JE SUIS INFECTé

CLAUDE -  
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour, ZEB HELP PROCESS ME TROUVE INFECTION EN LIGNE 42 VOICI LE RAPPORT NAVILOG DE PLUS Y A 20 MINUTE AVG N A PLUS SES COMPOSANT ACTIF SUITE A MISE A JOUR ( script de fichier ?) merciSearch Navipromo version 3.7.1 commencé le 30/01/2009 à 23:19:44,63

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
BIOS : InsydeH2O Version V1.11
USER : acer ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)

C:\ (Local Disk) - NTFS - Total:144 Go (Free:100 Go)
D:\ (Local Disk) - NTFS - Total:144 Go (Free:143 Go)
E:\ (CD or DVD)

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\Windows" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

*** Recherche dossiers dans "C:\ProgramData" ***

*** Recherche dossiers dans "c:\users\acer\appdata\roaming\micros~1\windows\startm~1\programs" ***

*** Recherche dossiers dans "C:\Users\acer\AppData\Local\virtualstore\Program Files" ***

*** Recherche dossiers dans "C:\Users\acer\AppData\Local" ***

*** Recherche dossiers dans "C:\Users\acer\AppData\Roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\acer\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\acer\AppData\Local" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\Windows\system32" :

* Dans "C:\Users\acer\AppData\Local\Microsoft" :

* Dans "C:\Users\acer\AppData\Local" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 30/01/2009 à 23:25:35,70 ***
Configuration: Windows Vista
Opera 9.63

14 réponses

  1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Pourquoi avoir choisi de faire navilog?

    Hijackthis aurait été plus judicieux.

    Télécharge le fichier d'installation d'HijackThis.

    Enregistre HJTInstall.exe sur ton bureau.

    Double-clique sur HJTInstall.exe pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la licence en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

    Tutoriaux (ne fixe rien pour le moment !!)

    0
  2. totobetourne Messages postés 5677 Statut Membre 65
     
    alors pimprenelle

    avec vista n oublie pas.
    pour vista si infection.

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection: IMPORTANT A NE SURTOUT PAS OUBLIER):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html
    0
  3. jean luc
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:53:28, on 31/01/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Tall Emu\Online Armor\oacat.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\TUProgSt.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxext.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Tall Emu\Online Armor\oahlp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Windows\notepad.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\ZebHelpProcess 2\ZHP2.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav.exe" -run
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
    O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
    O23 - Service: McAfee Application Installer Cleanup (0042061229692118) (0042061229692118mcinstcleanup) - Unknown owner - C:\Users\acer\AppData\Local\Temp\004206~1.EXE (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: BFIIRU - Unknown owner - C:\Users\acer\AppData\Local\Temp\BFIIRU.exe (file missing)
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    O23 - Service: KYFTVCJY - Unknown owner - C:\Users\acer\AppData\Local\Temp\KYFTVCJY.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
    O23 - Service: PVGNDZ - Unknown owner - C:\Users\acer\AppData\Local\Temp\PVGNDZ.exe (file missing)
    O23 - Service: QLATABVMS - Unknown owner - C:\Users\acer\AppData\Local\Temp\QLATABVMS.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  4. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Vous êtes claude c'est ça?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. totobetourne Messages postés 5677 Statut Membre 65
     
    des fichiers d enleves qui etaient etrange.si tu nas pas a la place ou en complement tu as malwarebyte de tres bien pour l instant.
    on pourrait voir pour enlever des lignes inutiles.

    0
  7. jean luc
     
    OUI VU QUE PERSONNE ME REPONDAIS J AI CHANGé de pseudo MAINTENANT J EN AI 2 CLAUDE ET JEAN LUC DESOLé c quoi cette infection
    0
  8. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un. Merci.

    Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
    Dézippe le dossier, double-clique sur GenProc.bat
    En final, poste le contenu du rapport qui s'affiche.
    Comment utiliser GenProc

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    0
  9. jean luc
     
    GENPROC ME DIS QU IL MANQUE DES FICHIER POUR CONTINUER
    0
  10. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    le contrôle des comptes utilisateurs est bien désactivé?
    0
  11. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    On se revoie demain, je vais au dodo. Mais vous pouver faire ceci et me poster le rapport.

    Etape 1/ Télécharge :

    - FindyKill http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe sur le Bureau.

    Note importante : l'infection bagle s'installant au moyen d'un crack/keygen, tu dois IMPERATIVEMENT supprimer ce type de fichier.

    # Etape 2/

    Lance l'installation avec les paramètres par défaut
    - Double-clique sur le raccourci FindyKill sur le Bureau (sous Vista : clic droit sur le raccourci --> Exécuter en temps qu'Administrateur)
    - Au menu principal, sélectionne l'option 1 (Recherche)
    - Le rapport est sauvegardé à la racine du disque dur (C:\FindyKill.txt )
    Avant de faire quoi que ce soit d'autre, il est fortement recommandé de poster le rapport sur le forum pour avoir l'avis d'un spécialiste.Après confirmation par un intervenant qualifié du forum, passe au nettoyage

    Si besoin: Tutoriel
    0
  12. jean luc
     
    Zeb Help Process 2 by Nicolas Coolman - Rapport de synthèse du 31/01/2009 01:41:14

    INFORMATION

    INFECTION IDENTIFIEE
    Liste disponible seulement en version Helper

    PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...)
    O42 - Logiciel: Favorit

    PROCESSUS SUPERFLU DU SYSTEME
    O20 - Winlogon Notify: C:\Windows\System32\igfxdev.dll
    O44 - LFC:Last File Created - C:\Windows\System32\igfxdev.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxpers.exe -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->30/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->30/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->30/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->30/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\tmp.reg -->18/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\tmp.txt -->18/01/2009

    PROTECTION DU SYSTEME (Antivirus, FireWall, Anti-Malwares)
    Grisoft®AVG Internet Security Suite
    Crawler®Spyware Terminator
    Grisoft AVG Antivirus
    Emsi Software®A-Squared Free Anti-malware
    Grisoft AVG Anti-Rootkit
    Grisoft AVG AntiSpyware
    Online Armor Firewall
    a-squared Free Antivirus
    a-squared Hijacker
    Grisoft AVG AntiRootkit
    Spyware Terminator

    RAPPORT SIMPLIFIE
    C:\Windows\ehome\ehTray.exe
    C:\
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKLM\..\policies\Explorer: [EnableShellExecuteHooks] Data="1"
    O5 - control.ini: inetcpl.cpl=no
    O15 - Trusted Zone: *
    O20 - Winlogon Notify: C:\Windows\System32\igfxdev.dll
    O41 - Driver: AlfaFF File System mini-filter (AlfaFF) - C:\WINDOWS\system32\Drivers\AlfaFF.sys
    O41 - Driver: GDPkIcpt (GDPkIcpt) - C:\Windows\system32\drivers\PktIcpt.sys
    O41 - Driver: G DATA WFP CD (gdwfpcd) - C:\WINDOWS\system32\drivers\gdwfpcd32.sys
    O41 - Driver: G DATA Rootkit Detector Driver (GRD) - C:\Windows\system32\drivers\GRD.sys
    O41 - Driver: AlfaFF File System mini-filter (AlfaFF) - C:\WINDOWS\system32\Drivers\AlfaFF.sys
    O41 - Driver: GDPkIcpt (GDPkIcpt) - C:\Windows\system32\drivers\PktIcpt.sys
    O41 - Driver: G DATA WFP CD (gdwfpcd) - C:\WINDOWS\system32\drivers\gdwfpcd32.sys
    O41 - Driver: G DATA Rootkit Detector Driver (GRD) - C:\Windows\system32\drivers\GRD.sys
    O41 - Driver: AlfaFF File System mini-filter (AlfaFF) - C:\WINDOWS\system32\Drivers\AlfaFF.sys
    O41 - Driver: GDPkIcpt (GDPkIcpt) - C:\Windows\system32\drivers\PktIcpt.sys
    O41 - Driver: G DATA WFP CD (gdwfpcd) - C:\WINDOWS\system32\drivers\gdwfpcd32.sys
    O41 - Driver: G DATA Rootkit Detector Driver (GRD) - C:\Windows\system32\drivers\GRD.sys
    O42 - Logiciel: Acer Bio Protection
    AAA 6.0.00.17
    O42 - Logiciel: Advanced SystemCare 3
    O42 - Logiciel: Favorit
    O42 - Logiciel: Revo Uninstaller 1.80
    O42 - Logiciel: WIDCOMM Bluetooth Software 6.0.1.6400
    O42 - Logiciel: Acer VCM
    O42 - Logiciel: JMicron JMB38X Flash Media Controller
    O42 - Logiciel: Acer Crystal Eye
    O42 - Logiciel: Orion
    O42 - Logiciel: Acer Crystal Eye Webcam 3.0.5.1
    O42 - Logiciel: Ralink Wireless LAN Installation Program for VISTA v2.0.8.0
    O44 - LFC:Last File Created - C:\Windows\System32\agent.log -->31/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\authuitu.dll -->11/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\BIN_STRSBW.SPT -->18/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\dummy019file -->18/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\ig4dev32.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\ig4icd32.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igcompkrng500.bin -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igd10umd32.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igdumd32.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igdumdx32.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfcg500.bin -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfcg500m.bin -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxcfg.exe -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxCoIn_v1608.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxcpl.cpl -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxdev.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxdo.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxexps.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxpers.exe -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrara.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrchs.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrcht.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrcsy.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrdan.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrdeu.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrell.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrenu.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxresp.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrfin.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrfra.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrheb.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrhun.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrita.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrjpn.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrkor.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrnld.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrnor.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrplk.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrptb.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrptg.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrrus.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrsky.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrslv.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrsve.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrtha.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxrtrk.lrc -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igfxTMM.dll -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igkrng500.bin -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\iglhxs32.vp -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\igxpun.exe -->16/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\license.rtf -->06/11/2008
    O44 - LFC:Last File Created - C:\Windows\System32\LogConfigTemp.xml -->31/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->30/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->30/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->30/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->30/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\tmp.reg -->18/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\tmp.txt -->18/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\Trace.txt -->04/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\TVWSetup.exe -->02/12/2008
    O44 - LFC:Last File Created - C:\Windows\System32\drivers\gdwfpcd32.sys -->21/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\drivers\GRD.sys -->21/01/2009
    O44 - LFC:Last File Created - C:\Windows\System32\drivers\PktIcpt.sys -->21/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\A2FREE.EXE-86BF1460.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\A2HIJACKFREE.EXE-1AF24674.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AAVGAPI.EXE-1E366283.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgAppLaunch.db -->06/11/2008
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-4153635103-241992502-2931499995-1000.snp.db -->21/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db.trx -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC2.db -->27/12/2008
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC3_6427C546.db -->16/12/2008
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4153635103-241992502-2931499995-1000.db -->30/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4153635103-241992502-2931499995-1000.db -->30/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ALERTMODULE.EXE-45931BA6.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ALERTMODULE.EXE-E4B297A5.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATBROKER.EXE-2E15A492.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGCFGEX.EXE-5D624885.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGCMGR.EXE-27FF3A49.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGEMC.EXE-42B06698.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGRSX.EXE-1D418725.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGSCANX.EXE-DB10FF75.pf -->30/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGUI.EXE-E729213A.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGUPD.EXE-96566824.pf -->30/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVGUPD.EXE-ED364EA9.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AWC.EXE-C9EE81F1.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\BPERGT.EXE-9192E90A.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\COMPILEMOF.EXE-B5FEBDEB.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-6A473D35.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-B2EB1806.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EHMSAS.EXE-2D3B2F21.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIXCFG.EXE-298258C9.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FLASHUTIL10A.EXE-F38539B4.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GLARY-UTILITIES_GLARY_UTILITI-144820AF.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GMER.EXE-24C5C704.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLEDESKTOP.EXE-C9B032BF.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HIDCHK.EXE-353BD79D.pf -->30/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IAANTMON.EXE-F38B17B6.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ICARDAGT.EXE-E8A0563B.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEUSER.EXE-7C0FE221.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IGFXCFG.EXE-B68F9666.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IGFXEXT.EXE-D5F523DB.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\INFOCARD.EXE-ECED8D38.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\INITIALIZE.EXE-7DCDC37F.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\INTEGRATOR.EXE-84638148.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IS-GFTL8.TMP-33CB6F05.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IZARC.EXE-432FE040.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IZARC.EXE-B9F4341B.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LMANAGER.EXE-9D025777.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf -->30/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf -->26/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MSINFO32.EXE-95097B65.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OPERA.EXE-103FF2EC.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PCSECURITYTEST.EXE-F67C75A1.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PERFMON.EXE-E34F662B.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PRESENTATIONSETTINGS.EXE-2F4708C9.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSRVC.EXE-E4A04EBD.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REVOUNINSTALLER.EXE-34C92DCE.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RS_SERVICE.EXE-D1A7768F.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-4598C04C.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-66D7E84C.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-955670CA.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-99E754C0.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-B28FBF56.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-FA9EDA22.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SHORTCUTSFIXER.EXE-6F83B17E.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SOP.EXE-4A4E3A64.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SPYWARETERMINATOR.EXE-2FF014AE.pf -->30/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SPYWARETERMINATORSHIELD.EXE-6798B02B.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SP_RSSER.EXE-E4E238C3.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUP_DISKCHK.EXE-01B2400A.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUP_DISKCLEANER.EXE-68C203BE.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUP_SHORTCUTSFIXER.EXE-31DF1E1E.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUP_SOFTINFO.EXE-8672BA35.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUS_DRIVERBACKUP.EXE-A3C5896E.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUS_PIEHELP.EXE-017EF0FF.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUS_SYSTEMBACKUP.EXE-339D4A33.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUT_CONTEXTMANAGER.EXE-633042E9.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUT_DISKEXPLORER.EXE-AF2A2DCD.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUT_STARTUPMANAGER.EXE-45135C8F.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SUT_WINMANAGER.EXE-6BED829E.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-E2C2633A.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SYNTPHELPER.EXE-0A20AAC4.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SYSTEMPROPERTIESPERFORMANCE.E-9C40C7D4.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SYSTEMPROPERTIESPROTECTION.EX-64B3993D.pf -->26/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFGUI.EXE-CAB5CF47.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFINSTALL.EXE-C03D3844.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFINSTALL.TMP-00A9E32A.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFINSTALL.TMP-0427AA70.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFINSTALL.TMP-2641FBA6.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFINSTALL.TMP-3E578D7D.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFINSTALL.TMP-60321B46.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFINSTALL.TMP-9FC9557B.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFNOTICE.EXE-350B55C8.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFSERVICE.EXE-17AE622B.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFTRAY.EXE-D038BE6E.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TFUN.EXE-09DB4D1D.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRACERPT.EXE-2EB7F471.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TUPROGST.EXE-D76A9E80.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNINS000.EXE-FF5FCF3D.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UNSECAPP.EXE-A02905A6.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WARREG_POPUP.EXE-FF52ACE4.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WEBUPDATE.EXE-3395CEAA.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WLLOGINPROXY.EXE-9E0DCEF8.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\XAUDIO.EXE-D92946E9.pf -->29/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\XMLTEST.EXE-257D0DF2.pf -->25/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ZHP2.EXE-2B098B11.pf -->31/01/2009
    O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\_IU14D2N.TMP-DCF1AE99.pf -->25/01/2009
    0
  13. jean luc
     
    ###################### [ FindyKill V4.715 ]

    # User : acer - PC-DE-ACER
    # Emplacement : C:\Program Files\FindyKill
    # Outils Mis a jours 29/01/09 par Chiquitine29
    # Recherche effectuée à 1:47:48 le 31/01/2009
    # Windows Vista - Internet Explorer 7.0.6001.18000

    # [ FindyKill V4.715 - Scan ] ##############

    \\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Tall Emu\Online Armor\oacat.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\TUProgSt.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Tall Emu\Online Armor\oahlp.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
    C:\Program Files\Opera\opera.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\ZebHelpProcess 2\ZHP2.exe

    \\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////

    ################## [ C:\ ]

    ################## [ C:\Windows ]

    ################## [ C:\Windows\Prefetch ]

    ################## [ C:\Windows\system32 ]

    ################## [ C:\Windows\system32\drivers ]

    ################## [ C:\Users\acer\AppData\Roaming ]

    ################## [ C:\Users\acer\AppData\Local\Temp ]

    \\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
    ehTray.exe=C:\Windows\ehome\ehTray.exe
    SpywareTerminator=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    eDataSecurity Loader=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    eAudio="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
    BkupTray="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
    PLFSetI=C:\Windows\PLFSetI.exe
    ATSwpNav="C:\Program Files\Fingerprint Sensor\ATSwpNav.exe" -run
    ZPdtWzdVitaKey MC3000="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
    LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
    SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    WarReg_PopUp=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
    Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    SystrayORAHSS="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    @OnlineArmor GUI="C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    AVG8_TRAY=C:\PROGRA~1\AVG\AVG8\avgtray.exe
    IgfxTray=C:\Windows\system32\igfxtray.exe
    HotKeysCmds=C:\Windows\system32\hkcmd.exe
    IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    SpywareTerminator="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    [HKEY_CURRENT_USER\software\local appwizard-generated applications\Browse]

    \\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////

    \\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////

    # Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    Ndisuio - # Type de démarrage = 3

    EapHost - # Type de démarrage = 3

    Wlansvc - # Type de démarrage = 2

    /!\ SharedAccess - # Type de démarrage = 4

    wuauserv - # Type de démarrage = 2

    wscsvc - # Type de démarrage = 2

    WinDefend - # Type de démarrage = 2

    /!\ UAC is Disable -> Start = 0x0

    \\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////

    # Informations :

    C: - Lecteur fixe
    D: - Lecteur fixe

    # presence des fichiers :

    \\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////

    -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.715 ! ]
    0
  14. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Etape 3/

    Branche toutes tes sources de données externes au PC (clés USB, disques durs externes, lecteurs mp3, iPod...) sans les ouvrir- Relance FindyKill,
    - Cette fois, sélectionne l'option 2 (Suppression) au menu principal.
    - Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "Nettoyage effectué !"
    - Ensuite poste le rapport C:\FindyKill.txt

    0