Infection de ma machine
i_bayon
Messages postés
5
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
je suis terriblement infecter en ce moment... j'ai fais un scan combofix et je souhaiterai que quelqu'un m'aide a interpreter le rapport. Svp aidez moi ca fait deja une semaine que je narrive pas a travailler.
Svp aidez moi..
---------------------------------------Rapport combofix---------------------------------------------
"ComboFix 09-07-20.05 - Mohamed 25/07/2009 9:26.3.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1790.1499 [GMT 0:00]
Running from: c:\documents and settings\ernest\Bureau\Svchost vievder rootkit kill\ComboFix.exe
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-24 16:54 . 2009-07-24 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-07-24 16:46 . 2009-07-24 17:01 125168 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-07-24 16:45 . 2009-07-24 16:45 -------- d-----w- c:\documents and settings\ernest\Local Settings\Application Data\COMODO
2009-07-24 16:38 . 2009-07-24 16:38 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-24 16:38 . 2009-07-24 16:38 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-24 16:38 . 2009-07-24 16:38 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-24 16:38 . 2009-07-24 16:38 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-24 16:38 . 2009-07-24 16:38 -------- d-----w- c:\program files\COMODO
2009-07-24 16:24 . 2009-07-24 16:54 -------- d-----w- C:\!KillBox
2009-07-24 16:13 . 2009-07-24 16:20 -------- d-----w- c:\windows\SauvegardeRegManuel
2009-07-24 14:32 . 2009-07-22 16:23 3222601 ----a-r- C:\ComboFix.exe
2009-07-23 11:56 . 2009-07-23 11:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 11:56 . 2009-07-23 11:56 -------- d-----w- c:\program files\Java
2009-07-23 11:55 . 2009-07-23 11:55 152576 ----a-w- c:\documents and settings\ernest\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-23 11:38 . 2009-07-13 13:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 11:38 . 2009-07-13 13:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\ernest\Application Data\GlarySoft
2009-07-22 17:44 . 2009-07-22 17:44 -------- d-----w- c:\program files\Glary Utilities
2009-07-22 16:53 . 2009-07-22 17:37 -------- d-----w- c:\program files\RegCleaner
2009-07-22 15:48 . 2009-07-22 15:47 164875 ----a-w- C:\mdelk.exe
2009-07-22 12:13 . 2009-07-22 12:21 -------- d-----w- c:\program files\Navilog1
2009-07-22 09:48 . 2009-07-22 09:48 129 ----a-w- c:\documents and settings\ernest\Local Settings\Application Data\fusioncache.dat
2009-07-21 12:24 . 2009-07-21 12:24 96600 ----a-w- c:\documents and settings\ernest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-20 16:39 . 2009-07-20 16:42 -------- d-----w- c:\windows\temprestaure
2009-07-19 20:17 . 2004-08-05 12:00 81408 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
2009-07-19 20:16 . 2004-08-05 12:00 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2009-07-19 20:12 . 2004-08-05 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-07-19 20:00 . 2004-08-05 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-19 20:00 . 2004-08-05 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-18 16:41 . 2004-08-05 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-07-18 16:38 . 2004-08-05 12:00 62464 -c--a-w- c:\windows\system32\dllcache\httpod51.dll
2009-07-18 16:38 . 2004-08-05 12:00 46592 -c--a-w- c:\windows\system32\dllcache\sspifilt.dll
2009-07-18 16:38 . 2004-08-05 12:00 366592 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2009-07-18 16:38 . 2004-08-05 12:00 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2009-07-18 16:07 . 2009-07-18 16:07 -------- d-----w- c:\windows\mui
2009-07-18 16:07 . 2009-07-18 16:07 -------- d-----w- c:\windows\Connection Wizard
2009-07-18 16:07 . 2009-07-18 16:07 -------- d-----w- c:\windows\Config
2009-07-18 16:07 . 2009-07-18 16:07 -------- d-----w- c:\windows\addins
2009-07-18 11:54 . 2009-07-18 11:54 -------- d-s---w- c:\documents and settings\ernest\UserData
2009-07-18 09:49 . 2009-07-18 09:49 -------- d-----w- c:\documents and settings\ernest\Application Data\Malwarebytes
2009-07-18 09:48 . 2009-07-23 11:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 09:48 . 2009-07-18 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-18 00:01 . 2009-07-18 00:01 393216 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\hliscq9n01\e-recharge.exe
2009-07-17 23:56 . 2009-07-17 23:56 200704 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\u8btbcns01\WindowsApplication1.exe
2009-07-17 23:56 . 2009-07-17 23:56 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\fefcjts301\DataText.dll
2009-07-17 23:55 . 2009-07-17 23:55 192512 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\v5t13e5s01\WindowsApplication1.exe
2009-07-17 23:55 . 2009-07-17 23:55 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\tu_1w-l901\DataText.dll
2009-07-17 23:36 . 2009-07-17 23:36 393216 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\lvqfv7t001\e-recharge.exe
2009-07-17 23:30 . 2009-07-17 23:30 223744 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\sz6qfjo001\WindowsApplication1.exe
2009-07-17 23:30 . 2009-07-17 23:30 16896 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\n6dbbhai01\DataCombo.dll
2009-07-17 23:30 . 2009-07-17 23:30 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\dzd3ocor01\DataText.dll
2009-07-17 23:24 . 2009-07-17 23:24 393216 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\psvtdwjb01\e-recharge.exe
2009-07-17 23:10 . 2009-07-17 23:10 401408 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\lbkkgmzc01\e-recharge.exe
2009-07-17 22:45 . 2009-07-17 22:45 227328 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\pxakm9my01\WindowsApplication1.exe
2009-07-17 22:45 . 2009-07-17 22:45 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\nzsqtuwk01\DataText.dll
2009-07-17 22:34 . 2009-07-17 22:34 393216 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\shqflfo-01\e-recharge.exe
2009-07-17 22:34 . 2009-07-17 22:34 32768 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\fhkjsboi01\AxInterop.MSMask.dll
2009-07-17 22:34 . 2009-07-17 22:34 40960 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\_hctfdy001\Interop.MSMask.dll
2009-07-17 22:34 . 2009-07-17 22:34 319488 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\i6g4meuo01\Npgsql.dll
2009-07-17 22:34 . 2009-07-17 22:34 40960 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\mik-oc3g01\StoreBar.dll
2009-07-17 22:34 . 2009-07-17 22:34 16896 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\lmhpnp0201\DataCombo.dll
2009-07-17 22:34 . 2009-07-17 22:34 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\cirthal501\DataText.dll
2009-07-16 21:45 . 2009-07-16 21:45 434688 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\Recent\Individual Projects\Dos Optimizer.pif.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 08:56 . 2009-07-25 08:56 4486 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-07-25 08:56 . 2001-09-28 12:00 99824 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-25 08:56 . 2001-09-28 12:00 531574 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-24 16:54 . 2009-06-12 13:01 -------- d-----w- c:\program files\jv16 PowerTools
2009-07-21 23:38 . 2008-11-16 11:01 -------- d-----w- c:\program files\SuperCopier2
2009-07-19 20:13 . 2008-11-14 12:30 26420 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-07-18 17:02 . 2009-04-20 11:34 -------- d-----w- c:\documents and settings\ernest\Application Data\BitTorrent
2009-07-16 21:40 . 2009-06-02 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-01 20:51 . 2009-06-02 17:39 30 ----a-w- c:\windows\mscpt.dat
2009-07-01 18:29 . 2009-03-12 09:45 10 ----a-w- c:\windows\popcinfo.dat
2009-06-22 17:17 . 2009-06-22 17:17 -------- d-----w- c:\program files\WinDriver Ghost
2009-06-19 09:47 . 2008-11-14 15:31 -------- d-----w- c:\program files\DivX
2009-06-16 12:27 . 2009-06-16 12:17 -------- d-----w- c:\program files\Windows scrabble
2009-06-15 23:10 . 2009-06-02 09:11 -------- d-----w- c:\documents and settings\ernest\Application Data\Desktopicon
2009-06-12 16:08 . 2009-06-12 16:08 -------- d-----w- c:\program files\MicroOLAP
2009-06-12 13:57 . 2009-06-10 15:58 -------- d-----w- c:\documents and settings\ernest\Application Data\postgresql
2009-06-12 12:13 . 2009-06-12 12:13 -------- d-----w- c:\documents and settings\postgres.SWEEDY\Application Data\Webroot
2009-06-12 12:13 . 2009-06-12 12:13 -------- d-----w- c:\documents and settings\postgres.SWEEDY\Application Data\Notepad++
2009-06-09 22:13 . 2009-02-13 17:20 -------- d-----w- c:\program files\FlameRobin
2009-06-04 09:05 . 2009-05-06 08:53 -------- d-----w- c:\program files\Unlocker
2009-06-03 09:55 . 2009-06-03 09:55 -------- d-----w- c:\documents and settings\ernest\Application Data\Emjysoft
2009-06-03 09:55 . 2009-06-03 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Emjysoft
2009-06-03 09:54 . 2009-06-02 14:34 -------- d-----w- c:\program files\Emjysoft
2009-06-02 17:38 . 2009-06-02 17:38 -------- d-----w- c:\program files\TLKGAMES
2009-06-02 13:01 . 2009-06-02 12:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 12:32 . 2009-04-01 09:38 -------- d-----w- c:\program files\HyCam2
2009-06-01 14:36 . 2009-02-20 18:30 -------- d-----w- c:\documents and settings\ernest\Application Data\vlc
2009-06-01 12:31 . 2008-12-09 22:59 -------- d-----w- c:\documents and settings\ernest\Application Data\dvdcss
2009-05-27 13:37 . 2009-05-27 13:35 -------- d-----w- c:\program files\Micro Scrabble
2009-05-27 00:46 . 2009-03-13 16:58 -------- d-----w- c:\program files\The Logo Creator v5
2009-05-26 15:34 . 2008-11-16 15:14 -------- d-----w- c:\program files\Oracle
2009-05-26 15:21 . 2009-05-26 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-26 15:21 . 2008-11-14 15:32 -------- d-----w- c:\program files\CyberLink
2009-05-26 15:20 . 2008-11-14 12:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 14:31 . 2009-04-27 23:46 -------- d-----w- c:\program files\FLV Player
2009-05-26 13:56 . 2008-11-16 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-26 13:54 . 2008-11-16 14:41 -------- d-----w- c:\program files\Fichiers communs\Merge Modules
2009-05-26 13:47 . 2008-11-16 14:39 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2009-05-26 13:40 . 2008-11-16 14:41 -------- d-----w- c:\program files\HTML Help Workshop
2009-05-26 13:31 . 2008-11-16 14:41 -------- d-----w- c:\program files\Microsoft ACT
2009-05-26 10:16 . 2008-11-14 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2009-05-26 10:16 . 2008-11-14 15:33 -------- d-----w- c:\program files\Network Associates
2009-05-26 10:16 . 2008-11-14 15:33 -------- d-----w- c:\program files\Fichiers communs\Network Associates
2009-05-25 09:50 . 2009-05-04 12:10 164 ----a-w- c:\windows\install.dat
2009-05-18 19:33 . 2009-05-18 19:33 136570 ----a-w- c:\windows\Fonts\AdobeFnt07.lst
2009-05-13 15:39 . 2009-05-25 11:30 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-02 13:18 . 2009-05-02 13:18 34708 ----a-w- c:\windows\Fonts\STEREOFI.TTF
2009-04-27 15:54 . 2008-11-14 12:33 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2008-12-17 23:04 . 2009-01-16 08:48 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-01-16 08:48 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-01-16 08:48 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-01-16 08:48 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-01-16 08:48 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-03-16 13:30 . 2009-02-23 12:36 216064 --sha-r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 213048]
"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-28 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1314816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. /COLOR
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\DevSuiteHome1\\jdev\\bin\\jdevw.exe"=
"c:\\DevSuiteHome1\\BIN\\rwbuilder.exe"=
"c:\\Program Files\\Lexmark\\DragNPrint\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exE"=
"c:\\DevSuiteHome1\\BIN\\frmbld.exe"=
"c:\\DevSuiteHome1\\jdk\\bin\\java.exe"=
"c:\\DevSuiteHome1\\BIN\\frmweb.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\acrobat_sl.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe"=
"d:\\oracle\\ora92\\bin\\TNSLSNR.EXE"=
"c:\\WINDOWS\\system32\\cmd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1521:TCP"= 1521:TCP:Connexion Oracle
"5432:TCP"= 5432:TCP:PGPORT
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [14/11/2008 12:43 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [14/11/2008 12:43 35712]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [21/04/2009 18:27 29808]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [26/05/2009 10:16 58048]
R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;d:\oracle\ora92\Apache\Apache\Apache.exe [18/04/2002 22:02 4096]
R2 postgresql-8.3;PostgreSQL Server 8.3;D:/postgresql/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "D:/postgresql/data" -w --> D:/postgresql/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\islqqn.sys --> c:\windows\system32\drivers\islqqn.sys [?]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S1 e8cee6a1;e8cee6a1;c:\windows\system32\drivers\e8cee6a1.sys --> c:\windows\system32\drivers\e8cee6a1.sys [?]
S1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys --> c:\windows\system32\drivers\pwipf6.sys [?]
S2 AdobeAdobeAgereModemAudio;Adobe LM Service AdobeAdobeAgereModemAudio; [x]
S2 AdobeAgereModemAudio;Adobe LM Service AdobeAgereModemAudio; [x]
S2 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]
S2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" --> c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [?]
S3 Aspnopts;Aspnopts; [x]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
S3 mbamswissarmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23/07/2009 11:38 38160]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;d:\oracle\ora92\bin\encsvc.exe [13/02/2002 08:23 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;d:\oracle\ora92\bin\agntsvc.exe [13/02/2002 08:23 254464]
S3 OracleServiceLDKOM;OracleServiceLDKOM;d:\oracle\ora92\bin\ORACLE.EXE LDKOM --> d:\oracle\ora92\bin\ORACLE.EXE LDKOM [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder
2009-07-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-22 16:55]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SpySweeper - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Settings,ProxyServer = 10.20.1.245:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ernest\Application Data\Mozilla\Firefox\Profiles\p85cvkzb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 09:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\controlset001\Services\postgresql-8.3]
"ImagePath"="D:/postgresql/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"D:/postgresql/data\" -w"
[HKEY_LOCAL_MACHINE\System\controlset001\Services\postgresql-8.3]
"ImagePath"="D:/postgresql/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"D:/postgresql/data\" -w"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\docume~1\ernest\LOCALS~1\temp\RtkBtMnt.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\O2Micro Oz128 Driver\o2flash.exe
d:\oracle\ora92\bin\omtsreco.exe
d:\oracle\ora92\bin\TNSLSNR.EXE
d:\postgresql\bin\pg_ctl.exe
d:\oracle\ora92\jdk\bin\java.exe
d:\oracle\ora92\jdk\bin\java.exe
d:\oracle\ora92\bin\isqlplus
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-07-25 9:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-25 09:43
ComboFix2.txt 2009-07-24 14:47
ComboFix3.txt 2009-07-22 16:33
ComboFix4.txt 2009-07-21 14:26
Pre-Run: 10 490 843 136 octets libres
Post-Run: 10 292 744 192 octets libres
339 --- E O F --- 2009-07-16 00:31
"
je suis terriblement infecter en ce moment... j'ai fais un scan combofix et je souhaiterai que quelqu'un m'aide a interpreter le rapport. Svp aidez moi ca fait deja une semaine que je narrive pas a travailler.
Svp aidez moi..
---------------------------------------Rapport combofix---------------------------------------------
"ComboFix 09-07-20.05 - Mohamed 25/07/2009 9:26.3.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1790.1499 [GMT 0:00]
Running from: c:\documents and settings\ernest\Bureau\Svchost vievder rootkit kill\ComboFix.exe
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.
2009-07-24 16:54 . 2009-07-24 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-07-24 16:46 . 2009-07-24 17:01 125168 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-07-24 16:45 . 2009-07-24 16:45 -------- d-----w- c:\documents and settings\ernest\Local Settings\Application Data\COMODO
2009-07-24 16:38 . 2009-07-24 16:38 86976 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-24 16:38 . 2009-07-24 16:38 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-24 16:38 . 2009-07-24 16:38 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-24 16:38 . 2009-07-24 16:38 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-24 16:38 . 2009-07-24 16:38 -------- d-----w- c:\program files\COMODO
2009-07-24 16:24 . 2009-07-24 16:54 -------- d-----w- C:\!KillBox
2009-07-24 16:13 . 2009-07-24 16:20 -------- d-----w- c:\windows\SauvegardeRegManuel
2009-07-24 14:32 . 2009-07-22 16:23 3222601 ----a-r- C:\ComboFix.exe
2009-07-23 11:56 . 2009-07-23 11:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 11:56 . 2009-07-23 11:56 -------- d-----w- c:\program files\Java
2009-07-23 11:55 . 2009-07-23 11:55 152576 ----a-w- c:\documents and settings\ernest\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-23 11:38 . 2009-07-13 13:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 11:38 . 2009-07-13 13:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 17:47 . 2009-07-22 17:47 -------- d-----w- c:\documents and settings\ernest\Application Data\GlarySoft
2009-07-22 17:44 . 2009-07-22 17:44 -------- d-----w- c:\program files\Glary Utilities
2009-07-22 16:53 . 2009-07-22 17:37 -------- d-----w- c:\program files\RegCleaner
2009-07-22 15:48 . 2009-07-22 15:47 164875 ----a-w- C:\mdelk.exe
2009-07-22 12:13 . 2009-07-22 12:21 -------- d-----w- c:\program files\Navilog1
2009-07-22 09:48 . 2009-07-22 09:48 129 ----a-w- c:\documents and settings\ernest\Local Settings\Application Data\fusioncache.dat
2009-07-21 12:24 . 2009-07-21 12:24 96600 ----a-w- c:\documents and settings\ernest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-20 16:39 . 2009-07-20 16:42 -------- d-----w- c:\windows\temprestaure
2009-07-19 20:17 . 2004-08-05 12:00 81408 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
2009-07-19 20:16 . 2004-08-05 12:00 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2009-07-19 20:12 . 2004-08-05 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2009-07-19 20:00 . 2004-08-05 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-19 20:00 . 2004-08-05 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-18 16:41 . 2004-08-05 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-07-18 16:38 . 2004-08-05 12:00 62464 -c--a-w- c:\windows\system32\dllcache\httpod51.dll
2009-07-18 16:38 . 2004-08-05 12:00 46592 -c--a-w- c:\windows\system32\dllcache\sspifilt.dll
2009-07-18 16:38 . 2004-08-05 12:00 366592 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2009-07-18 16:38 . 2004-08-05 12:00 8192 -c--a-w- c:\windows\system32\dllcache\httpmb51.dll
2009-07-18 16:07 . 2009-07-18 16:07 -------- d-----w- c:\windows\mui
2009-07-18 16:07 . 2009-07-18 16:07 -------- d-----w- c:\windows\Connection Wizard
2009-07-18 16:07 . 2009-07-18 16:07 -------- d-----w- c:\windows\Config
2009-07-18 16:07 . 2009-07-18 16:07 -------- d-----w- c:\windows\addins
2009-07-18 11:54 . 2009-07-18 11:54 -------- d-s---w- c:\documents and settings\ernest\UserData
2009-07-18 09:49 . 2009-07-18 09:49 -------- d-----w- c:\documents and settings\ernest\Application Data\Malwarebytes
2009-07-18 09:48 . 2009-07-23 11:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 09:48 . 2009-07-18 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-18 00:01 . 2009-07-18 00:01 393216 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\hliscq9n01\e-recharge.exe
2009-07-17 23:56 . 2009-07-17 23:56 200704 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\u8btbcns01\WindowsApplication1.exe
2009-07-17 23:56 . 2009-07-17 23:56 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\fefcjts301\DataText.dll
2009-07-17 23:55 . 2009-07-17 23:55 192512 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\v5t13e5s01\WindowsApplication1.exe
2009-07-17 23:55 . 2009-07-17 23:55 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\tu_1w-l901\DataText.dll
2009-07-17 23:36 . 2009-07-17 23:36 393216 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\lvqfv7t001\e-recharge.exe
2009-07-17 23:30 . 2009-07-17 23:30 223744 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\sz6qfjo001\WindowsApplication1.exe
2009-07-17 23:30 . 2009-07-17 23:30 16896 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\n6dbbhai01\DataCombo.dll
2009-07-17 23:30 . 2009-07-17 23:30 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\dzd3ocor01\DataText.dll
2009-07-17 23:24 . 2009-07-17 23:24 393216 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\psvtdwjb01\e-recharge.exe
2009-07-17 23:10 . 2009-07-17 23:10 401408 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\lbkkgmzc01\e-recharge.exe
2009-07-17 22:45 . 2009-07-17 22:45 227328 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\pxakm9my01\WindowsApplication1.exe
2009-07-17 22:45 . 2009-07-17 22:45 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\nzsqtuwk01\DataText.dll
2009-07-17 22:34 . 2009-07-17 22:34 393216 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\shqflfo-01\e-recharge.exe
2009-07-17 22:34 . 2009-07-17 22:34 32768 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\fhkjsboi01\AxInterop.MSMask.dll
2009-07-17 22:34 . 2009-07-17 22:34 40960 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\_hctfdy001\Interop.MSMask.dll
2009-07-17 22:34 . 2009-07-17 22:34 319488 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\i6g4meuo01\Npgsql.dll
2009-07-17 22:34 . 2009-07-17 22:34 40960 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\mik-oc3g01\StoreBar.dll
2009-07-17 22:34 . 2009-07-17 22:34 16896 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\lmhpnp0201\DataCombo.dll
2009-07-17 22:34 . 2009-07-17 22:34 16384 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\cirthal501\DataText.dll
2009-07-16 21:45 . 2009-07-16 21:45 434688 ----a-w- c:\documents and settings\ernest\Application Data\Microsoft\VisualStudio\Recent\Individual Projects\Dos Optimizer.pif.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 08:56 . 2009-07-25 08:56 4486 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-07-25 08:56 . 2001-09-28 12:00 99824 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-25 08:56 . 2001-09-28 12:00 531574 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-24 16:54 . 2009-06-12 13:01 -------- d-----w- c:\program files\jv16 PowerTools
2009-07-21 23:38 . 2008-11-16 11:01 -------- d-----w- c:\program files\SuperCopier2
2009-07-19 20:13 . 2008-11-14 12:30 26420 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-07-18 17:02 . 2009-04-20 11:34 -------- d-----w- c:\documents and settings\ernest\Application Data\BitTorrent
2009-07-16 21:40 . 2009-06-02 12:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-01 20:51 . 2009-06-02 17:39 30 ----a-w- c:\windows\mscpt.dat
2009-07-01 18:29 . 2009-03-12 09:45 10 ----a-w- c:\windows\popcinfo.dat
2009-06-22 17:17 . 2009-06-22 17:17 -------- d-----w- c:\program files\WinDriver Ghost
2009-06-19 09:47 . 2008-11-14 15:31 -------- d-----w- c:\program files\DivX
2009-06-16 12:27 . 2009-06-16 12:17 -------- d-----w- c:\program files\Windows scrabble
2009-06-15 23:10 . 2009-06-02 09:11 -------- d-----w- c:\documents and settings\ernest\Application Data\Desktopicon
2009-06-12 16:08 . 2009-06-12 16:08 -------- d-----w- c:\program files\MicroOLAP
2009-06-12 13:57 . 2009-06-10 15:58 -------- d-----w- c:\documents and settings\ernest\Application Data\postgresql
2009-06-12 12:13 . 2009-06-12 12:13 -------- d-----w- c:\documents and settings\postgres.SWEEDY\Application Data\Webroot
2009-06-12 12:13 . 2009-06-12 12:13 -------- d-----w- c:\documents and settings\postgres.SWEEDY\Application Data\Notepad++
2009-06-09 22:13 . 2009-02-13 17:20 -------- d-----w- c:\program files\FlameRobin
2009-06-04 09:05 . 2009-05-06 08:53 -------- d-----w- c:\program files\Unlocker
2009-06-03 09:55 . 2009-06-03 09:55 -------- d-----w- c:\documents and settings\ernest\Application Data\Emjysoft
2009-06-03 09:55 . 2009-06-03 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Emjysoft
2009-06-03 09:54 . 2009-06-02 14:34 -------- d-----w- c:\program files\Emjysoft
2009-06-02 17:38 . 2009-06-02 17:38 -------- d-----w- c:\program files\TLKGAMES
2009-06-02 13:01 . 2009-06-02 12:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 12:32 . 2009-04-01 09:38 -------- d-----w- c:\program files\HyCam2
2009-06-01 14:36 . 2009-02-20 18:30 -------- d-----w- c:\documents and settings\ernest\Application Data\vlc
2009-06-01 12:31 . 2008-12-09 22:59 -------- d-----w- c:\documents and settings\ernest\Application Data\dvdcss
2009-05-27 13:37 . 2009-05-27 13:35 -------- d-----w- c:\program files\Micro Scrabble
2009-05-27 00:46 . 2009-03-13 16:58 -------- d-----w- c:\program files\The Logo Creator v5
2009-05-26 15:34 . 2008-11-16 15:14 -------- d-----w- c:\program files\Oracle
2009-05-26 15:21 . 2009-05-26 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-26 15:21 . 2008-11-14 15:32 -------- d-----w- c:\program files\CyberLink
2009-05-26 15:20 . 2008-11-14 12:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 14:31 . 2009-04-27 23:46 -------- d-----w- c:\program files\FLV Player
2009-05-26 13:56 . 2008-11-16 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-26 13:54 . 2008-11-16 14:41 -------- d-----w- c:\program files\Fichiers communs\Merge Modules
2009-05-26 13:47 . 2008-11-16 14:39 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003
2009-05-26 13:40 . 2008-11-16 14:41 -------- d-----w- c:\program files\HTML Help Workshop
2009-05-26 13:31 . 2008-11-16 14:41 -------- d-----w- c:\program files\Microsoft ACT
2009-05-26 10:16 . 2008-11-14 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2009-05-26 10:16 . 2008-11-14 15:33 -------- d-----w- c:\program files\Network Associates
2009-05-26 10:16 . 2008-11-14 15:33 -------- d-----w- c:\program files\Fichiers communs\Network Associates
2009-05-25 09:50 . 2009-05-04 12:10 164 ----a-w- c:\windows\install.dat
2009-05-18 19:33 . 2009-05-18 19:33 136570 ----a-w- c:\windows\Fonts\AdobeFnt07.lst
2009-05-13 15:39 . 2009-05-25 11:30 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-02 13:18 . 2009-05-02 13:18 34708 ----a-w- c:\windows\Fonts\STEREOFI.TTF
2009-04-27 15:54 . 2008-11-14 12:33 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2008-12-17 23:04 . 2009-01-16 08:48 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 . 2009-01-16 08:48 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 . 2009-01-16 08:48 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 23:04 . 2009-01-16 08:48 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 . 2009-01-16 08:48 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-03-16 13:30 . 2009-02-23 12:36 216064 --sha-r- c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 213048]
"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-28 16132608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1314816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. /COLOR
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\DevSuiteHome1\\jdev\\bin\\jdevw.exe"=
"c:\\DevSuiteHome1\\BIN\\rwbuilder.exe"=
"c:\\Program Files\\Lexmark\\DragNPrint\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exE"=
"c:\\DevSuiteHome1\\BIN\\frmbld.exe"=
"c:\\DevSuiteHome1\\jdk\\bin\\java.exe"=
"c:\\DevSuiteHome1\\BIN\\frmweb.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\acrobat_sl.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe"=
"d:\\oracle\\ora92\\bin\\TNSLSNR.EXE"=
"c:\\WINDOWS\\system32\\cmd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1521:TCP"= 1521:TCP:Connexion Oracle
"5432:TCP"= 5432:TCP:PGPORT
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [14/11/2008 12:43 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [14/11/2008 12:43 35712]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [21/04/2009 18:27 29808]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [26/05/2009 10:16 58048]
R2 OracleOraHome92HTTPServer;OracleOraHome92HTTPServer;d:\oracle\ora92\Apache\Apache\Apache.exe [18/04/2002 22:02 4096]
R2 postgresql-8.3;PostgreSQL Server 8.3;D:/postgresql/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "D:/postgresql/data" -w --> D:/postgresql/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\islqqn.sys --> c:\windows\system32\drivers\islqqn.sys [?]
S0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
S0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S1 e8cee6a1;e8cee6a1;c:\windows\system32\drivers\e8cee6a1.sys --> c:\windows\system32\drivers\e8cee6a1.sys [?]
S1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys --> c:\windows\system32\drivers\pwipf6.sys [?]
S2 AdobeAdobeAgereModemAudio;Adobe LM Service AdobeAdobeAgereModemAudio; [x]
S2 AdobeAgereModemAudio;Adobe LM Service AdobeAgereModemAudio; [x]
S2 CSIScanner;CSIScanner;"c:\program files\Prevx\prevx.exe" /service --> c:\program files\Prevx\prevx.exe [?]
S2 WRConsumerService;Webroot Client Service;"c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe" --> c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [?]
S3 Aspnopts;Aspnopts; [x]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe -s [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe -s [?]
S3 mbamswissarmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [23/07/2009 11:38 38160]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;d:\oracle\ora92\bin\encsvc.exe [13/02/2002 08:23 187392]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;d:\oracle\ora92\bin\agntsvc.exe [13/02/2002 08:23 254464]
S3 OracleServiceLDKOM;OracleServiceLDKOM;d:\oracle\ora92\bin\ORACLE.EXE LDKOM --> d:\oracle\ora92\bin\ORACLE.EXE LDKOM [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ABP470N5
.
Contents of the 'Scheduled Tasks' folder
2009-07-25 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-07-22 16:55]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SpySweeper - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Settings,ProxyServer = 10.20.1.245:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ernest\Application Data\Mozilla\Firefox\Profiles\p85cvkzb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 09:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\controlset001\Services\postgresql-8.3]
"ImagePath"="D:/postgresql/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"D:/postgresql/data\" -w"
[HKEY_LOCAL_MACHINE\System\controlset001\Services\postgresql-8.3]
"ImagePath"="D:/postgresql/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"D:/postgresql/data\" -w"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\docume~1\ernest\LOCALS~1\temp\RtkBtMnt.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\O2Micro Oz128 Driver\o2flash.exe
d:\oracle\ora92\bin\omtsreco.exe
d:\oracle\ora92\bin\TNSLSNR.EXE
d:\postgresql\bin\pg_ctl.exe
d:\oracle\ora92\jdk\bin\java.exe
d:\oracle\ora92\jdk\bin\java.exe
d:\oracle\ora92\bin\isqlplus
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
d:\postgresql\bin\postgres.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-07-25 9:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-25 09:43
ComboFix2.txt 2009-07-24 14:47
ComboFix3.txt 2009-07-22 16:33
ComboFix4.txt 2009-07-21 14:26
Pre-Run: 10 490 843 136 octets libres
Post-Run: 10 292 744 192 octets libres
339 --- E O F --- 2009-07-16 00:31
"
A voir également:
- Infection de ma machine
- Machine virtuelle windows - Guide
- Time machine - Guide
- Carte de bus dans la machine à laver - Forum Matériel & Système
- Machine virtuelle gratuite - Télécharger - Émulation & Virtualisation
- Hkey local machine - Forum Windows
9 réponses
slt cela sent le bagle: C:\mdelk.exe
pour voir:
▶ Télécharge FindyKill sur ton bureau :
http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
! Déconnecte toi et ferme toutes applications en cours !
• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Aides en images : http://pagesperso-orange.fr/NosTools/findykill.html
pour voir:
▶ Télécharge FindyKill sur ton bureau :
http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
! Déconnecte toi et ferme toutes applications en cours !
• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil et ne touche à rien ...
--> Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Aides en images : http://pagesperso-orange.fr/NosTools/findykill.html
Merci bien pour la rapidite de reponse
le lien de findykill ne marche pas...
http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
il n'y a pas d'autre lien
le lien de findykill ne marche pas...
http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
il n'y a pas d'autre lien
Il marche pas non plus.. en effet tous les liens que je croise depuis le debut de mes angoisses concernant findykill ne marche pas je ne comprend pas pourquoi... cela est il dut a ma machine???
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
si cela passe pas : a la place fais elibaga :
* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse
puis
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse
puis
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
Merci bien pour la rapidite de reponse
le lien de findykill ne marche pas...
http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
il n'y a pas d'autre lien
le lien de findykill ne marche pas...
http://sd-1.archive-host.com/membres/up/127028005715545653/FindyKill.exe
il n'y a pas d'autre lien
navre de ce retard de reponse probleme de connexion
De plus la machine est tres lente et se plante a tout bout de champ
Voila le rapport elibagla
"
(25-7-2009 14:14:39)
EliBagle v12.78 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 22 de Julio del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"
(25-7-2009 14:14:54)
EliBagle v12.78 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 22 de Julio del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Nº Total de Directorios: 14401
Nº Total de Ficheros: 112464
Nº de Ficheros Analizados: 13246
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0"
on dirai il n'a rien vu..; vu mes probleme de connexion, je me demande si je pourai faire un scan en ligne
mais je tente le coup
De plus la machine est tres lente et se plante a tout bout de champ
Voila le rapport elibagla
"
(25-7-2009 14:14:39)
EliBagle v12.78 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 22 de Julio del 2009)
----------------------------------------------
Lista de Acciones (por Acción Directa):
Restaurada Clave: "SafeBoot\Minimal y Network"
(25-7-2009 14:14:54)
EliBagle v12.78 (c)2009 S.G.H. / Satinfo S.L. (Actualizado el 22 de Julio del 2009)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando "C:\"
Nº Total de Directorios: 14401
Nº Total de Ficheros: 112464
Nº de Ficheros Analizados: 13246
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0"
on dirai il n'a rien vu..; vu mes probleme de connexion, je me demande si je pourai faire un scan en ligne
mais je tente le coup
Le lien au dessus fonctionne.
@+