186 utilisateurs connectés
Probleme virus...plus administrateur + win 32
aj62
le 01 décembre 2008 à 22h33
Bonjour,
depuis quelques jours,je me suis apperçu que mon antivirus (norton internet security 2008 ) avait completement disparu du pc (plus de trace, plus d'icone)
impossible de le reinstaller
deplus quand je lance spybote ou ad aware....un message d'erreur me donne application non valide win 32.
quand je veux installer un autre outil pour supprimer les fichiers malveillant ou reinstaller ad aware ...un message me dit que je ne dispose pas des droits pour installer ce programme (en clair que je ne suis pas administrateur)
Alors que je suis le seul à utiliser ce pc.
j'ai installé et lancé Malwarebytes, Glary Utilities et findykill
voici le rapport du dernier :
----------------- FindyKill V4.706 ------------------
* User : Propri‚taire - PERSONNE-A33DFL
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 27/11/08 par Chiquitine29
* Recherche effectuée à 21:52:42 le 01/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
(EDITION MODERATEUR : Règle du forum à respecter :
Pas de rapport avant qu'il n'en soit demandé un !
Veuillez lire l'article suivant :
http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/a_(...)
Merci d'en prendre connaissance.
Si quelqu'un pourrait me donner un coup de main...ça n'est pas de refus
merci d'avance
Amicalement
Aj62
depuis quelques jours,je me suis apperçu que mon antivirus (norton internet security 2008 ) avait completement disparu du pc (plus de trace, plus d'icone)
impossible de le reinstaller
deplus quand je lance spybote ou ad aware....un message d'erreur me donne application non valide win 32.
quand je veux installer un autre outil pour supprimer les fichiers malveillant ou reinstaller ad aware ...un message me dit que je ne dispose pas des droits pour installer ce programme (en clair que je ne suis pas administrateur)
Alors que je suis le seul à utiliser ce pc.
j'ai installé et lancé Malwarebytes, Glary Utilities et findykill
voici le rapport du dernier :
----------------- FindyKill V4.706 ------------------
* User : Propri‚taire - PERSONNE-A33DFL
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 27/11/08 par Chiquitine29
* Recherche effectuée à 21:52:42 le 01/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
(EDITION MODERATEUR : Règle du forum à respecter :
Pas de rapport avant qu'il n'en soit demandé un !
Veuillez lire l'article suivant :
http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/a_(...)
Merci d'en prendre connaissance.
Si quelqu'un pourrait me donner un coup de main...ça n'est pas de refus
merci d'avance
Amicalement
Aj62
-->Message édité par bibou0007 le 01/12/2008 22:43:22<--
répondre
aj62
le 01 décembre 2008 à 22h45
-----------\\ ToolBar S&D 1.2.5 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:27 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:68 Go (Free:56 Go)
F:\ (Local Disk) - FAT32 - Total:5 Go (Free:2 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:372 Go (Free:135 Go)
M:\ (CD or DVD)
O:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 01/12/2008|22:39 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\around_the_world_in_80_days16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\chocolatier216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\death_nile16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\farm_frenzy_216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_match_216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\MagiciansHandbook16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\magic_farm16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\MahjongChina16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\notFound.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\ranch_rush16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\riseAtlantis16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\saqqarah16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\the_great_chocolate_chase16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtual_farm16x16.gif
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\Localization2-French.ini
C:\Program Files\GamesBar\uninst.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@cs.lp.smartshopper[2].txt
-----------\\ Extensions
(Propri‚taire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Propri‚taire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Propri‚taire) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload
(Propri‚taire) - {c36177c0-224a-11da-8cd6-0800200c9a66} => fasterfox
(Propri‚taire) - {DAD0F81A-CF67-4eed-98D6-26F6E47274CA} => tweak
(Propri‚taire) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Page"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"
"Search Bar"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\Conditions g‚n‚rales.url
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\Confidentialit‚.url
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\D‚sinstaller.lnk
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\MailSkinner.lnk
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\Website.url
==> EGDACCESS <==
C:\WINDOWS\system32\ban_list.txt
==> BAGLE <==
--------------------\\ ROOTKIT !!
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\PROPRI~1\Favoris\Perso\Informatique\SeriAll.Com - Serials, Keys, Keygen, Cracks.url
1 - "C:\ToolBar SD\TB_1.txt" - 01/12/2008|22:41 - Option : [1]
-----------\\ Fin du rapport a 22:41:52,17
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:27 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:68 Go (Free:56 Go)
F:\ (Local Disk) - FAT32 - Total:5 Go (Free:2 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:372 Go (Free:135 Go)
M:\ (CD or DVD)
O:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 01/12/2008|22:39 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\around_the_world_in_80_days16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\big_city_adventure_sydney16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\chocolatier216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\death_nile16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\farm_frenzy_216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_match_216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\MagiciansHandbook16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\magic_farm16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\MahjongChina16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\notFound.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\ranch_rush16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\riseAtlantis16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\saqqarah16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\the_great_chocolate_chase16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtual_farm16x16.gif
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\Localization2-French.ini
C:\Program Files\GamesBar\uninst.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@cs.lp.smartshopper[2].txt
-----------\\ Extensions
(Propri‚taire) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Propri‚taire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Propri‚taire) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload
(Propri‚taire) - {c36177c0-224a-11da-8cd6-0800200c9a66} => fasterfox
(Propri‚taire) - {DAD0F81A-CF67-4eed-98D6-26F6E47274CA} => tweak
(Propri‚taire) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Page"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"
"Search Bar"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\Conditions g‚n‚rales.url
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\Confidentialit‚.url
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\D‚sinstaller.lnk
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\MailSkinner.lnk
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\MailSkinner\Website.url
==> EGDACCESS <==
C:\WINDOWS\system32\ban_list.txt
==> BAGLE <==
--------------------\\ ROOTKIT !!
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA]
Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\PROPRI~1\Favoris\Perso\Informatique\SeriAll.Com - Serials, Keys, Keygen, Cracks.url
1 - "C:\ToolBar SD\TB_1.txt" - 01/12/2008|22:41 - Option : [1]
-----------\\ Fin du rapport a 22:41:52,17
aj62
le 02 décembre 2008 à 00h03
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1440
Windows 5.1.2600 Service Pack 3
01/12/2008 23:57:27
mbam-log-2008-12-01 (23-57-27).txt
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 159498
Temps écoulé: 1 hour(s), 9 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 33
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\m (Trojan.Agent) -> Delete on reboot.
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld\14762187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14764968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14770843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14771843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14783359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14823468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14827921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14854078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14870156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14871578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14874921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14908437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14935734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14956281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14960953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\155718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\157468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\185093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\211921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\268640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\282937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\284312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\287671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\324109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\340000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\350187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\92359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Propriétaire\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
Version de la base de données: 1440
Windows 5.1.2600 Service Pack 3
01/12/2008 23:57:27
mbam-log-2008-12-01 (23-57-27).txt
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 159498
Temps écoulé: 1 hour(s), 9 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 33
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\m (Trojan.Agent) -> Delete on reboot.
Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld\14762187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14764968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14770843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14771843.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14783359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14823468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14827921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14854078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14870156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14871578.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14874921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14908437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14935734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14956281.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\14960953.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\155718.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\157468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\185093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\211921.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\268640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\282937.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\284312.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\287671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\324109.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\340000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\350187.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\downld\92359.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Propriétaire\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
aj62
le 02 décembre 2008 à 00h05
----------------- FindyKill V4.706 ------------------
* User : Propri‚taire - PERSONNE-A33DFL
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 27/11/08 par Chiquitine29
* Recherche effectuée à 21:52:42 le 01/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MRU-Blaster\scheduler.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-041A0D93.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Found ! [01/12/2008 18:28] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [01/12/2008 18:28] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [19/02/2006 01:03] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [01/12/2008 18:32] - "C:\WINDOWS\system32\drivers\downld"
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\155718.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\157468.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\185093.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\211921.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\268640.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\282937.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\284312.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\287671.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\324109.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\340000.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\350187.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\92359.exe
»»»» Presence des fichiers dans C:\Documents and Settings\Propri‚taire\Application Data
Found ! [01/12/2008 18:31] - "C:\Documents and Settings\Propri‚taire\Application Data\m\flec006.exe"
Found ! [01/12/2008 18:31] - "C:\Documents and Settings\Propri‚taire\Application Data\m\list.oct"
Found ! [01/12/2008 18:37] - "C:\Documents and Settings\Propri‚taire\Application Data\m\data.oct"
Found ! [01/12/2008 18:37] - "C:\Documents and Settings\Propri‚taire\Application Data\m\srvlist.oct"
Found ! [01/12/2008 18:39] - "C:\Documents and Settings\Propri‚taire\Application Data\m\shared"
Found ! [01/12/2008 18:30] - "C:\Documents and Settings\Propri‚taire\Application Data\m"
»»»» Presence des fichiers dans C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\patch25.dll
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\CommonFi\NAVPatch.grd
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\CommonFi\NAVPatch.sig
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\CommonFi\NAVPatch.spm
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\NORTON\APP\patch25d.dll
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NCO\NCO\patch25.dll
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NCO\NCO\APP\Patch25d.dll
»»»» Presence des fichiers dans C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5
Found ! [01/12/2008 07:45] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0VZNUI2W\b64_1[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0VZNUI2W\b64_3[1].jpg
Found ! [01/12/2008 15:50] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\2SFMUMQB\b64_1[1].jpg
Found ! [01/12/2008 06:03] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3FAJ0MRU\b64[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3FAJ0MRU\b64_3[1].jpg
Found ! [27/11/2008 19:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3FAJ0MRU\b64_3[9].jpg
Found ! [01/12/2008 18:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3J5FL5Y5\b64[1].jpg
Found ! [01/12/2008 15:50] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8MKNM83A\b64_2[1].jpg
Found ! [01/12/2008 06:13] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8MKNM83A\mxd[1].jpg
Found ! [01/12/2008 11:48] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\A69P4EJ2\b64_1[1].jpg
Found ! [01/12/2008 06:02] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B75IVQAS\b64_2[1].jpg
Found ! [01/12/2008 15:51] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B75IVQAS\b64_2[2].jpg
Found ! [01/12/2008 11:49] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BMXJZ70Q\b64[1].jpg
Found ! [01/12/2008 18:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BMXJZ70Q\b64_2[1].jpg
Found ! [01/12/2008 06:02] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\C9BZU1RT\b64[1].jpg
Found ! [01/12/2008 07:46] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\C9BZU1RT\b64[2].jpg
Found ! [01/12/2008 01:58] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64[1].jpg
Found ! [01/12/2008 06:52] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64[2].jpg
Found ! [01/12/2008 01:56] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_1[1].jpg
Found ! [01/12/2008 06:52] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_2[1].jpg
Found ! [01/12/2008 06:51] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_3[1].jpg
Found ! [01/12/2008 07:45] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_3[2].jpg
Found ! [01/12/2008 01:58] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64[1].jpg
Found ! [01/12/2008 15:52] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64[2].jpg
Found ! [01/12/2008 18:31] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64[3].jpg
Found ! [01/12/2008 01:57] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64_2[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\PF6ET7F2\b64[1].jpg
Found ! [01/12/2008 01:57] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\PF6ET7F2\b64_3[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Y3LO2OCU\b64_2[1].jpg
Found ! [27/11/2008 19:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64[1].jpg
Found ! [01/12/2008 01:57] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64[2].jpg
Found ! [01/12/2008 11:48] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64[3].jpg
Found ! [01/12/2008 06:36] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64_2[1].jpg
Found ! [07/08/2007 05:47] - C:\Program Files\Real\RealArcade\catalog\282D6F84-1E7B-11B2-B64F-00D0B7142009\cover.jpg
Found ! [07/08/2007 05:47] - C:\Program Files\Real\RealArcade\catalog\B64C10E6-1DD2-11B2-8782-00D0B7142009\cover.jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
LogitechSoftwareUpdate="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Pando="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Podmailing=C:\Program Files\Podmailing\Podmailing.exe start-minimized
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
Dit=Dit.exe
CHotkey=mHotkey.exe
ledpointer=CNYHKey.exe
PCMService="C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
PinnacleDriverCheck=C:\WINDOWS\System32\PSDrvCheck.exe
PRISMSTA.EXE=PRISMSTA.EXE START
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
Name of App=C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
SSBkgdUpdate="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
BrMfcWnd=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
SetDefPrt=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
ControlCenter3=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
Microsoft Works Update Detection=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
fssui="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
WebcamMaxMoniter="C:\Program Files\WebcamMax\wcmmon.exe" /a
UVS11 Preload=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\BackWeb-8876480]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winfilse]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
/!\ WinDefend - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur fixe
L: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
dédétraqué
le 02 décembre 2008 à 00h15
Salut aj62
Sur le bureau, relance FindyKill en double-cliquant sur le raccourci.
Au menu principal, choisis l'option 2 : (Suppression)
Il y aura 2 redémarrages du PC.
Laisse-le travailler jusqu' à l’apparition de : "Nettoyage effectué".
Un rapport va s'ouvrir. Copie/colle-le dans ta réponse.
PS : le rapport est aussi conservé à la racine du disque dur C:\FindyKill.txt.
-----
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm
==> Sauvegarde et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\ Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++
Sur le bureau, relance FindyKill en double-cliquant sur le raccourci.
Au menu principal, choisis l'option 2 : (Suppression)
Il y aura 2 redémarrages du PC.
Laisse-le travailler jusqu' à l’apparition de : "Nettoyage effectué".
Un rapport va s'ouvrir. Copie/colle-le dans ta réponse.
PS : le rapport est aussi conservé à la racine du disque dur C:\FindyKill.txt.
-----
Télécharge combofix.exe (de sUBs) sur le bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm
==> Sauvegarde et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==
Double clique sur combofix.exe, clique sur OUI et valide par Entrée
Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\ Combofix.txt
Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure
@++
aj62
le 02 décembre 2008 à 05h35
Bonjour,
j'ai fait le scan par le programme findykill
voici le rapport
----------------- FindyKill V4.706 ------------------
* User : Propri‚taire - PERSONNE-A33DFL
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 27/11/08 par Chiquitine29
* Recherche effectuée à 21:52:42 le 01/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MRU-Blaster\scheduler.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-041A0D93.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Found ! [01/12/2008 18:28] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [01/12/2008 18:28] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [19/02/2006 01:03] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [01/12/2008 18:32] - "C:\WINDOWS\system32\drivers\downld"
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\155718.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\157468.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\185093.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\211921.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\268640.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\282937.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\284312.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\287671.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\324109.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\340000.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\350187.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\92359.exe
»»»» Presence des fichiers dans C:\Documents and Settings\Propri‚taire\Application Data
Found ! [01/12/2008 18:31] - "C:\Documents and Settings\Propri‚taire\Application Data\m\flec006.exe"
Found ! [01/12/2008 18:31] - "C:\Documents and Settings\Propri‚taire\Application Data\m\list.oct"
Found ! [01/12/2008 18:37] - "C:\Documents and Settings\Propri‚taire\Application Data\m\data.oct"
Found ! [01/12/2008 18:37] - "C:\Documents and Settings\Propri‚taire\Application Data\m\srvlist.oct"
Found ! [01/12/2008 18:39] - "C:\Documents and Settings\Propri‚taire\Application Data\m\shared"
Found ! [01/12/2008 18:30] - "C:\Documents and Settings\Propri‚taire\Application Data\m"
»»»» Presence des fichiers dans C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\patch25.dll
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\CommonFi\NAVPatch.grd
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\CommonFi\NAVPatch.sig
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\CommonFi\NAVPatch.spm
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\NORTON\APP\patch25d.dll
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NCO\NCO\patch25.dll
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NCO\NCO\APP\Patch25d.dll
»»»» Presence des fichiers dans C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5
Found ! [01/12/2008 07:45] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0VZNUI2W\b64_1[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0VZNUI2W\b64_3[1].jpg
Found ! [01/12/2008 15:50] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\2SFMUMQB\b64_1[1].jpg
Found ! [01/12/2008 06:03] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3FAJ0MRU\b64[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3FAJ0MRU\b64_3[1].jpg
Found ! [27/11/2008 19:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3FAJ0MRU\b64_3[9].jpg
Found ! [01/12/2008 18:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3J5FL5Y5\b64[1].jpg
Found ! [01/12/2008 15:50] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8MKNM83A\b64_2[1].jpg
Found ! [01/12/2008 06:13] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8MKNM83A\mxd[1].jpg
Found ! [01/12/2008 11:48] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\A69P4EJ2\b64_1[1].jpg
Found ! [01/12/2008 06:02] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B75IVQAS\b64_2[1].jpg
Found ! [01/12/2008 15:51] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B75IVQAS\b64_2[2].jpg
Found ! [01/12/2008 11:49] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BMXJZ70Q\b64[1].jpg
Found ! [01/12/2008 18:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BMXJZ70Q\b64_2[1].jpg
Found ! [01/12/2008 06:02] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\C9BZU1RT\b64[1].jpg
Found ! [01/12/2008 07:46] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\C9BZU1RT\b64[2].jpg
Found ! [01/12/2008 01:58] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64[1].jpg
Found ! [01/12/2008 06:52] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64[2].jpg
Found ! [01/12/2008 01:56] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_1[1].jpg
Found ! [01/12/2008 06:52] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_2[1].jpg
Found ! [01/12/2008 06:51] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_3[1].jpg
Found ! [01/12/2008 07:45] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_3[2].jpg
Found ! [01/12/2008 01:58] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64[1].jpg
Found ! [01/12/2008 15:52] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64[2].jpg
Found ! [01/12/2008 18:31] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64[3].jpg
Found ! [01/12/2008 01:57] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64_2[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\PF6ET7F2\b64[1].jpg
Found ! [01/12/2008 01:57] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\PF6ET7F2\b64_3[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Y3LO2OCU\b64_2[1].jpg
Found ! [27/11/2008 19:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64[1].jpg
Found ! [01/12/2008 01:57] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64[2].jpg
Found ! [01/12/2008 11:48] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64[3].jpg
Found ! [01/12/2008 06:36] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64_2[1].jpg
Found ! [07/08/2007 05:47] - C:\Program Files\Real\RealArcade\catalog\282D6F84-1E7B-11B2-B64F-00D0B7142009\cover.jpg
Found ! [07/08/2007 05:47] - C:\Program Files\Real\RealArcade\catalog\B64C10E6-1DD2-11B2-8782-00D0B7142009\cover.jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
LogitechSoftwareUpdate="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Pando="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Podmailing=C:\Program Files\Podmailing\Podmailing.exe start-minimized
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
Dit=Dit.exe
CHotkey=mHotkey.exe
ledpointer=CNYHKey.exe
PCMService="C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
PinnacleDriverCheck=C:\WINDOWS\System32\PSDrvCheck.exe
PRISMSTA.EXE=PRISMSTA.EXE START
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
Name of App=C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
SSBkgdUpdate="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
BrMfcWnd=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
SetDefPrt=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
ControlCenter3=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
Microsoft Works Update Detection=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
fssui="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
WebcamMaxMoniter="C:\Program Files\WebcamMax\wcmmon.exe" /a
UVS11 Preload=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\BackWeb-8876480]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winfilse]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
/!\ WinDefend - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur fixe
L: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
j'ai fait le scan par le programme findykill
voici le rapport
----------------- FindyKill V4.706 ------------------
* User : Propri‚taire - PERSONNE-A33DFL
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 27/11/08 par Chiquitine29
* Recherche effectuée à 21:52:42 le 01/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\WebcamMax\wcmmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MRU-Blaster\scheduler.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-041A0D93.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Found ! [01/12/2008 18:28] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [01/12/2008 18:28] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [19/02/2006 01:03] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [01/12/2008 18:32] - "C:\WINDOWS\system32\drivers\downld"
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\155718.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\157468.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\185093.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\211921.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\268640.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\282937.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\284312.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\287671.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\324109.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\340000.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\350187.exe
Found ! [01/12/2008 18:32] - C:\WINDOWS\system32\drivers\downld\92359.exe
»»»» Presence des fichiers dans C:\Documents and Settings\Propri‚taire\Application Data
Found ! [01/12/2008 18:31] - "C:\Documents and Settings\Propri‚taire\Application Data\m\flec006.exe"
Found ! [01/12/2008 18:31] - "C:\Documents and Settings\Propri‚taire\Application Data\m\list.oct"
Found ! [01/12/2008 18:37] - "C:\Documents and Settings\Propri‚taire\Application Data\m\data.oct"
Found ! [01/12/2008 18:37] - "C:\Documents and Settings\Propri‚taire\Application Data\m\srvlist.oct"
Found ! [01/12/2008 18:39] - "C:\Documents and Settings\Propri‚taire\Application Data\m\shared"
Found ! [01/12/2008 18:30] - "C:\Documents and Settings\Propri‚taire\Application Data\m"
»»»» Presence des fichiers dans C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\patch25.dll
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\CommonFi\NAVPatch.grd
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\CommonFi\NAVPatch.sig
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\CommonFi\NAVPatch.spm
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NAV\External\NORTON\APP\patch25d.dll
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NCO\NCO\patch25.dll
Found ! - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NIS15.5.0.23\NCO\NCO\APP\Patch25d.dll
»»»» Presence des fichiers dans C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5
Found ! [01/12/2008 07:45] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0VZNUI2W\b64_1[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\0VZNUI2W\b64_3[1].jpg
Found ! [01/12/2008 15:50] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\2SFMUMQB\b64_1[1].jpg
Found ! [01/12/2008 06:03] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3FAJ0MRU\b64[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3FAJ0MRU\b64_3[1].jpg
Found ! [27/11/2008 19:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3FAJ0MRU\b64_3[9].jpg
Found ! [01/12/2008 18:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\3J5FL5Y5\b64[1].jpg
Found ! [01/12/2008 15:50] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8MKNM83A\b64_2[1].jpg
Found ! [01/12/2008 06:13] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\8MKNM83A\mxd[1].jpg
Found ! [01/12/2008 11:48] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\A69P4EJ2\b64_1[1].jpg
Found ! [01/12/2008 06:02] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B75IVQAS\b64_2[1].jpg
Found ! [01/12/2008 15:51] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\B75IVQAS\b64_2[2].jpg
Found ! [01/12/2008 11:49] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BMXJZ70Q\b64[1].jpg
Found ! [01/12/2008 18:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\BMXJZ70Q\b64_2[1].jpg
Found ! [01/12/2008 06:02] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\C9BZU1RT\b64[1].jpg
Found ! [01/12/2008 07:46] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\C9BZU1RT\b64[2].jpg
Found ! [01/12/2008 01:58] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64[1].jpg
Found ! [01/12/2008 06:52] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64[2].jpg
Found ! [01/12/2008 01:56] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_1[1].jpg
Found ! [01/12/2008 06:52] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_2[1].jpg
Found ! [01/12/2008 06:51] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_3[1].jpg
Found ! [01/12/2008 07:45] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\JGZHPURF\b64_3[2].jpg
Found ! [01/12/2008 01:58] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64[1].jpg
Found ! [01/12/2008 15:52] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64[2].jpg
Found ! [01/12/2008 18:31] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64[3].jpg
Found ! [01/12/2008 01:57] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\LID01W7X\b64_2[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\PF6ET7F2\b64[1].jpg
Found ! [01/12/2008 01:57] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\PF6ET7F2\b64_3[1].jpg
Found ! [01/12/2008 06:00] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Y3LO2OCU\b64_2[1].jpg
Found ! [27/11/2008 19:29] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64[1].jpg
Found ! [01/12/2008 01:57] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64[2].jpg
Found ! [01/12/2008 11:48] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64[3].jpg
Found ! [01/12/2008 06:36] - C:\Documents and Settings\Propri‚taire\Local Settings\Temporary Internet Files\Content.IE5\Z824KVIF\b64_2[1].jpg
Found ! [07/08/2007 05:47] - C:\Program Files\Real\RealArcade\catalog\282D6F84-1E7B-11B2-B64F-00D0B7142009\cover.jpg
Found ! [07/08/2007 05:47] - C:\Program Files\Real\RealArcade\catalog\B64C10E6-1DD2-11B2-8782-00D0B7142009\cover.jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
LogitechSoftwareUpdate="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Pando="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Podmailing=C:\Program Files\Podmailing\Podmailing.exe start-minimized
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
Dit=Dit.exe
CHotkey=mHotkey.exe
ledpointer=CNYHKey.exe
PCMService="C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
PinnacleDriverCheck=C:\WINDOWS\System32\PSDrvCheck.exe
PRISMSTA.EXE=PRISMSTA.EXE START
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
Name of App=C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
SSBkgdUpdate="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
IndexSearch=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
BrMfcWnd=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
SetDefPrt=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
ControlCenter3=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
Microsoft Works Update Detection=C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
fssui="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
WebcamMaxMoniter="C:\Program Files\WebcamMax\wcmmon.exe" /a
UVS11 Preload=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\BackWeb-8876480]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winfilse]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1614895754-413027322-725345543-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sK9Ou0s
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
/!\ WinDefend - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
E: - Lecteur fixe
F: - Lecteur fixe
L: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
aj62
le 02 décembre 2008 à 05h38
Aprés j'ai lancé combofix.exe
j'ai reçu un message d'erreur
Application non valide win32
mais j'ai réussi à reinstaller l'antivirus
c deja ça de gagner.
Y a t'il d'autres manipulations à effectuer ?
Merci d'avance
Amicalement
Aj62
aj62
le 02 décembre 2008 à 08h43
Bonjour,
Le problème à l'air d'être résolu !!!
Encore merci pour la manipulation.
A+
Aj62
Le problème à l'air d'être résolu !!!
Encore merci pour la manipulation.
A+
Aj62
dédétraqué
le 02 décembre 2008 à 12h19
Salut aj62
Faut pas trop ce fier au apparence dans ce genre d'infection.
Tu ne m'a pas posté le bon rapport de Findykill, je veux celui de l'option 2 : (Suppression)
Si tu rencontre des problèmes avec Combofix, supprime-le et télécharge-le de cette manière : http://forum.pcastuces.com/combofix___renommer_au_telechargement-f31s22.htm
Fais le scan avec Combofix et poste le rapport
Analyse ce soir après le boulot
@++
Faut pas trop ce fier au apparence dans ce genre d'infection.
Tu ne m'a pas posté le bon rapport de Findykill, je veux celui de l'option 2 : (Suppression)
Si tu rencontre des problèmes avec Combofix, supprime-le et télécharge-le de cette manière : http://forum.pcastuces.com/combofix___renommer_au_telechargement-f31s22.htm
Fais le scan avec Combofix et poste le rapport
Analyse ce soir après le boulot
@++
PRODUITS
- Portables |
- PC |
- Moniteurs |
- Photo / Vidéo |
- T.V. |
- Audio |
- GPS |
- Stockage |
- Téléphonie |
- autres catégories
TÉLÉCHARGER - LOGICIELS
- Windows & logiciels |
- Bureautique |
- Développement |
- Internet |
- Jeux |
- Loisirs |
- Multimédia |
- Personnaliser son pc |
- Sécurité |
- Utilitaires |
- Logiciels Linux |
- logiciels Mac
JEUX VIDÉOS
- jeux PC |
- Xbox |
- Playstation |
- Wii |
- PSP |
- DS |
- Action |
- Aventure |
- MMORPG |
- Sports |
- Simulation |
- Enfant |
- Soluces et astuces
LOISIRS
01NET PRO
- Réseaux et Internet |
- Programmation et développement |
- Logiciels d'entreprise |
- Systèmes d'exploitation en entreprise |
- Sécurité en entreprise |
- Entreprenariat |
- Emploi |
- Services PRO |
- Matériel PRO
AVIS ET COMMENTAIRES
- Les actualités de 01net. |
- Avis sur les jeux vidéos |
- Avis sur les produits |
- Avis sur les logiciels |
A PROPOS DE 01NET
publicité
Messages des modérateurs
Discussions les plus actives
- mon pc rame a mort j ai des pic de uc a 70 a 100 %
- virus ou anti-virus 360? comment s'en débarrasser, je galère
- PC extremement lent et msg d'erreur
- disque dur,amovible,interne ne s'ouvre plus en 2 clic(virus)
- Connection internet impossible causée par virus
- comment nettoyer mon ordinateur?
- [RESOLU] Avast, pare feu ... tous bloqués !!
- infecté par spyware-secure ? (résolu)
- macrovirus : W97/Thus.AD (résolu)
- virus et disfonctionnement
 |
 |
Everest Poker
Défiez les joueurs du monde entier et atteignez les sommets
|
 |
||
Nous contacter
|
Charte de confiance
|
Voir notice légale
01net. - 01men - RMC - BFM Radio - BFM TV - La Tribune - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
01net. - 01men - RMC - BFM Radio - BFM TV - La Tribune - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.