Au secours: se débarasser de BEAGLE

Fermé
zephyr77 Messages postés 1 Date d'inscription samedi 3 octobre 2009 Statut Membre Dernière intervention 3 octobre 2009 - 3 oct. 2009 à 22:11
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 3 oct. 2009 à 22:13
Bonjour,
Suite à un télechargement de fichier de "peer to peer" mon PC a été infécté par un virus BEAGLE , dont j'ai eu beaucoup de mal à me débarasser, j'ai utilisé le logiciel COMBOFIX , mais j'ai peur que le virus soit toujours présent.
Voici le raport, si quelqu'un peut me dire ce qu'il faut faire pour m'en débarasser totalement.

Merci d'avance.

ComboFix 09-10-01.05 - kitsantas 03/10/2009 20:28.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2815.1890 [GMT 2:00]
Lancé depuis: c:\users\kitsantas\Desktop\CCM.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2987379702-1306046148-1211420604-500
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SeARchsettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\Julie\AppData\Roaming\.#
c:\users\Julie\AppData\Roaming\.#\MBX@1028@1D12990.###
c:\users\Julie\AppData\Roaming\.#\MBX@1028@1D129C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1028@1D129F0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1110@1AC2990.###
c:\users\Julie\AppData\Roaming\.#\MBX@1110@1AC29C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1110@1AC29F0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1274@1D42990.###
c:\users\Julie\AppData\Roaming\.#\MBX@1274@1D429C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1274@1D429F0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1290@1E02990.###
c:\users\Julie\AppData\Roaming\.#\MBX@1290@1E029C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1290@1E029F0.###
c:\users\Julie\AppData\Roaming\.#\MBX@13AC@1B02990.###
c:\users\Julie\AppData\Roaming\.#\MBX@13AC@1B029C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@13AC@1B029F0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1420@1812990.###
c:\users\Julie\AppData\Roaming\.#\MBX@1420@18129C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1420@18129F0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1464@1862990.###
c:\users\Julie\AppData\Roaming\.#\MBX@1464@18629C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@1464@18629F0.###
c:\users\Julie\AppData\Roaming\.#\MBX@3110@1B22990.###
c:\users\Julie\AppData\Roaming\.#\MBX@3110@1B229C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@3110@1B229F0.###
c:\users\Julie\AppData\Roaming\.#\MBX@78C@1952990.###
c:\users\Julie\AppData\Roaming\.#\MBX@78C@19529C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@78C@19529F0.###
c:\users\Julie\AppData\Roaming\.#\MBX@E40@17D2990.###
c:\users\Julie\AppData\Roaming\.#\MBX@E40@17D29C0.###
c:\users\Julie\AppData\Roaming\.#\MBX@E40@17D29F0.###
c:\users\Julie\AppData\Roaming\drivers\wfsintwq.sys
c:\users\Julie\AppData\Roaming\drivers\winupgro.exe
c:\users\Julie\AppData\Roaming\inst.exe
c:\users\kitsantas\AppData\Local\aifsad.dat
c:\users\kitsantas\AppData\Local\aifsad.exe
c:\users\kitsantas\AppData\Local\aifsad_nav.dat
c:\users\kitsantas\AppData\Local\aifsad_navps.dat
c:\users\kitsantas\AppData\Local\awcgaqa.dat
c:\users\kitsantas\AppData\Local\awcgaqa_nav.dat
c:\users\kitsantas\AppData\Local\awcgaqa_navps.dat
c:\users\kitsantas\AppData\Local\evhwo.dat
c:\users\kitsantas\AppData\Local\evhwo_nav.dat
c:\users\kitsantas\AppData\Local\evhwo_navps.dat
c:\users\kitsantas\AppData\Roaming\.#
c:\users\kitsantas\AppData\Roaming\.#\MBX@15A0@1BF2990.###
c:\users\kitsantas\AppData\Roaming\.#\MBX@15A0@1BF29C0.###
c:\users\kitsantas\AppData\Roaming\.#\MBX@15A0@1BF29F0.###
c:\users\kitsantas\AppData\Roaming\.#\MBX@3CF4@17D2990.###
c:\users\kitsantas\AppData\Roaming\.#\MBX@3CF4@17D29C0.###
c:\users\kitsantas\AppData\Roaming\.#\MBX@3CF4@17D29F0.###
c:\users\kitsantas\AppData\Roaming\drivers\downld
c:\users\kitsantas\AppData\Roaming\drivers\wfsintwq.sys
c:\users\kitsantas\AppData\Roaming\drivers\winupgro.exe
c:\users\kitsantas\AppData\Roaming\inst.exe
c:\windows\Installer\150657a.msi
c:\windows\system32\fci.exe.exe
c:\windows\system32\icf.exe.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
D:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Service_FCI
-------\Service_ICF


((((((((((((((((((((((((((((( Fichiers créés du 2009-09-03 au 2009-10-03 ))))))))))))))))))))))))))))))))))))
.

2009-10-03 18:35 . 2009-10-03 18:38 -------- d-----w- c:\users\kitsantas\AppData\Local\temp
2009-10-03 18:35 . 2009-10-03 18:35 -------- d-----w- c:\users\Julie\AppData\Local\temp
2009-10-03 18:35 . 2009-10-03 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-03 17:18 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 16:54 . 2009-10-03 17:17 -------- d-----w- C:\FindyKill
2009-10-03 16:34 . 2009-10-03 16:34 -------- d-----w- c:\users\Julie\Contacts 3
2009-10-02 21:56 . 2009-10-02 21:56 -------- d-----w- c:\program files\AhnLab
2009-10-02 21:55 . 2009-10-02 21:56 -------- d-----w- c:\programdata\AhnLab
2009-10-02 21:25 . 2009-10-02 21:25 -------- d-----w- c:\program files\Trend Micro
2009-10-02 20:15 . 2009-10-04 01:49 -------- d-----w- c:\program files\Common Files\BitDefender
2009-10-02 15:37 . 2009-10-02 15:42 25133 ----a-w- C:\BdUninstallTool2009.10.02-05.37.27.reg
2009-10-01 12:45 . 2009-10-01 13:35 -------- d-----w- c:\program files\NortonInstaller
2009-10-01 09:39 . 2009-10-01 09:39 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-10-01 08:38 . 2009-10-01 08:51 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-09-30 23:17 . 2009-10-01 09:48 -------- d-----w- c:\program files\Panda Security
2009-09-30 23:02 . 2009-10-01 08:49 -------- d-----w- c:\programdata\avg8
2009-09-30 23:02 . 2009-09-30 23:02 -------- d-----w- c:\program files\AVG
2009-09-30 22:10 . 2009-10-01 12:39 -------- d-----w- c:\windows\BDOSCAN8
2009-09-30 22:08 . 2009-10-02 21:29 -------- d-----w- c:\users\kitsantas\.housecall6.6
2009-09-30 22:07 . 2009-09-30 22:07 -------- d-----w- c:\windows\Sun
2009-09-30 22:02 . 2009-09-30 22:02 -------- d-----w- c:\users\kitsantas\AppData\Roaming\HouseCall 6.6
2009-09-30 22:02 . 2009-09-30 22:08 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-09-30 21:05 . 2009-10-03 18:35 -------- d--h--w- c:\users\kitsantas\AppData\Roaming\drivers
2009-09-30 21:02 . 2009-09-30 21:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-30 20:56 . 2009-10-03 18:35 -------- d--h--w- c:\users\Julie\AppData\Roaming\drivers
2009-09-30 20:16 . 2009-09-30 20:16 -------- d-----w- c:\programdata\GraphPad Software
2009-09-28 09:49 . 2009-09-28 09:50 -------- d-----w- c:\windows\system32\ca-ES
2009-09-28 09:49 . 2009-09-28 09:50 -------- d-----w- c:\windows\system32\eu-ES
2009-09-28 09:49 . 2009-09-28 09:50 -------- d-----w- c:\windows\system32\vi-VN
2009-09-28 08:21 . 2009-09-28 08:21 -------- d-----w- c:\windows\system32\EventProviders
2009-09-24 09:54 . 2009-04-11 06:28 302592 ----a-w- c:\windows\system32\QAGENTRT.DLL
2009-09-24 09:53 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-09-24 09:53 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-09-24 09:53 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-09-24 09:53 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-09-24 09:53 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-09-24 09:53 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-09-24 09:53 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-09-24 09:53 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-09-24 09:53 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-24 09:53 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-24 09:53 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-09 06:40 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 06:40 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 06:40 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 06:40 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 06:40 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 06:40 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 06:40 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 06:40 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 06:40 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 06:40 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 06:40 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 06:39 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 06:39 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 06:39 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 06:39 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-09-09 06:39 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 06:39 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 06:39 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-09 06:39 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-09-09 06:39 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-09-09 06:39 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-09-09 06:39 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 01:50 . 2009-07-27 20:36 -------- d-----w- c:\program files\Spotify
2009-10-03 16:23 . 2008-10-28 19:06 -------- d-----w- c:\users\Julie\AppData\Roaming\Skype
2009-10-03 16:01 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-03 16:01 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-03 15:57 . 2009-05-10 15:25 -------- d-----w- c:\programdata\Google Updater
2009-10-03 15:56 . 2008-10-28 19:07 -------- d-----w- c:\users\Julie\AppData\Roaming\skypePM
2009-10-02 21:10 . 2009-07-27 22:15 -------- d-----w- c:\users\kitsantas\AppData\Roaming\Spotify
2009-10-01 15:49 . 2009-08-05 07:30 -------- d-----w- c:\users\Julie\AppData\Roaming\OnlineStorage
2009-10-01 15:49 . 2009-08-05 07:48 -------- d-----w- c:\program files\iTunes
2009-10-01 15:49 . 2009-08-03 07:18 -------- d-----w- c:\program files\Winsudate
2009-10-01 15:49 . 2009-07-05 17:45 -------- d-----w- c:\program files\PC Connectivity Solution
2009-10-01 15:49 . 2009-06-17 13:52 -------- d-----w- c:\program files\QuickTime
2009-10-01 15:49 . 2008-10-28 19:16 -------- d-----w- c:\program files\Microsoft Money
2009-10-01 15:49 . 2008-10-28 19:05 -------- d-----w- c:\program files\Common Files\Skype
2009-10-01 15:49 . 2008-10-23 19:52 -------- d-----w- c:\program files\Wanadoo
2009-10-01 15:49 . 2008-03-21 11:21 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-01 15:49 . 2008-03-21 11:16 -------- d-----w- c:\program files\Microsoft Works
2009-10-01 14:01 . 2009-08-28 16:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-01 13:32 . 2009-08-26 16:03 -------- d-----w- c:\programdata\Norton
2009-10-01 13:25 . 2009-08-26 16:03 -------- d-----w- c:\programdata\NortonInstaller
2009-10-01 11:42 . 2008-12-15 08:03 -------- d-----w- c:\program files\Alwil Software
2009-10-01 09:50 . 2008-12-02 21:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-01 09:50 . 2008-12-02 21:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-01 09:49 . 2008-11-29 12:16 -------- d-----w- c:\programdata\eMule
2009-10-01 09:49 . 2008-11-22 12:04 -------- d-----w- c:\program files\eMule
2009-10-01 08:02 . 2009-06-28 13:41 -------- d-----w- c:\users\kitsantas\AppData\Roaming\vlc
2009-09-30 21:15 . 2009-07-26 19:49 -------- d-----w- c:\program files\McDonaldsDragons
2009-09-30 21:01 . 2008-11-29 12:10 680 ----a-w- c:\users\Julie\AppData\Local\d3d9caps.dat
2009-09-30 21:01 . 2008-03-21 11:06 -------- d-----w- c:\programdata\NVIDIA
2009-09-28 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-28 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-28 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-28 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-28 09:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-28 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-28 09:50 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-23 19:30 . 2009-08-05 13:39 -------- d-----w- c:\users\Julie\AppData\Roaming\vlc
2009-09-23 18:21 . 2008-10-28 19:05 -------- d-----w- c:\program files\Google
2009-09-12 17:53 . 2009-08-26 14:27 -------- d-----w- c:\users\Julie\AppData\Roaming\EndNote
2009-09-10 06:01 . 2009-02-22 07:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 18:37 . 2008-11-08 21:32 -------- d-----w- c:\program files\Java
2009-09-03 15:47 . 2008-11-16 18:55 -------- d-----w- c:\programdata\NOS
2009-09-03 15:47 . 2008-11-16 18:55 -------- d-----w- c:\program files\NOS
2009-09-03 14:31 . 2008-11-07 13:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-01 12:08 . 2008-11-01 15:27 -------- d-----w- c:\users\kitsantas\AppData\Roaming\Skype
2009-09-01 09:50 . 2008-11-22 10:33 -------- d-----w- c:\users\kitsantas\AppData\Roaming\skypePM
2009-08-31 21:05 . 2009-07-27 20:36 -------- d-----w- c:\users\Julie\AppData\Roaming\Spotify
2009-08-30 19:45 . 2009-08-30 19:45 -------- d-----w- c:\users\kitsantas\AppData\Roaming\VSprint company
2009-08-30 19:45 . 2009-08-30 19:45 -------- d-----w- c:\programdata\VSprint company
2009-08-30 14:49 . 2009-08-30 14:40 -------- d-----w- c:\program files\RunLog
2009-08-30 10:49 . 2009-08-30 10:49 -------- d-----w- c:\program files\ZillaSoft.ws
2009-08-29 14:31 . 2008-03-21 11:35 -------- d-----w- c:\program files\Acer GameZone
2009-08-29 13:17 . 2009-08-27 22:16 -------- d-----w- c:\programdata\EmailNotifier
2009-08-29 11:00 . 2008-10-26 08:48 465032 ----a-w- c:\users\Julie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 08:23 . 2009-08-27 22:14 -------- d-----w- c:\users\kitsantas\AppData\Roaming\gtk-2.0
2009-08-29 08:19 . 2008-10-23 19:48 465032 ----a-w- c:\users\kitsantas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 08:18 . 2009-08-28 15:49 -------- d-----w- c:\program files\Photo Pos Pro
2009-08-29 00:27 . 2009-09-02 21:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 19:49 . 2008-11-25 14:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-28 19:13 . 2009-08-28 19:13 -------- d-----w- c:\users\kitsantas\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-08-28 19:03 . 2009-08-28 19:03 1024 ----a-w- c:\windows\system32\clauth2.dll
2009-08-28 19:03 . 2009-08-28 19:03 1024 ----a-w- c:\windows\system32\clauth1.dll
2009-08-28 19:02 . 2009-08-28 19:02 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-08-28 09:53 . 2009-06-07 20:26 92 ----a-w- c:\users\kitsantas\AppData\Local\micgmky.bat
2009-08-27 22:34 . 2009-08-27 22:34 -------- d-----w- c:\users\kitsantas\AppData\Roaming\FrmMain
2009-08-27 22:22 . 2009-08-27 22:22 -------- d-----w- c:\program files\PowerOfSoftware Ltd
2009-08-27 09:16 . 2009-06-21 10:16 -------- d-----w- c:\users\Julie\AppData\Roaming\dvdcss
2009-08-26 16:08 . 2009-01-28 17:09 -------- d-----w- c:\programdata\Symantec
2009-08-26 16:03 . 2009-01-24 07:45 -------- d-----w- c:\program files\Norton Security Scan
2009-08-12 17:50 . 2009-07-16 22:17 -------- d-----w- c:\program files\Orange
2009-08-09 11:30 . 2009-08-09 11:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-08-05 07:48 . 2009-08-05 07:48 -------- d-----w- c:\program files\iPod
2009-08-05 07:48 . 2009-02-05 17:49 -------- d-----w- c:\program files\Common Files\Apple
2009-08-05 07:30 . 2009-08-05 07:30 -------- d-----w- c:\program files\mes données
2009-07-25 03:23 . 2008-11-08 21:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 15:25 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 15:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 15:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 15:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 17:02 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 17:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 17:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 17:02 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 17:02 7680 ----a-w- c:\windows\system32\spwmp.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OSDOverLayIcon]
@="{8129812F-4AF8-4A47-85A5-D995B505880C}"
[HKEY_CLASSES_ROOT\CLSID\{8129812F-4AF8-4A47-85A5-D995B505880C}]
2009-04-16 14:32 53248 ----a-w- c:\program files\mes données\OSDExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WinUsr"="c:\program files\Winsudate\gibusr.exe" [2009-08-03 88304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-09 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-18 198160]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-21 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):87,68,02,e2,21,40,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2987379702-1306046148-1211420604-1000]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2987379702-1306046148-1211420604-1001]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9A0FC0E6-C41A-491D-85B2-7B42B0C4D7B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9272E7EA-E5B0-4E65-AA03-61B849992A79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0590D135-20CF-4616-83A2-B4D64D7A7ADC}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{40F60C6C-DD8E-40B8-AB34-5061C567E010}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{EC714915-D3A6-43D3-B785-23155F4ED9A6}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{8FB6D042-3CF4-407D-A2E9-A1CE05C41456}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{542BA28B-703D-48DB-B83F-94E757E578BF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{B34DAF09-668F-41FD-94EB-A7A892360F5C}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{A924C65E-76C0-4E34-9E09-9FC3F7E6691A}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F051E17E-51EF-4830-B367-F6DA497077E5}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{50AEB031-A18E-473E-BBA8-4946450B5E12}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6CF81C32-E762-49A6-8A77-BFE70F5BD6AF}c:\\program files\\live-player\\live-player.exe"= UDP:c:\program files\live-player\live-player.exe:Live-Player
"UDP Query User{43FC6D83-BD66-454E-8C91-E960E03DF1A6}c:\\program files\\live-player\\live-player.exe"= TCP:c:\program files\live-player\live-player.exe:Live-Player
"{99097CEE-304B-4F11-A297-1591AF3C136F}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{C55B01B6-B981-45BA-B388-64817430FB7C}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{69511D71-CCD9-423F-A1FC-767A6FC4B92B}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{DE31ADD4-03D0-4CE0-80A2-703A0271B12C}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{D915DE0B-AC06-4D07-B977-B66B5115167A}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{3D7EF337-6EE1-40FA-A49D-46FB067E3E22}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{3520C2FA-C892-4969-803F-C9E76A74C454}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{2979916F-5736-4896-991D-15776DCD00B4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{55396811-5427-494C-BCB7-4BA8B9C17B1E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{39662D65-2BE9-4D48-9C31-D3E735785016}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{228C003B-08B6-44E4-8CC7-65236217ABC0}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify
"{D43C925D-D6D0-43B5-ACC6-E154C378AEBD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{05E3353D-7471-4EFD-9B8D-8118C33A7746}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{646266B6-F069-4F75-B7E7-5A46B8CE621C}"= UDP:c:\windows\Temp\~os73AA.tmp\rlvknlg.exe:rlvknlg.exe
"TCP Query User{117BF6D4-B55B-4E83-BAC2-0079BF2401BF}c:\\program files\\vsprint company\\vsprint personal trainer\\bin\\vsprint.personal.exe"= UDP:c:\program files\vsprint company\vsprint personal trainer\bin\vsprint.personal.exe:VSprint_Personal
"UDP Query User{F14FFADC-FAE1-43CA-84B6-B9B62DFA0BF1}c:\\program files\\vsprint company\\vsprint personal trainer\\bin\\vsprint.personal.exe"= TCP:c:\program files\vsprint company\vsprint personal trainer\bin\vsprint.personal.exe:VSprint_Personal

R1 CbFs;CbFs;c:\windows\System32\drivers\cbfs32.sys [05/08/2009 09:30 137384]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [21/03/2008 13:34 269448]
R2 WinSvc;Gestionnaire de mise à jour Winsudate;c:\program files\Winsudate\gibsvc.exe [03/08/2009 09:18 70896]
S2 gupdate1c9c0137700c2e0;Service Google Update (gupdate1c9c0137700c2e0);c:\program files\Google\Update\GoogleUpdate.exe [18/04/2009 12:50 133104]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [21/03/2008 20:47 30752]
S3 ovt530;Dual Mode USB Camera OV530;c:\windows\System32\drivers\ov530vid.sys [08/02/2006 11:28 173939]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-10-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-28 15:25]

2009-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 10:50]

2009-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 10:50]

2009-10-03 c:\windows\Tasks\User_Feed_Synchronization-{DE89D758-5EB0-451D-93AC-7185D4D09EDB}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} - hxxp://webtv.guidetv.orange.fr/resources/OCS_8971.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-aifsad - c:\users\kitsantas\appdata\local\aifsad.exe
HKCU-Run-awcgaqa - c:\users\kitsantas\appdata\local\awcgaqa.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Ovt Wia - c:\windows\OV530EM.exe
HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
HKLM-Run-eRecoveryService - (no file)
AddRemove-MSMONEYV4 - c:\program files\Microsoft Money\install.exe
AddRemove-ZillaSoft Break.com - c:\program files\ZillaSoft.ws\Break.com



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 20:37
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\KITSAN~1\AppData\Local\Temp\xml34A.tmp 209 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{3463cbb6-6110-4a29-84ff-c94b47675f65}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d001d92
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{89808295-b35c-4f0a-856a-d4f55f0759c3}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(1300)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\mes données\OSDExtension.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Heure de fin: 2009-10-03 20:42 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-10-03 18:42

Avant-CF: 60 610 482 176 octets libres
Après-CF: 61 672 427 520 octets libres

504 --- E O F --- 2009-10-03 17:20

1 réponse

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
3 oct. 2009 à 22:13
slt,




Telecharge FindyKill sur ton bureau :

--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
→ http://pagesperso-orange.fr/NosTools/cariboost_files/FindyKill.exe


Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Vas dans "Démarrer" puis Panneau de configuration.
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
- Clique sur Continuer.
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
- Valide par OK et redémarre.




########### [ Option 1 ( Recherche ) XP ]


▶ Télécharge FindyKill de Chiquitine29 sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

! Déconnecte toi et ferme toutes applications en cours !

• Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

• Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Aides en images : http://pagesperso-orange.fr/NosTools/findykill.html
0