Sujet Précédent Sujet Suivant

Virus bagle

Résolu/Fermé
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009 - 9 juil. 2008 à 14:21
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009 - 4 août 2008 à 16:41
Bonjour,
mon pc a attrapé le virus bagle, mon window défender ne marche plus je suis allée le remettre car il était désactivé mais rien a faire.
de plus je ne peut pas mettre msn messenger une fenêtre apparaît en me disant que "l'application n'a pas pu démarrer car sa configuration côte à côte semble incorrecte"
je ne sais plus quoi faire.
je suis allée télécharger l'anti virus AVG qui a détecté des anomalies je ne sais pas si elles se supprime automatiquement avec l anti virus???
je suis novice de se côté aidez moi !!!!
merci

45 réponses

Précédent
Réponse 21 / 45
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
30 juil. 2008 à 01:46
Vu ! merci :-)

@+
0
Réponse 22 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 12:47
salut !!!

voilà le rapport :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-30 12:41:38
Windows 6.0.6000


---- Services - GMER 1.0.14 ----

Service C:\??\C:\Windows\system32\drivers\srosa.sys (*** hidden *** ) [SYSTEM] srosa <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@ImagePath \??\C:\Windows\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\srosa@DisplayName Megadrv3
Reg HKLM\SYSTEM\ControlSet008\Services\srosa
Reg HKLM\SYSTEM\ControlSet008\Services\srosa@Type 1
Reg HKLM\SYSTEM\ControlSet008\Services\srosa@Start 1
Reg HKLM\SYSTEM\ControlSet008\Services\srosa@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet008\Services\srosa@ImagePath \??\C:\Windows\system32\drivers\srosa.sys
Reg HKLM\SYSTEM\ControlSet008\Services\srosa@DisplayName Megadrv3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@drvsyskit C:\Windows\system32\drivers\hldrrr.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@german.exe C:\Windows\system32\wintems.exe
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@mule_st_key C:\Users\D?borah\AppData\Roaming\m\flec006.exe

---- Files - GMER 1.0.14 ----

File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared 0 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\16x16.gif 617 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\16x16.ico 15086 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\32x32.gif 1089 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\background.png 6356 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\bg1.gif 1265 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\blank.gif 43 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\btn.png 5958 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\btn2.png 6085 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\GreenBullet.png 3341 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\helpBG.png 76598 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\img_bk_final.jpg 25553 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\messageBG.png 4553 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\OfficeLogo.jpg 34488 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\OTA_intro_v10_1-1.wmv 393933 bytes
File C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites\shared\viewOTAinLang.gif 2599 bytes
File C:\Program Files\EasyBits\KidsReady\autorun.inf 51 bytes
File C:\Program Files\Windows Live\Photo Gallery\Shared 0 bytes
File C:\Program Files\Windows Live\Photo Gallery\Shared\Filters.xml 30630 bytes
File C:\Program Files\Movie Maker\Shared 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyBoy 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\BabyGirl 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\FlipPage 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Full 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\HueCycle 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\LayeredTitles 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Memories 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\OldAge 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Performance 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Pets 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Push 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Rectangles 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\ResizingPanels 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Shatter 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\SpecialOccasion 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Sports 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Stacking 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Travel 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\VideoWall 0 bytes
File C:\Program Files\Movie Maker\Shared\DvdStyles\Vignette 0 bytes
File C:\Program Files\Hewlett-Packard\HP Software UI\PC Registration\Common\styles\shared 0 bytes
File C:\Program Files\Hewlett-Packard\HP Software UI\PC Registration\Common\styles\shared\common.css 4373 bytes
File C:\Program Files\Hewlett-Packard\HP Software UI\PC Updates\Common\styles\shared 0 bytes
File C:\Program Files\Hewlett-Packard\HP Software UI\PC Updates\Common\styles\shared\common.css 4374 bytes
File C:\Users\Déborah\AppData\Roaming\m\flec006.exe 643072 bytes executable
File C:\Users\Déborah\AppData\Roaming\m\shared 0 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\#1_Spyware_Killer_2.1.zip 1496277 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\.NET_Dashboard_Suite_3.0.zip 2241939 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\.NET_QuarX_1.0.zip 1968652 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\1X-Ripper_2.2.2.zip 712347 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\360_Pano_Viewer_Lite_1.1.zip 2111594 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\ActiveBypass_2.5.zip 1956343 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\AddrMon_1.0.0.49.zip 1371132 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\AgFlowchart_2.1.2.zip 1418627 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\AllBalancesLink_Excel_Add-In_for_Peachtree_1.0_Build_004_[KeyGen].zip 777747 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Alt_WMA_to_MP3_Converter_2.5_(Serial).zip 1821469 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Always_Watching_2.zip 1252691 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Applet_FloatingMenu_Builder_2005_1.0.zip 1830848 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\ArcaClean_worm_removal_tool_1.1_(Key).zip 1707032 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Armor_Command_demo.zip 979995 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Auction_Tender_6.0.zip 1734645 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\File_Splitter_Advanced_1.1.zip 822565 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Fine_Arts_Postcards_4.zip 945795 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Fit_Kit_1.zip 1711026 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Folder_Guide_1.zip 1027358 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\GrFinger_Fingerprint_SDK_4.2.zip 708484 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Guardian_1.0.zip 1053510 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Half-Life_2_The_Bunker_single-player_map.zip 1300621 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Higher_English_Workout_2.zip 867515 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Home_Buyers_Calculator_Suite_2.2.04_(KeyGen).zip 1644848 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\BusinessPulse_3.2b.zip 735608 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\By.m0M.Symantec.Livestate.Recovery.Advanced.Server.Suite.6.0.zip 1493808 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\CactuShop_6.0.zip 672657 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Carnivores_2_1.0.zip 2471398 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\CDMaster32_5.7.1.0.zip 2557937 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\CD_Czar_6.2_Cracked.zip 2035856 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Charm_Tale_1.0.zip 1820433 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\ClickSizer_1.0.zip 2235559 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Clippings_2.6.zip 1611281 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Clone_Cleaner_Pro_1.04.zip 2014809 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\CodeThatPacker_2.1_[Key].zip 2470261 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\CoLT_2.2.1.zip 2563435 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Compare_and_Merge_2.3.zip 2276134 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Counter-Strike_Source_FY_Dust_DM_map.zip 1792286 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\CubeMiniOrganizer_1.3_[KeyGen].zip 1505021 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\S.T.D._Codes_India_1.1.zip 1599599 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Screen_Capture_Professional_Edition_3.2.zip 1770959 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Seven_Segment_Display_OCX_Component_1.2.zip 746943 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\SNMP_Trap_Watcher_1.36.zip 839379 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\SoftX_HTTP_Debugger_4.3.zip 2612099 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\SQL2SS_Scripter_2.0.2.zip 1903921 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\SQL_Log_Rescue_1.zip 1373574 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Streams_3.0.4.zip 847794 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Move_Me_2.52.zip 1121465 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Museum_Email_Archive_2.03.zip 2103153 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\MusicGiants_1.0.zip 2266849 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Music_Logger_Plus_4.zip 678513 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\MyBAK_1.0.35.zip 1332022 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\NewsKeeper_1.zip 1292735 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Newspaper_Delivery_Paperboy_Papergirl_1.0_(With_Crack).zip 1954644 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Auto_Payroll_1.3.zip 1241492 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\BPS_Security_Console_Toolbar_1.0_[KeyGen].zip 704362 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Fat_Fingers_Addin_eBay.com_1.0.zip 1047450 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\NWExplore_1.2_[Cracked].zip 2433290 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\RouteWriter_1.3.zip 1889442 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Symantec.AntiVirus.Corporate.Edition.v10.0.1.1000.Crack.zip 1719517 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Wallpaper_Boot_Master_2.2.6_DEMO.zip 927209 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Text_to_Speech_Maker_1.5.2_[Serial].zip 2211430 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\The_Dallas_Cowboys_ScreenServer_1.0.zip 2646660 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Toko_Content_Editor_1.5.2.zip 847948 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\TunePal_0.4.zip 1718793 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\TX_Text_Control_.NET_Server_13.0_SP1_(Patch).zip 1340630 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Ulead_PhotoImpact_12.0.zip 2237026 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_Underground_deathmatch_map.zip 2384853 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Unreal_Tournament_2004_DM1on1_Sarnath_map.zip 1290558 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Unreal_Tournament_2004_Xcalon_mod.zip 2257764 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\VB.Net_Message_Box_Wizard_1.zip 2350665 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Vocal_Lab_2.2.1.zip 2515422 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\AVG.AntiVirus.Pro.Edition.7.5.432.Incl.Keygen.zip 682253 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Avira_AntiVir_Windows_Workstation_7.00.04.15.zip 2376079 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\A_Tropical_Fish_&_Coral_Reef_Collection_1.zip 2310699 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Background_Buddy_1.07.zip 2491324 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Battlefield_Vietnam_The_Outpost_Map.zip 1777737 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\BeamFile_1.2_build_1292_beta.zip 1291044 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Biromsoft_LinkDetector_1.0_(Cracked).zip 747447 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Blade_Client_1.2.zip 2631534 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\BoogiePOP_Enterprise_4.2.zip 1966583 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Data_Matrix_Font_&_Encoder_7.4_[Key+Serial].zip 779857 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Dictionary_Tooltip_0.9.2.zip 1376349 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Dirt_Bike_3D_(Carbon)_1.9.zip 915274 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Easy_Cheque_4.zip 1988392 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Easy_Mortgage_Calculator_1.0.zip 1239816 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\EeRay_Eazibo_Professional_Edition_2.0.29.zip 1821257 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\EM_Antiblock_1.1.6.zip 2171272 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Evolutionary_Dictionary_3.2.1.zip 2222469 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\EzDNS_1.71.zip 2261991 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Project_Manager_2.02b.zip 1294815 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Projetex_2005_build_120.zip 1889060 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\PumpKIN_2.7.1.zip 1672817 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Queer_FM_-_Now_Playing_3.0.1.zip 1400325 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\QuiltComposer_2.1.0.zip 2234555 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\RCDD_Practice_Exam_Testing_Engine_Software_1.0_[With_Crack].zip 2297347 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\ROM_With_a_View_-_Director's_Cut_3.4_Build_3004.zip 1338713 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Hot_Rod_Garage_to_Glory.zip 1084884 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Id3_Editor_Lite_1.4.zip 755832 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Jack-O-Lantern.zip 2245873 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Kon_2.07.zip 2104228 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Limited_Integration_Calculator_2.1.zip 1632340 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\LoanExpert_Plus_3.3.zip 2299004 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Management-Ware_Mass_Mailing_News_Free_Edtion_1.1.0.4.zip 2355070 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\MediaRipper32_1.5.zip 2588957 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Mega_Sound_Recorder_1.2.zip 1159799 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\WAV_to_MP3_Converter_3.15.zip 729397 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\WebInventory_1.0.zip 1650885 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\WinCAM_Player_3.1.zip 2122485 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\WinDriveCleaner_2005_2.0.55.6_Patch.zip 850968 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\XL_Style_Manager_1.5.2_[Key+Serial].zip 1137919 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\XMark_7.0_SP1.zip 2489659 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\XP_App_Wizard_1.1.zip 1569875 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\YouTube_FLV_to_AVI_Suite_PRO_2.2.1_(With_Crack).zip 1789737 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\OfficeLetterHeads_3.1_(KeyGen).zip 857037 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Password_Protection_System_Lite_1.0.zip 1227306 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Persian_Gulf_Ping_1.0.zip 2276679 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\PitchPerfect_Guitar_Tuner_1.11.zip 2608769 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\PotFly_1.0.zip 2128127 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Powerbacks_Basic_Sampler_2006.zip 2531138 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\PPC-Lotto_1.0.zip 2442985 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\pptXTREME_SoftShadow_for_PowerPoint_1.01.07.zip 2185689 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Symantec.Norton.2005.Key.Generators.(antivirus.-.systemworks.-.internet.security).crack.zip 1314581 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Symantec_Norton_Internet_Security_2005_Activation.zip 1363699 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Tarpri_Incorrect_Answers_Tracker_1.zip 2118787 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\TellMeTheDynIP_1.0_With_Crack.zip 678856 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\TelStar_1.9.zip 1645206 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\TempLAB_1.0.0.zip 2506571 bytes
File C:\Users\Déborah\AppData\Roaming\m\shared\Test_Pro_Developer_8.2.zip 1818543 bytes
File C:\Windows\System32\drivers\downld 0 bytes
File C:\Windows\System32\drivers\downld\43344128.exe 900 bytes
File C:\Windows\System32\drivers\downld\108607.exe 715780 bytes
File C:\Windows\System32\drivers\downld\110378850.exe 704004 bytes
File C:\Windows\System32\drivers\downld\110421688.exe 766 bytes
File C:\Windows\System32\drivers\downld\143206905.exe 1259 bytes
File C:\Windows\System32\drivers\downld\143214097.exe 2562 bytes
File C:\Windows\System32\drivers\downld\143250928.exe 766 bytes
File C:\Windows\System32\drivers\downld\145174.exe 68478 bytes executable
File C:\Windows\System32\drivers\downld\15034955.exe 14852 bytes executable
File C:\Windows\System32\drivers\downld\15042396.exe 766 bytes
File C:\Windows\System32\drivers\downld\15047762.exe 5465 bytes
File C:\Windows\System32\drivers\downld\15063300.exe 94667 bytes executable
File C:\Windows\System32\drivers\downld\15070726.exe 766 bytes
File C:\Windows\System32\drivers\downld\177763.exe 14852 bytes executable
File C:\Windows\System32\drivers\downld\180602.exe 94162 bytes executable
File C:\Windows\System32\drivers\downld\189260.exe 766 bytes
File C:\Windows\System32\drivers\downld\193316.exe 766 bytes
File C:\Windows\System32\drivers\downld\28750313.exe 900 bytes
File C:\Windows\System32\drivers\downld\28760157.exe 28489 bytes
File C:\Windows\System32\drivers\downld\28770577.exe 32700 bytes
File C:\Windows\System32\drivers\downld\28790514.exe 66328 bytes
File C:\Windows\System32\drivers\downld\41455128.exe 519 bytes
File C:\Windows\System32\drivers\downld\41476750.exe 62069 bytes
File C:\Windows\System32\drivers\downld\41486016.exe 33589 bytes
File C:\Windows\System32\drivers\downld\41505548.exe 66075 bytes
File C:\Windows\System32\drivers\downld\417536.exe 14852 bytes executable
File C:\Windows\System32\drivers\downld\431108.exe 766 bytes
File C:\Windows\System32\drivers\downld\43242385.exe 766 bytes
File C:\Windows\System32\drivers\downld\43353301.exe 28491 bytes
File C:\Windows\System32\drivers\downld\43371803.exe 32700 bytes
File C:\Windows\System32\drivers\downld\43394595.exe 66268 bytes
File C:\Windows\System32\drivers\downld\478985.exe 803 bytes
File C:\Windows\System32\drivers\downld\491917.exe 62069 bytes
File C:\Windows\System32\drivers\downld\499343.exe 94667 bytes executable
File C:\Windows\System32\drivers\downld\505692.exe 33215 bytes
File C:\Windows\System32\drivers\downld\510591.exe 766 bytes
File C:\Windows\System32\drivers\downld\526706.exe 66078 bytes
File C:\Windows\System32\drivers\downld\55910695.exe 1259 bytes
File C:\Windows\System32\drivers\downld\55916639.exe 69317 bytes executable
File C:\Windows\System32\drivers\downld\55928074.exe 94162 bytes executable
File C:\Windows\System32\drivers\downld\55934033.exe 766 bytes
File C:\Windows\System32\drivers\downld\564583.exe 803 bytes
File C:\Windows\System32\drivers\downld\574177.exe 62069 bytes
File C:\Windows\System32\drivers\downld\57801724.exe 704004 bytes
File C:\Windows\System32\drivers\downld\57826513.exe 94667 bytes executable
File C:\Windows\System32\drivers\downld\57835233.exe 766 bytes
File C:\Windows\System32\drivers\downld\585393.exe 33215 bytes
File C:\Windows\System32\drivers\downld\597608.exe 900 bytes
File C:\Windows\System32\drivers\downld\605252.exe 66054 bytes
File C:\Windows\System32\drivers\downld\607639.exe 28489 bytes
File C:\Windows\System32\drivers\downld\621351.exe 32700 bytes
File C:\Windows\System32\drivers\downld\641678.exe 64089 bytes
File C:\Windows\System32\drivers\downld\79357.exe 704004 bytes
File C:\Windows\System32\drivers\downld\81157117.exe 900 bytes
File C:\Windows\System32\drivers\downld\81187475.exe 28514 bytes
File C:\Windows\System32\drivers\downld\81199799.exe 32700 bytes
File C:\Windows\System32\drivers\downld\81225882.exe 66287 bytes
File C:\Windows\System32\drivers\downld\86970.exe 429648 bytes
File C:\Windows\System32\drivers\downld\95639891.exe 68478 bytes executable
File C:\Windows\System32\drivers\downld\95665569.exe 94667 bytes executable
File C:\Windows\System32\drivers\downld\95692807.exe 766 bytes
File C:\Windows\System32\drivers\downld\95922861.exe 900 bytes
File C:\Windows\System32\drivers\downld\95933236.exe 28514 bytes
File C:\Windows\System32\drivers\downld\95944592.exe 32700 bytes
File C:\Windows\System32\drivers\downld\95970036.exe 65951 bytes
File C:\Windows\System32\drivers\hldrrr.exe 643072 bytes executable
File C:\Windows\System32\drivers\mdelk.exe 643072 bytes executable
File C:\Windows\System32\drivers\srosa.sys 91000 bytes
File C:\Windows\System32\IME\shared 0 bytes
File C:\Windows\System32\IME\shared\res 0 bytes
File C:\Windows\System32\mdelk.exe 69317 bytes executable
File C:\Windows\System32\wintems.exe 69317 bytes executable



a la fin du scan une fenêtre est apparue
"rootkit in activity"


a++++

:)
0
Réponse 23 / 45
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
30 juil. 2008 à 13:12
Salut

ouf ! gmer a réussi à s'exécuter ! :-)

Vous en avez télécharger des cracks et des saletés !! bagle s'attrape par les cracks ! ... il n'y a pas de mystère à cette pagaille ...

fais ceci stp :

Va dans : Démarrer < exécuter et tape : cmd puis clique sur OK.
Tape chacune de ces commandes en appuyant sur la touche entrée à chaque fois pour valider la commande :

Attention respecte bien la syntaxe et les espaces de chaque ligne !!


gmer -killall
gmer -del reg "HKCU\Software\Microsoft\Windows\CurrentVersion\Run@drvsyskit"
gmer -del reg "HKCU\Software\Microsoft\Windows\CurrentVersion\Run@german.exe"
gmer -del reg "HKLM\SYSTEM\CurrentControlSet\Services\srosa"
gmer -del reg "HKLM\SYSTEM\ControlSet008\Services\srosa"
gmer -del file "C:\Windows\System32\drivers\hldrrr.exe"
gmer -del file "C:\Windows\System32\drivers\mdelk.exe"
gmer -del file "C:\Windows\System32\drivers\srosa.sys"
gmer -del service srosa.sys
gmer -del file "C:\Windows\System32\mdelk.exe"
gmer -del file "C:\Windows\System32\wintems.exe"
gmer -reboot

ensuite redémarre en mode sans echec et passe eligabla et poste le rapport stp

tiens moi au courant !

@+
0
Réponse 24 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 14:12
coucou !!!

tout a marché !!!!!

voilà le rapport :

ComboFix 08-07-28.5 - SYSTEM 2008-07-30 14:01:21.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2699 [GMT 2:00]
Endroit: C:\Users\Déborah\Desktop\Killbagle.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Users\Déborah\AppData\Roaming\inst.exe
C:\Users\Déborah\AppData\Roaming\m
C:\Users\Déborah\AppData\Roaming\m\flec006.exe
C:\Users\Déborah\AppData\Roaming\m\shared
C:\Users\Déborah\AppData\Roaming\m\shared\#1_Spyware_Killer_2.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\.NET_Dashboard_Suite_3.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\.NET_QuarX_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\1X-Ripper_2.2.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\360_Pano_Viewer_Lite_1.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\A_Tropical_Fish_&_Coral_Reef_Collection_1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\ActiveBypass_2.5.zip
C:\Users\Déborah\AppData\Roaming\m\shared\AddrMon_1.0.0.49.zip
C:\Users\Déborah\AppData\Roaming\m\shared\AgFlowchart_2.1.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\AllBalancesLink_Excel_Add-In_for_Peachtree_1.0_Build_004_[KeyGen].zip
C:\Users\Déborah\AppData\Roaming\m\shared\Alt_WMA_to_MP3_Converter_2.5_(Serial).zip
C:\Users\Déborah\AppData\Roaming\m\shared\Always_Watching_2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Applet_FloatingMenu_Builder_2005_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\ArcaClean_worm_removal_tool_1.1_(Key).zip
C:\Users\Déborah\AppData\Roaming\m\shared\Armor_Command_demo.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Auction_Tender_6.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Auto_Payroll_1.3.zip
C:\Users\Déborah\AppData\Roaming\m\shared\AVG.AntiVirus.Pro.Edition.7.5.432.Incl.Keygen.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Avira_AntiVir_Windows_Workstation_7.00.04.15.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Background_Buddy_1.07.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Battlefield_Vietnam_The_Outpost_Map.zip
C:\Users\Déborah\AppData\Roaming\m\shared\BeamFile_1.2_build_1292_beta.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Biromsoft_LinkDetector_1.0_(Cracked).zip
C:\Users\Déborah\AppData\Roaming\m\shared\Blade_Client_1.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\BoogiePOP_Enterprise_4.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\BPS_Security_Console_Toolbar_1.0_[KeyGen].zip
C:\Users\Déborah\AppData\Roaming\m\shared\BusinessPulse_3.2b.zip
C:\Users\Déborah\AppData\Roaming\m\shared\By.m0M.Symantec.Livestate.Recovery.Advanced.Server.Suite.6.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\CactuShop_6.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Carnivores_2_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\CD_Czar_6.2_Cracked.zip
C:\Users\Déborah\AppData\Roaming\m\shared\CDMaster32_5.7.1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Charm_Tale_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\ClickSizer_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Clippings_2.6.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Clone_Cleaner_Pro_1.04.zip
C:\Users\Déborah\AppData\Roaming\m\shared\CodeThatPacker_2.1_[Key].zip
C:\Users\Déborah\AppData\Roaming\m\shared\CoLT_2.2.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Compare_and_Merge_2.3.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Counter-Strike_Source_FY_Dust_DM_map.zip
C:\Users\Déborah\AppData\Roaming\m\shared\CubeMiniOrganizer_1.3_[KeyGen].zip
C:\Users\Déborah\AppData\Roaming\m\shared\Data_Matrix_Font_&_Encoder_7.4_[Key+Serial].zip
C:\Users\Déborah\AppData\Roaming\m\shared\Dictionary_Tooltip_0.9.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Dirt_Bike_3D_(Carbon)_1.9.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Easy_Cheque_4.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Easy_Mortgage_Calculator_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\EeRay_Eazibo_Professional_Edition_2.0.29.zip
C:\Users\Déborah\AppData\Roaming\m\shared\EM_Antiblock_1.1.6.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Evolutionary_Dictionary_3.2.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\EzDNS_1.71.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Fat_Fingers_Addin_eBay.com_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\File_Splitter_Advanced_1.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Fine_Arts_Postcards_4.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Fit_Kit_1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Folder_Guide_1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\GrFinger_Fingerprint_SDK_4.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Guardian_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Half-Life_2_The_Bunker_single-player_map.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Higher_English_Workout_2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Home_Buyers_Calculator_Suite_2.2.04_(KeyGen).zip
C:\Users\Déborah\AppData\Roaming\m\shared\Hot_Rod_Garage_to_Glory.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Id3_Editor_Lite_1.4.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Jack-O-Lantern.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Kon_2.07.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Limited_Integration_Calculator_2.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\LoanExpert_Plus_3.3.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Management-Ware_Mass_Mailing_News_Free_Edtion_1.1.0.4.zip
C:\Users\Déborah\AppData\Roaming\m\shared\MediaRipper32_1.5.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Mega_Sound_Recorder_1.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Move_Me_2.52.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Museum_Email_Archive_2.03.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Music_Logger_Plus_4.zip
C:\Users\Déborah\AppData\Roaming\m\shared\MusicGiants_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\MyBAK_1.0.35.zip
C:\Users\Déborah\AppData\Roaming\m\shared\NewsKeeper_1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Newspaper_Delivery_Paperboy_Papergirl_1.0_(With_Crack).zip
C:\Users\Déborah\AppData\Roaming\m\shared\NWExplore_1.2_[Cracked].zip
C:\Users\Déborah\AppData\Roaming\m\shared\OfficeLetterHeads_3.1_(KeyGen).zip
C:\Users\Déborah\AppData\Roaming\m\shared\Password_Protection_System_Lite_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Persian_Gulf_Ping_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\PitchPerfect_Guitar_Tuner_1.11.zip
C:\Users\Déborah\AppData\Roaming\m\shared\PotFly_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Powerbacks_Basic_Sampler_2006.zip
C:\Users\Déborah\AppData\Roaming\m\shared\PPC-Lotto_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\pptXTREME_SoftShadow_for_PowerPoint_1.01.07.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Project_Manager_2.02b.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Projetex_2005_build_120.zip
C:\Users\Déborah\AppData\Roaming\m\shared\PumpKIN_2.7.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Queer_FM_-_Now_Playing_3.0.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\QuiltComposer_2.1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\RCDD_Practice_Exam_Testing_Engine_Software_1.0_[With_Crack].zip
C:\Users\Déborah\AppData\Roaming\m\shared\ROM_With_a_View_-_Director's_Cut_3.4_Build_3004.zip
C:\Users\Déborah\AppData\Roaming\m\shared\RouteWriter_1.3.zip
C:\Users\Déborah\AppData\Roaming\m\shared\S.T.D._Codes_India_1.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Screen_Capture_Professional_Edition_3.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Seven_Segment_Display_OCX_Component_1.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\SNMP_Trap_Watcher_1.36.zip
C:\Users\Déborah\AppData\Roaming\m\shared\SoftX_HTTP_Debugger_4.3.zip
C:\Users\Déborah\AppData\Roaming\m\shared\SQL_Log_Rescue_1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\SQL2SS_Scripter_2.0.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Streams_3.0.4.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Symantec.AntiVirus.Corporate.Edition.v10.0.1.1000.Crack.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Symantec.Norton.2005.Key.Generators.(antivirus.-.systemworks.-.internet.security).crack.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Symantec_Norton_Internet_Security_2005_Activation.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Tarpri_Incorrect_Answers_Tracker_1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\TellMeTheDynIP_1.0_With_Crack.zip
C:\Users\Déborah\AppData\Roaming\m\shared\TelStar_1.9.zip
C:\Users\Déborah\AppData\Roaming\m\shared\TempLAB_1.0.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Test_Pro_Developer_8.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Text_to_Speech_Maker_1.5.2_[Serial].zip
C:\Users\Déborah\AppData\Roaming\m\shared\The_Dallas_Cowboys_ScreenServer_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Toko_Content_Editor_1.5.2.zip
C:\Users\Déborah\AppData\Roaming\m\shared\TunePal_0.4.zip
C:\Users\Déborah\AppData\Roaming\m\shared\TX_Text_Control_.NET_Server_13.0_SP1_(Patch).zip
C:\Users\Déborah\AppData\Roaming\m\shared\Ulead_PhotoImpact_12.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_Underground_deathmatch_map.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Unreal_Tournament_2004_DM1on1_Sarnath_map.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Unreal_Tournament_2004_Xcalon_mod.zip
C:\Users\Déborah\AppData\Roaming\m\shared\VB.Net_Message_Box_Wizard_1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Vocal_Lab_2.2.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\Wallpaper_Boot_Master_2.2.6_DEMO.zip
C:\Users\Déborah\AppData\Roaming\m\shared\WAV_to_MP3_Converter_3.15.zip
C:\Users\Déborah\AppData\Roaming\m\shared\WebInventory_1.0.zip
C:\Users\Déborah\AppData\Roaming\m\shared\WinCAM_Player_3.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\WinDriveCleaner_2005_2.0.55.6_Patch.zip
C:\Users\Déborah\AppData\Roaming\m\shared\XL_Style_Manager_1.5.2_[Key+Serial].zip
C:\Users\Déborah\AppData\Roaming\m\shared\XMark_7.0_SP1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\XP_App_Wizard_1.1.zip
C:\Users\Déborah\AppData\Roaming\m\shared\YouTube_FLV_to_AVI_Suite_PRO_2.2.1_(With_Crack).zip
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\108607.exe
C:\Windows\system32\drivers\downld\110378850.exe
C:\Windows\system32\drivers\downld\110421688.exe
C:\Windows\system32\drivers\downld\143206905.exe
C:\Windows\system32\drivers\downld\143214097.exe
C:\Windows\system32\drivers\downld\143250928.exe
C:\Windows\system32\drivers\downld\145174.exe
C:\Windows\system32\drivers\downld\15034955.exe
C:\Windows\system32\drivers\downld\15042396.exe
C:\Windows\system32\drivers\downld\15047762.exe
C:\Windows\system32\drivers\downld\15063300.exe
C:\Windows\system32\drivers\downld\15070726.exe
C:\Windows\system32\drivers\downld\177763.exe
C:\Windows\system32\drivers\downld\180602.exe
C:\Windows\system32\drivers\downld\189260.exe
C:\Windows\system32\drivers\downld\193316.exe
C:\Windows\system32\drivers\downld\28750313.exe
C:\Windows\system32\drivers\downld\28760157.exe
C:\Windows\system32\drivers\downld\28770577.exe
C:\Windows\system32\drivers\downld\28790514.exe
C:\Windows\system32\drivers\downld\41455128.exe
C:\Windows\system32\drivers\downld\41476750.exe
C:\Windows\system32\drivers\downld\41486016.exe
C:\Windows\system32\drivers\downld\41505548.exe
C:\Windows\system32\drivers\downld\417536.exe
C:\Windows\system32\drivers\downld\431108.exe
C:\Windows\system32\drivers\downld\43242385.exe
C:\Windows\system32\drivers\downld\43344128.exe
C:\Windows\system32\drivers\downld\43353301.exe
C:\Windows\system32\drivers\downld\43371803.exe
C:\Windows\system32\drivers\downld\43394595.exe
C:\Windows\system32\drivers\downld\478985.exe
C:\Windows\system32\drivers\downld\491917.exe
C:\Windows\system32\drivers\downld\499343.exe
C:\Windows\system32\drivers\downld\505692.exe
C:\Windows\system32\drivers\downld\510591.exe
C:\Windows\system32\drivers\downld\526706.exe
C:\Windows\system32\drivers\downld\55910695.exe
C:\Windows\system32\drivers\downld\55916639.exe
C:\Windows\system32\drivers\downld\55928074.exe
C:\Windows\system32\drivers\downld\55934033.exe
C:\Windows\system32\drivers\downld\564583.exe
C:\Windows\system32\drivers\downld\574177.exe
C:\Windows\system32\drivers\downld\57801724.exe
C:\Windows\system32\drivers\downld\57826513.exe
C:\Windows\system32\drivers\downld\57835233.exe
C:\Windows\system32\drivers\downld\585393.exe
C:\Windows\system32\drivers\downld\597608.exe
C:\Windows\system32\drivers\downld\605252.exe
C:\Windows\system32\drivers\downld\607639.exe
C:\Windows\system32\drivers\downld\621351.exe
C:\Windows\system32\drivers\downld\641678.exe
C:\Windows\system32\drivers\downld\79357.exe
C:\Windows\system32\drivers\downld\81157117.exe
C:\Windows\system32\drivers\downld\81187475.exe
C:\Windows\system32\drivers\downld\81199799.exe
C:\Windows\system32\drivers\downld\81225882.exe
C:\Windows\system32\drivers\downld\86970.exe
C:\Windows\system32\drivers\downld\95639891.exe
C:\Windows\system32\drivers\downld\95665569.exe
C:\Windows\system32\drivers\downld\95692807.exe
C:\Windows\system32\drivers\downld\95922861.exe
C:\Windows\system32\drivers\downld\95933236.exe
C:\Windows\system32\drivers\downld\95944592.exe
C:\Windows\system32\drivers\downld\95970036.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\mdelk.exe
C:\Windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 18:29 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-07-28 14:12 --------- d-----w C:\PROGRA~2\WLInstaller
2008-07-27 20:49 --------- d-----w C:\Program Files\Windows Live
2008-07-23 20:24 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-07-23 18:09 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-23 18:09 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-23 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 16:46 --------- d-----w C:\Program Files\Larousse
2008-07-23 16:44 --------- d-----w C:\Program Files\Internet Download Manager
2008-07-14 10:16 --------- d-----w C:\Program Files\eChanblard
2008-07-10 01:12 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 01:00 --------- d-----w C:\Program Files\Windows Mail
2008-07-09 16:14 --------- d-----w C:\Program Files\Trend Micro
2008-07-07 20:00 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-07 20:00 --------- d-----w C:\Program Files\AVG
2008-07-07 20:00 --------- d-----w C:\PROGRA~2\avg8
2008-07-01 20:28 --------- d-----w C:\PROGRA~2\Grisoft
2008-07-01 19:35 --------- d-----w C:\PROGRA~2\Lavasoft
2008-07-01 19:31 --------- d-----w C:\Program Files\Lavasoft
2008-07-01 19:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 18:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-25 12:03 --------- d---a-w C:\PROGRA~2\TEMP
2008-06-16 16:26 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-06-15 19:53 --------- d-----w C:\Program Files\directx
2008-06-15 19:52 --------- d-----w C:\Program Files\MSXML 4.0
2008-06-04 18:51 --------- d-----w C:\Program Files\IncrediMail
2008-06-04 18:51 --------- d-----w C:\PROGRA~2\IM
2008-06-04 18:50 --------- d-----w C:\PROGRA~2\IncrediMail
2008-04-29 07:18 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-20 01:10 2,923,520 ----a-w C:\Windows\explorer.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 03:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-07 22:00 1232152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-04-19 11:51:08 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1422842385-45425781-3350853422-1000]
"EnableNotificationsRef"=dword:00000007

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2A13FD50-7C0E-45D0-BE41-9AA064C25C31}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{92F445BB-C5D8-4847-AFA9-F2ED5A749AB3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{25BB2D31-24F2-4D9E-8B4D-C7D3C9622959}C:\\program files\\echanblard\\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eMule
"UDP Query User{F088AC81-72A6-471B-83A0-66A91FD071BC}C:\\program files\\echanblard\\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eMule
"{1A0AA0E0-E8E9-4002-97D2-A7416AD3CCF3}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D5DF192D-03F8-492F-A37A-A71FEBF4E320}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{390D7FF4-E77A-49F9-8D4D-8AC08E75017B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F97743DD-D852-4B79-A7E5-159F01C9DE50}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2CC738BB-29B1-4D8B-8224-38B8FB1336C9}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{5A6632AA-67D8-4A9C-A4EC-0DC35BB7998D}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{DD0438AD-1700-4480-BDD7-E1FB11040FFE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BC37AEC1-3C7A-4E85-82B8-103A9E3DFF08}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{732A0173-BF18-4AE1-AEBB-7FEE630D10C7}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"C:\\Program Files\\Winsos\\winsos.exe"= C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-07 22:00]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 22:00]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-15 00:16]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-06 00:25]
S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-RunOnce-ReEXEc - C:\Users\Déborah\Desktop\mdelk.exe.EXE


.
------- Supplementary Scan -------
.
R0 -: HKLM-Main,Start Page = hxxp://www.ustart.org


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 14:06:07
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-30 14:08:46 - machine was rebooted [SYSTEM]
ComboFix-quarantined-files.txt 2008-07-30 12:07:40

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 357,304,721,408 octets libres

337 --- E O F --- 2008-07-26 15:47:56



est ce que tout est bon ????


en tout cas si c'est le cas je te remercie énormément !!!

;)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
30 juil. 2008 à 14:15
Parfait ! :-)

poste un rapport elibagla stp !

++
0
Réponse 26 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 14:40
voici le rapport elibagla :

Wed Jul 30 14:28:28 2008
EliBagle v11.62 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Wed Jul 30 14:28:29 2008
EliBagle v11.62 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 24 de Julio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\


14 fichier au nom de bagle ont été supprimés

est ce que c'est vraiment bon ????
0
Réponse 27 / 45
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
30 juil. 2008 à 14:43
Hum, dans le rapport que tu me poste ça n'apparait pas :/

poste un nouveau rapport gmer stp !

@+
0
Réponse 28 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 14:54
rapport gmer :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-07-30 14:54:13
Windows 6.0.6000


---- Kernel code sections - GMER 1.0.14 ----

PAGE spsys.sys!?SPVersion@@3PADA + 1807 9788B03F 119 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 187F 9788B0B7 384 Bytes [ 87, 97, C3, 8B, FF, A1, 18, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 1A00 9788B238 434 Bytes [ 04, 3B, C1, 73, 05, 8B, 02, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB3 9788B3EB 120 Bytes [ 5D, 0C, EB, 03, 8B, 4D, 10, ... ]
PAGE spsys.sys!?SPVersion@@3PADA + 1C2C 9788B464 1379 Bytes [ 8B, 4E, 10, 31, 4D, D4, 8B, ... ]
PAGE ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2152] kernel32.dll!SetUnhandledExceptionFilter 769CD187 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Users\DBORAH~1\AppData\Local\Temp\Rar$EX00.388\gmer.exe[4640] ntdll.dll!NtCreateFile + 3 777FF417 2 Bytes [ 85, FA ]
.text C:\Program Files\Internet Explorer\iexplore.exe[5324] USER32.dll!DialogBoxIndirectParamW 76AA14EA 5 Bytes JMP 71871667 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5324] USER32.dll!MessageBoxExA 76AB570D 5 Bytes JMP 718715AE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5324] USER32.dll!DialogBoxParamA 76AB65BF 5 Bytes JMP 7187162C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5324] USER32.dll!MessageBoxIndirectW 76ABF1B3 5 Bytes JMP 717016B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5324] USER32.dll!DialogBoxParamW 76AC129F 5 Bytes JMP 716DF301 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5324] USER32.dll!DialogBoxIndirectParamA 76AE29C9 5 Bytes JMP 718716A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5324] USER32.dll!MessageBoxIndirectA 76AEFACF 5 Bytes JMP 718715E8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5324] USER32.dll!MessageBoxExW 76AEFBC9 5 Bytes JMP 71871574 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----
0
Réponse 29 / 45
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
30 juil. 2008 à 14:56
Très bien, à présent faus le scan en mode sans echec avec : MalwareByte's Anti-Malware et poste le rapport stp

@+
0
Réponse 30 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 14:58
je dois parti je fais ça a 18h tu seras là ???
a tout a l'heure

merci bcp de ton aidea tout :-))
0
Réponse 31 / 45
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
30 juil. 2008 à 15:01
Ah ! non, je serai pas là, mais je verrai le résultat du scan demain ;-)

on l'a eu ! :)

bonne journée ! @+

;-)
0
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 19:05
j ai marqué que le problème a été résolu ai je bien fait ??? est ce que tu reçois mes messages ????
je me demande si j'ai pas fait une boulette !!!
0
Réponse 32 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 18:46
voilà le rapport :

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 6.0.6000

18:23:34 2008-07-30
mbam-log-7-30-2008 (18-23-34).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|L:\|)
Eléments examinés: 150925
Temps écoulé: 18 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


je crois bien que tout est bon !!!!!

merci beaucoup je désespérais !!!!
grâce à ton aide tout est bon encore merci !!!
une dernière question est ce que je dois supprimer maintenant elibagla, killbagle, gmer ???
encore une question comme tu as l'air de vraaiment bien t'y connaître en info j 'utilise l'antivirus AVG est ce que cela suffit ou je doit me protéger un peu plus ???

Bonne journée je seras là que jeudi soir alors passe une bonne journée

;-))

@+++++
0
Réponse 33 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 18:52
voilà le rapport :

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 6.0.6000

18:23:34 2008-07-30
mbam-log-7-30-2008 (18-23-34).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|L:\|)
Eléments examinés: 150925
Temps écoulé: 18 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


bon là je pense que tout est bon !!!
en tout cas je voulais dire que ce forum est génial parce que je suis une vrai débutante en ce qui concerne internbet et là tu m'as vraiment bien aidé !!!!!
merci de ta patience parce que sa a pas été facile !!!!!
je te remercie énormément ;-))

j ai encore qq questions comme tu as l'air bien sur le sujet !!
j utilise l'anti virus avg est ce que c'est une protection suffisante ou il faut que je le complète???
pourrais tu me dire ce qu'il faudrait que je rajoute comme protection supplémentaires ????

moi je serais là que demain soir alors bon jeudi ! :-)
0
Réponse 34 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 19:04
voilà le rapport :

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1008
Windows 6.0.6000

18:23:34 2008-07-30
mbam-log-7-30-2008 (18-23-34).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|L:\|)
Eléments examinés: 150925
Temps écoulé: 18 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


je pense que tout est bon !!
merci mille fois je n'en pouvais plus et personne dans mon entourage pour m'aider !!!encore merci pour ton aide !!!!
est ce que je dois supprimer tous ce que j'ai téléchatger (gmer, malware, elibagla, et tous les rapports) ???
est ce que je dois mettre une protection supplémentaire j'utilise AVG et je n'ai que ça, quel autre logiciel je dois installer ????

merci merci ;-)
0
Réponse 35 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 19:11
dsl le message est en triple exemplaire aucun signe que le message est été bien enregistrer (le tps n'ai pas au rdv chez moi du coup sa bug un peu !!) !!! ducoup tu a qq variantes du même message !!!
là y a peut être trop de compliments !!!!!!!! ;-))

aller bonne soirée :-)

a++
0
Réponse 36 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
30 juil. 2008 à 19:27
bon gros bug avec l'orage pourras tu m'envoyer un mail pour voir si tu as reçu tout mes messages ????
merci
0
Réponse 37 / 45
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
31 juil. 2008 à 21:41
Salut

très bien, oui j'ai tout reçu ! dis moi à présent comment se comporte le pc, et poste un nouveau combo et un nouveau rapport hijackthis stp

je te ferai faire le nettoyage de tout ce que l'on a téléchargé à la fin, et je te dirai ce qu'il te manque en logiciel aussi

derrière ligne droite ! :-)

de rien,@+

;-)
0
Réponse 38 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
31 juil. 2008 à 23:04
salut !!

alors je trouve que le pc réagit plus vite il marche comme avant il n'y a plus de problème (j avais un problème d'administrateur dû au virus); windows defender remarche également; En faite depuis hier tout marche correctement rien à dire !!

voilà le rapport ComboFix :

ComboFix 08-07-28.5 - Déborah 2008-07-31 22:55:43.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2040 [GMT 2:00]
Endroit: C:\Users\Déborah\Desktop\Killbagle.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 14:44 . 2008-07-30 14:44 250 --a------ C:\Windows\gmer.ini
2008-07-29 20:29 . 2008-07-29 20:29 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-07-29 20:29 . 2008-07-29 20:29 <REP> d-------- C:\PROGRA~2\Malwarebytes
2008-07-29 20:29 . 2008-07-30 18:01 <REP> d-------- C:\Malwarebytes' Anti-Malware
2008-07-29 20:29 . 2008-07-23 20:09 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-29 20:29 . 2008-07-23 20:09 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-29 18:04 . 2008-07-29 18:04 <REP> d-------- C:\de666387fc226c649add4566464bc5
2008-07-23 18:53 . 2008-06-26 02:33 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-23 18:53 . 2008-06-26 05:22 9,845,248 --a------ C:\Windows\System32\NlsData000a.dll
2008-07-23 18:53 . 2008-06-26 05:22 4,874,240 --a------ C:\Windows\System32\NlsData0009.dll
2008-07-23 18:53 . 2008-06-26 02:33 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-23 18:53 . 2008-06-26 05:22 2,641,408 --a------ C:\Windows\System32\NlsData000c.dll
2008-07-23 18:53 . 2008-06-26 05:22 797,696 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-12 13:39 . 2008-07-12 13:39 <REP> d-------- C:\Muestras
2008-07-09 18:14 . 2008-07-09 18:14 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 22:18 . 2008-07-30 21:14 <REP> d--h----- C:\$AVG8.VAULT$
2008-07-07 22:00 . 2008-07-31 22:36 <REP> d-------- C:\Windows\System32\drivers\Avg
2008-07-07 22:00 . 2008-07-07 22:00 <REP> d-------- C:\Users\All Users\avg8
2008-07-07 22:00 . 2008-07-07 22:00 <REP> d-------- C:\Program Files\AVG
2008-07-07 22:00 . 2008-07-07 22:00 <REP> d-------- C:\PROGRA~2\avg8
2008-07-07 22:00 . 2008-07-07 22:00 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-07-07 22:00 . 2008-07-07 22:00 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-07-07 21:33 . 2008-07-23 18:44 <REP> d-------- C:\Program Files\Internet Download Manager
2008-07-01 22:28 . 2008-07-01 22:28 <REP> d-------- C:\Users\All Users\Grisoft
2008-07-01 22:28 . 2008-07-01 22:28 <REP> d-------- C:\PROGRA~2\Grisoft
2008-07-01 21:31 . 2008-07-01 21:35 <REP> d-------- C:\Users\All Users\Lavasoft
2008-07-01 21:31 . 2008-07-01 21:31 <REP> d-------- C:\Program Files\Lavasoft
2008-07-01 21:31 . 2008-07-01 21:35 <REP> d-------- C:\PROGRA~2\Lavasoft
2008-07-01 20:33 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-07-01 20:32 . 2008-07-01 20:32 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-16 18:26 . 2008-06-16 18:26 47,360 --a------ C:\Windows\System32\drivers\pcouffin.sys
2008-06-15 21:53 . 2008-07-23 18:46 <REP> d-------- C:\Program Files\Larousse
2008-06-15 21:53 . 2008-06-15 21:53 <REP> d-------- C:\Program Files\directx
2008-06-15 21:52 . 2008-06-15 21:52 <REP> d-------- C:\Program Files\MSXML 4.0
2008-06-14 23:38 . 2008-04-23 06:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-14 23:38 . 2008-04-23 06:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 23:38 . 2008-04-23 06:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 23:38 . 2008-04-23 06:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 23:38 . 2008-04-23 06:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-14 23:38 . 2008-04-23 06:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-14 23:38 . 2008-04-23 06:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-04 20:50 . 2008-06-04 20:50 <REP> d-------- C:\Users\All Users\IncrediMail
2008-06-04 20:50 . 2008-06-04 20:51 <REP> d-------- C:\Users\All Users\IM
2008-06-04 20:50 . 2008-06-04 20:51 <REP> d-------- C:\Program Files\IncrediMail
2008-06-04 20:50 . 2008-06-04 20:50 <REP> d-------- C:\PROGRA~2\IncrediMail
2008-06-04 20:50 . 2008-06-04 20:51 <REP> d-------- C:\PROGRA~2\IM
2008-06-03 22:32 . 2008-07-31 22:58 0 --------- C:\Windows\System32\Ikeext.etl

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 14:12 --------- d-----w C:\PROGRA~2\WLInstaller
2008-07-27 20:49 --------- d-----w C:\Program Files\Windows Live
2008-07-23 20:24 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-07-23 16:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-14 10:16 --------- d-----w C:\Program Files\eChanblard
2008-07-10 01:12 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 01:00 --------- d-----w C:\Program Files\Windows Mail
2008-07-01 19:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 12:03 --------- d---a-w C:\PROGRA~2\TEMP
2008-04-29 07:18 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-20 01:10 2,923,520 ----a-w C:\Windows\explorer.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-20 03:07 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"EPSON Stylus DX7400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE" [2007-04-12 08:00 182272]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-06-03 17:25 243072]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 03:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-07 22:00 1232152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2008-04-19 11:51:08 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1422842385-45425781-3350853422-1000]
"EnableNotificationsRef"=dword:00000007

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2A13FD50-7C0E-45D0-BE41-9AA064C25C31}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{92F445BB-C5D8-4847-AFA9-F2ED5A749AB3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{25BB2D31-24F2-4D9E-8B4D-C7D3C9622959}C:\\program files\\echanblard\\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eMule
"UDP Query User{F088AC81-72A6-471B-83A0-66A91FD071BC}C:\\program files\\echanblard\\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eMule
"{1A0AA0E0-E8E9-4002-97D2-A7416AD3CCF3}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D5DF192D-03F8-492F-A37A-A71FEBF4E320}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{390D7FF4-E77A-49F9-8D4D-8AC08E75017B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F97743DD-D852-4B79-A7E5-159F01C9DE50}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2CC738BB-29B1-4D8B-8224-38B8FB1336C9}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{5A6632AA-67D8-4A9C-A4EC-0DC35BB7998D}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{DD0438AD-1700-4480-BDD7-E1FB11040FFE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BC37AEC1-3C7A-4E85-82B8-103A9E3DFF08}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{732A0173-BF18-4AE1-AEBB-7FEE630D10C7}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"C:\\Program Files\\Winsos\\winsos.exe"= C:\Program Files\Winsos\winsos.exe:*:Enabled:Winsos

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-07 22:00]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 22:00]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-15 00:16]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-06 00:25]
S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 17:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f4eec5-0406-11dd-a452-001e8c4e9577}]
\shell\AutoRun\command - J:\nideiect.com
\shell\explore\Command - J:\nideiect.com
\shell\open\Command - J:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f4eec8-0406-11dd-a452-001e8c4e9577}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WINSOS VERIFY - C:\Program Files\Winsos\WINSOS.EXE


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://www.ustart.org
O8 -: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 22:58:40
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\schtasks.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Déborah\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Déborah\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-31 23:01:18 - machine was rebooted [D‚borah]
ComboFix-quarantined-files.txt 2008-07-31 21:01:11
ComboFix2.txt 2008-07-30 12:08:46

Pre-Run: 356,229,709,824 octets libres
Post-Run: 356,755,460,096 octets libres

198 --- E O F --- 2008-07-31 20:41:27
0
Réponse 39 / 45
diabolo!!! Messages postés 41 Date d'inscription mercredi 9 juillet 2008 Statut Membre Dernière intervention 12 décembre 2009
31 juil. 2008 à 23:08
et le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:26, on 31/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
C:\Users\Déborah\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Déborah\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\hp\kbd\kbd.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_S9848.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = ?
O4 - Global Startup: WiFi Station pour Livebox.lnk = C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
0
Réponse 40 / 45
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
1 août 2008 à 15:25
Salut

je pense que c'est tout bon, un petit dernier nettoyage complémentaire, fais ce qui est indiquer ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

@+

;-)
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses