Sujet Précédent Sujet Suivant

Infection virus nideiect

chtimic -  
 Utilisateur anonyme -
Bonjour,

je suis egalement infecté par ce virus nideiect.
j'ai lu les precedent messages de forum mais j'ai l'impression que la resolution du probleme differe suivant le type d'ordinateur.
j'ai une cle usb et une carte sd infectées. (et peut etre un dvd rw?)
j'ai donc contaminer egalement un ordi portable mais en reformatant et reinstallant vista, tout refonctionne normalement (apparemment!)
mon probleme est pour mon ordi fixe; il est sous xp; j'ai 3 dd internes et sur le principal j'ai 2 partitions (une pour xp et une autre pour du stockage) ; si le virus est dans toutes les partitions et tous les dd, j'imagine que ça sert à rien de reinstaller xp?
Merci d'avance de m'indiquer la meilleure demarche à suivre...
A voir également:

18 réponses

Réponse 1 / 18
Jadema Messages postés 31 Statut Membre 2
 
telecharge un CCleaner puis anti Spyward puis met à jour ton anti virus
0
chtimic
 
merci de votre reponse, je pense qu'il faut que je fasse ça pour mon portable? ayant une 2è reponse de votre collegue pour mon fixe dont je m'occuperais ce soir. (j'avais d'ailleurs chargé et installé ccleaner mais impossible de le lancer)
autre doute: mon portable reçoit internet via un telephone portable qui me sert de modem, est ce que le telephone peut etre infecté et relancer le virus? (c'est un nokia 5610)
merci d'avance
0
Réponse 2 / 18
Utilisateur anonyme
 
Salut,

sur le pc xp

branche toutes tes sources de données puis :

Telecharge FindyKill sur ton bureau :

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Lance l installation avec les parametres par default

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

0
Réponse 3 / 18
chtimic
 
bonsoir,

voici le rapport de FindyKill ;
une autre precision : j'ai un 2è ordi fix sous xp qui est relié au premier infecté via mon routeur internet; est ce qu'il peut etre infecté a travers ce reseau local?

----------------- FindyKill V4.600 ------------------

* User : mic - TIMIC-70237D87B
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Recherche effectuée à 19:48:01 le 12/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Eden Flirt\EdenFlirt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iminent\imbooster.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\137031.EXE-1383BE5D.pf
Found ! - C:\WINDOWS\prefetch\139250.EXE-2E597952.pf
Found ! - C:\WINDOWS\prefetch\144218.EXE-0E166A31.pf
Found ! - C:\WINDOWS\prefetch\144734.EXE-38F5E03D.pf
Found ! - C:\WINDOWS\prefetch\153296.EXE-133D589F.pf
Found ! - C:\WINDOWS\prefetch\153437.EXE-27C84535.pf
Found ! - C:\WINDOWS\prefetch\153750.EXE-219CA0CB.pf
Found ! - C:\WINDOWS\prefetch\158343.EXE-030119A5.pf
Found ! - C:\WINDOWS\prefetch\162765.EXE-214B86E8.pf
Found ! - C:\WINDOWS\prefetch\164187.EXE-0096E341.pf
Found ! - C:\WINDOWS\prefetch\164593.EXE-02FC94C9.pf
Found ! - C:\WINDOWS\prefetch\177203.EXE-1A2F60CA.pf
Found ! - C:\WINDOWS\prefetch\177218.EXE-3A7C5DBF.pf
Found ! - C:\WINDOWS\prefetch\177546.EXE-2036F545.pf
Found ! - C:\WINDOWS\prefetch\71250.EXE-0048998E.pf
Found ! - C:\WINDOWS\prefetch\75125.EXE-1D9E3321.pf
Found ! - C:\WINDOWS\prefetch\84421.EXE-08F88EE9.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-2BF49C2D.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-3B00332D.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2B1270B6.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [12/11/2008 19:33] - C:\WINDOWS\system32\mdelk.exe
Found ! [12/11/2008 19:33] - C:\WINDOWS\system32\wintems.exe
Found ! [12/11/2008 19:34] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [12/11/2008 19:32] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [01/11/2008 09:28] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [12/11/2008 19:39] - "C:\WINDOWS\system32\drivers\downld"
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\100468.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\101687.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\106625.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\108450062.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\108488812.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\108496953.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\111328.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\112265.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\122562.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\137031.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\139250.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\144218.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\144734.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\153296.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\153437.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\153750.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\158343.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1597781.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\162765.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\164187.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\164593.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1707312.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\172718.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\174171.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1748578.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\176703.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\177203.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\177218.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\177546.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\180750.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\181234.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1826625.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1829906.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\183312.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1895921.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1912171.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\191921.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\192562.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\193875.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\195296.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1957062.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1969234.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\198328.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1987328.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\200562.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\201906.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\205671.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\205859.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\206828.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\207984.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\219343.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\220671.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\227546.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\233062.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\235515.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\245531.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\248015.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\261187.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\278453.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\307531.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\310828.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\321750.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\326000.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\330015.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\330625.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\334796.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\334890.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\359062.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\363015.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\372921.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\376468.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\397421.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\401578.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\411015.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\420921.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\422109.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\439281.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\454109.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\463375.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\463875.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\471703.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\475046.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\475484.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\478828.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\484765.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\489609.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\492437.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\496640.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\499562.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\499750.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\503296.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\504156.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\511281.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\513859.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\522921.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\529468.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\537765.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\540593.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\564093.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\570984.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\577359.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\598390.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\68546.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\70812.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\71250.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\75125.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\84421.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\86765.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\88281.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\89171.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\90468.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\91156.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\92781.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\93312.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\93406.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\93890.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\95046.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\97625.exe
Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\98140.exe

»»»» Presence des fichiers dans C:\Documents and Settings\mic\Application Data

Found ! [12/11/2008 12:36] - "C:\Documents and Settings\mic\Application Data\m\flec006.exe"
Found ! [12/11/2008 12:36] - "C:\Documents and Settings\mic\Application Data\m\list.oct"
Found ! [12/11/2008 12:36] - "C:\Documents and Settings\mic\Application Data\m\data.oct"
Found ! [12/11/2008 12:37] - "C:\Documents and Settings\mic\Application Data\m\srvlist.oct"
Found ! [12/11/2008 19:34] - "C:\Documents and Settings\mic\Application Data\m\shared"
Found ! [09/11/2008 22:04] - "C:\Documents and Settings\mic\Application Data\m"

»»»» Presence des fichiers dans C:\DOCUME~1\mic\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5

Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64[2].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[2].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[3].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\mxd[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[2].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[3].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[4].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_1[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_3[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_3[2].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[2].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[3].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[4].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[5].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[2].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[3].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[4].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\b64[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\b64_1[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\mxd[1].jpg
Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\mxd[2].jpg

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
nTrayFw REG_SZ C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
EdenFlirt REG_SZ C:\Program Files\Eden Flirt\EdenFlirt.exe
SoundMan REG_SZ SOUNDMAN.EXE
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
REGSHAVE REG_SZ C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
IMBooster REG_SZ C:\Program Files\Iminent\imbooster.exe /warmup
AlcoholAutomount REG_SZ "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
SuperCopier2.exe REG_SZ C:\Program Files\SuperCopier2\SuperCopier2.exe

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\Local AppWizard-Generated Applications\nideiect
Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\nideiect
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

- des fichiers cachés non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

- sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

- sans echec non fonctionnel !!

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur de CD-ROM

G: - Lecteur fixe

H: - Lecteur fixe

I: - Lecteur amovible

N: - Lecteur amovible

+- Contenu de l'autorun : F:\autorun.inf

[autorun]
open=autorun6e.exe
icon=autorun6e.exe

+- Contenu de l'autorun : I:\autorun.inf

[AutoRun]
open=nideiect.com
;shell\open=Open(&O)
shell\open\Command=nideiect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=nideiect.com

+- Contenu de l'autorun : N:\autorun.inf

[AutoRun]
open=nideiect.com
;shell\open=Open(&O)
shell\open\Command=nideiect.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=nideiect.com

+- presence des fichiers :

Found ! [21/07/2006 18:29][-r-------] - F:\autorun.inf
Found ! [11/11/2008 21:26][---h-----] - I:\autorun.inf
Found ! [01/11/2008 09:28][---h-----] - I:\nideiect.com
Found ! [11/11/2008 21:27][---h-----] - N:\autorun.inf
Found ! [01/11/2008 09:28][---h-----] - N:\nideiect.com

--------------- [ Registre / Mountpoint2 ] ----------------

Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\open\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\open\Command

------------------- ! Fin du rapport ! --------------------
0
Réponse 4 / 18
Utilisateur anonyme
 
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)

/!\ le pc va redémarrer , laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
chtimic
 
voici le 2è rapport:

PS: quant est il du 2è PC relié via un reseau local?

----------------- FindyKill V4.600 ------------------

* User : mic - TIMIC-70237D87B
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 12/11/08 par Chiquitine29
* Suppression effectuée à 20:32:54 le 12/11/2008
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((( *** Suppression *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apa­che Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin­\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin­\nTrayFw.exe
C:\Program Files\Eden Flirt\EdenFlirt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin­\nSvcLog.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM­.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iminent\imbooster.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe­
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin­\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apa­che Group\Apache2\bin\apache.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc­.exe
C:\WINDOWS\system32\wbem\wmiprvse.ex­e

--------------- [ Fichiers / Dossiers infectieux ] ----------------

»»»» Supression des fichiers dans C:

»»»» Supression des fichiers dans C:\WINDOWS

»»»» Supression des fichiers dans C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\137031.EXE-1383B­E5D.pf
Deleted ! - C:\WINDOWS\prefetch\139250.EXE-2E597­952.pf
Deleted ! - C:\WINDOWS\prefetch\144218.EXE-0E166­A31.pf
Deleted ! - C:\WINDOWS\prefetch\144734.EXE-38F5E­03D.pf
Deleted ! - C:\WINDOWS\prefetch\153296.EXE-133D5­89F.pf
Deleted ! - C:\WINDOWS\prefetch\153437.EXE-27C84­535.pf
Deleted ! - C:\WINDOWS\prefetch\153750.EXE-219CA­0CB.pf
Deleted ! - C:\WINDOWS\prefetch\158343.EXE-03011­9A5.pf
Deleted ! - C:\WINDOWS\prefetch\162765.EXE-214B8­6E8.pf
Deleted ! - C:\WINDOWS\prefetch\164187.EXE-0096E­341.pf
Deleted ! - C:\WINDOWS\prefetch\164593.EXE-02FC9­4C9.pf
Deleted ! - C:\WINDOWS\prefetch\177203.EXE-1A2F6­0CA.pf
Deleted ! - C:\WINDOWS\prefetch\177218.EXE-3A7C5­DBF.pf
Deleted ! - C:\WINDOWS\prefetch\177546.EXE-2036F­545.pf
Deleted ! - C:\WINDOWS\prefetch\71250.EXE-004899­8E.pf
Deleted ! - C:\WINDOWS\prefetch\75125.EXE-1D9E33­21.pf
Deleted ! - C:\WINDOWS\prefetch\84421.EXE-08F88E­E9.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-2BF4­9C2D.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-3B0033­2D.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2B12­70B6.pf

»»»» Supression des fichiers dans C:\WINDOWS\system32

Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression des fichiers dans C:\WINDOWS\system32\drivers

Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sy­s
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.s­ys
Not deleted !! - C:\WINDOWS\system32\drivers\winfilse­.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­00468.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­01687.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­06625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­08450062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­08488812.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­08496953.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­11328.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­12265.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­22562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­37031.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­39250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­44218.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­44734.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­53296.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­53437.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­53750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­58343.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­597781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­62765.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­64187.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­64593.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­707312.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­72718.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­74171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­748578.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­76703.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­77203.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­77218.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­77546.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­80750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­81234.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­826625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­829906.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­83312.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­895921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­912171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­91921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­92562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­93875.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­95296.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­957062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­969234.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­98328.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\1­987328.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­00562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­01906.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­05671.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­05859.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­06828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­07984.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­19343.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­20671.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­27546.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­33062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­35515.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­45531.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­48015.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­61187.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\2­78453.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­07531.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­10828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­21750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­26000.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­30015.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­30625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­34796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­34890.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­59062.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­63015.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­72921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­76468.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\3­97421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­01578.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­11015.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­20921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­22109.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­39281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­54109.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­63375.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­63875.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­71703.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­75046.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­75484.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­78828.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­84765.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­89609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­92437.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­96640.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­99562.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\4­99750.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­03296.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­04156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­11281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­13859.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­22921.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­29468.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­37765.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­40593.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­64093.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­70984.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­77359.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\5­98390.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\6­8546.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\7­0812.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\7­1250.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\7­5125.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\8­4421.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\8­6765.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\8­8281.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\8­9171.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\9­0468.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\9­1156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\9­2781.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\9­3312.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\9­3406.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\9­3890.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\9­5046.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\9­7625.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\9­8140.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression des fichiers dans C:\Documents and Settings\mic\Application Data

Not deleted !! - "C:\Documents and Settings\mic\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\mic\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\mic\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\mic\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\1st_Windows_System_&_Internet_Washer_Pro_3.33_Serial.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\1toX_2.65.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\3D Good Ole Summer Time 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\3DScreen_Builder_Screensaver_Maker_1.51.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\3D_Space_Gladiators_1.2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\A+_Web_Show_Maker_2.0.0_[KeyGen].zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Acker_DVD_to_iPod_Converter_2.0.26.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Advanced_VBA_Password_Recovery_1.61.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\air de rouen 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Arles Image Web Page Creator 7.4.2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\AsiaCurrency 1.6.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Asifta 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Asset_Farm_2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Asterisk_Logger_1.02.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Astrology_for_Lovers_2.21_[Crack].zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Audio recording Studio 3.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Audio_CD_Ripper_1.32_[Key].zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Avatar Boy 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\AVG.Free.v7.5.428.[www.epsylone.fr].zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\AviScript_2.9.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Begonias on show Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\BeyondResponse_3.2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Bill Richardson 7.10.08.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\BitDefender.Internet.Security.v10.FR.Incl-Keygen.updated-fixed.11-2006.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Blast_Chamber_demo.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Blitz Caller ID Display 3.6.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Caelum8 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\CDBF for Windows 2.99.03.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\CD_WAVE_Ripper_1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Chinup - Chinese Popup Translator 0.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ClickAndTimeSaver_1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Clip_Downloader_3.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\CQ_Web_1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Data Doctor Recovery - SIM Card 3.0.1.5.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\DaySmart 6.0.4.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Digital Image Viewer 1.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Disk_Space_Detective_2.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EaseDictionary 2.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EDictionary_1.0_With_Crack.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Eisoo_AnyBackup_2007_Standard_Edition_2.1_build_8627.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EM_Menu_1.2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EnhancaCursor 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EN_ScrapBook_2.20.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Examiner_1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Fantasysavers Privacy Toolbar 5.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\File_Properties_Changer_1.05.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Firefly Living Desktop 1.3.0 [Patch].zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Folder_Fuse_1.0.0.85_(Crack).zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Four_Calorie_Web_Server_'Journaling'_Edition_1.1.5.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\GeoLocation 1.2.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Greylist for Exchange 1.3.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Happy_Snowman_Screensaver_4.10.0510_(Crack).zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Hearts_of_Iron_1.05_patch_(Asian).zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\HLP_To_RTF_Lite_5.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ImTOO_DivX_to_DVD_Converter_3.0.30.0803.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Income_Calculator_1.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\InfoStore_1.5.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Intelli Balancer 1.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\JADS 3.0 [Crack].zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\JavaScript_Spiral_PopMenu_1.0_(Patch).zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\JoyceCD_3.9_Key+Serial.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Kaspersky.Anti.Virus.Personal.v5.0.527.German.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\KeyCounter 2.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Keylogger_Hunter_2.14_[Key].zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Knight Time 1.04.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\LightWayText 4.1.6.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\LiquidGuardian 1.0.5.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Lode Runner 1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\LogRover_2.3.3.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\MagicCamera 3.1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Marvin's Thoughts 01.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\MedBaseEHR_10.1a.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\medi_1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Mini_Digital_Signal_Scope_1.11.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Morovia MSI Plessey Barcode Fontware 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Morpheus_Photo_Compressor_2.00_(With_Crack).zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\MSN Messenger 6.2.0208.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\NoIndent 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Panda.Titanium.2006.Antivirus.Antispyware.Keygen.Serials.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\PhantomMailer 2.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\PhotoS_2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Plasmaplugs_Progress_Bar_1.0_Serial.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\POP-3 2.01.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\PowerCrypt_2000_4.4_revision_233.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ProxyToy 1.5.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Quality_Window_5.0.667.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Quran-Radio 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\radio2XS WMP Tuner 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Recovery_for_BizTalk_1.0.0722_Serial.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Repair_Registry_Pro_1.2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ReportBuilder_Standard_10.04_[Serial].zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\SchemaToDoc_Entreprise_Edition_1.5_Serial.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ScreenShotHost Saver 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ScreenViewer_1.8.3.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Serial_Monitor_4.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Server2Go_1.4.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ShareMusic_1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Shortcut_Wizard_1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Sidereal_Time_1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\SmartClock 1.2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Smart_Photo_Import_1.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Solid To Mesh for AutoCAD 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\SOS_Online_Backup_3.0.0.0_Patch.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\SQL_VB_Code_Generator_1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\StudioEase 5.3.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Sync_'Em!_2.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Taco_Bell_Dog_1.2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Tagkeys 2.2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\TAMS_1.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\TechSkills_TestPrep_for_70-210_1.035.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\The Popup Stopper Wizard 2.1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\The Sims - Khan skin.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\TourGroup Manager 3.00.10.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Turbo-Edit_97_1.40.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Ultimate_Stopwatch_1.0_Crack.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Unofficial_AlltheWeb_Toolbar_1.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\UPGRAYED 1.3.0.36329.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\US Constitution and Related Documents 1.2.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Utiliphoto Easy 2.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\VersaTimer 1.01.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Vistascript_Developer_1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Visual Organizer 1.0.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Visual Ping 0.8.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Visustin_4.03.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\WarBreeds_demo.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Webcam Publisher 2.0 Beta 0014.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\WinNotes_2005_1.2_(Key).zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\WWW Photo Album 1.16.zip
Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Zip_Search_1.00.zip
Deleted ! - "C:\Documents and Settings\mic\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\mic\Application Data\m"

»»»» Supression des fichiers dans C:\DOCUME~1\mic\LOCALS~1\Temp

»»»» Supression des fichiers dans C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64[2].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\mxd[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[2].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[3].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[4].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[4].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[5].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[2].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[3].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[4].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\b64[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\mxd[1].jpg
Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\mxd[2].jpg

--------------- [ Registre / Clés infectieuses ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\Local AppWizard-Generated Applications\nideiect
Deleted ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\MuleAppData

--------------- [ Etat / Redémarage des services ] ----------------

+- Mode sans echec restauré !

+- Affichage des fichiers cachés réparé !

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Nettoyage des supports amovibles ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur de CD-ROM

G: - Lecteur fixe

H: - Lecteur fixe

I: - Lecteur amovible

N: - Lecteur amovible

+- Suppression des fichiers :

Not deleted !! - F:\autorun.inf
Deleted ! - I:\autorun.inf
Deleted ! - I:\nideiect.com
Deleted ! - N:\autorun.inf
Deleted ! - N:\nideiect.com

--------------- [ Registre / Moutpoint2 ] ----------------

Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\open\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\open\Command

--------------- [ Recherche Cracks / Keygen ] ----------------

C:\Documents and Settings\mic\Recent\Crack & Serial.lnk
C:\Documents and Settings\mic\Recent\Jeux PC Titan Quest [Jeu complet avec patches crack et serial][Version Francaise].lnk
C:\Documents and Settings\mic\Recent\serial.keygen.crack.generator.Mission Pr‚sident - Geo Political Simulator.lnk

---------------- ! Fin du rapport ! ------------------
0
Réponse 6 / 18
chtimic
 
bonjour,

ce matin en redemarrant le pc; le parefeu windows bloquait le programme "flec006" que j'ai debloquer (ai-je bien fait?)
i y avait egalement cette fenetre ouverte "NTSB investigation flight recorder (black box) analyzer" que j'ai fermée.

merci
0
Réponse 7 / 18
Utilisateur anonyme
 
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau

-> Double clique sur killbagle.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

Une fois fait, sur ton bureau double-clic sur killbagle.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
0
Réponse 8 / 18
chtimic
 
bonjour,
voici le rapport de combofix

ComboFix 08-11-11.01 - mic 2008-11-13 12:43:43.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1621 [GMT 1:00]
Lancé depuis: c:\documents and settings\mic\Bureau\killbagle.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mic\Application Data\m
c:\documents and settings\mic\Application Data\m\data.oct
c:\documents and settings\mic\Application Data\m\list.oct
c:\documents and settings\mic\Application Data\m\shared\#1_Sound_Recorder_4.1_Cracked.zip
c:\documents and settings\mic\Application Data\m\shared\1-ACT Spyware Remover 2006 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\1st Simple HTML Editor 2.1.6.zip
c:\documents and settings\mic\Application Data\m\shared\3D Earth Space Tour 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\3D Happy Birthday Girl 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\96.1 KISS HD2 Radio 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\A1 SpeechTRON 1.zip
c:\documents and settings\mic\Application Data\m\shared\ABF_Magnifying_Tools_1.2_[Serial].zip
c:\documents and settings\mic\Application Data\m\shared\Able Image Browser 1.7.1.6.zip
c:\documents and settings\mic\Application Data\m\shared\AccSmart_-_Battery_Monitoring_Utility_1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Active LogView 2.09.1.8.zip
c:\documents and settings\mic\Application Data\m\shared\Active Sound Studio Professional 2.1.zip
c:\documents and settings\mic\Application Data\m\shared\AdventNet_SNMP_API_-_Free_Edition_4.zip
c:\documents and settings\mic\Application Data\m\shared\AFSearch offline html search engine 9.55.zip
c:\documents and settings\mic\Application Data\m\shared\Amazing Waterfall 5.07.zip
c:\documents and settings\mic\Application Data\m\shared\Amiga_Explorer_2007.0.2_Key+Serial.zip
c:\documents and settings\mic\Application Data\m\shared\Arjan Mels' Font Viewer 1.14.1.564.zip
c:\documents and settings\mic\Application Data\m\shared\Aspose.Total for Reporting Services 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\AssetPak_1.7.19.zip
c:\documents and settings\mic\Application Data\m\shared\AutoTrace 0.31.1.zip
c:\documents and settings\mic\Application Data\m\shared\Back2Life_for_TC_2.3.zip
c:\documents and settings\mic\Application Data\m\shared\BangaBangarasoft_Family_1.zip
c:\documents and settings\mic\Application Data\m\shared\Batch_TIFF_Resizer_1.57_(Cracked).zip
c:\documents and settings\mic\Application Data\m\shared\BeCyIconGrabber 2.30.zip
c:\documents and settings\mic\Application Data\m\shared\BlackJack_Calculator_1.1_Serial.zip
c:\documents and settings\mic\Application Data\m\shared\Block-IT!_1.1_(Patch).zip
c:\documents and settings\mic\Application Data\m\shared\Bound_1.0.zip
c:\documents and settings\mic\Application Data\m\shared\CellPos_1.30_Serial.zip
c:\documents and settings\mic\Application Data\m\shared\Championship_Chess_Pro_6.62.zip
c:\documents and settings\mic\Application Data\m\shared\Childishness Diary 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Chinese_Radicals_1.0.zip
c:\documents and settings\mic\Application Data\m\shared\CHM EBook Editor 1.06.zip
c:\documents and settings\mic\Application Data\m\shared\Cleantouch_Multi-Level_Yarn_Trading_1.0_Key.zip
c:\documents and settings\mic\Application Data\m\shared\D'Notes_0.5.1_Build_103.zip
c:\documents and settings\mic\Application Data\m\shared\DataMite 1.21.zip
c:\documents and settings\mic\Application Data\m\shared\Deep Space 3D Screensaver 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\DesignWorks Lite 4.6.zip
c:\documents and settings\mic\Application Data\m\shared\Desktop Magnifier 1.7.2.zip
c:\documents and settings\mic\Application Data\m\shared\Distance Marker 2005.zip
c:\documents and settings\mic\Application Data\m\shared\dsDictionary 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Easy_DVD_Extractor_3.7.0.zip
c:\documents and settings\mic\Application Data\m\shared\Easy_Java_1.2.zip
c:\documents and settings\mic\Application Data\m\shared\EasyEx html mail 2.03.zip
c:\documents and settings\mic\Application Data\m\shared\Easykeys 1.36 Cracked.zip
c:\documents and settings\mic\Application Data\m\shared\Ergo_Romanian_1.5.zip
c:\documents and settings\mic\Application Data\m\shared\Excel Search and Replace 2.0.zip
c:\documents and settings\mic\Application Data\m\shared\FAR Manager Password Recovery 1.0.145.2006.zip
c:\documents and settings\mic\Application Data\m\shared\Fincalc 6.0.zip
c:\documents and settings\mic\Application Data\m\shared\FinePrint 5.85.zip
c:\documents and settings\mic\Application Data\m\shared\FlexCell_Grid_Control_for_.NET_2.0_2.4.0_[Crack].zip
c:\documents and settings\mic\Application Data\m\shared\Free Vista Icons 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\GaussSum 2.1.0.zip
c:\documents and settings\mic\Application Data\m\shared\GDS Images and Document Maps 2.0.zip
c:\documents and settings\mic\Application Data\m\shared\Haihaisoft Universal Player 1.0.5.5.zip
c:\documents and settings\mic\Application Data\m\shared\HoliDates_UK_2.71.zip
c:\documents and settings\mic\Application Data\m\shared\Hotels 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\HTMLHelp_ePublisher_1.0.zip
c:\documents and settings\mic\Application Data\m\shared\HTMLtoRTF Converter Pro 2.07.03.zip
c:\documents and settings\mic\Application Data\m\shared\Huge_Clock_2.3.zip
c:\documents and settings\mic\Application Data\m\shared\IM2001_1.3.zip
c:\documents and settings\mic\Application Data\m\shared\IT_Outsourcing_Toolkit_3.1_[Patch].zip
c:\documents and settings\mic\Application Data\m\shared\Jmol 11.1.26.zip
c:\documents and settings\mic\Application Data\m\shared\Kaspersky.Anti-Virus.V.6.0.0.300.Final.Keyfile.Kaspersky.zip
c:\documents and settings\mic\Application Data\m\shared\Kaspersky.Intenet.Security.V.6.0.1.411.New.Key.2008.zip
c:\documents and settings\mic\Application Data\m\shared\Kaspersky.Internet.Security.6.0.0.300.Final.German.Incl.Key.zip
c:\documents and settings\mic\Application Data\m\shared\KFSensor_4.2.zip
c:\documents and settings\mic\Application Data\m\shared\Kijiji_Montreal_1.1.zip
c:\documents and settings\mic\Application Data\m\shared\LabelsWin Lite 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Last_Changed_Files_1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Lexipedia 1.1.zip
c:\documents and settings\mic\Application Data\m\shared\Li'l Atomic Clock 1.0.1.zip
c:\documents and settings\mic\Application Data\m\shared\LingvoSoft Talking Dictionary 2006 Russian Armenian 3.1.41.zip
c:\documents and settings\mic\Application Data\m\shared\LingvoSoft_Suite_2006_English_Dutch_1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Liquid_Screen_Saver_Maker_4.5_(Cracked).zip
c:\documents and settings\mic\Application Data\m\shared\London Live Camera 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Macro Express 3.7a (Key+Serial).zip
c:\documents and settings\mic\Application Data\m\shared\Mall23_eCommerce_4.21.zip
c:\documents and settings\mic\Application Data\m\shared\Manny's_Simple_Finance_Program_1.04_[Patch].zip
c:\documents and settings\mic\Application Data\m\shared\MarketBrowser_1.0_[KeyGen].zip
c:\documents and settings\mic\Application Data\m\shared\McAfee.VShield.7.10.EN.zip
c:\documents and settings\mic\Application Data\m\shared\MkAlbum 2.8.zip
c:\documents and settings\mic\Application Data\m\shared\Monex_Portable_Edition_0.7.1.1b.zip
c:\documents and settings\mic\Application Data\m\shared\MSDict_English_Phrases_Dictionary_(Symbian_UIQ)_2.40.zip
c:\documents and settings\mic\Application Data\m\shared\MSN_Content_Adder_2.zip
c:\documents and settings\mic\Application Data\m\shared\MySQL Oracle Import, Export & Convert Software 7.0.zip
c:\documents and settings\mic\Application Data\m\shared\Nature Clock Screensaver 1.zip
c:\documents and settings\mic\Application Data\m\shared\NikSaver 1.6.2 build 192.zip
c:\documents and settings\mic\Application Data\m\shared\NOD.32.antivirus.zip
c:\documents and settings\mic\Application Data\m\shared\Norton.AntiVirus.2007.14.0.0.1+crack-multilenguaje-byzven.zip
c:\documents and settings\mic\Application Data\m\shared\Onyx Ceph 2.7.7.zip
c:\documents and settings\mic\Application Data\m\shared\Outlook Email Address Extractor Pro 2.1.zip
c:\documents and settings\mic\Application Data\m\shared\Pin_Action_Bowling_1.12.04.zip
c:\documents and settings\mic\Application Data\m\shared\Popup_Annihilator_Pro_3.0.zip
c:\documents and settings\mic\Application Data\m\shared\ProgeCAD 2006 Professional 6.1.11.zip
c:\documents and settings\mic\Application Data\m\shared\Qir'at Quran Reciter 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\QwikSecure File Protection System 3.01 [KeyGen].zip
c:\documents and settings\mic\Application Data\m\shared\Rapid_File_Defragmentor_1.4_build_614.zip
c:\documents and settings\mic\Application Data\m\shared\Rebate_Genie_1.0.5.zip
c:\documents and settings\mic\Application Data\m\shared\rebuilt.Kaspersky.Internet.Security.v6.0.0.300.FR.Incl-Key.zip
c:\documents and settings\mic\Application Data\m\shared\SAM (Beauty Salon Software) 6.1.zip
c:\documents and settings\mic\Application Data\m\shared\SANITARY_1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Simple_Contact_Manager_2.5.001.zip
c:\documents and settings\mic\Application Data\m\shared\SlideMate_3.8.zip
c:\documents and settings\mic\Application Data\m\shared\Slimf's_Bowliebash_1.1.zip
c:\documents and settings\mic\Application Data\m\shared\Smartworks-PE_4.5.zip
c:\documents and settings\mic\Application Data\m\shared\Softdiv Audio Converter 3.5.zip
c:\documents and settings\mic\Application Data\m\shared\Sort_Text_Lists_Alphabetically_Software_7.0.zip
c:\documents and settings\mic\Application Data\m\shared\Sploidz 1.zip
c:\documents and settings\mic\Application Data\m\shared\Stator-AFM (Standard) 2.0 Build 216.zip
c:\documents and settings\mic\Application Data\m\shared\Stock NeuroMaster 1.31.zip
c:\documents and settings\mic\Application Data\m\shared\Symantec.AntiVirus.Corporate.Edition.v10.2.276.For.WinVista.zip
c:\documents and settings\mic\Application Data\m\shared\SyncJe Personal Server for Outlook 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Tadpole_0.5.zip
c:\documents and settings\mic\Application Data\m\shared\TextSpeech_Pro_1.0.0.zip
c:\documents and settings\mic\Application Data\m\shared\Timers_OCX_1.1_[Key+Serial].zip
c:\documents and settings\mic\Application Data\m\shared\Toponoky_1.0_Beta.zip
c:\documents and settings\mic\Application Data\m\shared\Total PDF Printer 1.0.zip
c:\documents and settings\mic\Application Data\m\shared\Trisnap 2.0.zip
c:\documents and settings\mic\Application Data\m\shared\True_Trend_Charts_2.0.4_[Cracked].zip
c:\documents and settings\mic\Application Data\m\shared\TsiLang Dictionary Manager 2.1.4.5.zip
c:\documents and settings\mic\Application Data\m\shared\Video Bitrate Calculator 1.0.0.2.zip
c:\documents and settings\mic\Application Data\m\shared\Visual Fractal 1.2.zip
c:\documents and settings\mic\Application Data\m\shared\VivoStatic_3.0_[Crack].zip
c:\documents and settings\mic\Application Data\m\shared\WaveBox_1.1.zip
c:\documents and settings\mic\Application Data\m\shared\WendzelNNTPd_1.0.0.zip
c:\documents and settings\mic\Application Data\m\shared\Willy_Wonka_and_the_Chocolate_Factory_Trailer.zip
c:\documents and settings\mic\Application Data\m\shared\WinBackup 2.0.555.zip
c:\documents and settings\mic\Application Data\m\shared\YoGen Audio Recorder 3.1.7.zip
c:\documents and settings\mic\Application Data\m\srvlist.oct
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\downld
c:\windows\system32\mdelk.exe
I:\autorun.inf
I:\nideiect.com
N:\autorun.inf
N:\nideiect.com

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-13 au 2008-11-13 ))))))))))))))))))))))))))))))))))))
.

2008-11-13 07:23 . 2008-11-13 07:23 197 --a------ c:\windows\system32\MRT.INI
2008-11-13 07:19 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 07:19 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 19:47 . 2008-11-12 20:45 <REP> d-------- c:\program files\FindyKill
2008-11-11 21:27 . 2008-11-11 21:27 173 --a------ C:\curr_ver.tmp
2008-11-11 21:13 . 2008-11-11 21:13 <REP> d-------- c:\program files\ESET
2008-11-11 20:49 . 2008-11-11 20:49 <REP> d-------- c:\program files\CCleaner
2008-11-08 15:24 . 2008-04-14 03:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-08 15:24 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-08 15:24 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-08 15:24 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-08 15:15 . 2008-11-08 15:24 <REP> d-------- c:\documents and settings\mic\Application Data\FUJIFILM
2008-11-08 15:14 . 2008-11-08 15:14 <REP> d-------- c:\program files\REGSHAVE
2008-11-08 15:14 . 2008-11-11 21:24 <REP> d-------- c:\program files\FinePixViewer
2008-11-08 15:14 . 2003-09-03 16:45 274,432 --a------ c:\windows\system32\FFTIFF16.dll
2008-11-08 15:14 . 2006-07-12 14:39 208,896 --a------ c:\windows\system32\FFRafShellEx.dll
2008-11-08 15:14 . 2004-07-24 21:28 155,648 --a------ c:\windows\system32\FFRAFLIB.DLL
2008-11-08 15:14 . 2001-11-25 12:11 81,924 --------- c:\windows\system32\drivers\VC4CB104.SYS
2008-11-08 15:14 . 2002-02-05 17:33 69,632 --------- c:\windows\system32\FREGSHEX.DLL
2008-11-08 15:14 . 2002-02-27 12:27 65,536 --------- c:\windows\system32\FINFCHECK.dll
2008-11-08 15:14 . 2002-06-25 10:06 45,056 --------- c:\windows\system32\FINFCOPY.dll
2008-11-08 15:14 . 2002-02-13 11:00 45,056 --------- c:\windows\system32\FCLKBTN.DLL
2008-11-08 14:14 . 2008-11-08 14:14 <REP> d-------- c:\program files\Syncrosoft
2008-11-08 14:14 . 2008-11-08 14:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2008-11-08 14:14 . 2004-05-19 23:27 737,280 --a------ c:\windows\system32\SYNSOACC.dll
2008-11-08 14:14 . 2004-05-10 14:58 147,456 --a------ c:\windows\system32\SynsoLChk.dll
2008-11-08 14:14 . 2003-07-31 19:28 147,425 --a------ c:\windows\system32\SYNSOACC-Aide.chm
2008-11-08 14:14 . 2003-05-26 14:29 120,468 --a------ c:\windows\system32\SYNSOACC-Hilfe.chm
2008-11-08 14:14 . 2003-05-26 14:29 114,279 --a------ c:\windows\system32\SYNSOACC-Help.chm
2008-11-08 14:14 . 2002-11-25 07:36 45,056 --a------ c:\windows\system32\Synsopos.exe
2008-11-08 14:14 . 2002-11-25 04:46 16,896 --a------ c:\windows\system32\drivers\SynasUSB.sys
2008-11-08 14:05 . 2008-11-08 14:05 <REP> d-------- c:\documents and settings\mic\Application Data\Propellerhead Software
2008-11-08 14:04 . 2008-11-08 14:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Propellerhead Software
2008-11-07 22:29 . 2008-11-07 22:29 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-11-07 22:29 . 2008-11-07 22:29 0 --a------ c:\windows\ativpsrm.bin
2008-11-07 22:27 . 2008-11-07 22:37 <REP> d-------- c:\program files\ATI
2008-11-07 22:24 . 2008-11-07 22:24 <REP> d-------- C:\ATI
2008-11-07 21:21 . 2008-11-07 21:21 <REP> d-------- c:\program files\Mindscape
2008-11-07 14:21 . 2008-11-07 14:29 <REP> d-------- c:\documents and settings\mic\Application Data\Steinberg
2008-11-07 14:02 . 2008-11-07 14:02 <REP> d-------- c:\program files\Steinberg
2008-11-07 13:59 . 2001-01-23 07:05 159,811 --a------ c:\windows\system32\Wnaspi32.dll
2008-11-07 03:01 . 2008-11-07 03:01 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-06 15:12 . 2008-11-06 15:12 <REP> d-------- c:\program files\Fichiers communs\mapserv
2008-11-06 15:12 . 2008-11-06 15:12 <REP> d-------- c:\program files\Fichiers communs\GIS
2008-11-06 10:51 . 2008-11-06 10:51 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2008-11-05 21:15 . 2004-10-11 18:21 372,736 -ra------ c:\windows\system32\LVUI2RC.dll
2008-11-05 21:15 . 2004-10-11 18:22 211,712 -ra------ c:\windows\system32\drivers\LV561AV.SYS
2008-11-05 21:15 . 2004-10-11 18:18 204,800 -ra------ c:\windows\system32\LVUI2.dll
2008-11-05 21:15 . 2004-10-11 18:16 204,800 -ra------ c:\windows\system32\lvcodec2.dll
2008-11-05 21:15 . 2004-10-11 18:14 106,496 -ra------ c:\windows\system32\lvcoinst.dll
2008-11-05 21:15 . 2008-04-14 03:33 54,784 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-05 21:15 . 2008-04-14 03:33 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-11-05 21:15 . 2004-10-11 18:18 22,016 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
2008-11-05 21:15 . 2004-10-11 17:58 6,812 -ra------ c:\windows\system32\lvcoinst.ini
2008-11-05 21:08 . 2008-11-05 21:08 <REP> d-------- c:\program files\Fichiers communs\Logitech
2008-11-05 21:08 . 2004-12-14 19:16 53,248 -ra------ c:\windows\system32\InstMed.exe
2008-11-05 13:55 . 2008-11-05 13:55 <REP> d-------- c:\program files\Xvid
2008-11-04 18:48 . 2008-11-04 18:48 <REP> d-------- c:\program files\Fichiers communs\Adobe
2008-11-04 18:48 . 2008-11-04 18:48 <REP> d-------- c:\documents and settings\mic\Application Data\AdobeUM
2008-11-04 14:28 . 2008-11-04 14:28 <REP> d-------- c:\program files\SuperCopier2
2008-11-04 14:22 . 2008-11-04 14:22 <REP> d-------- c:\program files\Realtek AC97
2008-11-04 14:22 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl
2008-11-04 14:22 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
2008-11-04 14:22 . 2008-09-24 10:40 4,122,368 -ra------ c:\windows\system32\drivers\alcxwdm.sys
2008-11-04 14:22 . 2007-04-16 15:28 577,536 --a------ c:\windows\soundman.exe
2008-11-04 14:22 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
2008-11-04 14:22 . 2006-07-31 11:27 217,088 --a------ c:\windows\Alcrmv.exe
2008-11-04 14:22 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll
2008-11-04 14:22 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
2008-11-04 14:22 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe
2008-11-03 16:31 . 2008-11-03 16:31 <REP> d-------- c:\program files\Eden Flirt
2008-11-03 12:58 . 2008-11-03 12:57 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-03 12:57 . 2008-11-03 12:57 22,328 --a------ c:\documents and settings\mic\Application Data\PnkBstrK.sys
2008-11-03 12:56 . 2008-11-05 13:14 <REP> d-------- c:\windows\system32\LogFiles
2008-11-03 12:56 . 2008-11-03 12:56 103,736 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-03 12:56 . 2008-11-03 12:56 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-03 12:56 . 2008-11-03 12:56 319 --a------ c:\windows\game.ini
2008-11-03 12:50 . 2008-11-03 12:50 <REP> d--hs---- c:\windows\ftpcache
2008-11-03 10:49 . 2008-11-03 10:49 <REP> d-------- c:\program files\MSBuild
2008-11-03 10:49 . 2008-11-03 10:49 <REP> d-------- c:\program files\Microsoft Works
2008-11-03 10:48 . 2008-11-03 10:48 <REP> d-------- c:\program files\Microsoft.NET
2008-11-03 10:47 . 2008-11-03 10:47 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2008-11-03 10:46 . 2008-11-03 10:49 <REP> d-------- c:\windows\SHELLNEW
2008-11-03 10:46 . 2008-11-03 10:46 <REP> dr-h----- C:\MSOCache
2008-11-03 10:46 . 2008-11-13 07:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-02 22:11 . 2008-11-02 22:11 <REP> d-------- c:\documents and settings\mic\Application Data\Media Player Classic
2008-11-02 21:43 . 2008-11-02 21:43 1,172 --a------ c:\windows\mozver.dat
2008-11-02 20:00 . 2008-03-01 13:58 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-02 20:00 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-02 20:00 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-02 20:00 . 2008-03-01 13:58 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-11-02 20:00 . 2008-03-01 13:58 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-02 20:00 . 2008-03-01 13:58 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-11-02 20:00 . 2008-03-01 13:58 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-11-02 20:00 . 2008-03-01 13:58 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-02 20:00 . 2008-02-22 11:00 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-11-02 19:59 . 2008-11-02 19:59 268 --ah----- C:\sqmdata01.sqm
2008-11-02 19:59 . 2008-11-02 19:59 244 --ah----- C:\sqmnoopt01.sqm
2008-11-02 19:38 . 2008-11-02 19:38 <REP> d-------- c:\program files\Alcohol Soft
2008-11-02 19:32 . 2008-11-02 19:32 685,816 --a------ c:\windows\system32\drivers\sptd.sys
2008-11-02 19:23 . 2008-11-10 19:34 <REP> d-------- c:\program files\eMule
2008-11-02 19:17 . 2008-11-02 19:17 <REP> d-------- c:\program files\K-Lite Codec Pack
2008-11-02 19:13 . 2008-11-02 19:13 <REP> d-------- c:\documents and settings\mic\Application Data\Logitech
2008-11-02 19:13 . 2008-11-02 19:13 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-11-02 19:07 . 2008-11-02 19:07 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-02 19:07 . 2008-11-02 19:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-02 19:07 . 2008-11-02 19:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-11-02 19:06 . 2008-11-02 19:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-11-02 19:06 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2008-11-02 19:06 . 2008-05-02 02:39 170,512 --a------ c:\windows\system32\kemutb.dll
2008-11-02 19:06 . 2008-05-02 02:39 145,936 --a------ c:\windows\system32\KemUtil.dll
2008-11-02 19:06 . 2008-05-02 02:40 117,264 --a------ c:\windows\system32\KemWnd.dll
2008-11-02 19:06 . 2008-05-02 02:40 84,496 --a------ c:\windows\system32\KemXML.dll
2008-11-02 19:05 . 2008-11-05 21:07 <REP> d-------- c:\program files\Logitech
2008-11-02 19:05 . 2008-11-02 19:06 <REP> d-------- c:\program files\Fichiers communs\Logishrd
2008-11-02 19:05 . 2008-11-02 19:05 <REP> d-------- c:\documents and settings\mic\Application Data\InstallShield
2008-11-02 18:59 . 2008-11-04 14:17 <REP> d-------- c:\program files\ma-config.com
2008-11-02 18:59 . 2008-11-04 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-02 18:53 . 2008-11-02 18:53 268 --ah----- C:\sqmdata00.sqm
2008-11-02 18:53 . 2008-11-02 18:53 244 --ah----- C:\sqmnoopt00.sqm
2008-11-02 18:02 . 2008-11-02 18:26 <REP> d-------- c:\documents and settings\mic\Contacts
2008-11-02 18:02 . 2008-11-02 18:02 <REP> d-------- c:\documents and settings\mic\Application Data\Iminent
2008-11-02 18:00 . 2008-11-02 18:01 <REP> d-------- c:\program files\Iminent
2008-11-02 17:56 . 2008-11-02 17:57 <REP> d--h----- c:\documents and settings\All Users\Application Data\{D007B483-C907-4C86-A4E2-E9A50F17891F}
2008-11-02 17:53 . 2008-11-02 17:53 <REP> d----c--- c:\windows\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 14:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 21:29 --------- d-----w c:\documents and settings\mic\Application Data\ATI
2008-11-07 21:27 --------- d-----w c:\program files\ATI Technologies
2008-11-02 10:50 --------- d-----w c:\program files\Alice_Triway_WiFi
2008-11-02 10:41 --------- d-----w c:\program files\Fichiers communs\ATI Technologies
2008-11-02 10:35 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-02 10:28 --------- d-----w c:\program files\AMD
2008-11-02 10:24 --------- d-----w c:\program files\NVIDIA Corporation
2008-11-02 09:54 --------- d-----w c:\program files\microsoft frontpage
2008-11-02 09:53 --------- d-----w c:\program files\Services en ligne
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-24 03:09 3,331,072 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-09-24 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IMBooster"="c:\program files\Iminent\imbooster.exe" [2008-08-19 536576]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-02-24 266240]
"EdenFlirt"="c:\program files\Eden Flirt\EdenFlirt.exe" [2008-07-03 499712]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-11-08 303104]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-02 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mindscape\\Mission Président - Geo-Political Simulator\\EReg.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10101:TCP"= 10101:TCP:10101
"10111:UDP"= 10111:UDP:10111

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\DRIVERS\nvcchflt.sys [2005-02-10 16640]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d21a4415-a8c9-11dd-9f47-806d6172696f}]
\Shell\AutoRun\command - J:\Autorun.exe root.ini
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\mic\Application Data\Mozilla\Firefox\Profiles\xyagux6d.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://tempsreel.nouvelobs.com/index.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 12:46:51
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Heure de fin: 2008-11-13 12:51:21 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-13 11:51:18

Avant-CF: 4 880 248 832 octets libres
Après-CF: 4,705,583,104 octets libres

383 --- E O F --- 2008-11-13 06:23:34
0
Réponse 9 / 18
chtimic
 
bonsoir,
1/ est ce qu'il reste une manip à faire ? j'ai l'impression que la clé usb (une corsair flash voyager)est nettoyé car quand elle etait infectée elle clignotait tout le temps, et là elle ne le fait plus.

2/ quand est il du pc branché en reseau? faut il le scanner aussi?

3/ avez vous egalement un antivirus a conseillé? on m'a dit que nod32 etait particulierement efficace pour detecter les virus inconnus?

merci d'avance et merci pour votre aide!..
0
Réponse 10 / 18
Utilisateur anonyme
 
Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
chtimic
 
bonsoir, voici le rapport malwarebytes:

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1395
Windows 5.1.2600 Service Pack 3

13/11/2008 21:07:23
mbam-log-2008-11-13 (21-07-23).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Eléments examinés: 154121
Temps écoulé: 1 hour(s), 5 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
H:\System Volume Information\_restore{F2E5B2CC-8451-462A-8C0B-CA6BBA9AF224}\RP32\A0013255.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{F2E5B2CC-8451-462A-8C0B-CA6BBA9AF224}\RP32\A0013259.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 11 / 18
chtimic
 
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1395
Windows 5.1.2600 Service Pack 3

13/11/2008 21:07:23
mbam-log-2008-11-13 (21-07-23).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Eléments examinés: 154121
Temps écoulé: 1 hour(s), 5 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
H:\System Volume Information\_restore{F2E5B2CC-8451-462A-8C0B-CA6BBA9AF224}\RP32\A0013255.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
H:\System Volume Information\_restore{F2E5B2CC-8451-462A-8C0B-CA6BBA9AF224}\RP32\A0013259.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 12 / 18
Utilisateur anonyme
 
Télécharge HijackThis (outils de dignostic) ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
0
Réponse 13 / 18
chtimic
 
bonsoir,

voilà le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:10, on 14/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Eden Flirt\EdenFlirt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iminent\imbooster.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EdenFlirt] C:\Program Files\Eden Flirt\EdenFlirt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IMBooster] C:\Program Files\Iminent\imbooster.exe /warmup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 14 / 18
Utilisateur anonyme
 
Désactive et réactive ta restauration system :

(1) Désactiver la Restauration du système

cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Coches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.

(2) Activer la Restauration du système

cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétsuite :

Cliques sur l'onglet Restauration du système
Décoches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.

Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

ensuite :

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0
Réponse 15 / 18
chtimic
 
bonjour,

voici le [ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\mic\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\mic\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\mic\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\mic\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\mic\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\mic\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

merci
0
Réponse 16 / 18
Utilisateur anonyme
 
si tu n as pas d autres soucis change le statut du sujet en resolu stp

http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu
0
Réponse 17 / 18
chtimic
 
bonjour,

apparemment je ne peux pas modifié le statut du post, je dois etre membre non inscrit.
Merci en tout cas de votre aide, tout à l'air de fonctionner.
Je ne pense pas que mon 2è PC soit infecté, aurait il pi l'etre via un reseau local internet?

Bonne journée
0
Réponse 18 / 18
Utilisateur anonyme
 
non mais via les usbb c possible

@+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses