Sujet Précédent Sujet Suivant

Virus impossible ouvrir anti virus

Fermé
jaljal - 12 nov. 2008 à 19:39
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 - 20 déc. 2008 à 21:20
Bonjour,
Mon pc a été infecté et mon anti virus a disparu.
J'ai installé avast et ccleaner mais il ne veulent pas s'ouvrir.
quand j'essaye d'ouvrir avast j'ai le message suivant
C:\program Files\alwilsoftware\avast4\ashavast.exe n'est pas une application win 32 valide

Que dois je faire
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
Sephiroth2007 Messages postés 215 Date d'inscription vendredi 15 juin 2007 Statut Membre Dernière intervention 3 février 2016 16
12 nov. 2008 à 20:12
Bonjour,

Je pense que ça peut être le virus : "Beagle", je vient d'avoir le même problème (je l'ai résolu il y a quelque heure ^^)
1
Réponse 2 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
12 nov. 2008 à 20:16
Je confirme tu as bien une infection bagle.

Télécharge FindyKill (Merci à Chiquitine29 !!)

Fais un clic droit sur le lien, enregister sous .....sur le bureau
=> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

Dézippe le sur le bureau

Entre dans le dossier FindyKill
Double clique sur FindyKill.exe
Choisis l'option 1 (recherche)
Un rapport va s'ouvrir, poste le dans ta prochaine réponse stp

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque (C:\FindyKill.txt)
0
jaljal
12 nov. 2008 à 22:58
Bonjour
voici le rapport
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[2].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[3].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[2].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\mxd[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[2].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[3].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[4].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[5].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[6].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[2].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[2].jpg

--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ORAHSSSessionManager REG_SZ C:\Program Files\Orange\SessionManager\SessionManager.exe
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
F-Secure Manager REG_SZ "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
F-Secure TNB REG_SZ "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
<SANS NOM> REG_SZ
RoxWatchTray REG_SZ "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
QUAD Scheduler REG_SZ C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
QUAD Windows service REG_SZ C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
RegistryBooster 2 d’Uniblue REG_SZ C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\CHKPTR
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\MsnMsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


Merci d'avance
0
Réponse 3 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
13 nov. 2008 à 01:31
Nettoyage :

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal, choisis l’option 2 (Suppression)


/!\ il y aura 2 redémarrages, laisse travailler l’outil jusqu’à l’apparition du message "nettoyage effectué"

/!\ Ne te sers pas du pc durant la suppression, ton bureau ne sera pas accessible c’est normal !

-------> ensuite poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tapes explorer.exe et valides


0
jaljal
13 nov. 2008 à 14:45
Bonjour
j'ai fais supprimer et voila le rapport


----------------- FindyKill V4.600 ------------------

* User : Jean Luc - GROLLEAU-BLXN2V
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Recherche effectuée à 14:42:11 le 13/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [13/11/2008 14:23] - C:\WINDOWS\system32\mdelk.exe
Found ! [13/11/2008 14:23] - C:\WINDOWS\system32\wintems.exe

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [13/11/2008 14:30] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [17/08/2006 04:07] - C:\WINDOWS\system32\drivers\winfilse.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Application Data

Found ! [13/11/2008 14:24] - "C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe"
Found ! [13/11/2008 14:31] - "C:\Documents and Settings\Jean Luc\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\JEANLU~1\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ORAHSSSessionManager REG_SZ C:\Program Files\Orange\SessionManager\SessionManager.exe
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
F-Secure Manager REG_SZ "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
F-Secure TNB REG_SZ "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
<SANS NOM> REG_SZ
RoxWatchTray REG_SZ "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
RegistryBooster 2 d’Uniblue REG_SZ C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
jaljal
13 nov. 2008 à 18:29
Bonjour
j'ai fais supprimer et voila le rapport
autrement rien de chaner je ne peut toujours pas ouvrir mon anti virus ni ccleaner
merci encore pour ton aide


----------------- FindyKill V4.600 ------------------

* User : Jean Luc - GROLLEAU-BLXN2V
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Recherche effectuée à 14:42:11 le 13/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [13/11/2008 14:23] - C:\WINDOWS\system32\mdelk.exe
Found ! [13/11/2008 14:23] - C:\WINDOWS\system32\wintems.exe

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [13/11/2008 14:30] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [17/08/2006 04:07] - C:\WINDOWS\system32\drivers\winfilse.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Application Data

Found ! [13/11/2008 14:24] - "C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe"
Found ! [13/11/2008 14:31] - "C:\Documents and Settings\Jean Luc\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\JEANLU~1\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ORAHSSSessionManager REG_SZ C:\Program Files\Orange\SessionManager\SessionManager.exe
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
F-Secure Manager REG_SZ "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
F-Secure TNB REG_SZ "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
<SANS NOM> REG_SZ
RoxWatchTray REG_SZ "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
RegistryBooster 2 d’Uniblue REG_SZ C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 4 / 23
Sephiroth2007 Messages postés 215 Date d'inscription vendredi 15 juin 2007 Statut Membre Dernière intervention 3 février 2016 16
13 nov. 2008 à 20:29
Bonsoir,

Ce qui est sur c'est que tu as bien Beagle, :C:\WINDOWS\system32\mdelk.exe ; C:\WINDOWS\system32\drivers\srosa.sys ; .... (ou avais je ne sais pas si il a été supprimé, je ne connais pas bien FindyKill), j"espère que crapoulou continuera de t'aider. (il y a aussi d'autres petits virus je pense)

Et pour les logiciels que tu as perdu, il faut les désinstaller complètement (c'est pas toujours facile des fois le "uninstal" est aussi bloqué : "application Win 32 non valide"), mais une fois réussi tu les réinstallent et ça devrait aller, après je te conseille de faire une analyse avec ton antivirus.
Beagle est assez long à éliminer :/, mais faut pas désespérer ^^

Bonne chance, @+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
13 nov. 2008 à 21:40
Je suis d'accord avec tout ce qu'a dit Sephiroth2007 : il va falloir désinstaller tout ce qui ne fonctionne plus et le réinstaller. (pas tout de suite).
Les fichiers n'ont pas été supprimé !

Fais bien l'option 2 ou poste bien le bon rapport : regarde c'est marqué :
((((((((((Recherche))))))))))))))))
Il faut que ce soit écrit :
(((((((((((((( Suppression))))))))).
Regarde si tu as un rapport comme ça sur ton disque dur (C:\).
Si ce n'est pas le cas, fais bien l'option 2.
0
jaljal
14 nov. 2008 à 00:28
Voici le dernier rapport
encore merci

----------------- FindyKill V4.600 ------------------

* User : Jean Luc - GROLLEAU-BLXN2V
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Suppression effectuée à 0:16:12 le 14/11/2008
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** Suppression *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Fichiers / Dossiers infectieux ] ----------------


»»»» Supression des fichiers dans C:


»»»» Supression des fichiers dans C:\WINDOWS


»»»» Supression des fichiers dans C:\WINDOWS\Prefetch


»»»» Supression des fichiers dans C:\WINDOWS\system32

Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression des fichiers dans C:\WINDOWS\system32\drivers

Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Not deleted !! - C:\WINDOWS\system32\drivers\winfilse.exe

»»»» Supression des fichiers dans C:\Documents and Settings\Jean Luc\Application Data

Not deleted !! - "C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe"
Not deleted !! - "C:\Documents and Settings\Jean Luc\Application Data\m"

»»»» Supression des fichiers dans C:\DOCUME~1\JEANLU~1\LOCALS~1\Temp


»»»» Supression des fichiers dans C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[5].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[6].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[7].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg

--------------- [ Registre / Clés infectieuses ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Redémarage des services ] ----------------

+- Mode sans echec restauré !


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur amovible


+- Suppression des fichiers :


--------------- [ Registre / Moutpoint2 ] ----------------


-> Not found !


--------------- [ Recherche Cracks / Keygen ] ----------------



---------------- ! Fin du rapport ! ------------------
0
Réponse 6 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 00:37
Parfait.
Télécharge OTMoveIt3 : http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

:files
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
0
jaljal
14 nov. 2008 à 00:48
Voia le rapport dans le cadre results
========== FILES ==========
File move failed. C:\WINDOWS\system32\mdelk.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\wintems.exe scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11142008_004559
0
Réponse 7 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 00:57
Redémarre ton ordi et reposte un nouveau rapport findykill option 1 stp.
0
jaljal
14 nov. 2008 à 01:02
voici le rapport
----------------- FindyKill V4.600 ------------------

* User : Jean Luc - GROLLEAU-BLXN2V
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Recherche effectuée à 0:59:50 le 14/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\drivers\downld\202828.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\WINDOWS\system32\drivers\downld\202828.exe" (3668)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\118921.EXE-2D66CF70.pf
Found ! - C:\WINDOWS\prefetch\126812.EXE-1C8CAFDF.pf
Found ! - C:\WINDOWS\prefetch\130484.EXE-0FD47509.pf
Found ! - C:\WINDOWS\prefetch\153718.EXE-240E7314.pf
Found ! - C:\WINDOWS\prefetch\157203.EXE-031B9C95.pf
Found ! - C:\WINDOWS\prefetch\158359.EXE-25E6A8B2.pf
Found ! - C:\WINDOWS\prefetch\196937.EXE-070BB36F.pf
Found ! - C:\WINDOWS\prefetch\202828.EXE-39E80D7A.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-073D02EF.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\MAGICKEY.EXE-0D899DFA.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [14/11/2008 00:52] - C:\WINDOWS\system32\mdelk.exe
Found ! [14/11/2008 00:52] - C:\WINDOWS\system32\wintems.exe
Found ! [14/11/2008 00:52] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [14/11/2008 00:51] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [14/11/2008 00:51] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [17/08/2006 04:07] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [14/11/2008 00:55] - "C:\WINDOWS\system32\drivers\downld"
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\103609.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\106656.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\109171.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\118921.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\118953.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\120015.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\125781.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\126781.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\126812.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\126968.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\130484.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\153718.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\157203.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\158359.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\163093.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\176734.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\182750.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\196937.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\200140.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\202828.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\204890.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\360046.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\365015.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\373078.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\374515.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\374828.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\378890.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\86859.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\96750.exe
Found ! [14/11/2008 00:55] C:\WINDOWS\system32\drivers\downld\97765.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Application Data

Found ! [14/11/2008 00:40] - "C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe"
Found ! [14/11/2008 00:40] - "C:\Documents and Settings\Jean Luc\Application Data\m\list.oct"
Found ! [14/11/2008 00:40] - "C:\Documents and Settings\Jean Luc\Application Data\m\data.oct"
Found ! [14/11/2008 00:40] - "C:\Documents and Settings\Jean Luc\Application Data\m\srvlist.oct"
Found ! [14/11/2008 00:51] - "C:\Documents and Settings\Jean Luc\Application Data\m\shared"
Found ! [14/11/2008 00:36] - "C:\Documents and Settings\Jean Luc\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\JEANLU~1\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5

Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[2].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[2].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[3].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Found ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[2].jpg

--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ORAHSSSessionManager REG_SZ C:\Program Files\Orange\SessionManager\SessionManager.exe
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
F-Secure Manager REG_SZ "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
F-Secure TNB REG_SZ "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
<SANS NOM> REG_SZ
RoxWatchTray REG_SZ "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
RegistryBooster 2 d’Uniblue REG_SZ C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\Local AppWizard-Generated Applications\flec006
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\flec006
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 2

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur amovible


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 8 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 01:04
Refait l'option 2
0
Réponse 9 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 01:11
C'est quoi le lecteur G que tu as branché ??
0
jaljal
14 nov. 2008 à 01:14
voici le rapport
le lecteur G c'est ma clé usb que j'avais oublié mais elle est vide

----------------- FindyKill V4.600 ------------------

* User : Jean Luc - GROLLEAU-BLXN2V
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Suppression effectuée à 1:05:15 le 14/11/2008
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** Suppression *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Fichiers / Dossiers infectieux ] ----------------


»»»» Supression des fichiers dans C:


»»»» Supression des fichiers dans C:\WINDOWS


»»»» Supression des fichiers dans C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\118921.EXE-2D66CF70.pf
Deleted ! - C:\WINDOWS\prefetch\126812.EXE-1C8CAFDF.pf
Deleted ! - C:\WINDOWS\prefetch\130484.EXE-0FD47509.pf
Deleted ! - C:\WINDOWS\prefetch\153718.EXE-240E7314.pf
Deleted ! - C:\WINDOWS\prefetch\157203.EXE-031B9C95.pf
Deleted ! - C:\WINDOWS\prefetch\158359.EXE-25E6A8B2.pf
Deleted ! - C:\WINDOWS\prefetch\196937.EXE-070BB36F.pf
Deleted ! - C:\WINDOWS\prefetch\202828.EXE-39E80D7A.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-073D02EF.pf
Deleted ! - C:\WINDOWS\prefetch\MAGICKEY.EXE-0D899DFA.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINFILSE.EXE-17C2CF68.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf

»»»» Supression des fichiers dans C:\WINDOWS\system32

Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression des fichiers dans C:\WINDOWS\system32\drivers

Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Not deleted !! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\103609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\106656.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\109171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\118921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\118953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\120015.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\125781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\126781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\126812.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\126968.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\130484.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\153718.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\157203.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\158359.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\163093.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\176734.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\182750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\196937.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\200140.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\202828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\204890.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\360046.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\365015.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\373078.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\374515.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\374828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\378890.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\86859.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\96750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\97765.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression des fichiers dans C:\Documents and Settings\Jean Luc\Application Data

Not deleted !! - "C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Jean Luc\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Jean Luc\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Jean Luc\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\156-510 Free Test Exam Questions 10.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\3webTotal_Tv_&_Radio_Tuner_4.114.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\4Movy DVD Ripper 3.5.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\AceConvert Professional 2.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Ali Landry 4 Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Anti-Hacker_Expert_2003_1.6.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Anti_Identity_Theft_1.0_[Patch].zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Aromatherapy essential oils software 1.3.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Astrology_Glyph_Screensaver_1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Audio_SixPack_1.0.1_build_875.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Avi2wav-mpg 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\BackupMail 1.5.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Belkasoft Yahoo! Messenger History Extractor Pro 2.01 (Serial).zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\BitDefender_Free_Edition_8.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\BuilderBlinds_1.1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Cafecontrol_3.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Call_of_Duty_Nuenen_Map.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Canaware DevAssistant 3.1 Beta.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\CD Secretary 2008 1.0.7.1206.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\ClubDJ Lite 1.2.3.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Command_&_Conquer_Generals_-_Freedom_map.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Cool Info XP 4.0.6.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Crazy Gecko's Job Scheduler 1.6.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\CrypTalk 1.1.0.32.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Database Gate 1.9.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\DataMatrix Console 1.4.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Derelict_1.03.46.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Desktop_Multi_Search_Engine_1.2.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Dictionary_English_-_Vietnamese_1.8.33.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\DigiMode My Notes 1.00.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Digital_Math_Teacher_1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\DiscoMania 2.03.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Dots.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Dynamic DNS Client .NET Edition Service 2.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\EASE DVD Ripper 1.10.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Easy_Album_Manager_1.01.01.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\ECMerge_Pro_2.0_build_54.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Eliminate Spam Pro 2.6.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Email_Scheduler_1.3_With_Crack.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\eWriter_0.Cg.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\FCPro_1.2.0_Patch.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\FileSize 1.4.104.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Forgot_Password_1.12.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Get Keywords 1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\GlassWorks 1.05.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\GPS2GoogleEarth 1.0.0.1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Hidden Utilities XP 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Hide-XP 1.0.3 Serial.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\HiFi WMA Recorder Joiner 1.10.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\How_To_Draw_Screen_Saver_2005_1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\HTTP_Sniffer_1.1_(Key).zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Ideal Body Weight Calculator 1.0 Serial.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Imaging_Matrix_-_Manual_Indexer_2.1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\InfoStore_1.5.1_With_Crack.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Internet_Tweak_4.90.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\IP_Detective_Suite_2K_3.2_Crack.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Kaleid-O-Space_2.1.1a_(Patch).zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Kaspersky.Internet.Security.2006.6.0.0.300.Util.Robocop.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Kate Moss Screensaver1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Lapses of Memory 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Liberty_Fireworks_1.2.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\LingvoSoft Suite 2007 English - Croatian 2.0.23.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\MB Free Aromatherapy Dictionary 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\MemAv 1.2.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\MH-Scheduler_3.5.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\MHDD 4.6.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Microsoft_IntelliPoint_Driver_(OS_X)_5.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Mileage Log 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\MP3_Audio_Converter_1.7.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\MSBlaster_Worm_Remover_1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\MultiMacro_1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\MyScript_Notes_2.1_(Patch).zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\NCTFinancialChart.NET_Library_1.1_(Patch).zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Nero_Recode_2.2.6.17c.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\NetAdjust_Cleaner_4.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Nostalgia 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Omaha Toolbar 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Operation_Flashpoint_Cold_War_Crisis_-_Incursion_map.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Outlook Express Email Recovery Software 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Outlook_Express_Backup_Plus_2.7.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\PC Integrity Scanner 1.4.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Photoshop_Updater_7.0.1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Picture_Studio_.EXE_Professional_1.1.0.227.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Pixel_Picker_1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\PixPatrol_0.90_Beta.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Redirect Remover 2.5.3.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Rental_Property_Manager_1.18.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\RingtonEditor 1 build 20070320.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Sacrifice_Blood_Bowl_map.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Screensaver_Builder_4.7.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\SecuBox_for_Pocket_PC_1.2.2.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Show_IP_1.00.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\SidePanel_2.2.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Sites2C_1.10_Crack.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Sky News Gadget 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Smart!_1.2.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\SNMPGetSet_1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Softpit_PC_Search_Engine_2.0.1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\SpamReport 1.3.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Spanish Whiz 7.2.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\SpyAnytime_PC_Spy_2.42_Crack.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Squash 0.3.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Star_Screen_Saver_2_Hot_Russian_Girls.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Stealth_Browser_1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\SubmitWebsiteFree 1.2.1 (Key).zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Super Y! 1.0.14.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Swap_1.4.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Symantec.Pcanywhere.v12.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\TarotManager_1.00.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\TeamFound 0.11.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\The Origin of Ratha Yatra 1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\The_Sims_2_Happy_Clown_Face_skin.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Thinc-Time_2.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\ThunderSite_Web_Design_Edition_2.1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\TinyStone_Web_Album_1.9.512.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Tour Budget Pro 1.1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Trance@Etn.fm 2.3.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Tumblebugs_1.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Tweaker for Outlook Express 1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Vax_VoIP_SDK_2.0_[KeyGen].zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Victoria_Toolbar_1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\VirtualBoss_3.68.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Visual Typewriter 1.5.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Webster.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\WH QuickStart 1.0.2.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\WinProgressX 2.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\Y!Force_Cracker_1.0.zip
Deleted ! - C:\Documents and Settings\Jean Luc\Application Data\m\shared\ZzToggle-Gray 1.0.zip
Deleted ! - "C:\Documents and Settings\Jean Luc\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\Jean Luc\Application Data\m"

»»»» Supression des fichiers dans C:\DOCUME~1\JEANLU~1\LOCALS~1\Temp


»»»» Supression des fichiers dans C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[5].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[6].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[7].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[2].jpg

--------------- [ Registre / Clés infectieuses ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\Local AppWizard-Generated Applications\flec006
Deleted ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-606747145-1275210071-839522115-1003\Software\MuleAppData

--------------- [ Etat / Redémarage des services ] ----------------

+- Mode sans echec restauré !


+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur amovible


+- Suppression des fichiers :


--------------- [ Registre / Moutpoint2 ] ----------------


-> Not found !


--------------- [ Recherche Cracks / Keygen ] ----------------



---------------- ! Fin du rapport ! ------------------
0
Réponse 10 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 01:29
Je vois çà demain je vais me coucher.
A demain.
Fais deux choses : Vide le contenu de
C:\Windows\Temp
et
C:\Windows\Prefetch Sauf layout.ini
Vide ensuite la corbeille.
0
Réponse 11 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 01:38
Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

:files
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\drivers\winfilse.exe
C:\Documents and Settings\Jean Luc\Application Data\m

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
0
jaljal
14 nov. 2008 à 13:07
Bonjour
voici le rapport
encore merci

========== FILES ==========
File move failed. C:\WINDOWS\system32\mdelk.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\wintems.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\srosa.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\winfilse.exe scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jean Luc\Application Data\m scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11142008_125956

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\mdelk.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\wintems.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\srosa.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\drivers\winfilse.exe scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Jean Luc\Application Data\m scheduled to be moved on reboot.
0
Réponse 12 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 13:05
Pas besoin de faire ce qui a été dit dans le message précédent (18).
Désinstalle Findykill et réinstalle le.
Refais un scan avec l'option 1 et poste le rapport stp.
0
jaljal
14 nov. 2008 à 13:16
Voici le rapport
merci





----------------- FindyKill V4.600 ------------------

* User : Jean Luc - GROLLEAU-BLXN2V
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Recherche effectuée à 13:13:30 le 14/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\WINDOWS\system32\drivers\downld\226109.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\WINDOWS\system32\drivers\downld\226109.exe" (3564)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [14/11/2008 13:04] - C:\WINDOWS\system32\mdelk.exe
Found ! [14/11/2008 13:04] - C:\WINDOWS\system32\wintems.exe

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [14/11/2008 13:08] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [17/08/2006 04:07] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [14/11/2008 13:09] - "C:\WINDOWS\system32\drivers\downld"
Found ! [14/11/2008 13:09] C:\WINDOWS\system32\drivers\downld\226109.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Application Data

Found ! [14/11/2008 13:04] - "C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe"
Found ! [14/11/2008 13:09] - "C:\Documents and Settings\Jean Luc\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\JEANLU~1\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ORAHSSSessionManager REG_SZ C:\Program Files\Orange\SessionManager\SessionManager.exe
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
F-Secure Manager REG_SZ "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
F-Secure TNB REG_SZ "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
<SANS NOM> REG_SZ
RoxWatchTray REG_SZ "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
RegistryBooster 2 d’Uniblue REG_SZ C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 13 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 13:18
ES tu sûr d'avoir correctement désinstallé Findykill et retéléchargé ??
C'est l'ancienne version là... (4.600)
0
jaljal
14 nov. 2008 à 13:29
J'ai reinstaller findykill V4.7OO

Voici le rapport option 1



----------------- FindyKill V4.700 ------------------

* User : Jean Luc - GROLLEAU-BLXN2V
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 13/11/08 par Chiquitine29
* Recherche effectuée à 13:25:06 le 14/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch


»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [14/11/2008 13:04] - C:\WINDOWS\system32\mdelk.exe
Found ! [14/11/2008 13:04] - C:\WINDOWS\system32\wintems.exe

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [14/11/2008 13:08] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [17/08/2006 04:07] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [14/11/2008 13:09] - "C:\WINDOWS\system32\drivers\downld"
Found ! [14/11/2008 13:09] C:\WINDOWS\system32\drivers\downld\226109.exe

»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Application Data

Found ! [14/11/2008 13:04] - "C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe"
Found ! [14/11/2008 13:09] - "C:\Documents and Settings\Jean Luc\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\JEANLU~1\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ORAHSSSessionManager REG_SZ C:\Program Files\Orange\SessionManager\SessionManager.exe
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
F-Secure Manager REG_SZ "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
F-Secure TNB REG_SZ "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
<SANS NOM> REG_SZ
RoxWatchTray REG_SZ "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
RegistryBooster 2 d’Uniblue REG_SZ C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur amovible


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 14 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 13:32
Parfait.
Lance l'option 2 et poste le rapport.
0
Réponse 15 / 23
jaljal
14 nov. 2008 à 13:37
voici le rapport option 2

Merci



----------------- FindyKill V4.700 ------------------

* User : Jean Luc - GROLLEAU-BLXN2V
* executed from : C:\Program Files\FindyKill
* Update on 13/11/08 par Chiquitine29
* Start at 13:33:37 the 14/11/2008
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\226109.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression files in C:\Documents and Settings\Jean Luc\Application Data

Deleted ! - "C:\Documents and Settings\Jean Luc\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Jean Luc\Application Data\m"

»»»» Supression files in C:\DOCUME~1\JEANLU~1\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\3LXPSAM3\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_1[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[5].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[6].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[7].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\EKAKCTO1\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\HBND6HX2\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TP6YQTCC\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Jean Luc\Local Settings\Temporary Internet Files\Content.IE5\TS5YQIN2\mxd[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !


+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur amovible


+- deleting files :


--------------- [ Registry / Moutpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------



---------------- ! End of report ! ------------------
0
Réponse 16 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 13:53
Super :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner

-> L´installer.

-> « nettoyeur »

Quitte ton navigateur Internet avant de le lancer, décoche la dernière case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" quand il aura terminé le scan cliques en bas à droite sur "lancer le nettoyage" et accepte par oui.
Attention, il risque de vider ta corbeille : si tu veux récupérer des fichiers effacés par erreur, mieux vaut le faire maintenant.

-> Tutorial en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php


- Télécharge HijackThis Version 2.02 :
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

- Enregistre HJTInstall.exe sur ton bureau.
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
Petit tuto si besoin : http://pageperso.aol.fr/balltrap34/demohijack.htm
0
jaljal
14 nov. 2008 à 14:28
rapport HJT
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:15, on 14/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.conduit.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14ECE1FA-31AE-463C-80D7-FADB00E5AC17} - (no file)
O2 - BHO: DVA First - {40815A9A-BC7C-46D1-837D-A49ED3444F06} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: mkrndofl - {091E4684-9A84-453B-A5AC-E82BCD2109E2} - (no file)
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} - http://ww12.mcboo.com
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: iifcDWpN - iifcDWpN.dll (file missing)
O21 - SSODL: tdomgafw - {755EC199-6756-4604-9C23-C63F63D53501} - (no file)
O21 - SSODL: wetkadmr - {7E215B6E-58A4-43E2-B67D-71FEBD1974D8} - (no file)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: eQoon Service - ALTIANET - c:\program files\eqoon\tools\service\eqoonservice.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
0
Réponse 17 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 14:58
=> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

=> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

=> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

0
jaljal
14 nov. 2008 à 16:20
J'ai réussi a reinstaller mon anti virus
j'ai fait un scan et j'ai mis en quarantaine 122 virus TR/Bagle.Gen.B

j'ai fait un scan comboix et vola le rapport


ComboFix 08-11-12.02 - Jean Luc 2008-11-14 15:51:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.564 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jean Luc\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Starware316
c:\documents and settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware316\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware316\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Related.xml
c:\documents and settings\All Users\Application Data\Starware316\contexts\Travel.xml
c:\documents and settings\All Users\Application Data\Starware316\images\walertXP.bmp
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\Jean Luc\Application Data\inst.exe
c:\documents and settings\Jean Luc\Application Data\ShoppingReport
c:\documents and settings\Jean Luc\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Jean Luc\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Jean Luc\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Jean Luc\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Jean Luc\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Jean Luc\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Jean Luc\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Jean Luc\Application Data\Starware316(2)
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Configurator\Configurator.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Configurator\Configurator.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Free_Credit_Score\Free_Credit_ScoreOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Free_Music\Free_MusicOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Free_Music\Free_MusicOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Layouts\ToolbarLayout.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Manager\ManagerOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Manager\ManagerOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Reference\ReferenceOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Reference\ReferenceOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Ringtones\RingtonesOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Ringtones\RingtonesOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Screensavers\ScreensaversOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Screensavers\ScreensaversOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Toolbar\TBProductsOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Weather\AlertArchive.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Weather\WeatherOptions.xml
c:\documents and settings\Jean Luc\Application Data\Starware316(2)\Weather\WeatherOptions.xml.backup
c:\documents and settings\Jean Luc\Application Data\Ultimate Cleaner
c:\documents and settings\Jean Luc\Application Data\Ultimate Cleaner\settings.dat
c:\documents and settings\Jean Luc\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Jean Luc\Local Settings\Application Data\qsmqaiu.dat
c:\documents and settings\Jean Luc\Local Settings\Application Data\qsmqaiu_nav.dat
c:\documents and settings\Jean Luc\Local Settings\Application Data\qsmqaiu_navps.dat
c:\program files\akl
c:\program files\akl\akl.dll
c:\program files\akl\akl.exe
c:\program files\akl\uninstall.exe
c:\program files\akl\unsetup.exe
c:\program files\Orange\SessionManager\SessionManager.exe
c:\program files\Starware316
c:\program files\Starware316\Starware316Config.xml
c:\windows\a.bat
c:\windows\base64.tmp
c:\windows\bdn.com
c:\windows\cookies.ini
c:\windows\iTunesMusic.exe
c:\windows\mslagent
c:\windows\mslagent\2_mslagent.dll
c:\windows\mslagent\mslagent.exe
c:\windows\mslagent\uninstall.exe
c:\windows\mssecu.exe
c:\windows\system32\AdMVCcdd.ini
c:\windows\system32\AdMVCcdd.ini2
c:\windows\system32\akttzn.exe
c:\windows\system32\anticipator.dll
c:\windows\system32\awtoolb.dll
c:\windows\system32\bdn.com
c:\windows\system32\bsmvmdft.ini
c:\windows\system32\bsva-egihsg52.exe
c:\windows\system32\dao350.dll
c:\windows\system32\dpcproxy.exe
c:\windows\system32\drivers\downld
c:\windows\system32\h@tkeysh@@k.dll
c:\windows\system32\hoproxy.dll
c:\windows\system32\HQYGPXyb.ini
c:\windows\system32\HQYGPXyb.ini2
c:\windows\system32\hxiwlgpm.dat
c:\windows\system32\hxiwlgpm.exe
c:\windows\system32\ibvslncm.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\msgp.exe
c:\windows\system32\msnbho.dll
c:\windows\system32\mssecu.exe
c:\windows\system32\msvchost.exe
c:\windows\system32\mtr2.exe
c:\windows\system32\mwin32.exe
c:\windows\system32\netode.exe
c:\windows\system32\newsd32.exe
c:\windows\system32\nvs2.inf
c:\windows\system32\ps1.exe
c:\windows\system32\psof1.exe
c:\windows\system32\psoft1.exe
c:\windows\system32\regc64.dll
c:\windows\system32\regm64.dll
c:\windows\system32\Rundl1.exe
c:\windows\system32\smp
c:\windows\system32\smp\msrc.exe
c:\windows\system32\sncntr.exe
c:\windows\system32\ssurf022.dll
c:\windows\system32\ssvchost.com
c:\windows\system32\ssvchost.exe
c:\windows\system32\sysreq.exe
c:\windows\system32\taack.dat
c:\windows\system32\taack.exe
c:\windows\system32\temp#01.exe
c:\windows\system32\thun.dll
c:\windows\system32\thun32.dll
c:\windows\system32\urngwlmb.ini
c:\windows\system32\VBIEWER.OCX
c:\windows\system32\vbsys2.dll
c:\windows\system32\vcatchpi.dll
c:\windows\system32\winlogonpc.exe
c:\windows\system32\winsystem.exe
c:\windows\system32\WINWGPX.EXE
c:\windows\userconfig9x.dll
c:\windows\winsystem.exe
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_WINDOWS_TASK_MANAGER
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-14 au 2008-11-14 ))))))))))))))))))))))))))))))))))))
.

2008-11-14 14:50 . 2008-11-14 14:50 <REP> d-------- c:\program files\Avira
2008-11-14 14:25 . 2008-11-14 14:25 <REP> d-------- c:\program files\Trend Micro
2008-11-14 13:58 . 2008-11-14 13:58 <REP> d-------- c:\program files\CCleaner
2008-11-14 00:45 . 2008-11-14 00:45 <REP> d-------- C:\_OTMoveIt
2008-11-13 13:59 . 2008-11-14 15:45 <REP> d-------- c:\program files\FindyKill
2008-11-13 12:43 . 2008-11-13 12:43 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-13 12:43 . 2008-11-13 12:43 1,409 --a------ c:\windows\QTFont.for
2008-11-11 12:06 . 2008-11-11 12:06 <REP> d-------- c:\documents and settings\Jean Luc\Application Data\Uniblue
2008-11-11 03:04 . 2008-11-14 00:41 <REP> d-------- c:\program files\Panda Security
2008-11-11 02:46 . 2008-11-11 02:53 <REP> d-------- c:\program files\Windows Live Safety Center
2008-11-11 02:37 . 2008-11-11 02:37 <REP> d-------- c:\program files\Alwil Software
2008-11-10 22:01 . 2008-11-13 01:10 <REP> d-------- c:\program files\QUAD Utilities
2008-10-28 18:40 . 2008-10-28 18:40 <REP> d-------- c:\documents and settings\All Users\Documents
2008-10-28 17:49 . 2008-10-28 17:49 <REP> d-------- c:\windows\system32\DRM
2008-10-26 14:01 . 2008-10-26 14:01 <REP> d-------- c:\documents and settings\Amy\Contacts
2008-10-26 13:48 . 2002-01-01 01:04 <REP> d--h----- c:\documents and settings\Amy\Voisinage réseau
2008-10-26 13:48 . 2002-01-01 01:04 <REP> d--h----- c:\documents and settings\Amy\Voisinage d'impression
2008-10-26 13:48 . 2007-10-04 13:31 <REP> d--h----- c:\documents and settings\Amy\Modèles
2008-10-26 13:48 . 2002-01-01 01:04 <REP> dr------- c:\documents and settings\Amy\Menu Démarrer
2008-10-26 13:48 . 2008-10-26 13:52 <REP> dr------- c:\documents and settings\Amy\Favoris
2008-10-26 13:48 . 2008-10-26 13:50 <REP> d-------- c:\documents and settings\Amy\Bureau
2008-10-26 13:48 . 2008-10-27 14:02 <REP> d-------- c:\documents and settings\Amy
2008-10-24 09:58 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-23 09:25 . 2008-10-23 09:25 <REP> d-------- c:\documents and settings\LocalService\Bureau
2008-10-15 23:53 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 23:52 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 23:51 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 23:51 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 23:51 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 23:51 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 14:04 --------- d-----w c:\program files\NetPumper
2008-11-14 13:50 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2008-11-14 01:12 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-10 19:39 --------- d-----w c:\program files\Windows Live
2008-10-27 11:11 --------- d-----w c:\program files\Lexmark X1100 Series
2008-10-15 17:20 --------- d-----w c:\program files\Dictionnaire
2008-10-10 17:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-10 17:03 --------- d-----w c:\program files\Ensemble clavier et souris sans fil Labtec
2008-10-10 16:24 --------- d-----w c:\documents and settings\Jean Luc\Application Data\Research In Motion
2008-10-10 15:56 --------- d-----w c:\program files\Fichiers communs\Sonic Shared
2008-10-10 15:55 --------- d-----w c:\program files\Roxio
2008-10-10 15:54 --------- d-----w c:\program files\Fichiers communs\Roxio Shared
2008-10-10 15:53 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-10-10 15:45 --------- d-----w c:\program files\Fichiers communs\Research In Motion
2008-10-10 15:44 --------- d-----w c:\program files\Research In Motion
2008-10-10 14:26 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-07 18:33 --------- d-----w c:\program files\EoRezo
2008-10-07 18:30 --------- d-----w c:\documents and settings\Jean Luc\Application Data\EoRezo
2008-10-07 17:40 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-10-02 02:12 --------- d-----w c:\program files\RegCleaner
2008-04-16 18:34 47,360 -c--a-w c:\documents and settings\Jean Luc\Application Data\pcouffin.sys
2008-02-25 13:56 303,104 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2007-12-18 14:21 125,320 -c--a-w c:\documents and settings\Jean Luc\Application Data\GDIPFONTCACHEV1.DAT
2008-08-09 11:35 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008080920080810\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"F-Secure Manager"="c:\program files\Securitoo\av_fw\Common\FSM32.EXE" [2008-11-14 176177]
"F-Secure TNB"="c:\program files\Securitoo\av_fw\FSGUI\TNBUtil.exe" [2008-11-14 733184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-24 185896]
"RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Activer l'ensemble clavier et souris sans fil Labtec.lnk - c:\program files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe [2008-10-10 258048]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Activer l'ensemble clavier et souris sans fil Labtec.lnk
backup=c:\windows\pss\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
backup=c:\windows\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jean Luc^Menu Démarrer^Programmes^Démarrage^Barre d'Outils Olitec.lnk]
path=c:\documents and settings\Jean Luc\Menu Démarrer\Programmes\Démarrage\Barre d'Outils Olitec.lnk
backup=c:\windows\pss\Barre d'Outils Olitec.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jean Luc^Menu Démarrer^Programmes^Démarrage^Moniteur.lnk]
path=c:\documents and settings\Jean Luc\Menu Démarrer\Programmes\Démarrage\Moniteur.lnk
backup=c:\windows\pss\Moniteur.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eQoonMessenger]
--a--c--- 2006-10-19 09:39 53248 c:\program files\eQoon\Tools\Messenger\eQoonMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a--c--- 2003-08-19 15:48 57344 c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a--c--- 2007-11-24 18:12 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eQoon\\Tools\\Service\\eQoonService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=

R1 cpuidlep;CpuIdle Pro System Driver;c:\windows\system32\drivers\cpuidlep.sys [2008-07-21 4484]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [2003-03-27 11776]
R2 eQoon Service;eQoon Service;c:\program files\eqoon\tools\service\eqoonservice.exe [2006-10-25 45056]
S1 F-Secure HIPS;F-Secure HIPS;c:\program files\Securitoo\av_fw\HIPS\fshs.sys [ ]
S1 Isecdrv;Isecdrv;c:\windows\system32\drivers\Isecdrv.sys [ ]
S2 Ca536av;DV AIPTEK CAUET(Video);c:\windows\system32\Drivers\Ca536av.sys [ ]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Securitoo\av_fw\Anti-Virus\minifilter\fsgk.sys [ ]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);c:\windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;c:\windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;c:\windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 USBAV191;Instant VideoXpress;c:\windows\system32\DRIVERS\USBAV191.SYS [2005-04-28 120128]
S3 USBCamera;DV AIPTEK CAUET(Still);c:\windows\system32\Drivers\Bulk536.sys [ ]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [ ]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [ ]
S4 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ea7a116-b65f-11dc-91b0-00030d000001}]
\Shell\Auto\command - Windows.scr
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
.
Contenu du dossier 'Tâches planifiées'

2008-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-10-08 c:\windows\Tasks\cleanmgr.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 03:33]

2008-10-30 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2001-08-28 13:00]

2008-09-13 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []

2008-11-08 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe [2008-11-11 04:27]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{14ECE1FA-31AE-463C-80D7-FADB00E5AC17} - (no file)
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-RegistryBooster 2 d’Uniblue - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKLM-Run-ORAHSSSessionManager - c:\program files\Orange\SessionManager\SessionManager.exe
SSODL-tdomgafw-{755EC199-6756-4604-9C23-C63F63D53501} - (no file)
SSODL-wetkadmr-{7E215B6E-58A4-43E2-B67D-71FEBD1974D8} - (no file)
Notify-iifcDWpN - iifcDWpN.dll
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-bochadqfue - c:\documents and settings\jean luc\local settings\application data\bochadqfue.exe
MSConfigStartUp-spywareisolator - c:\program files\SpywareIsolator\spywareisolator.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Ultimate Cleaner - c:\program files\Ultimate Cleaner\UltimateCleaner.exe


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&meta=all&hl=fr&gl=fr&SelfSearch=1&SearchSourceOrigin=1&ctid=CT1472949
R0 -: HKCU-Main,Start Page = hxxp://lo.st/
R1 -: HKCU-SearchURL,(Default) = hxxp://search.conduit.com/Results.aspx?q=%s&meta=all&hl=fr&gl=fr&SelfSearch=1&SearchSourceOrigin=1&ctid=CT1472949
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 16:13:18
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\searchindexer.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
c:\program files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
c:\program files\Ensemble clavier et souris sans fil Labtec\OSD.exe
.
**************************************************************************
.
Heure de fin: 2008-11-14 16:15:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-14 15:15:51

Avant-CF: 36 452 728 832 octets libres
Après-CF: 36,492,365,824 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

397 --- E O F --- 2008-11-14 01:12:58
0
jaljal
14 nov. 2008 à 16:23
une autre question j'ai 2 anti virus : antivir et securitoo.com
lequel me conseille tu d'utiliser

encore merci
0
Réponse 18 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 19:04
Je te conseille Antivir !
Désinstalle Securitoo : jamais deux antivirus sur le même PC pour ne pas causer de conflits, plantage et ordi qui rame, ...

Tu es encore infecté.

Télécharge UsbFix sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l’installation avec les paramètres par défaut

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarrer

-->Après redémarrage poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
0
jaljal
14 nov. 2008 à 19:17
re bonjour

lorsque je double clic sur usbfix une fenetre me demande
1 netttoyage
2vaccination
3desinstaller
Q quitter

mais le pc ne redemarre pas

De plus mes deux lecteurs CD on disparus

Merci
0
Réponse 19 / 23
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
14 nov. 2008 à 19:19
Option 1 pardon.
0
jaljal
14 nov. 2008 à 19:27
voici le rapport

Merci



-------------- UsbFix V2.407 ---------------

* User : Jean Luc - GROLLEAU-BLXN2V
* Outils mis a jours le 14/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:24:17 le 14/11/2008
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\eqoon\tools\service\eqoonservice.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur amovible


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
F-Secure Manager REG_SZ "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
F-Secure TNB REG_SZ "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
RoxWatchTray REG_SZ "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
EoEngine REG_SZ "C:\Program Files\EoRezo\EoEngine.exe"
ItsTV REG_SZ "C:\Program Files\ItsLabel\ItsTV.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ea7a116-b65f-11dc-91b0-00030d000001}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------


--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[04/10/2007 13:35][--a------] C:\AUTOEXEC.BAT
[04/08/2004 13:00][-rahs----] C:\NTDETECT.COM
[14/11/2008 15:51][-rahs----] C:\boot.ini
[10/11/2008 15:42][--a------] G:\PowerPointViewer.exe
[10/11/2008 15:42][--a------] G:\FindyKill.exe

--------------- ! Fin du rapport ! ----------------
0
jaljal
15 nov. 2008 à 19:25
Bonjour

Je t'ai envoyer le rapport de USBFIX

A bientot pour ta reponse et encore merci

bon WE
0
jaljal
17 nov. 2008 à 21:32
Bonjour

Je t'ai envoyer le rapport de USBFIX

A bientot pour ta reponse et encore merci
0
Réponse 20 / 23
Sephiroth2007 Messages postés 215 Date d'inscription vendredi 15 juin 2007 Statut Membre Dernière intervention 3 février 2016 16
17 nov. 2008 à 21:18
Bonsoir,

Je sais pas si tu as réussi à résoudre ton problème complètement (depuis ta dernière réponse).

Si tu veux tu peux faire un rapport avec FindyKill (option 1), ça permettra de voir si beagle est toujours là ou pas.

Sinon après (que le rapport soit négatif) je pense que tu peux essayer de ré-installer ton anti-virus (moi j'utilise avast home), et faire une analyse compléte.

@+
0
crapoulou Messages postés 28158 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 16 avril 2024 7 990
17 nov. 2008 à 21:21
En effet.

Lol Sephiroth2007 => "Essayer c'est le meilleur moyen de se planter"
=> "je pense que tu peux essayer de ré-installer ton anti-virus"

En ce qui concerne l'antivirus, je te conseille plutôt avira antivir.
Désinstalle bien le précédent antivirus.
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
"Aucune application permettant d'ouvrir cette URL"
sidojaice -
JIP -

24 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
je viens de recevoir une alerte aux virus sur mon iphone
Hugoboss23 -
zoulou33 -

6 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses