Sujet Précédent Sujet Suivant

Probleme virus empêchant démarrage anti virus

Siegfried46 -  
totobetourne Messages postés 5677 Statut Membre -
Bonjour,
Voilà mon problème, j'ai téléchargé un programme sur internet mais malheureusement ce programme contenait un virus. Je possède avast édition familiale et AVG anti spyware qui étaient jusqu'alors actifs. Mais, dès que ce virus a agi, il a désactivé le bouclier résident d'avast, enlevé la protection d'AVG et a également désactivé le centre de sécurité Windows... euh ... :(
J'ai fait une analyse complète de mon ordinateur avec Malwarebytes' Anti-Malware puis j'ai mis en quarantaine tous les virus et trojans puis je les ai supprimés.
Aucun changement quand j'ai essayé de démarrer tout programme ayant un lien avec la sécurité de l'ordi, il ne démarrent pas.
Je pense avoir supprimé le virus (peut-être) mais il a eu le temps de désactiver des fonctions sur la sécurité.
Je voudrais donc savoir si quelqu'un peut m'aider sur ce problème parce que je ne sais plus quoi faire...
Je remercie d'avance celui ou celle qui m'aidera à réparer ce problème !
Siegfried46 ^^
A voir également:

6 réponses

Réponse 1 / 6
totobetourne Messages postés 5677 Statut Membre 65
 
Réouvre FindyKill , choisi cette fois ci l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage terminé"

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
2
Réponse 2 / 6
totobetourne Messages postés 5677 Statut Membre 65
 
bnojour

1)pour vista si infection.

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection: IMPORTANT A NE SURTOUT PAS OUBLIER):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html

2)as tu telecharger un crack, dis ce qu il en est?

3)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
1
Réponse 3 / 6
totobetourne Messages postés 5677 Statut Membre 65
 
ok

pas mal de nouveau type d infection bagle, j espere qu il n est pas trop dur a enlever.

Télécharges FindyKill de Chiquitine29

Fais un clique droit sur le lien et choisis "enregistrer la cible sous ...." , destination le bureau .

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

--> Entre dans le dossier " FindyKill "

Double clic sur " FindyKill.bat " (et pas sur autre chose!) pour lancer l'outil .

->choisis l'option 1 . Puis laisses travailler ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
1
miguel32
 
bonjour!!!! moi aussi j'ai le meme probleme. j'ai meme plus de son,j'arrive pas a installer d'autre anti virus, c la kata pour moi qui suis novice en informatique!!! j'ai fais la manip et voila le rapport:
###################### [ FindyKill V4.715 ]

# User : Compaq_Propri‚taire - NOM-D3A4C94E6FD
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours 29/01/09 par Chiquitine29
# Recherche effectuée à 15:07:12 le 09/02/2009
# Windows XP - Internet Explorer 8.0.6001.18241

# [ FindyKill V4.715 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Messenger\msmsgs.exe
C:\documents and settings\compaq_propriétaire.nom-d3a4c94e6fd\local settings\application data\ykyckec.exe
C:\Documents and Settings\Compaq_Propriétaire.NOM-D3A4C94E6FD\Application Data\drivers\winupgro.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Propriétaire.NOM-D3A4C94E6FD\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\ComponentLauncher.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe
C:\Documents and Settings\Compaq_Propriétaire.NOM-D3A4C94E6FD\Application Data\m\flec006.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\mmc.exe

\\\\\\\\\\\\\\\\\\ [ Processus infectieux stoppés ] ///////////////////


"C:\Documents and Settings\Compaq_Propriétaire.NOM-D3A4C94E6FD\Application Data\drivers\winupgro.exe" (360)
"C:\Documents and Settings\Compaq_Propriétaire.NOM-D3A4C94E6FD\Application Data\m\flec006.exe" (2992)
"C:\WINDOWS\system32\wintems.exe" (900)


\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


################## [ C:\ ]


################## [ C:\WINDOWS ]


################## [ C:\WINDOWS\Prefetch ]

Found ! - C:\WINDOWS\prefetch\32614234.EXE-24F725C9.pf
Found ! - C:\WINDOWS\prefetch\32625125.EXE-1122E9E9.pf
Found ! - C:\WINDOWS\prefetch\33910687.EXE-3A6DAB2D.pf
Found ! - C:\WINDOWS\prefetch\34095125.EXE-0958F7FD.pf
Found ! - C:\WINDOWS\prefetch\48774250.EXE-2A67F44D.pf
Found ! - C:\WINDOWS\prefetch\48786187.EXE-17C9CA59.pf
Found ! - C:\WINDOWS\prefetch\49147609.EXE-297E85E2.pf
Found ! - C:\WINDOWS\prefetch\49967546.EXE-3AE5E3BA.pf
Found ! - C:\WINDOWS\prefetch\50159843.EXE-365266BE.pf
Found ! - C:\WINDOWS\prefetch\50276390.EXE-1F2E197F.pf
Found ! - C:\WINDOWS\prefetch\64946125.EXE-390FD864.pf
Found ! - C:\WINDOWS\prefetch\64959328.EXE-2147663D.pf
Found ! - C:\WINDOWS\prefetch\65333031.EXE-138225CA.pf
Found ! - C:\WINDOWS\prefetch\66360375.EXE-1FF64CE3.pf
Found ! - C:\WINDOWS\prefetch\66476234.EXE-2C87CCEC.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-2FB8D900.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

################## [ C:\WINDOWS\system32 ]

Found ! [09/02/2009 14:11] - C:\WINDOWS\system32\mdelk.exe
Found ! [09/02/2009 14:11] - C:\WINDOWS\system32\wintems.exe
Found ! [09/02/2009 14:13] - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Found ! [06/02/2009 22:38] - "C:\WINDOWS\system32\drivers\down"

################## [ C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data ]

Found ! [09/02/2009 13:46] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\m\flec006.exe"
Found ! [09/02/2009 13:48] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\m\list.oct"
Found ! [09/02/2009 13:48] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\m\data.oct"
Found ! [09/02/2009 13:49] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\m\srvlist.oct"
Found ! [09/02/2009 13:50] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\m\shared"
Found ! [06/02/2009 22:34] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\m"
Found ! [06/02/2009 22:24] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\drivers"
Found ! [08/02/2009 19:47] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\drivers\srosa2.sys"
Found ! [08/02/2009 19:47] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\drivers\wfsintwq.sys"
Found ! [22/08/2005 01:09] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\drivers\winupgro.exe"
Found ! [09/02/2009 14:11] - "C:\Documents and Settings\Compaq_Propri‚taire.NOM-D3A4C94E6FD\Application Data\drivers\downld"

################## [ C:\DOCUME~1\COMPAQ~1.NOM\LOCALS~1\Temp ]


\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
Camfrog="C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 1 C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
EA Core="C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
Creative WebCam Tray="C:\Program Files\Creative\Shared Files\CamTray.exe"
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
ykyckec="c:\documents and settings\compaq_propriétaire.nom-d3a4c94e6fd\local settings\application data\ykyckec.exe" ykyckec
RegistryMechanic=C:\Program Files\Registry Mechanic\RegMech.exe /H
msnmsgr=~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
hpsysdrv=c:\windows\system\hpsysdrv.exe
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
KBD=C:\HP\KBD\KBD.EXE
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
SiSPower=Rundll32.exe SiSPower.dll,ModeAgent
AGRSMMSG=AGRSMMSG.exe
PS2=C:\WINDOWS\system32\ps2.exe
ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
AlcxMonitor=ALCXMNTR.EXE
LSBWatcher=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
regcmdcons=c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
SystrayORAHSS="C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
ORAHSSSessionManager=C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
SweetIM=C:\Program Files\SweetIM\Messenger\SweetIM.exe
Sony Ericsson PC Suite="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
NSLauncher=C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
Adobe Photo Downloader="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
EoEngine="C:\Program Files\EoRezo\EoEngine.exe"
SoftwareHelper=C:\Documents and Settings\Compaq_Propriétaire.NOM-D3A4C94E6FD\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_CURRENT_USER\software\local appwizard-generated applications\CamfrogNet]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////


Found ! - HKEY_USERS\S-1-5-21-1868209117-1920096518-2015322422-1007\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1868209117-1920096518-2015322422-1007\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1868209117-1920096518-2015322422-1007\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1868209117-1920096518-2015322422-1007\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1868209117-1920096518-2015322422-1007\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1868209117-1920096518-2015322422-1007\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

# Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!


# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - # Type de démarrage = 4

/!\ Ip6Fw - # Type de démarrage = 4

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2

wscsvc - # Type de démarrage = 2


\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


# Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur de CD-ROM


# Contenu de l'autorun : E:\autorun.inf

[AutoRun]
OPEN=NokiaInstaller.exe

# presence des fichiers :

Found ! [30/04/2004 23:00][---hs----] - D:\info.exe
Found ! [06/11/2007 09:16][-r-------] - E:\autorun.inf


\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////


-> Not found !


################## [ ! Fin du rapport # FindyKill V4.715 ! ]

merci pour tes solutions totobetourne!!!! @+
0
Réponse 4 / 6
Siegfried46
 
1) J'ai désactivé le contrôle de compte d'utilisateur
2 ) J'ai téléchargé un keygen pour un écran de veille qu'il ne durait que 60 sec. s'il n'était pas enregistré je sais c'est mal et c'était sur eMule ! Je ne le referai plus...
3) J'ai installé Hijackthis mais quand je le lance il me dit le message d'erreur suivant : "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe n'est pas une application Win32 valide." (Cela est dû au virus, j'en suis presque sûr car je crois qu'il a désactivé certains services de windows...)

Voila ^^ J'espère vous aider à m'aider :)

Siegfried46
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Siegfried46
 
Bonjour ! Voici le rapport :

----------------- FindyKill V4.710 ------------------

* User : Tommy - PC-DE-TOMMY
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 11:04:12 le 29/12/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\oopmagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Tommy\AppData\Roaming\drivers\winupgro.exe
C:\Users\Tommy\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Tommy\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Tommy\AppData\Roaming\drivers\downld\1008937.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe

--------------- [ Processus infectieux stoppés ] ----------------

"C:\Users\Tommy\AppData\Roaming\drivers\downld\1008937.exe" (2960)
"C:\Users\Tommy\AppData\Roaming\drivers\winupgro.exe" (844)
"C:\Users\Tommy\AppData\Roaming\drivers\winupgro.exe" (844)

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\Prefetch\KEYHOLETV.EXE-C79ADB04.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [29/12/2008 10:47] - C:\Windows\system32\mdelk.exe
Found ! [28/12/2008 16:51] - C:\Windows\system32\wintems.exe
Found ! [29/12/2008 10:47] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\Tommy\AppData\Roaming

Found ! [29/12/2008 10:51] - "C:\Users\Tommy\AppData\Roaming\m\flec006.exe"
Found ! [29/12/2008 10:51] - "C:\Users\Tommy\AppData\Roaming\m\list.oct"
Found ! [29/12/2008 10:51] - "C:\Users\Tommy\AppData\Roaming\m\data.oct"
Found ! [29/12/2008 10:51] - "C:\Users\Tommy\AppData\Roaming\m\srvlist.oct"
Found ! [29/12/2008 11:00] - "C:\Users\Tommy\AppData\Roaming\m\shared"
Found ! [28/12/2008 16:41] - "C:\Users\Tommy\AppData\Roaming\m"
Found ! [28/12/2008 16:35] - "C:\Users\Tommy\AppData\Roaming\drivers"
Found ! [29/12/2008 10:47] - "C:\Users\Tommy\AppData\Roaming\drivers\srosa.sys"
Found ! [29/12/2008 10:46] - "C:\Users\Tommy\AppData\Roaming\drivers\srosa2.sys"
Found ! [16/03/2006 04:10] - "C:\Users\Tommy\AppData\Roaming\drivers\winupgro.exe"
Found ! [29/12/2008 10:53] - "C:\Users\Tommy\AppData\Roaming\drivers\downld"
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1008937.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1020312.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1021359.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1021437.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1119812.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1155218.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1155953.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1155968.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1167593.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1168953.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1169406.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1170109.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1173078.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1175187.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1194515.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1195812.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1196468.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1206687.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\121203.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\121875.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\123062.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\123078.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\123390.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\123453.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1236437.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1237359.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1238203.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1263078.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12662281.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12663156.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12663171.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12675421.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12718703.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12725375.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1273984.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1274359.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1274687.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\127687.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\128843.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12895312.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12931796.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12932484.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12932500.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12944640.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12945921.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\12946375.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\131031.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\131046.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\135515.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1442062.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1454656.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\145843.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1476062.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\147984.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1517968.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1543109.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1553281.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\1559359.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\220750.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\223484.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\224125.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\244765.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\245609.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\246234.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\246343.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\248156.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\248953.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\251656.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\266203.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\274750.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\281046.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\351671.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\352984.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\353109.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\367687.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\369171.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\369687.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\373078.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\416203.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\423484.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\424359.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\424687.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\426796.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\426828.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\430828.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\439890.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\441515.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\453609.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\454609.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\455296.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\459750.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\463828.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\470203.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\472468.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\473062.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\473703.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\484890.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\485359.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\485500.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\494843.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\497703.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\498171.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\498703.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\498875.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\500875.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\502546.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\523953.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\524968.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\525296.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\531546.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\534937.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\537296.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\537406.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\541671.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\551062.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\552765.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\553250.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\561218.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\562343.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\563187.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\578406.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\579609.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\579953.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\580625.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\584765.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\591875.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\593484.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\593562.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\601171.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\612203.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\613015.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\613687.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\630921.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\643671.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\644359.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\644765.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\644968.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\649484.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\649500.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\655453.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\703453.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\705312.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\706093.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\718828.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\748031.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\892140.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\925453.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\926703.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\926718.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\929250.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\930234.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\934531.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\942109.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\943421.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\943875.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\944578.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\947062.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\948921.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\953859.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\968703.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\969437.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\969765.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\974328.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\979593.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\987062.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\991578.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\992390.exe
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Roaming\drivers\downld\992968.exe

»»»» Presence des fichiers dans C:\Users\Tommy\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\Tommy\Local Settings\Temporary Internet Files\Content.IE5

Found ! [28/12/2008 15:29] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09CCIA4P\b64[1].jpg
Found ! [28/12/2008 16:55] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09CCIA4P\b64[2].jpg
Found ! [28/12/2008 16:40] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09CCIA4P\b64_1[1].jpg
Found ! [28/12/2008 16:51] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09CCIA4P\b64_3[1].jpg
Found ! [28/12/2008 17:19] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09CCIA4P\mxd[1].jpg
Found ! [27/12/2008 21:12] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26RB5A7K\b1652a4b6451e4c914ad51011f2b98dd023863b8[1].jpg
Found ! [27/12/2008 21:12] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26RB5A7K\b1652a4b6451e4c914ad51011f2b98dd023863b8_medium[1].jpg
Found ! [28/12/2008 16:57] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26RB5A7K\b64_1[1].jpg
Found ! [28/12/2008 16:41] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\26RB5A7K\b64_2[1].jpg
Found ! [28/12/2008 15:20] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z5M40O8\b64[1].jpg
Found ! [29/12/2008 10:51] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z5M40O8\b64[2].jpg
Found ! [28/12/2008 15:45] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z5M40O8\b64_1[1].jpg
Found ! [28/12/2008 17:26] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z5M40O8\b64_1[2].jpg
Found ! [29/12/2008 10:52] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z5M40O8\b64_1[3].jpg
Found ! [28/12/2008 15:16] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z5M40O8\b64_3[1].jpg
Found ! [28/12/2008 15:25] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z5M40O8\b64_3[2].jpg
Found ! [28/12/2008 17:20] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z5M40O8\b64_3[3].jpg
Found ! [28/12/2008 23:47] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z5M40O8\b64_3[4].jpg
Found ! [28/12/2008 16:39] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW58E48E\b64[1].jpg
Found ! [28/12/2008 17:25] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW58E48E\b64[2].jpg
Found ! [28/12/2008 17:27] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW58E48E\b64_2[1].jpg
Found ! [28/12/2008 23:53] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW58E48E\b64_2[2].jpg
Found ! [29/12/2008 10:53] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW58E48E\b64_2[3].jpg
Found ! [28/12/2008 23:47] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW58E48E\b64_3[1].jpg
Found ! [29/12/2008 10:47] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW58E48E\b64_3[2].jpg
Found ! [28/12/2008 16:41] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VW58E48E\mxd[1].jpg
Found ! [28/12/2008 22:46] - C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AGN5J9SR\F9B7C49ACC5AC49D5F2BF50353B64[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter
ehTray.exe=C:\Windows\ehome\ehTray.exe
DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
EA Core=C:\Program Files\Electronic Arts\EADM\Core.exe -silent
SUPERAntiSpyware=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Steam="C:\Program Files\Steam\Steam.exe" -silent
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
ooquickpdfv7="C:\Windows\system32\oopmagent.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
!AVG Anti-Spyware="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_CURRENT_USER\software\local appwizard-generated applications\daemon]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-2016536796-1042062753-205223894-1000\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-2016536796-1042062753-205223894-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2016536796-1042062753-205223894-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-2016536796-1042062753-205223894-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-2016536796-1042062753-205223894-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-2016536796-1042062753-205223894-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-2016536796-1042062753-205223894-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
H: - Lecteur fixe

+- Contenu de l'autorun : C:\autorun.inf

[autorun]
;jwkdculzgmwoxvfqzfrekucdqoolyszzbgmxzoxzxadbvvdaawiuvzuviysq
shellexecute="resycled\boot.com c:"
;ueijejjziesvetvzwrltfkgcjbtbmozxpqjsceohvlgsemuhmmezfbkxdjwxirjplibgnilhdlimoxadylvyomllrpkeqdhsi
shell\Open\command="resycled\boot.com c:"
;

+- Contenu de l'autorun : H:\autorun.inf

[autorun]
;lktgejzgmilesobfmbrqmqbrinfjmcmhpvikvuifygzegvtxlkdtigpdeuapxamahykazdnkghdrbabbdjn
shellexecute="resycled\boot.com h:"
;kditbuxskxxznlxsggzflrnonlkktoymkxpik
shell\Open\command="resycled\boot.com h:"
;lbdvrmlhyvonfqlkabigbhjyqaugchvlccshx

+- presence des fichiers :

Found ! [28/12/2008 15:21][-r-hs----] - C:\autorun.inf
Found ! [28/12/2008 15:21][-r-hs----] - H:\autorun.inf
Found ! [30/11/2004 15:01][---hs----] - H:\info.exe

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------
0
carpo62
 
moi j'ai le même probleme je vai faire les manip
0
carpo62
 
voici le rapport ci quelqu'un peut m'aider en même temps



----------------- FindyKill V4.710 ------------------

* User : julien - PC-MAISON
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 13:37:18 le 29/12/2008
* Windows Vista - Internet Explorer 7.0.6000.16764

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIEFE.EXE
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Users\julien\AppData\Roaming\drivers\winupgro.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Users\julien\AppData\Roaming\drivers\winupgro.exe" (784)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\Prefetch\KEY_GENERATOR.EXE-6391B8B5.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [29/12/2008 13:18] - C:\Windows\system32\mdelk.exe
Found ! [29/12/2008 13:18] - C:\Windows\system32\wintems.exe
Found ! [29/12/2008 13:18] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\Windows\system32\drivers


»»»» Presence des fichiers dans C:\Users\julien\AppData\Roaming

Found ! [29/12/2008 13:20] - "C:\Users\julien\AppData\Roaming\m\flec006.exe"
Found ! [29/12/2008 13:20] - "C:\Users\julien\AppData\Roaming\m\list.oct"
Found ! [29/12/2008 13:20] - "C:\Users\julien\AppData\Roaming\m\data.oct"
Found ! [29/12/2008 13:20] - "C:\Users\julien\AppData\Roaming\m\srvlist.oct"
Found ! [29/12/2008 13:23] - "C:\Users\julien\AppData\Roaming\m\shared"
Found ! [28/12/2008 18:52] - "C:\Users\julien\AppData\Roaming\m"
Found ! [28/12/2008 18:42] - "C:\Users\julien\AppData\Roaming\drivers"
Found ! [29/12/2008 13:18] - "C:\Users\julien\AppData\Roaming\drivers\srosa.sys"
Found ! [29/12/2008 13:18] - "C:\Users\julien\AppData\Roaming\drivers\srosa2.sys"
Found ! [17/10/2006 07:03] - "C:\Users\julien\AppData\Roaming\drivers\winupgro.exe"
Found ! [29/12/2008 13:26] - "C:\Users\julien\AppData\Roaming\drivers\downld"
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\102430.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\106221.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\107671.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\109949.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\112024.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\128654.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\154097.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\156297.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\157607.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\166905.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\193534.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\200383.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\210991.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\213924.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\214345.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\271394.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\272486.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\272580.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\286090.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\287463.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\287993.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\289069.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\291487.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\293812.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\313905.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\321596.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\322422.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\322750.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\328194.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\342390.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\351735.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\353092.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\353950.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\381672.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\382202.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\382296.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\391905.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\392794.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\392826.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\395805.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\396741.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\396850.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\405633.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\406866.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\407334.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\408114.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\411093.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\412716.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\417131.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\417567.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\418597.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\418706.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\419034.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\419642.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\420594.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\449220.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\450983.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\452870.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\454228.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\454696.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\455460.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\457722.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\458580.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\460655.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\461731.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\462059.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\466973.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\473338.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\475881.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\475896.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\484835.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\487690.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\488205.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\488595.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\488797.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\489156.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\496223.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\500763.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\503696.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\506488.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\528734.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\534256.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\535114.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\535925.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\537735.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\549139.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\549591.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\549731.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\570792.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\571462.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\571540.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\587764.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\589730.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\590073.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\59389.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\61167.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\61183.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\631024.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\633364.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\634206.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\666420.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\67361.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\68468.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\68484.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\701520.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\702519.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\702675.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\70746.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\72727.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\73819.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\78250.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\81167.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\96096.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\96299.exe
Found ! [29/12/2008 13:26] - C:\Users\julien\AppData\Roaming\drivers\downld\97063.exe

»»»» Presence des fichiers dans C:\Users\julien\AppData\Local\Temp

Found ! - C:\Users\julien\AppData\Local\Temp\chrome_484\patch.7z
Found ! - C:\Users\julien\AppData\Local\Temp\CR_A232.tmp\PATCH.PACKED.7Z

»»»» Presence des fichiers dans C:\Users\julien\Local Settings\Temporary Internet Files\Content.IE5

Found ! [14/06/2008 09:56] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03F127W0\2A4302B01AB648B0E911E16B89D8[1].jpg
Found ! [17/06/2008 17:48] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03F127W0\8EB64615853C443447FAFAD7D6CB2[1].jpg
Found ! [22/07/2008 14:46] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03F127W0\A37D3B64F5F059BE9E3D4C11FDEA50[1].jpg
Found ! [28/12/2008 18:51] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\040JIPSO\b64[1].jpg
Found ! [28/12/2008 18:55] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\040JIPSO\b64_1[1].jpg
Found ! [28/12/2008 18:57] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\040JIPSO\b64_2[1].jpg
Found ! [28/12/2008 19:24] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\040JIPSO\b64_2[2].jpg
Found ! [29/12/2008 13:18] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\040JIPSO\b64_3[1].jpg
Found ! [28/12/2008 19:21] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNWPA2I7\b64[1].jpg
Found ! [29/12/2008 10:42] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNWPA2I7\b64[2].jpg
Found ! [29/12/2008 10:45] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNWPA2I7\b64_1[1].jpg
Found ! [29/12/2008 13:25] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4QC3WD5\b64_2[1].jpg
Found ! [29/12/2008 10:40] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W4QC3WD5\b64_3[1].jpg
Found ! [29/12/2008 13:20] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXCZCN2Z\b64[1].jpg
Found ! [28/12/2008 18:48] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXCZCN2Z\b64_3[1].jpg
Found ! [28/12/2008 19:18] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXCZCN2Z\b64_3[2].jpg
Found ! [28/12/2008 19:23] - C:\Users\julien\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WXCZCN2Z\b64_5[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ISUSPM Startup=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Google Update="C:\Users\julien\AppData\Local\Google\Update\GoogleUpdate.exe" /c
EPSON Stylus SX200 Series=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S1E91.tmp" /EF "HKCU"
Nokia.PCSync="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
PC Suite Tray="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
hpsysdrv=c:\hp\support\hpsysdrv.exe
KBD=C:\HP\KBD\KBD.EXE
ATICCC="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
<NO NAME>=
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
DPService="C:\Program Files\HP\DVDPlay\DPService.exe"
RtHDVCpl=RtHDVCpl.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-4036787146-3920915078-3568795652-1000\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_USERS\S-1-5-21-4036787146-3920915078-3568795652-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-4036787146-3920915078-3568795652-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-4036787146-3920915078-3568795652-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-4036787146-3920915078-3568795652-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-4036787146-3920915078-3568795652-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-4036787146-3920915078-3568795652-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 6 / 6
totobetourne Messages postés 5677 Statut Membre 65
 
arretez de venir a je ne sais combien sur un topic on ne s y retrouve creer ton propre topic ,passe findykill en option 2 , tu obtiens un rapport que tu colles .merci.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses