Sujet Précédent Sujet Suivant

Rapport findikill

carole -  
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
voila le rapport
---------------- FindyKill V4.711 ------------------

* User : carole - PC-CAROLE
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 12:48:56 le 14/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Fighters\configservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Fighters\licenseservice.exe
C:\Program Files\Fighters\updateservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Fighters\ScannerService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\oopmagent.exe
C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\carole\AppData\Roaming\drivers\winupgro.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\eMule\emule.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe

--------------- [ Processus infectieux stoppés ] ----------------

"C:\Users\carole\AppData\Roaming\drivers\winupgro.exe" (2388)

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

Found ! [14/01/2009 12:29] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\67585484.EXE-767E393D.pf
Found ! - C:\Windows\prefetch\MDELK.EXE-288F7189.pf
Found ! - C:\Windows\prefetch\WINTEMS.EXE-85AF748B.pf
Found ! - C:\Windows\prefetch\WINUPGRO.EXE-3AEEE955.pf
Found ! - C:\Windows\Prefetch\KEY_GENERATOR.EXE-1F1A914B.pf
Found ! - C:\Windows\Prefetch\KEY_GENERATOR.EXE-763370E0.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [14/01/2009 02:48] - C:\Windows\system32\mdelk.exe
Found ! [14/01/2009 07:15] - C:\Windows\system32\wintems.exe

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\carole\AppData\Roaming

Found ! [14/01/2009 11:25] - "C:\Users\carole\AppData\Roaming\m\flec006.exe"
Found ! [14/01/2009 11:29] - "C:\Users\carole\AppData\Roaming\m\shared"
Found ! [14/01/2009 12:27] - "C:\Users\carole\AppData\Roaming\m"
Found ! [14/01/2009 12:27] - "C:\Users\carole\AppData\Roaming\drivers"
Found ! [14/01/2009 03:00] - "C:\Users\carole\AppData\Roaming\drivers\srosa.sys"
Found ! [14/01/2009 12:29] - "C:\Users\carole\AppData\Roaming\drivers\downld"

»»»» Presence des fichiers dans C:\Users\carole\AppData\Local\Temp

»»»» Presence des fichiers dans C:\Users\carole\Local Settings\Temporary Internet Files\Content.IE5

Found ! [22/10/2003 13:21] - C:\Program Files\OFFICE One Games\OFFICE One Games - Rainbow Islands Candyland\data_fr\default\bonuses\scores\file_list.txt
Found ! [14/01/2009 07:17] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63ECE2OT\b64_1[1].jpg
Found ! [14/01/2009 11:30] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63ECE2OT\b64_2[1].jpg
Found ! [14/01/2009 11:25] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDWIJYNX\b64[1].jpg
Found ! [14/01/2009 03:13] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDWIJYNX\b64_1[1].jpg
Found ! [14/01/2009 07:22] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDWIJYNX\b64_2[1].jpg
Found ! [14/01/2009 07:21] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GR5E3TPU\b64_1[1].jpg
Found ! [14/01/2009 11:25] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GR5E3TPU\b64_1[2].jpg
Found ! [14/01/2009 07:16] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GR5E3TPU\file[1].txt
Found ! [14/01/2009 07:17] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQL3NPQL\b64[1].jpg
Found ! [14/01/2009 07:15] - C:\Users\carole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQL3NPQL\b64_3[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ehTray.exe=C:\Windows\ehome\ehTray.exe
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
P2Go_Menu="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
StartCCC="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
RtHDVCpl=RtHDVCpl.exe
SMSERIAL=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ATKMEDIA=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
ASUSTPE=C:\Windows\system32\ASUSTPE.exe
PowerForPhone="C:\Program Files\P4P\P4P.exe"
ASUS Camera ScreenSaver=C:\Windows\ASScrProlog.exe
ASUS Screen Saver Protector=C:\Windows\ASScrPro.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
ooquickpdfv7="C:\Windows\system32\oopmagent.exe"
spywarefighterguard=C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-4123086181-3701792628-3730146089-1000\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_USERS\S-1-5-21-4123086181-3701792628-3730146089-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-4123086181-3701792628-3730146089-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-4123086181-3701792628-3730146089-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-4123086181-3701792628-3730146089-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- Contenu de l'autorun : C:\autorun.inf

+- Contenu de l'autorun : D:\autorun.inf

+- presence des fichiers :

Found ! [13/01/2009 20:47][d--h-----] - C:\autorun.inf
Found ! [13/01/2009 20:47][d--h-----] - D:\autorun.inf

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

2 réponses

Réponse 1 / 2
Utilisateur anonyme
 
Quadruplon RESTES SUR LA MEME DISCUSSION !!!!!!!!!
0
Réponse 2 / 2
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
'lu tu t'amuse a quoi en faite ???? tu a fais un triplon...
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses