NTSB investigators flights recorder

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention -
apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention - 20 janv. 2009 à 10:20

Bonjour,
j'ai le même problème que :

AnToiinee, le samedi 3 janvier 2009 à 17:44:43
Bonjour,
Voila j'ai un problème avec mon ordinateur au démarrage "NTBS investigators flight recorder (black box) analyser" s'affiche j'ai tout essaye Elibagla, Malwarebytes, mon anti virus ne marche plus et je ne peux plus en installer un autre, mon ordinateur rame et je n'arrive pas a accéder au mode sans échec impossible j'ai ce probleme depuis hier et j'ai regardé dans les autres sujets, ou on a éxpliqué qu'il fallait utiliser le logiciel FindyKill mais quand j'analyse il me dise no matching processus not found, et voila le premier scan :

pour gagné du temps je suis passé au Findykill de chiquitine 29 option 2 (ci-dessous le rapport)
ensuite j'ai réussi à re-installer Ccleaner mais malheureusement pour très peu de temps
j'ai juste eu le temps de faire :

▶ Lance-le. Va dans "Options" puis "Avancé",
▶ Tu décoches la case "Effacer uniquement les fichiers etc...".
▶ Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage.
▶ Tu vas dans "Registre", tu fais "Chercher des erreurs".
Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
▶ Un tuto ( aide )

le problème persiste re-apparition de la fenetre "NTBS investigators flight recorder (black box) analyser".
Impossible de relancer Ccleaner et surtout impossible d'installer un antivirus.
Que dois je faire SVP aider moi.

Désolé d'être aussi bref
Vous remerciant

----------------- FindyKill V4.712 ------------------

* User : Polo - APOLOSIO
* executed from : C:\Program Files\FindyKill
* Update on 14/01/09 par Chiquitine29
* Start at 17:05:47 the 17/01/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

»»»» Supression files in C:\WINDOWS\system32

Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\Polo\Application Data

Not deleted !! - "C:\Documents and Settings\Polo\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\1Z0-007 Oracle OCP DBA9i Introduction to Oracle9i
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\360Voice Desktop 4.02.2a.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\3D Grapher 1.21.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\3D Tropical Island Screen Saver 1.0b.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Actualizacion.Mcafee.De.Por.Vida.updated-fixed.01-2007.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Alice DVD to H.264 MP4 Converter 5.38.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Ambages 001.000.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AMORTSC 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AnimatedCamero ScreenMate 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AppCompactor 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Atomic Word Password Recovery 1.50.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Attachments Processor for Outlook 4.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Australian Landscapes 09 Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Auto-Talk 4.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AWT Font Shower 2.7 Build 9228.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Background Buddy Pro 3.05.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Big Clock 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Black Steel 1.2.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\BMW E39 Screensaver 1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Calvary of Albuquerque 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Chilkat Zip C++ Library -.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Christmas Textures 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Classic Menu for Excel 3.5.0.113.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\COM Explorer 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Coollector 2.28.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\CopyShell 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\CPU Led Indicator 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Crack.Panda.Platinum.Internet.Security.2005.v9.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Dark Super 1.0.4.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Delete FXP Files 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Directory Synchronizer 0.3 Build 226.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\DX 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Easy Text To HTML Converter 3.0.0.057.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Eset.NOD32.Antivirus.Administrator.Edition.v2.50.16.PROPER-DVT.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Eva Mendes Screensaver1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Find Toolbar Tweaks 2.0.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Font Viewer 2.00.382.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Free System Tweaker 4.5.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\FreeNetEnumerator 1.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Freewind SQL Converter 1.8.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Gimao Browser 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Glossword 1.8.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\GoodOk DVD Ripper 5.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\HTML Template Browser 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Humanclock 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IBFireBackup 2.6.0.76.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\icecream 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IceLand 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\ID AntiPopup 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\iMiser Web Organizer 3.1 SR1 Build 1075.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Ivan Video to 3GP + DVD to 3GP 1.11.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IWEB Dashboard 1.0.0.40.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Java HTTP Client 2.5.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Jokes Screen Saver 2.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Jovem Pan AM 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\K2xMon 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Kaufman Launch Cleaner 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\KingConvert For Coby PMP-3522 4.0.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\LingvoSoft FlashCards English German 1.5.07.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\LvG Spellcheck 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MacAfee.Virusscan.-.8.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MailChecker 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Maximus CD Player 3.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mayweed Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mcafee.Viruscan.Enterprise-2004.8.0I.16-07-2004.Ilimitado.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Microsoft Agent Network Chat 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mister Wong Toolbar 1.1.8a.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Morning Glory 1.0.14.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MouseaWay 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Movie to GIF Converter 2.20.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MyBusinessCatalog Gold 6.4.0.18.87.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MySQL Delete (Remove) Duplicate Entries Software 7.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NetFilter SDK 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NetMac 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\New Chronicles Of Rebecca 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NewPlay 4 Audio Full Edition 4.05.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nod32_2.51.30_ita.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nod32_by_soft-best.net.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nokia Gps Route 66 Mobile 2007 [Mapas de Espa¤a y Portugal].zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Norton.AntiVirus.2004.LiveUpdate.to.2090.by.Xp.for.EWS.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Noted 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NotePad SX 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\OBJ Export for SolidWorks 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Obsidian Menu 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Omniquad Surfwall - Enterprise Manager 2.882.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Opera Christmas Widget! 1.6.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\OSPC
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Paragon CD-ROM Emulator Network 3.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Paste MSDN URL 1.0.2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\pdf2picture 6.5.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Pepys Personal Edition 1.0.2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Phoebus 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Photo2Web Publisher 1.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Privacy Inspector 2.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Qdeo 1.0 Beta.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\QDQ Search 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\QRCode 2D Barcode ActiveX 3.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\RE
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Registry Accelerator 5.1.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Reverb Rack R-ii 2.6.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Sam's Interactive Reader 1.10.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Scalable Fabric 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SetBrowser 1.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SharePoint Vista Sidebar Gadget Preview 0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Shuffle Radio Tuner 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Shutdown System Manager 1.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Sony Vegas Movie Studio Platinum 9.0b Build 85.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\soul cage screensaver 01.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\StreamAware 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Super MIDI Scripter 0.830.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Symantec.Norton.Ghost.2006.v10.Retail.+.Crack.+.Code.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Telepen Barcode Font 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Trailfire 1.5.12010.2584.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Trojan.Lodear Removal Tool 1.3.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TTHmachine 1.02 beta.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TurboFTP 6.00 Build 712.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TV Set 1.0.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Twins File Merger 3.86.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Video and Music to iPod Converter 4.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\VisualHash 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Wav to MP3 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Web Pictures Downloader 2.0 SR 100.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Window Magician 1.1.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Winguard Popup Remover 1.17.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\WordBanker English-Croatian 6.4.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\xSync File Synchronizer 2.0.26.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\XtraTools 2008 1.7.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Zero-X BeatQuantizer 1.52.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\[Antivirus].Panda.Platinium.Internet.Security.(2009).zip
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\Polo\Application Data\m"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\drivers\srosa2.sys"
Not deleted !! - "C:\Documents and Settings\Polo\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Polo\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\Polo\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64[3].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\file[1].txt
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\6TEJSM4O\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\VQU82VKM\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\VQU82VKM\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\file[1].txt
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\VQU82VKM\mxd[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur de CD-ROM

M: - Lecteur fixe

+- deleting files :

Not deleted !! - F:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Afficher la suite

A voir également:

NTSB investigators flights recorder
Apowersoft screen recorder - Télécharger - Capture d'écran
Free sound recorder - Télécharger - Audio & Musique
Avs video recorder - Télécharger - TV & Vidéo
Jitbit macro recorder - Télécharger - Confidentialité
Microsoft voice recorder - Télécharger - Audio & Musique

53 réponses

Réponse 21 / 53

Utilisateur anonyme

Re;

Voir poste 31

Réponse 22 / 53

Utilisateur anonyme

Re,

Fait sa clic ici

Réponse 23 / 53

Utilisateur anonyme

Re,

Fait le poste 34

Réponse 24 / 53

Utilisateur anonyme

Re,

Fait sa aussi.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Polo\Application Data\m\flec006.exe"=-

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

encore un rapport

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_lyWLp6TPguZW1SxhI7PI scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Polo\LOCALS~1\Temp\~DF33E5.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_041826

Files moved on Reboot...
File C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_lyWLp6TPguZW1SxhI7PI not found!
C:\DOCUME~1\Polo\LOCALS~1\Temp\~DF33E5.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\XUL.mfl moved successfully.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 53

Utilisateur anonyme

Re,

Redémarre ton pc et refait un log avec,rsit

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Et voila

Logfile of random's system information tool 1.05 (written by random/random)
Run by Polo at 2009-01-18 04:47:38
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 31 GB (26%) free of 117 GB
Total RAM: 2047 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:47:44, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Polo\Bureau\RSIT.exe
C:\Program Files\trend micro\HijackThis\Polo.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InvisibloRun] "C:\Program Files\Invisiblo\invisiblo.exe" -norun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (file missing)

Réponse 26 / 53

Utilisateur anonyme

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Polo\Application Data\m\flec006.exe"=-

:commands
[purity]
[emptytemp]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_eVwG0knaar5KUsFhy28B scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_045857

Files moved on Reboot...
File C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_eVwG0knaar5KUsFhy28B not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\XUL.mfl moved successfully.

Réponse 27 / 53

Utilisateur anonyme

Re,

recommence sans mettre :

:commands
[purity]
[emptytemp]

Bizarre que cela ne prenne pas soit moi qui m***** ou je sais pas.

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Marche pas !!!

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_052512

Réponse 28 / 53

Utilisateur anonyme

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:files
c:\documents and settings\polo\application data\m\flec006.exe

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Polo\Application Data\m\flec006.exe"=-

:commands
[purity]
[emptytemp]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

C'est la 4ème fois que je fais la même manipe ???!!!!
Marche toujours pas !!

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Je suppose que c'est OK !!
pouvez me confirmé.

========== FILES ==========
File/Folder c:\documents and settings\polo\application data\m\flec006.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_101058

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Réponse 29 / 53

Utilisateur anonyme

Re,

POste le rapport du poste 45.

merci.

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

========== FILES ==========
File/Folder c:\documents and settings\polo\application data\m\flec006.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_N56pS1CsafhhfN3dq5dA scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_060206

Files moved on Reboot...
File C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_N56pS1CsafhhfN3dq5dA not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\XUL.mfl moved successfully.

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Ca y est, tout marche correctement (M'ouais méfiance comme-même !) je dois avoir encore 2 ou 3 petits Trojans qui doivent dormir dans un coin. Mais en tout cas ça fonctionne et j'suis content après avoir passé une nuit blanche à résoudre le problème. Je peux enfin installer un Antivirus ainsi que mes autres prog...
Merci V-X pour tes conseils trop génial
et bonne continuation.
wwww
@+++++++++++++++ (((°L°)))
ciAO

Réponse 30 / 53

Utilisateur anonyme

Re,

Je ne croit pas que cela soi fini.

Pourrais me dire quel antivirus tu as installer ?

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Avira Antivir Personal

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

j'ai installer "Avira Antivir Personal"

et par contre "AVG Free" est il mieux ????

Réponse 31 / 53

Utilisateur anonyme

Re,

Oui antivir et pas mal en gratuit.

Réponse 32 / 53

Utilisateur anonyme

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Polo\Application Data\m\flec006.exe"=-

:commands
[emptytemp]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Salouté V-X
encore merci a toi & a ton équipe pour vos réponses
vous êtes trop top.

Voici donc le rapport :

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_Rz0Y3oyYn9hz0RQL6ZHh scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01192009_211430

Files moved on Reboot...
File C:\DOCUME~1\Polo\LOCALS~1\Temp\etilqs_Rz0Y3oyYn9hz0RQL6ZHh not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Polo\Local Settings\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\XUL.mfl moved successfully.

Réponse 33 / 53

Utilisateur anonyme

Re,

Redémarre ton pc normalement et fait ce qui suit:

FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

▶ ( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

La suite

###################### [ FindyKill V4.714 ]

# User : Polo - APOLOSIO
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours le 19/01/09 par Chiquitine29
# Recherche effectuée à 21:45:43 le 19/01/2009
# Windows XP - Internet Explorer 7.0.5730.11

# [ FindyKill V4.714 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\V0330Mon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe

\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////

################## [ C:\ ]

Found ! [19/01/2009 21:40] - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\Polo\Application Data ]

################## [ C:\DOCUME~1\Polo\LOCALS~1\Temp ]

\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
LightScribe Control Panel=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
Google Update="C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
InvisibloRun="C:\Program Files\Invisiblo\invisiblo.exe" -norun
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
V0330Mon.exe=C:\WINDOWS\V0330Mon.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - # Type de démarrage = 3

EapHost - # Type de démarrage = 2

Ip6Fw - # Type de démarrage = 2

SharedAccess - # Type de démarrage = 2

wuauserv - # Type de démarrage = 2

wscsvc - # Type de démarrage = 2

\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////

# Informations :

C: - Lecteur fixe

D: - Lecteur fixe

# presence des fichiers :

\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////

-> Not found !

################## [ ! Fin du rapport # FindyKill V4.714 ! ]

Réponse 34 / 53

Utilisateur anonyme

Re,

Findykill de chiquitine29 option 2:

▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

▶ Double-clique sur le raccourci FindyKill sur ton bureau

▶ Au menu principal, choisisl'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

▶ Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

et voila,

###################### [ FindyKill V4.714 ]

# User : Polo - APOLOSIO
# Executed from : C:\Program Files\FindyKill
# Update on 19/01/09 by Chiquitine29
# Start at 21:54:44 the 19/01/2009
# Windows XP - Internet Explorer 7.0.5730.11

# [ FindyKill V4.714 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

################## [ C:\ ]

Deleted ! - C:\InfoSat.txt

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-086F0B56.pf

################## [ C:\WINDOWS\system32 ]

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\Documents and Settings\Polo\Application Data ]

################## [ C:\DOCUME~1\Polo\LOCALS~1\Temp ]

################## [ C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5 ]

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

EapHost - # Type of startup = 2

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Lecteur fixe

D: - Lecteur fixe

M: - Lecteur fixe

# deleting files :

\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////

-> Not found !

\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////

\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////

################## [ ! End of report # FindyKill V4.714 ! ]

Réponse 35 / 53

Utilisateur anonyme

Re,

Comment va le pc ?

Réponse 36 / 53

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Pour l'instant R.A.S
Why ?

Réponse 37 / 53

Utilisateur anonyme

Re,

OKI.

Refait un log avec RSIT et poste le en deux fois STP.

merci

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Logfile of random's system information tool 1.05 (written by random/random)
Run by Polo at 2009-01-19 22:37:24
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 28 GB (24%) free of 117 GB
Total RAM: 2047 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:37:29, on 19/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Polo\Bureau\RSIT.exe
C:\Program Files\trend micro\HijackThis\Polo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IDA Bar - {C70E30C7-140A-4166-A2E8-43557E62B41A} - C:\Program Files\IDA\idabar.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InvisibloRun] "C:\Program Files\Invisiblo\invisiblo.exe" -norun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (file missing)

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33019205-2d34-11dc-908b-00016cd6f1e5}]
shell\AutoRun\command - K:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34015fdf-cd9e-11db-8fc8-00016cd6f1e5}]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f232abd-bde8-11dd-938e-00016cd6f1e5}]
shell\Auto\command - cmd /C launch.bat
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34827b4-cc7b-11dd-93a9-00016cd6f1e5}]
shell\AutoRun\command - K:\ClickMe.exe

======List of files/folders created in the last 1 months======

2009-01-19 21:54:44 ----A---- C:\FindyKill.txt
2009-01-19 21:45:21 ----D---- C:\Program Files\FindyKill
2009-01-18 14:01:51 ----A---- C:\WINDOWS\kit.ini
2009-01-18 14:01:22 ----D---- C:\Program Files\Wanadoo
2009-01-18 13:56:59 ----D---- C:\Program Files\Securitoo
2009-01-18 04:18:26 ----D---- C:\_OTMoveIt
2009-01-18 04:13:13 ----D---- C:\Program Files\PeerGuardian2
2009-01-18 03:58:03 ----D---- C:\Program Files\Avira
2009-01-18 03:58:03 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-01-18 02:09:41 ----D---- C:\rsit
2009-01-18 01:40:53 ----D---- C:\Program Files\Ad-remover
2009-01-18 00:55:54 ----A---- C:\TCleaner.txt
2009-01-18 00:28:06 ----SHD---- C:\RECYCLER
2009-01-18 00:09:44 ----D---- C:\WINDOWS\temp
2009-01-18 00:00:38 ----A---- C:\Boot.bak
2009-01-18 00:00:34 ----RASHD---- C:\cmdcons
2009-01-17 23:56:48 ----A---- C:\WINDOWS\zip.exe
2009-01-17 23:56:48 ----A---- C:\WINDOWS\VFIND.exe
2009-01-17 23:56:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-17 23:56:48 ----A---- C:\WINDOWS\SWSC.exe
2009-01-17 23:56:48 ----A---- C:\WINDOWS\SWREG.exe
2009-01-17 23:56:48 ----A---- C:\WINDOWS\sed.exe
2009-01-17 23:56:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-17 23:56:48 ----A---- C:\WINDOWS\grep.exe
2009-01-17 23:56:48 ----A---- C:\WINDOWS\fdsv.exe
2009-01-17 23:56:32 ----D---- C:\WINDOWS\ERDNT
2009-01-17 22:51:07 ----D---- C:\Program Files\CCleaner
2009-01-17 19:37:23 ----D---- C:\Documents and Settings\Polo\Application Data\AVGTOOLBAR
2009-01-17 19:32:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-17 01:40:11 ----D---- C:\Program Files\trend micro
2009-01-15 16:25:51 ----D---- C:\Program Files\WinPcap
2009-01-14 22:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2008-12-20 10:18:15 ----D---- C:\Program Files\SAGEM
2008-12-20 10:15:46 ----D---- C:\Program Files\Inventel

======List of files/folders modified in the last 1 months======

2009-01-19 22:02:49 ----D---- C:\Program Files\Mozilla Firefox
2009-01-19 22:00:51 ----D---- C:\WINDOWS\Prefetch
2009-01-19 21:56:25 ----AD---- C:\WINDOWS
2009-01-19 21:54:03 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2009-01-19 21:52:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-19 21:45:21 ----AD---- C:\Program Files
2009-01-19 21:38:32 ----D---- C:\Program Files\Invisiblo
2009-01-19 21:08:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-19 16:02:34 ----D---- C:\Program Files\eMule
2009-01-19 02:32:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-18 14:01:22 ----D---- C:\WINDOWS\system32
2009-01-18 11:04:15 ----D---- C:\Downloads
2009-01-18 03:58:04 ----AD---- C:\WINDOWS\system32\drivers
2009-01-18 02:42:18 ----SHD---- C:\WINDOWS\Installer
2009-01-18 02:42:18 ----SHD---- C:\Config.Msi
2009-01-18 01:05:19 ----D---- C:\Program Files\Symantec
2009-01-18 00:06:20 ----A---- C:\WINDOWS\system.ini
2009-01-18 00:03:37 ----D---- C:\WINDOWS\system32\config
2009-01-18 00:02:35 ----D---- C:\Program Files\SuperCopier2
2009-01-18 00:02:18 ----D---- C:\WINDOWS\AppPatch
2009-01-18 00:02:18 ----AD---- C:\Program Files\Fichiers communs
2009-01-18 00:00:38 ----RASH---- C:\boot.ini
2009-01-17 18:11:32 ----D---- C:\WINDOWS\Minidump
2009-01-16 17:45:03 ----HD---- C:\WINDOWS\inf
2009-01-16 13:04:10 ----D---- C:\WINDOWS\Debug
2009-01-16 11:35:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-15 16:33:27 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-14 22:29:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 22:29:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-11 11:59:55 ----D---- C:\Program Files\Vivre à Rennes 2005-2006
2009-01-10 13:27:30 ----D---- C:\Program Files\IDA
2009-01-10 13:26:45 ----D---- C:\Program Files\Macromedia
2009-01-10 02:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-31 17:39:11 ----D---- C:\TEMP
2008-12-29 22:48:30 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-29 22:02:25 ----SD---- C:\WINDOWS\Tasks
2008-12-21 09:15:22 ----D---- C:\Documents and Settings\Polo\Application Data\Mozilla
2008-12-20 11:51:53 ----A---- C:\WINDOWS\win.ini
2008-12-20 10:18:15 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38912]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2004-07-19 16512]
R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-03-07 8413]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MMRTKRNL;MMRTKRNL; C:\WINDOWS\system32\drivers\mmrtkrnl.sys [2001-11-05 32960]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-06-09 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-04-01 3454656]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-09-10 52224]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-15 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-15 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-09-10 412032]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-01-08 39488]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-08-08 10368]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver; C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 260608]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
S3 256985c0-1617-47c0-9e3f-1f8fcfea5a48;256985c0-1617-47c0-9e3f-1f8fcfea5a48; \??\F:\Player\cds300.dll []
S3 33918970-d085-4969-96d1-ff6806ced7f1;33918970-d085-4969-96d1-ff6806ced7f1; \??\F:\Player\cds300.dll []
S3 521fa7ec-8579-4088-bd56-4af0f067284e;521fa7ec-8579-4088-bd56-4af0f067284e; \??\F:\Player\cds300.dll []
S3 558808e4-482e-4707-a336-41b385f24119;558808e4-482e-4707-a336-41b385f24119; \??\K:\Player\cds300.dll []
S3 ac6c26d0-6201-45b9-b71e-e8c22fe5da44;ac6c26d0-6201-45b9-b71e-e8c22fe5da44; \??\F:\Player\cds300.dll []
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender9\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender9\bdrsdrv.sys []
S3 catchme;catchme; \??\C:\C-Fix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eae7037d-5969-4644-bf0a-dae3e2b7753d;eae7037d-5969-4644-bf0a-dae3e2b7753d; \??\F:\Player\cds300.dll []
S3 int15.sys;int15.sys; \??\C:\Program Files\acer\eRecovery\int15.sys []
S3 lgusbsmodem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys [2006-02-07 42436]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-11 22016]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2004-10-11 211712]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 V0330VID;WebCam Vista/Live! Cam Chat; C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2007-08-08 157696]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WsAudioDevice_383;WsAudioDevice_383; C:\WINDOWS\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-01 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2009-01-18 100032]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe []
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2009-01-17 206552]

-----------------EOF-----------------

Réponse 38 / 53

Utilisateur anonyme

Re,

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:files
c:\documents and settings\polo\application data\m\flec006.exe

:commands
[emptytemp]
[purity]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

========== FILES ==========
File/Folder c:\documents and settings\polo\application data\m\flec006.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01192009_225900

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Réponse 39 / 53

Utilisateur anonyme

Re,

Cherche ce fichier==>c:\documents and settings\polo\application data\m\flec006.exe

Tu doit aller sur ton disque dur et tu doit le retrouver.

Supprime le et vide ta corbeille.

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Impossible de le trouver il n'apparaît pas dans le répertoire :

c:\documents and settings\polo\application data\m\flec006.exe

une autre solution ???

Réponse 40 / 53

Utilisateur anonyme

Re,

Franchement , passer par combofix peut être que la !!!?

Refait la manip avec combofix .

Merci mais comme les virus ce modifie et devienne de plus en plus coriace.

apolosio Messages postés 56 Date d'inscription Statut Membre Dernière intervention 1

Voici le Log de combofix

ComboFix 09-01-17.03 - Polo 2009-01-19 23:36:49.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1633 [GMT 1:00]
Lancé depuis: c:\documents and settings\Polo\Bureau\C-Fix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-19 au 2009-01-19 ))))))))))))))))))))))))))))))))))))
.

2009-01-19 21:45 . 2009-01-19 22:00 <REP> d-------- c:\program files\FindyKill
2009-01-18 14:01 . 2009-01-18 14:01 <REP> d-------- c:\program files\Wanadoo
2009-01-18 14:01 . 2009-01-18 14:01 21 --a------ c:\windows\kit.ini
2009-01-18 13:56 . 2009-01-18 13:56 <REP> d-------- c:\program files\Securitoo
2009-01-18 04:18 . 2009-01-18 04:18 <REP> d-------- C:\_OTMoveIt
2009-01-18 04:13 . 2009-01-19 13:46 <REP> d-------- c:\program files\PeerGuardian2
2009-01-18 03:58 . 2009-01-18 03:58 <REP> d-------- c:\program files\Avira
2009-01-18 03:58 . 2009-01-18 03:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-18 02:09 . 2009-01-18 02:09 <REP> d-------- C:\rsit
2009-01-18 01:40 . 2009-01-18 01:57 <REP> d-------- c:\program files\Ad-remover
2009-01-17 22:51 . 2009-01-17 22:51 <REP> d-------- c:\program files\CCleaner
2009-01-17 19:37 . 2009-01-17 19:37 <REP> d-------- c:\documents and settings\Polo\Application Data\AVGTOOLBAR
2009-01-17 19:32 . 2009-01-17 19:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 19:32 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 19:32 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 01:40 . 2009-01-18 01:33 <REP> d-------- c:\program files\trend micro
2009-01-15 16:26 . 2008-11-19 09:41 16,640 --a------ c:\windows\system32\drivers\WsAudioDevice_383.sys
2009-01-15 16:25 . 2009-01-15 16:25 <REP> d-------- c:\program files\WinPcap
2008-12-31 14:17 . 2008-12-31 14:17 268 --ah----- C:\sqmdata16.sqm
2008-12-20 10:18 . 2008-12-20 10:18 <REP> d-------- c:\program files\SAGEM
2008-12-20 10:15 . 2008-12-20 10:15 <REP> d-------- c:\program files\Inventel
2008-12-19 22:57 . 2005-07-13 16:37 260,608 --a------ c:\windows\system32\drivers\WlanUZXP.sys
2008-12-19 16:24 . 2008-12-19 16:24 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-19 16:20 . 2008-12-19 16:20 278,528 --a------ c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-12-19 09:08 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-19 09:08 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-19 09:08 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 22:02 --------- d-----w c:\program files\Invisiblo
2009-01-19 15:02 --------- d-----w c:\program files\eMule
2009-01-19 01:32 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-18 00:05 --------- d-----w c:\program files\Symantec
2009-01-17 23:02 --------- d-----w c:\program files\SuperCopier2
2009-01-17 19:16 15,360 ----a-w c:\windows\system32\dllcache\register.exe
2009-01-11 10:59 --------- d-----w c:\program files\Vivre à Rennes 2005-2006
2009-01-10 12:27 --------- d-----w c:\program files\IDA
2009-01-10 12:26 --------- d-----w c:\program files\Macromedia
2008-12-20 09:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 22:44 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-11 09:24 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\U3
2008-12-08 00:09 --------- d-----w c:\program files\QuickMediaConverter
2008-12-07 20:17 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-07 15:44 --------- d-----w c:\program files\AVSMedia
2008-12-07 13:20 --------- d-----w c:\program files\AVS4YOU
2008-12-07 13:06 --------- d-----w c:\program files\Exact Audio Copy
2008-12-07 13:06 --------- d-----w c:\program files\eToro
2008-12-07 10:14 --------- d-----w c:\documents and settings\Polo\Application Data\AVS4YOU
2008-12-07 10:14 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-07 10:07 --------- d-----w c:\program files\VirtualDubMOD
2008-11-30 14:43 --------- d-----w c:\documents and settings\Polo\Application Data\U3
2008-11-29 22:58 --------- d-----w c:\documents and settings\Polo\Application Data\MP-Manager
2008-11-25 14:04 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\ACD Systems
2008-11-25 14:01 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\vlc
2008-11-23 15:27 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\Internet Download Accelerator
2008-11-23 15:21 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\GRETECH
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2007-08-02 04:53 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-11-19 07:46 56 --sh--r c:\windows\system32\78C97AF31E.sys
2008-08-22 23:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"Google Update"="c:\documents and settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InvisibloRun"="c:\program files\Invisiblo\invisiblo.exe" [2007-08-12 193024]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-02 1836544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 226224]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Polo\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.e\[u]0/uA???

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [1979-12-31 16640]
R4 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2005-10-24 8864]
R4 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2005-10-24 8864]
R4 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2005-10-24 8864]
S3 256985c0-1617-47c0-9e3f-1f8fcfea5a48;256985c0-1617-47c0-9e3f-1f8fcfea5a48;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 33918970-d085-4969-96d1-ff6806ced7f1;33918970-d085-4969-96d1-ff6806ced7f1;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 521fa7ec-8579-4088-bd56-4af0f067284e;521fa7ec-8579-4088-bd56-4af0f067284e;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 558808e4-482e-4707-a336-41b385f24119;558808e4-482e-4707-a336-41b385f24119;\??\k:\player\cds300.dll --> k:\player\cds300.dll [?]
S3 ac6c26d0-6201-45b9-b71e-e8c22fe5da44;ac6c26d0-6201-45b9-b71e-e8c22fe5da44;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 eae7037d-5969-4644-bf0a-dae3e2b7753d;eae7037d-5969-4644-bf0a-dae3e2b7753d;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys [2007-09-13 42436]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2008-12-19 260608]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-11-02 157696]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-01-15 16640]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31d3d165-9b4e-11db-8f86-00016cd6f1e5}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33019205-2d34-11dc-908b-00016cd6f1e5}]
\Shell\AutoRun\command - K:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34015fdf-cd9e-11db-8fc8-00016cd6f1e5}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f232abd-bde8-11dd-938e-00016cd6f1e5}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34827b4-cc7b-11dd-93a9-00016cd6f1e5}]
\Shell\AutoRun\command - K:\ClickMe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68334855-1302535486-174330245-1007.job
- c:\documents and settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-14 00:10]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download ALL with IDA - c:\program files\IDA\idaieall.htm
IE: Download with IDA - c:\program files\IDA\idaie.htm
FF - ProfilePath - c:\documents and settings\Polo\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Polo\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 23:39:17
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6713125-0D53-7642-9ADD-1544DBC24BD9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"fadbninegngp"=hex:66,61,6a,65,67,6c,61,6d,6a,6b,61,6c,00,00
"jadbninefndkbmkbiffn"=hex:61,61,00,00
"kadbninelmeopidmbfjeao"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-01-19 23:40:35
ComboFix-quarantined-files.txt 2009-01-19 22:40:27

Avant-CF: 28 995 186 688 octets libres
Après-CF: 28,979,228,672 octets libres

207 --- E O F --- 2009-01-14 21:30:28

Votre réponse