Bonjour, aidez moi svp g un problem avec mn ordi j'arrive plus a instaler un logiciel

Virus win 32 winnt ,rootkit

Réponse 1 / 5

plopus Messages postés 49 Date d'inscription Statut Contributeur sécurité Dernière intervention 293

bonjour,

arrive tu as installer hijackthis

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

et choisit "do a scan and save the log" et poste le rapport

pepito

bonjour merci
quand je fais DO A SCAN AND SAVE THE LOG
ya ça ki resort c normal je fais koi apres merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:42, on 07/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\mrt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, C:\Windows\system\services.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Setresolution] C:\ACERSW\config\1440x900.cmd
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [V0220Mon.exe] C:\Windows\V0220Mon.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mljihg] "c:\users\nicot laetitia\appdata\local\mljihg.exe" mljihg
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\nicot laetitia\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Réponse 2 / 5

plopus Messages postés 49 Date d'inscription Statut Contributeur sécurité Dernière intervention 293

re

commence par telecharger un antivirus (je n'en vois pas) prend antivir met le a jour et fait un scan et poste le rapport
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

puis

telecharge et installe malwarebyte met le a jour

http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware

puis fait un scan de ton PC et poste le rapport

pepito

impossible d'installer antivir

^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention 3 280 > pepito

Bonsoir

Essaie ce qui suit -- stp

--> Télécharge FindyKill (par Chiquitine29) sur ton bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l'installation avec les paramètres par defaut

--> Double-clique sur le raccourci FindyKill sur ton bureau

--> Au menu principal, choisis l'option 1 (Recherche)

--> Poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

sarou > ^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention

svp c koi poste le rapport findykill.txt

sarou > ^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention

----------------- FindyKill V4.711 ------------------

* User : nicot laetitia - PC-DE-LAETITIA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:57:11 le 07/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\158762.EXE-1A7389A8.pf
Found ! - C:\Windows\prefetch\189572.EXE-DAC78997.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-7BDF5831.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [07/01/2009 16:15] - C:\Windows\system32\mdelk.exe
Found ! [07/01/2009 16:15] - C:\Windows\system32\wintems.exe
Found ! [07/01/2009 17:16] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming

Found ! [30/12/2008 22:45] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
Found ! [23/03/2004 06:03] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/01/2009 16:18] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\nicot laetitia\AppData\Roaming

Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\flec006.exe"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\list.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\data.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\srvlist.oct"
Found ! [07/01/2009 15:10] - "C:\Users\nicot laetitia\AppData\Roaming\m\shared"
Found ! [27/12/2008 20:01] - "C:\Users\nicot laetitia\AppData\Roaming\m"
Found ! [24/12/2008 16:42] - "C:\Users\nicot laetitia\AppData\Roaming\drivers"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa.sys"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa2.sys"
Found ! [17/10/2005 05:06] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\winupgro.exe"
Found ! [30/12/2008 22:43] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Users\NICOTL~1\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\nicot laetitia\Local Settings\Temporary Internet Files\Content.IE5

Found ! [30/12/2008 18:47] - C:\$RECYCLE.BIN\S-1-5-18\$RUWIBJ8\FileList.txt
Found ! [29/12/2008 20:00] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28XGEHAL\file[1].txt
Found ! [30/12/2008 18:15] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOZON3PL\mxd[1].jpg
Found ! [03/01/2009 01:49] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_1[1].jpg
Found ! [04/01/2009 18:41] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_3[2].jpg
Found ! [06/01/2009 19:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\eDatasecurity\FileList.txt
Found ! [14/06/2006 09:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\EMProxy\filelist.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_Win9x.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_WinNT.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_Win9x.txt
Found ! [13/12/2005 10:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_WinNT.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHR_5_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHR_5_0.txt
Found ! [12/06/2006 12:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSC\filelist70.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHR_5_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHR_5_0.txt
Found ! [07/12/2006 17:00] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\VS\filelist.txt
Found ! [30/12/2008 22:37] - C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\DRZXAVUH\file[1].txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
mljihg="c:\users\nicot laetitia\appdata\local\mljihg.exe" mljihg
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl=RtHDVCpl.exe
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
eRecoveryService=
NVRaidService=C:\Windows\system32\nvraidservice.exe
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
Setresolution=C:\ACERSW\config\1440x900.cmd
Apanel=C:\ACERSW\config\NewSetApanel.cmd
V0220Mon.exe=C:\Windows\V0220Mon.exe
WPCUMI=C:\Windows\system32\WpcUmi.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

/!\ SharedAccess - Type de démarrage = 4

wuauserv - Type de démarrage = 2

/!\ wscsvc - Type de démarrage = 4

WinDefend - Type de démarrage = 2

/!\ UAC is Disable

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- Contenu de l'autorun : C:\autorun.inf

+- Contenu de l'autorun : D:\autorun.inf

+- presence des fichiers :

Found ! [07/01/2009 15:06][drahs----] - C:\autorun.inf
C:\autorun.inf - This folder was created by flash disinfector !
Found ! [07/01/2009 15:06][drahs----] - D:\autorun.inf
D:\autorun.inf - This folder was created by flash disinfector !

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

sarou > ^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention

----------------- FindyKill V4.711 ------------------

* User : nicot laetitia - PC-DE-LAETITIA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:57:11 le 07/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\158762.EXE-1A7389A8.pf
Found ! - C:\Windows\prefetch\189572.EXE-DAC78997.pf
Found ! - C:\Windows\prefetch\FLEC006.EXE-7BDF5831.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [07/01/2009 16:15] - C:\Windows\system32\mdelk.exe
Found ! [07/01/2009 16:15] - C:\Windows\system32\wintems.exe
Found ! [07/01/2009 17:16] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming

Found ! [30/12/2008 22:45] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
Found ! [23/03/2004 06:03] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
Found ! [07/01/2009 16:15] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/01/2009 16:18] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\nicot laetitia\AppData\Roaming

Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\flec006.exe"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\list.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\data.oct"
Found ! [30/12/2008 22:42] - "C:\Users\nicot laetitia\AppData\Roaming\m\srvlist.oct"
Found ! [07/01/2009 15:10] - "C:\Users\nicot laetitia\AppData\Roaming\m\shared"
Found ! [27/12/2008 20:01] - "C:\Users\nicot laetitia\AppData\Roaming\m"
Found ! [24/12/2008 16:42] - "C:\Users\nicot laetitia\AppData\Roaming\drivers"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa.sys"
Found ! [30/12/2008 22:39] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\srosa2.sys"
Found ! [17/10/2005 05:06] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\winupgro.exe"
Found ! [30/12/2008 22:43] - "C:\Users\nicot laetitia\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Users\NICOTL~1\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\nicot laetitia\Local Settings\Temporary Internet Files\Content.IE5

Found ! [30/12/2008 18:47] - C:\$RECYCLE.BIN\S-1-5-18\$RUWIBJ8\FileList.txt
Found ! [29/12/2008 20:00] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28XGEHAL\file[1].txt
Found ! [30/12/2008 18:15] - C:\Users\nicot laetitia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MOZON3PL\mxd[1].jpg
Found ! [03/01/2009 01:49] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_1[1].jpg
Found ! [04/01/2009 18:41] - C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XSFKQQZR\b64_3[2].jpg
Found ! [06/01/2009 19:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\eDatasecurity\FileList.txt
Found ! [14/06/2006 09:52] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\EMProxy\filelist.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_Win9x.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS11_WinNT.txt
Found ! [02/12/2005 09:55] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_Win9x.txt
Found ! [13/12/2005 10:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MAS\Files_MAS20_WinNT.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win2K_SHR_5_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHRED_6_0.txt
Found ! [28/11/2005 17:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MPS\Files_Win98_SHR_5_0.txt
Found ! [12/06/2006 12:32] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSC\filelist70.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win2K_SHR_5_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHRED_6_0.txt
Found ! [09/06/2006 15:14] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\MSHR\Files_Win98_SHR_5_0.txt
Found ! [07/12/2006 17:00] - C:\Windows\System32\config\systemprofile\AppData\Local\Temp\MCPR.tmp\VS\filelist.txt
Found ! [30/12/2008 22:37] - C:\Windows\Temp\Fichiers Internet temporaires\Content.IE5\DRZXAVUH\file[1].txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe
ehTray.exe=C:\Windows\ehome\ehTray.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
mljihg="c:\users\nicot laetitia\appdata\local\mljihg.exe" mljihg
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
NvSvc=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl=RtHDVCpl.exe
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
eRecoveryService=
NVRaidService=C:\Windows\system32\nvraidservice.exe
Acer Tour Reminder=C:\Acer\AcerTour\Reminder.exe
Setresolution=C:\ACERSW\config\1440x900.cmd
Apanel=C:\ACERSW\config\NewSetApanel.cmd
V0220Mon.exe=C:\Windows\V0220Mon.exe
WPCUMI=C:\Windows\system32\WpcUmi.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_crack]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\install_patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1925218949-15091022-995765332-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_crack
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

/!\ SharedAccess - Type de démarrage = 4

wuauserv - Type de démarrage = 2

/!\ wscsvc - Type de démarrage = 4

WinDefend - Type de démarrage = 2

/!\ UAC is Disable

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- Contenu de l'autorun : C:\autorun.inf

+- Contenu de l'autorun : D:\autorun.inf

+- presence des fichiers :

Found ! [07/01/2009 15:06][drahs----] - C:\autorun.inf
C:\autorun.inf - This folder was created by flash disinfector !
Found ! [07/01/2009 15:06][drahs----] - D:\autorun.inf
D:\autorun.inf - This folder was created by flash disinfector !

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Réponse 3 / 5

plopus Messages postés 49 Date d'inscription Statut Contributeur sécurité Dernière intervention 293

re

pour avancer MARIE

deconnecte toi d'internet, ferme toutes tes application et relance findykill et cette fois fait l'option 2 et poste le rapport

puis refait un rapport hijackthis stp

pepito

merci marie c pepito
deja g fait findykill option 2 il ma demander de redemarrer l'ordi
est quand j'essaye de faire le rapport de hijackthis
l'ordi me marque ke hijackthis n'est pas une application Win32 valide
je comprend pas

Réponse 4 / 5

^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention 3 280

Merci

Je te fais passer la suite de l'outil

--> Branche tes disques amovibles à ton PC (clefs USB, disque dur externe, etc...) sans les ouvrir

--> Double-clique sur le raccourci FindyKill sur ton bureau

--> Au menu principal, choisis l'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

+ un log hijackthis

pepito

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system\services.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\conime.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [07/01/2009 16:15] - C:\Windows\system32\mdelk.exe
Found ! [07/01/2009 16:15] - C:\Windows\system32\wintems.exe
Found ! [07/01/2009 17:16] - C:\Windows\system32\ban_list.txt

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming

Found ! [30/12/2008 22:45] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers"
Found ! [23/03/2004 06:03] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\winupgro.exe"
Found ! [07/01/2009 19:24] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa.sys"
Found ! [07/01/2009 19:24] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/01/2009 16:18] - "C:\Windows\system32\config\systemprofile\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans

Found ! [29/12/2008 19:14] - "\m\flec006.exe"
Found ! [30/12/2008 20:18] - "\m"

»»»» Presence des fichiers dans C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp

Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp1_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp2_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Google Gadget Cache\{72934796-5897-E178-381B-8E74651CA2CD}\fr\strings.xml
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp1_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip\The Secrets Of The $0.01 Cent Free Shipping eBook.exe
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp1_[Symantec.AntiVirus.Corporate.v10.1.‡©?„«"„÷ð‘-Î‡%^].SAV10.1CN.zip\install_crack.exe
Found ! - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\Temp2_Microsoft Windows Vista SP1 Ultimate Business Home Premium Serial Activation Crack x86 32 64bit ita eng de fr ru April 2008.zip\The Secrets Of The $0.01 Cent Free Shipping eBook.exe

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5

Réponse 5 / 5

^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention 3 280

Bonjour

Me faudrait un nouveau rapport hijackthis comme demande

Merci

Virus win 32 winnt ,rootkit

5 réponses

Discussions similaires

Newsletters