCreator 1.002.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\ThrottleWatch 2.02.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Toadnode 3.1.3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Tomtom Gps Crack Let All Gps Recievers Work For Tomtom Mobile.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Tracker Leader Enterprise 2.1.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Tray Launcher v1.51.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Universal Msn Polygamy 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Universal Plug-and-Play Tester 2.08 Build 53.5.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Usagecircle 2 Cores Gadget 0.5.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\VeryPDF Mini EMF Printer 2.01.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\VisioForge Video Edit ActiveX Version 3.2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Voice Call 4.2.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Windows Std Serial Comm Lib for Xbase++ 4.3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\Wolves Screen Savers 6 1.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\X-Copy Media Center 3.0.0.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\XCPlan 1.3.zip
Deleted ! - C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared\XMouse360 0.2 Beta.zip
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\m"
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\AlexVince&Paul\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\ALEXVI~1\LOCALS~1\Temp




--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\Local AppWizard-Generated Applications\install_patch
Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\Local AppWizard-Generated Applications\key_generator
Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1409082233-1547161642-725345543-1003\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Showing of hidden files has been repaired !



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

N: - Lecteur fixe


+- deleting files :

Not deleted !! - E:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
d532a42b8f3f3787529bfe86d6cf5f02 C:\Documents and Settings\AlexVince&Paul\Application Data\drivers\winupgro.exe

Suspect ! - d532a42b8f3f3787529bfe86d6cf5f02 C:\Program Files\SuperCopier2\SuperCopier2.exe

--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------

Oui je sais il y a un problème pour le moment, les messages avec des rapports ne s affichent plus, tu n es pas le seul dans ce cas là ;-)

Rapport posté avant ta dernière réponse

voir au dessus

Très bien... Maintenant fais ceci stp :

▶ Rends toi sur ce site :
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
▶ tout en bas de cette page tu trouveras un outil
à télécharger,clique sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour)
▶ installe ce fichier sur le Bureau.
▶ ensuite double-clic sur Elibagla.exe
▶ laisse la case "eliminar ficheros automaticamente" coché
▶ clique sur"explorar"
▶ laisse-le travailler

▶ Redémarre en mode sans échec,

*Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).

▶ relance 2 fois elibagla

▶ redémarre en mode normal

▶ poste le rapport final qui sera dans c:\infosat.txt

Ok maintenant :

▶ Telecharge UsbFix sur ton bureau

▶ Lance l installation avec les parametres par default

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix sur ton bureau

▶ Le pc va redémarer

▶ Clique sur l'option 1 Nettoyage

▶ Apres redémarrage post le rapport UsbFix.txt

* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" ,
"Nouvelle tâche" , tapes explorer.exe et valides

http://www.commentcamarche.net/forum/affich 10376353 4 virus trouves au secour?#17

De retour

rapport demandé => merci



-------------- UsbFix V2.413.9 ---------------

* User : AlexVince
* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 20:52:42 le 08/01/2009
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM

N: - Lecteur fixe


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
open = setup.exe
icon = Livebox.ico

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[15/11/2007 01:13][--a------] C:\AUTOEXEC.BAT
[15/11/2007 01:13][--a------] C:\muxmp4.bat
[05/08/2004 15:00][-rahs----] C:\NTDETECT.COM
[15/01/2008 11:19][--a------] C:\md5.exe
[23/11/2008 23:40][-r-hs----] C:\boot.ini
[08/01/2009 12:40][--a------] C:\FindyKill.txt
[08/01/2009 12:40][--a------] C:\InfoSat.txt
[08/01/2009 12:40][--a------] C:\mkv.txt
[08/01/2009 12:40][--a------] C:\mpeg.txt
[08/01/2009 12:40][--a------] C:\rfc1321.txt
[08/01/2009 12:40][--a------] C:\UsbFix.txt
[15/11/2007 01:13][--a------] C:\CONFIG.SYS
[15/11/2007 01:13][--a------] C:\IO.SYS
[15/11/2007 01:13][--a------] C:\MSDOS.SYS
[15/11/2007 01:13][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe


+- Listing des fichiers présents :


--------------- [ Lecteur E ] ----------------

E: - Lecteur de CD-ROM


+- Listing des fichiers présents :

[23/01/2008 21:25][-r-------] E:\livebox.exe
[23/01/2008 21:25][-r-------] E:\Setup.exe
[30/01/2008 13:33][-r-------] E:\setup.ini
[30/01/2008 13:33][-r-------] E:\Autorun.inf

--------------- [ Lecteur N ] ----------------

N: - Lecteur fixe


+- Listing des fichiers présents :


--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
FreeRAM XP="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
AROReminder=C:\Program Files\Advanced Registry Optimizer\aro.exe -rem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
amd_dc_opt=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
ORAHSSSessionManager=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SoundMan=SOUNDMAN.EXE
QuickTime Task="C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
5cf86796=rundll32.exe "C:\WINDOWS\system32\tmkdyibl.dll",b
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ffe6816-9305-11dc-b304-806d6172696f}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
Echec de la supression !! - [31/05/2007 14:02] E:\Setup.exe
Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
Supprimé ! - [23/11/2008 17:13][--ahs----] N:\THUMBS.DB

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[15/11/2007 01:13][--a------] C:\AUTOEXEC.BAT
[15/11/2007 01:13][--a------] C:\muxmp4.bat
[05/08/2004 15:00][-rahs----] C:\NTDETECT.COM
[15/01/2008 11:19][--a------] C:\md5.exe
[23/11/2008 23:40][-r-hs----] C:\boot.ini
[23/01/2008 21:25][-r-------] E:\livebox.exe
[23/01/2008 21:25][-r-------] E:\Setup.exe
[30/01/2008 13:33][-r-------] E:\setup.ini
[30/01/2008 13:33][-r-------] E:\Autorun.inf

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
Echec de la supression !! - [30/01/2008 13:33] E:\autorun.inf
N:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

à l'aide

Help

Re,

▶ Télécharge hijackthis

▶ Tout est expliqué sur mon site web pour l'installer et l'utiliser correctement.

▶ Poste le rapport obtenu dans le bloc note dans ta prochaine réponse.


Comment copier/coller le rapport :


▶ Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

▶ ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

C:\ non accessible pour renommer

Plante ou m'éjecte