Virus win 32 winnt ,rootkit
Fermé
pepito
-
7 janv. 2009 à 16:27
^^Marie^^ Messages postés 113929 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 8 janv. 2009 à 11:16
^^Marie^^ Messages postés 113929 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 8 janv. 2009 à 11:16
A voir également:
- Virus win 32 winnt ,rootkit
- Poweriso 32 bit - Télécharger - Gravure
- 32 bits - Guide
- Telecharger win rar - Télécharger - Compression & Décompression
- Win zip - Télécharger - Compression & Décompression
- Win setup from usb - Télécharger - Utilitaires
5 réponses
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
7 janv. 2009 à 16:38
7 janv. 2009 à 16:38
bonjour,
arrive tu as installer hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
et choisit "do a scan and save the log" et poste le rapport
arrive tu as installer hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
et choisit "do a scan and save the log" et poste le rapport
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
7 janv. 2009 à 17:27
7 janv. 2009 à 17:27
re
commence par telecharger un antivirus (je n'en vois pas) prend antivir met le a jour et fait un scan et poste le rapport
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
puis
telecharge et installe malwarebyte met le a jour
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
puis fait un scan de ton PC et poste le rapport
commence par telecharger un antivirus (je n'en vois pas) prend antivir met le a jour et fait un scan et poste le rapport
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
puis
telecharge et installe malwarebyte met le a jour
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
puis fait un scan de ton PC et poste le rapport
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 274
>
pepito
7 janv. 2009 à 18:50
7 janv. 2009 à 18:50
Bonsoir
Essaie ce qui suit -- stp
--> Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l'installation avec les paramètres par defaut
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
Essaie ce qui suit -- stp
--> Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l'installation avec les paramètres par defaut
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
sarou
>
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
7 janv. 2009 à 18:58
7 janv. 2009 à 18:58
svp c koi poste le rapport findykill.txt
sarou
>
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
7 janv. 2009 à 19:01
7 janv. 2009 à 19:01
----------------- FindyKill V4.711 ------------------
* User : nicot laetitia - PC-DE-LAETITIA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:57:11 le 07/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\Windows
»»»» Presence des fichiers dans C:\Windows\Prefetch
Found ! - C:\Windows\prefetch\158762.EXE-1A7389A8.pf
Found ! - C:\Windows\prefetch\189572.EXE-DAC78997.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-7BDF5831.pf
»»»» Presence des fichiers dans C:\Windows\system32
Found ! [07/01/2009 16:15] - C:\Windows\system32\mdelk.exe
Found ! [07/01/2009 16:15] - C:\Windows\system32\wintems.exe
Found ! [07/01/2009 17:16] - C:\Windows\system32\ban_list.txt
»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming
Found ! [30/12/2008 22:45] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
Found ! [23/03/2004 06:03] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/01/2009 16:18] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Windows\system32\drivers
»»»» Presence des fichiers dans C:\Users\nicot laetitia\AppData\Roaming
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\flec006.exe"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\list.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\data.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\srvlist.oct"
Found ! [07/01/2009 15:10] - "C:\Users\nicot laetitia\AppData\Roaming\m\shared"
Found ! [27/12/2008 20:01] - "C:\Users\nicot laetitia\AppData\Roaming\m"
Found ! [24/12/2008 16:42] - "C:\Users\nicot laetitia\AppData\Roaming\drivers"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa.sys"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa2.sys"
Found ! [17/10/2005 05:06] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\winupgro.exe"
Found ! [30/12/2008 22:43] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Users\NICOTL~1\AppData\Local\Temp
»»»» Presence des fichiers dans C:\Users\nicot laetitia\Local Settings\Temporary Internet Files\Content.IE5
Found ! [30/12/2008 18:47] - C:\$RECYCLE.BIN\S-1-5-18\$RUWIBJ8\FileList.txt
Found ! [29/12/2008 20:00] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28XGEHAL\file[1].txt
Found ! [30/12/2008 18:15] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOZON3PL\mxd[1].jpg
Found ! [03/01/2009 01:49] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_1[1].jpg
Found ! [04/01/2009 18:41] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_3[2].jpg
Found ! [06/01/2009 19:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\eDatasecurity\FileList.txt
Found ! [14/06/2006 09:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\EMProxy\filelist.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_Win9x.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_WinNT.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_Win9x.txt
Found ! [13/12/2005 10:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_WinNT.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHR_5_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHR_5_0.txt
Found ! [12/06/2006 12:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSC\filelist70.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHR_5_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHR_5_0.txt
Found ! [07/12/2006 17:00] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\VS\filelist.txt
Found ! [30/12/2008 22:37] - C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\DRZXAVUH\file[1].txt
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
mljihg="c:\users\nicot laetitia\appdata\local\mljihg.exe" mljihg
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl=RtHDVCpl.exe
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
eRecoveryService=
NVRaidService=C:\Windows\system32\nvraidservice.exe
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
Setresolution=C:\ACERSW\config\1440x900.cmd
Apanel=C:\ACERSW\config\NewSetApanel.cmd
V0220Mon.exe=C:\Windows\V0220Mon.exe
WPCUMI=C:\Windows\system32\WpcUmi.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
Wlansvc - Type de démarrage = 3
/!\ SharedAccess - Type de démarrage = 4
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
WinDefend - Type de démarrage = 2
/!\ UAC is Disable
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- Contenu de l'autorun : C:\autorun.inf
+- Contenu de l'autorun : D:\autorun.inf
+- presence des fichiers :
Found ! [07/01/2009 15:06][drahs----] - C:\autorun.inf
C:\autorun.inf - This folder was created by flash disinfector !
Found ! [07/01/2009 15:06][drahs----] - D:\autorun.inf
D:\autorun.inf - This folder was created by flash disinfector !
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
* User : nicot laetitia - PC-DE-LAETITIA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:57:11 le 07/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\Windows
»»»» Presence des fichiers dans C:\Windows\Prefetch
Found ! - C:\Windows\prefetch\158762.EXE-1A7389A8.pf
Found ! - C:\Windows\prefetch\189572.EXE-DAC78997.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-7BDF5831.pf
»»»» Presence des fichiers dans C:\Windows\system32
Found ! [07/01/2009 16:15] - C:\Windows\system32\mdelk.exe
Found ! [07/01/2009 16:15] - C:\Windows\system32\wintems.exe
Found ! [07/01/2009 17:16] - C:\Windows\system32\ban_list.txt
»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming
Found ! [30/12/2008 22:45] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
Found ! [23/03/2004 06:03] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/01/2009 16:18] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Windows\system32\drivers
»»»» Presence des fichiers dans C:\Users\nicot laetitia\AppData\Roaming
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\flec006.exe"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\list.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\data.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\srvlist.oct"
Found ! [07/01/2009 15:10] - "C:\Users\nicot laetitia\AppData\Roaming\m\shared"
Found ! [27/12/2008 20:01] - "C:\Users\nicot laetitia\AppData\Roaming\m"
Found ! [24/12/2008 16:42] - "C:\Users\nicot laetitia\AppData\Roaming\drivers"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa.sys"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa2.sys"
Found ! [17/10/2005 05:06] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\winupgro.exe"
Found ! [30/12/2008 22:43] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Users\NICOTL~1\AppData\Local\Temp
»»»» Presence des fichiers dans C:\Users\nicot laetitia\Local Settings\Temporary Internet Files\Content.IE5
Found ! [30/12/2008 18:47] - C:\$RECYCLE.BIN\S-1-5-18\$RUWIBJ8\FileList.txt
Found ! [29/12/2008 20:00] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28XGEHAL\file[1].txt
Found ! [30/12/2008 18:15] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOZON3PL\mxd[1].jpg
Found ! [03/01/2009 01:49] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_1[1].jpg
Found ! [04/01/2009 18:41] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_3[2].jpg
Found ! [06/01/2009 19:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\eDatasecurity\FileList.txt
Found ! [14/06/2006 09:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\EMProxy\filelist.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_Win9x.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_WinNT.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_Win9x.txt
Found ! [13/12/2005 10:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_WinNT.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHR_5_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHR_5_0.txt
Found ! [12/06/2006 12:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSC\filelist70.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHR_5_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHR_5_0.txt
Found ! [07/12/2006 17:00] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\VS\filelist.txt
Found ! [30/12/2008 22:37] - C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\DRZXAVUH\file[1].txt
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
mljihg="c:\users\nicot laetitia\appdata\local\mljihg.exe" mljihg
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl=RtHDVCpl.exe
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
eRecoveryService=
NVRaidService=C:\Windows\system32\nvraidservice.exe
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
Setresolution=C:\ACERSW\config\1440x900.cmd
Apanel=C:\ACERSW\config\NewSetApanel.cmd
V0220Mon.exe=C:\Windows\V0220Mon.exe
WPCUMI=C:\Windows\system32\WpcUmi.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
Wlansvc - Type de démarrage = 3
/!\ SharedAccess - Type de démarrage = 4
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
WinDefend - Type de démarrage = 2
/!\ UAC is Disable
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- Contenu de l'autorun : C:\autorun.inf
+- Contenu de l'autorun : D:\autorun.inf
+- presence des fichiers :
Found ! [07/01/2009 15:06][drahs----] - C:\autorun.inf
C:\autorun.inf - This folder was created by flash disinfector !
Found ! [07/01/2009 15:06][drahs----] - D:\autorun.inf
D:\autorun.inf - This folder was created by flash disinfector !
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
sarou
>
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
7 janv. 2009 à 19:01
7 janv. 2009 à 19:01
----------------- FindyKill V4.711 ------------------
* User : nicot laetitia - PC-DE-LAETITIA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:57:11 le 07/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\Windows
»»»» Presence des fichiers dans C:\Windows\Prefetch
Found ! - C:\Windows\prefetch\158762.EXE-1A7389A8.pf
Found ! - C:\Windows\prefetch\189572.EXE-DAC78997.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-7BDF5831.pf
»»»» Presence des fichiers dans C:\Windows\system32
Found ! [07/01/2009 16:15] - C:\Windows\system32\mdelk.exe
Found ! [07/01/2009 16:15] - C:\Windows\system32\wintems.exe
Found ! [07/01/2009 17:16] - C:\Windows\system32\ban_list.txt
»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming
Found ! [30/12/2008 22:45] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
Found ! [23/03/2004 06:03] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/01/2009 16:18] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Windows\system32\drivers
»»»» Presence des fichiers dans C:\Users\nicot laetitia\AppData\Roaming
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\flec006.exe"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\list.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\data.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\srvlist.oct"
Found ! [07/01/2009 15:10] - "C:\Users\nicot laetitia\AppData\Roaming\m\shared"
Found ! [27/12/2008 20:01] - "C:\Users\nicot laetitia\AppData\Roaming\m"
Found ! [24/12/2008 16:42] - "C:\Users\nicot laetitia\AppData\Roaming\drivers"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa.sys"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa2.sys"
Found ! [17/10/2005 05:06] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\winupgro.exe"
Found ! [30/12/2008 22:43] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Users\NICOTL~1\AppData\Local\Temp
»»»» Presence des fichiers dans C:\Users\nicot laetitia\Local Settings\Temporary Internet Files\Content.IE5
Found ! [30/12/2008 18:47] - C:\$RECYCLE.BIN\S-1-5-18\$RUWIBJ8\FileList.txt
Found ! [29/12/2008 20:00] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28XGEHAL\file[1].txt
Found ! [30/12/2008 18:15] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOZON3PL\mxd[1].jpg
Found ! [03/01/2009 01:49] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_1[1].jpg
Found ! [04/01/2009 18:41] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_3[2].jpg
Found ! [06/01/2009 19:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\eDatasecurity\FileList.txt
Found ! [14/06/2006 09:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\EMProxy\filelist.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_Win9x.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_WinNT.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_Win9x.txt
Found ! [13/12/2005 10:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_WinNT.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHR_5_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHR_5_0.txt
Found ! [12/06/2006 12:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSC\filelist70.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHR_5_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHR_5_0.txt
Found ! [07/12/2006 17:00] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\VS\filelist.txt
Found ! [30/12/2008 22:37] - C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\DRZXAVUH\file[1].txt
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
mljihg="c:\users\nicot laetitia\appdata\local\mljihg.exe" mljihg
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl=RtHDVCpl.exe
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
eRecoveryService=
NVRaidService=C:\Windows\system32\nvraidservice.exe
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
Setresolution=C:\ACERSW\config\1440x900.cmd
Apanel=C:\ACERSW\config\NewSetApanel.cmd
V0220Mon.exe=C:\Windows\V0220Mon.exe
WPCUMI=C:\Windows\system32\WpcUmi.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
Wlansvc - Type de démarrage = 3
/!\ SharedAccess - Type de démarrage = 4
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
WinDefend - Type de démarrage = 2
/!\ UAC is Disable
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- Contenu de l'autorun : C:\autorun.inf
+- Contenu de l'autorun : D:\autorun.inf
+- presence des fichiers :
Found ! [07/01/2009 15:06][drahs----] - C:\autorun.inf
C:\autorun.inf - This folder was created by flash disinfector !
Found ! [07/01/2009 15:06][drahs----] - D:\autorun.inf
D:\autorun.inf - This folder was created by flash disinfector !
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
* User : nicot laetitia - PC-DE-LAETITIA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:57:11 le 07/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\Windows
»»»» Presence des fichiers dans C:\Windows\Prefetch
Found ! - C:\Windows\prefetch\158762.EXE-1A7389A8.pf
Found ! - C:\Windows\prefetch\189572.EXE-DAC78997.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-7BDF5831.pf
»»»» Presence des fichiers dans C:\Windows\system32
Found ! [07/01/2009 16:15] - C:\Windows\system32\mdelk.exe
Found ! [07/01/2009 16:15] - C:\Windows\system32\wintems.exe
Found ! [07/01/2009 17:16] - C:\Windows\system32\ban_list.txt
»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming
Found ! [30/12/2008 22:45] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
Found ! [23/03/2004 06:03] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/01/2009 16:18] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Windows\system32\drivers
»»»» Presence des fichiers dans C:\Users\nicot laetitia\AppData\Roaming
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\flec006.exe"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\list.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\data.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\srvlist.oct"
Found ! [07/01/2009 15:10] - "C:\Users\nicot laetitia\AppData\Roaming\m\shared"
Found ! [27/12/2008 20:01] - "C:\Users\nicot laetitia\AppData\Roaming\m"
Found ! [24/12/2008 16:42] - "C:\Users\nicot laetitia\AppData\Roaming\drivers"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa.sys"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa2.sys"
Found ! [17/10/2005 05:06] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\winupgro.exe"
Found ! [30/12/2008 22:43] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Users\NICOTL~1\AppData\Local\Temp
»»»» Presence des fichiers dans C:\Users\nicot laetitia\Local Settings\Temporary Internet Files\Content.IE5
Found ! [30/12/2008 18:47] - C:\$RECYCLE.BIN\S-1-5-18\$RUWIBJ8\FileList.txt
Found ! [29/12/2008 20:00] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28XGEHAL\file[1].txt
Found ! [30/12/2008 18:15] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOZON3PL\mxd[1].jpg
Found ! [03/01/2009 01:49] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_1[1].jpg
Found ! [04/01/2009 18:41] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_3[2].jpg
Found ! [06/01/2009 19:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\eDatasecurity\FileList.txt
Found ! [14/06/2006 09:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\EMProxy\filelist.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_Win9x.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_WinNT.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_Win9x.txt
Found ! [13/12/2005 10:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_WinNT.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHR_5_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHR_5_0.txt
Found ! [12/06/2006 12:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSC\filelist70.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHR_5_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHR_5_0.txt
Found ! [07/12/2006 17:00] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\VS\filelist.txt
Found ! [30/12/2008 22:37] - C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\DRZXAVUH\file[1].txt
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
mljihg="c:\users\nicot laetitia\appdata\local\mljihg.exe" mljihg
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl=RtHDVCpl.exe
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
eRecoveryService=
NVRaidService=C:\Windows\system32\nvraidservice.exe
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
Setresolution=C:\ACERSW\config\1440x900.cmd
Apanel=C:\ACERSW\config\NewSetApanel.cmd
V0220Mon.exe=C:\Windows\V0220Mon.exe
WPCUMI=C:\Windows\system32\WpcUmi.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
Wlansvc - Type de démarrage = 3
/!\ SharedAccess - Type de démarrage = 4
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
WinDefend - Type de démarrage = 2
/!\ UAC is Disable
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- Contenu de l'autorun : C:\autorun.inf
+- Contenu de l'autorun : D:\autorun.inf
+- presence des fichiers :
Found ! [07/01/2009 15:06][drahs----] - C:\autorun.inf
C:\autorun.inf - This folder was created by flash disinfector !
Found ! [07/01/2009 15:06][drahs----] - D:\autorun.inf
D:\autorun.inf - This folder was created by flash disinfector !
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
plopus
Messages postés
5962
Date d'inscription
jeudi 1 janvier 2009
Statut
Contributeur sécurité
Dernière intervention
11 mars 2012
293
7 janv. 2009 à 19:41
7 janv. 2009 à 19:41
re
pour avancer MARIE
deconnecte toi d'internet, ferme toutes tes application et relance findykill et cette fois fait l'option 2 et poste le rapport
puis refait un rapport hijackthis stp
pour avancer MARIE
deconnecte toi d'internet, ferme toutes tes application et relance findykill et cette fois fait l'option 2 et poste le rapport
puis refait un rapport hijackthis stp
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 274
7 janv. 2009 à 19:52
7 janv. 2009 à 19:52
Merci
Je te fais passer la suite de l'outil
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
+ un log hijackthis
Je te fais passer la suite de l'outil
--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir
--> Double-clique sur le raccourci FindyKill sur ton bureau
--> Au menu principal, choisis l'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
+ un log hijackthis
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\conime.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\Windows
»»»» Presence des fichiers dans C:\Windows\Prefetch
»»»» Presence des fichiers dans C:\Windows\system32
Found ! [07/01/2009 16:15] - C:\Windows\system32\mdelk.exe
Found ! [07/01/2009 16:15] - C:\Windows\system32\wintems.exe
Found ! [07/01/2009 17:16] - C:\Windows\system32\ban_list.txt
»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming
Found ! [30/12/2008 22:45] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
Found ! [23/03/2004 06:03] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
Found ! [07/01/2009 19:24] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
Found ! [07/01/2009 19:24] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/01/2009 16:18] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Windows\system32\drivers
»»»» Presence des fichiers dans
Found ! [29/12/2008 19:14] - "\m\flec006.exe"
Found ! [30/12/2008 20:18] - "\m"
»»»» Presence des fichiers dans C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp1_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp2_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Google Gadget Cache\{72934796-5897-E178-381B-8E74651CA2CD}\fr\strings.xml
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp1_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip\The Secrets Of The $0.01 Cent Free Shipping eBook.exe
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp1_[Symantec.AntiVirus.Corporate.v10.1.‡©?„«"„÷ð‘-·%^].SAV10.1CN.zip\install_crack.exe
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp2_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip\The Secrets Of The $0.01 Cent Free Shipping eBook.exe
»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\conime.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\Windows
»»»» Presence des fichiers dans C:\Windows\Prefetch
»»»» Presence des fichiers dans C:\Windows\system32
Found ! [07/01/2009 16:15] - C:\Windows\system32\mdelk.exe
Found ! [07/01/2009 16:15] - C:\Windows\system32\wintems.exe
Found ! [07/01/2009 17:16] - C:\Windows\system32\ban_list.txt
»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming
Found ! [30/12/2008 22:45] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
Found ! [23/03/2004 06:03] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
Found ! [07/01/2009 19:24] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
Found ! [07/01/2009 19:24] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/01/2009 16:18] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"
»»»» Presence des fichiers dans C:\Windows\system32\drivers
»»»» Presence des fichiers dans
Found ! [29/12/2008 19:14] - "\m\flec006.exe"
Found ! [30/12/2008 20:18] - "\m"
»»»» Presence des fichiers dans C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp1_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp2_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Google Gadget Cache\{72934796-5897-E178-381B-8E74651CA2CD}\fr\strings.xml
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp1_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip\The Secrets Of The $0.01 Cent Free Shipping eBook.exe
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp1_[Symantec.AntiVirus.Corporate.v10.1.‡©?„«"„÷ð‘-·%^].SAV10.1CN.zip\install_crack.exe
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp2_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip\The Secrets Of The $0.01 Cent Free Shipping eBook.exe
»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 274
8 janv. 2009 à 11:16
8 janv. 2009 à 11:16
Bonjour
Me faudrait un nouveau rapport hijackthis comme demande
Merci
Me faudrait un nouveau rapport hijackthis comme demande
Merci
7 janv. 2009 à 16:58
quand je fais DO A SCAN AND SAVE THE LOG
ya ça ki resort c normal je fais koi apres merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:42, on 07/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\mrt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, C:\Windows\system\services.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1440x900.cmd
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [V0220Mon.exe] C:\Windows\V0220Mon.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mljihg] "c:\users\nicot laetitia\appdata\local\mljihg.exe" mljihg
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\nicot laetitia\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe