Infection virus nideiect

chtimic -  
 Utilisateur anonyme -
Bonjour,

je suis egalement infecté par ce virus nideiect.
j'ai lu les precedent messages de forum mais j'ai l'impression que la resolution du probleme differe suivant le type d'ordinateur.
j'ai une cle usb et une carte sd infectées. (et peut etre un dvd rw?)
j'ai donc contaminer egalement un ordi portable mais en reformatant et reinstallant vista, tout refonctionne normalement (apparemment!)
mon probleme est pour mon ordi fixe; il est sous xp; j'ai 3 dd internes et sur le principal j'ai 2 partitions (une pour xp et une autre pour du stockage) ; si le virus est dans toutes les partitions et tous les dd, j'imagine que ça sert à rien de reinstaller xp?
Merci d'avance de m'indiquer la meilleure demarche à suivre...
Configuration: Windows XP
Firefox 2.0.0.17

18 réponses

  1. Jadema Messages postés 31 Statut Membre 2
     
    telecharge un CCleaner puis anti Spyward puis met à jour ton anti virus
    0
    1. chtimic
       
      merci de votre reponse, je pense qu'il faut que je fasse ça pour mon portable? ayant une 2è reponse de votre collegue pour mon fixe dont je m'occuperais ce soir. (j'avais d'ailleurs chargé et installé ccleaner mais impossible de le lancer)
      autre doute: mon portable reçoit internet via un telephone portable qui me sert de modem, est ce que le telephone peut etre infecté et relancer le virus? (c'est un nokia 5610)
      merci d'avance
      0
  2. Utilisateur anonyme
     
    Salut,

    sur le pc xp

    branche toutes tes sources de données puis :

    Telecharge FindyKill sur ton bureau :

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    --> Lance l installation avec les parametres par default

    --> Double clic sur le raccourci FindyKill sur ton bureau

    --> Au menu principal,choisi l option 1 (Recherche)

    --> Post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

    0
  3. chtimic
     
    bonsoir,

    voici le rapport de FindyKill ;
    une autre precision : j'ai un 2è ordi fix sous xp qui est relié au premier infecté via mon routeur internet; est ce qu'il peut etre infecté a travers ce reseau local?

    ----------------- FindyKill V4.600 ------------------

    * User : mic - TIMIC-70237D87B
    * Emplacement : C:\Program Files\FindyKill
    * Outils Mis a jours le 12/11/08 par Chiquitine29
    * Recherche effectuée à 19:48:01 le 12/11/2008
    * Windows XP - Internet Explorer 7.0.5730.13

    ((((((((((((((((( *** Recherche *** ))))))))))))))))))

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    C:\Program Files\Eden Flirt\EdenFlirt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Iminent\imbooster.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe

    --------------- [ Fichiers/Dossiers infectieux ] ----------------

    »»»» Presence des fichiers dans C:

    »»»» Presence des fichiers dans C:\WINDOWS

    »»»» Presence des fichiers dans C:\WINDOWS\Prefetch

    Found ! - C:\WINDOWS\prefetch\137031.EXE-1383BE5D.pf
    Found ! - C:\WINDOWS\prefetch\139250.EXE-2E597952.pf
    Found ! - C:\WINDOWS\prefetch\144218.EXE-0E166A31.pf
    Found ! - C:\WINDOWS\prefetch\144734.EXE-38F5E03D.pf
    Found ! - C:\WINDOWS\prefetch\153296.EXE-133D589F.pf
    Found ! - C:\WINDOWS\prefetch\153437.EXE-27C84535.pf
    Found ! - C:\WINDOWS\prefetch\153750.EXE-219CA0CB.pf
    Found ! - C:\WINDOWS\prefetch\158343.EXE-030119A5.pf
    Found ! - C:\WINDOWS\prefetch\162765.EXE-214B86E8.pf
    Found ! - C:\WINDOWS\prefetch\164187.EXE-0096E341.pf
    Found ! - C:\WINDOWS\prefetch\164593.EXE-02FC94C9.pf
    Found ! - C:\WINDOWS\prefetch\177203.EXE-1A2F60CA.pf
    Found ! - C:\WINDOWS\prefetch\177218.EXE-3A7C5DBF.pf
    Found ! - C:\WINDOWS\prefetch\177546.EXE-2036F545.pf
    Found ! - C:\WINDOWS\prefetch\71250.EXE-0048998E.pf
    Found ! - C:\WINDOWS\prefetch\75125.EXE-1D9E3321.pf
    Found ! - C:\WINDOWS\prefetch\84421.EXE-08F88EE9.pf
    Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-2BF49C2D.pf
    Found ! - C:\WINDOWS\prefetch\MDELK.EXE-3B00332D.pf
    Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2B1270B6.pf

    »»»» Presence des fichiers dans C:\WINDOWS\system32

    Found ! [12/11/2008 19:33] - C:\WINDOWS\system32\mdelk.exe
    Found ! [12/11/2008 19:33] - C:\WINDOWS\system32\wintems.exe
    Found ! [12/11/2008 19:34] - C:\WINDOWS\system32\ban_list.txt

    »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

    Found ! [12/11/2008 19:32] - C:\WINDOWS\system32\drivers\srosa.sys
    Found ! [01/11/2008 09:28] - C:\WINDOWS\system32\drivers\winfilse.exe
    Found ! [12/11/2008 19:39] - "C:\WINDOWS\system32\drivers\downld"
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\100468.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\101687.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\106625.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\108450062.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\108488812.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\108496953.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\111328.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\112265.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\122562.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\137031.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\139250.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\144218.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\144734.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\153296.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\153437.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\153750.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\158343.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1597781.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\162765.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\164187.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\164593.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1707312.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\172718.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\174171.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1748578.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\176703.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\177203.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\177218.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\177546.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\180750.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\181234.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1826625.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1829906.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\183312.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1895921.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1912171.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\191921.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\192562.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\193875.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\195296.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1957062.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1969234.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\198328.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\1987328.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\200562.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\201906.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\205671.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\205859.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\206828.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\207984.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\219343.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\220671.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\227546.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\233062.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\235515.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\245531.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\248015.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\261187.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\278453.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\307531.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\310828.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\321750.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\326000.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\330015.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\330625.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\334796.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\334890.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\359062.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\363015.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\372921.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\376468.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\397421.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\401578.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\411015.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\420921.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\422109.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\439281.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\454109.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\463375.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\463875.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\471703.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\475046.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\475484.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\478828.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\484765.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\489609.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\492437.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\496640.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\499562.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\499750.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\503296.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\504156.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\511281.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\513859.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\522921.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\529468.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\537765.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\540593.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\564093.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\570984.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\577359.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\598390.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\68546.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\70812.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\71250.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\75125.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\84421.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\86765.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\88281.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\89171.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\90468.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\91156.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\92781.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\93312.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\93406.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\93890.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\95046.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\97625.exe
    Found ! [12/11/2008 19:39] C:\WINDOWS\system32\drivers\downld\98140.exe

    »»»» Presence des fichiers dans C:\Documents and Settings\mic\Application Data

    Found ! [12/11/2008 12:36] - "C:\Documents and Settings\mic\Application Data\m\flec006.exe"
    Found ! [12/11/2008 12:36] - "C:\Documents and Settings\mic\Application Data\m\list.oct"
    Found ! [12/11/2008 12:36] - "C:\Documents and Settings\mic\Application Data\m\data.oct"
    Found ! [12/11/2008 12:37] - "C:\Documents and Settings\mic\Application Data\m\srvlist.oct"
    Found ! [12/11/2008 19:34] - "C:\Documents and Settings\mic\Application Data\m\shared"
    Found ! [09/11/2008 22:04] - "C:\Documents and Settings\mic\Application Data\m"

    »»»» Presence des fichiers dans C:\DOCUME~1\mic\LOCALS~1\Temp

    »»»» Presence des fichiers dans C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5

    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64[2].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[2].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[3].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\mxd[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[2].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[3].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[4].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_1[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_3[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_3[2].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[2].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[3].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[4].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[5].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[2].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[3].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[4].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\b64[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\b64_1[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\mxd[1].jpg
    Found ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\mxd[2].jpg

    --------------- [ Registre / Startup ] ----------------

    ! REG.EXE VERSION 3.0

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    nTrayFw REG_SZ C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    Kernel and Hardware Abstraction Layer REG_SZ KHALMNPR.EXE
    EdenFlirt REG_SZ C:\Program Files\Eden Flirt\EdenFlirt.exe
    SoundMan REG_SZ SOUNDMAN.EXE
    LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
    LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
    LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
    StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    REGSHAVE REG_SZ C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

    ! REG.EXE VERSION 3.0

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
    IMBooster REG_SZ C:\Program Files\Iminent\imbooster.exe /warmup
    AlcoholAutomount REG_SZ "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    SuperCopier2.exe REG_SZ C:\Program Files\SuperCopier2\SuperCopier2.exe

    --------------- [ Registre / Clés infectieuses ] ----------------

    Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\Local AppWizard-Generated Applications\nideiect
    Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\Local AppWizard-Generated Applications\winfilse
    Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\bisoft
    Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\DateTime4
    Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\FFC
    Found ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\MuleAppData
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\nideiect
    Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! - HKEY_CURRENT_USER\Software\bisoft
    Found ! - HKEY_CURRENT_USER\Software\DateTime4

    --------------- [ Etat / Services ] ----------------

    Clé manquante : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

    - des fichiers cachés non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

    - sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

    - sans echec non fonctionnel !!

    Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

    - sans echec non fonctionnel !!

    +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    /!\ Ndisuio - Type de démarrage = 4

    EapHost - Type de démarrage = 3

    /!\ Ip6Fw - Type de démarrage = 4

    /!\ SharedAccess - Type de démarrage = 4

    /!\ wuauserv - Type de démarrage = 4

    /!\ wscsvc - Type de démarrage = 4

    --------------- [ Recherche dans supports amovibles] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    E: - Lecteur fixe

    F: - Lecteur de CD-ROM

    G: - Lecteur fixe

    H: - Lecteur fixe

    I: - Lecteur amovible

    N: - Lecteur amovible

    +- Contenu de l'autorun : F:\autorun.inf

    [autorun]
    open=autorun6e.exe
    icon=autorun6e.exe

    +- Contenu de l'autorun : I:\autorun.inf

    [AutoRun]
    open=nideiect.com
    ;shell\open=Open(&O)
    shell\open\Command=nideiect.com
    shell\open\Default=1
    ;shell\explore=Manager(&X)
    shell\explore\Command=nideiect.com

    +- Contenu de l'autorun : N:\autorun.inf

    [AutoRun]
    open=nideiect.com
    ;shell\open=Open(&O)
    shell\open\Command=nideiect.com
    shell\open\Default=1
    ;shell\explore=Manager(&X)
    shell\explore\Command=nideiect.com

    +- presence des fichiers :

    Found ! [21/07/2006 18:29][-r-------] - F:\autorun.inf
    Found ! [11/11/2008 21:26][---h-----] - I:\autorun.inf
    Found ! [01/11/2008 09:28][---h-----] - I:\nideiect.com
    Found ! [11/11/2008 21:27][---h-----] - N:\autorun.inf
    Found ! [01/11/2008 09:28][---h-----] - N:\nideiect.com

    --------------- [ Registre / Mountpoint2 ] ----------------

    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\AutoRun\command
    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\explore\Command
    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\open\Command
    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\AutoRun\command
    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\explore\Command
    Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\open\Command

    ------------------- ! Fin du rapport ! --------------------
    0
  4. Utilisateur anonyme
     
    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    --> Double clic sur le raccourci FindyKill sur ton bureau

    --> Au menu principal,choisi l option 2 (Suppression)

    /!\ le pc va redémarrer , laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

    /!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

    -------> ensuite post le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
    Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. chtimic
     
    voici le 2è rapport:

    PS: quant est il du 2è PC relié via un reseau local?

    ----------------- FindyKill V4.600 ------------------

    * User : mic - TIMIC-70237D87B
    * Emplacement : C:\Program Files\FindyKill
    * Outils Mis a jours le 12/11/08 par Chiquitine29
    * Suppression effectuée à 20:32:54 le 12/11/2008
    * Windows XP - Internet Explorer 7.0.5730.13

    ((((((((((((((( *** Suppression *** ))))))))))))))))))

    --------------- [ Processus actifs ] ----------------

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apa­che Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin­\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin­\nTrayFw.exe
    C:\Program Files\Eden Flirt\EdenFlirt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin­\nSvcLog.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM­.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Iminent\imbooster.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe­
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin­\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apa­che Group\Apache2\bin\apache.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc­.exe
    C:\WINDOWS\system32\wbem\wmiprvse.ex­e

    --------------- [ Fichiers / Dossiers infectieux ] ----------------

    »»»» Supression des fichiers dans C:

    »»»» Supression des fichiers dans C:\WINDOWS

    »»»» Supression des fichiers dans C:\WINDOWS\Prefetch

    Deleted ! - C:\WINDOWS\prefetch\137031.EXE-1383B­E5D.pf
    Deleted ! - C:\WINDOWS\prefetch\139250.EXE-2E597­952.pf
    Deleted ! - C:\WINDOWS\prefetch\144218.EXE-0E166­A31.pf
    Deleted ! - C:\WINDOWS\prefetch\144734.EXE-38F5E­03D.pf
    Deleted ! - C:\WINDOWS\prefetch\153296.EXE-133D5­89F.pf
    Deleted ! - C:\WINDOWS\prefetch\153437.EXE-27C84­535.pf
    Deleted ! - C:\WINDOWS\prefetch\153750.EXE-219CA­0CB.pf
    Deleted ! - C:\WINDOWS\prefetch\158343.EXE-03011­9A5.pf
    Deleted ! - C:\WINDOWS\prefetch\162765.EXE-214B8­6E8.pf
    Deleted ! - C:\WINDOWS\prefetch\164187.EXE-0096E­341.pf
    Deleted ! - C:\WINDOWS\prefetch\164593.EXE-02FC9­4C9.pf
    Deleted ! - C:\WINDOWS\prefetch\177203.EXE-1A2F6­0CA.pf
    Deleted ! - C:\WINDOWS\prefetch\177218.EXE-3A7C5­DBF.pf
    Deleted ! - C:\WINDOWS\prefetch\177546.EXE-2036F­545.pf
    Deleted ! - C:\WINDOWS\prefetch\71250.EXE-004899­8E.pf
    Deleted ! - C:\WINDOWS\prefetch\75125.EXE-1D9E33­21.pf
    Deleted ! - C:\WINDOWS\prefetch\84421.EXE-08F88E­E9.pf
    Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-2BF4­9C2D.pf
    Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-3B0033­2D.pf
    Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2B12­70B6.pf

    »»»» Supression des fichiers dans C:\WINDOWS\system32

    Not deleted !! - C:\WINDOWS\system32\mdelk.exe
    Not deleted !! - C:\WINDOWS\system32\wintems.exe
    Deleted ! - C:\WINDOWS\system32\ban_list.txt

    »»»» Supression des fichiers dans C:\WINDOWS\system32\drivers

    Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sy­s
    Deleted ! - C:\WINDOWS\system32\drivers\srosa2.s­ys
    Not deleted !! - C:\WINDOWS\system32\drivers\winfilse­.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­00468.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­01687.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­06625.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­08450062.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­08488812.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­08496953.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­11328.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­12265.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­22562.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­37031.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­39250.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­44218.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­44734.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­53296.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­53437.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­53750.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­58343.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­597781.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­62765.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­64187.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­64593.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­707312.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­72718.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­74171.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­748578.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­76703.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­77203.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­77218.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­77546.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­80750.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­81234.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­826625.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­829906.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­83312.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­895921.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­912171.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­91921.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­92562.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­93875.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­95296.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­957062.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­969234.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­98328.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\1­987328.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­00562.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­01906.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­05671.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­05859.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­06828.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­07984.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­19343.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­20671.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­27546.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­33062.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­35515.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­45531.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­48015.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­61187.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\2­78453.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­07531.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­10828.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­21750.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­26000.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­30015.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­30625.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­34796.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­34890.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­59062.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­63015.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­72921.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­76468.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\3­97421.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­01578.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­11015.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­20921.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­22109.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­39281.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­54109.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­63375.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­63875.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­71703.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­75046.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­75484.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­78828.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­84765.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­89609.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­92437.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­96640.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­99562.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\4­99750.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­03296.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­04156.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­11281.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­13859.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­22921.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­29468.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­37765.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­40593.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­64093.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­70984.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­77359.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\5­98390.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\6­8546.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\7­0812.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\7­1250.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\7­5125.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\8­4421.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\8­6765.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\8­8281.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\8­9171.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\9­0468.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\9­1156.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\9­2781.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\9­3312.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\9­3406.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\9­3890.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\9­5046.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\9­7625.exe
    Deleted ! - C:\WINDOWS\system32\drivers\downld\9­8140.exe
    Deleted ! - "C:\WINDOWS\system32\drivers\downld"

    »»»» Supression des fichiers dans C:\Documents and Settings\mic\Application Data

    Not deleted !! - "C:\Documents and Settings\mic\Application Data\m\flec006.exe"
    Deleted ! - "C:\Documents and Settings\mic\Application Data\m\list.oct"
    Deleted ! - "C:\Documents and Settings\mic\Application Data\m\data.oct"
    Deleted ! - "C:\Documents and Settings\mic\Application Data\m\srvlist.oct"
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\1st_Windows_System_&_Internet_Washer_Pro_3.33_Serial.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\1toX_2.65.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\3D Good Ole Summer Time 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\3DScreen_Builder_Screensaver_Maker_1.51.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\3D_Space_Gladiators_1.2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\A+_Web_Show_Maker_2.0.0_[KeyGen].zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Acker_DVD_to_iPod_Converter_2.0.26.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Advanced_VBA_Password_Recovery_1.61.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\air de rouen 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Arles Image Web Page Creator 7.4.2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\AsiaCurrency 1.6.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Asifta 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Asset_Farm_2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Asterisk_Logger_1.02.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Astrology_for_Lovers_2.21_[Crack].zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Audio recording Studio 3.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Audio_CD_Ripper_1.32_[Key].zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Avatar Boy 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\AVG.Free.v7.5.428.[www.epsylone.fr].zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\AviScript_2.9.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Begonias on show Screensaver 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\BeyondResponse_3.2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Bill Richardson 7.10.08.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\BitDefender.Internet.Security.v10.FR.Incl-Keygen.updated-fixed.11-2006.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Blast_Chamber_demo.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Blitz Caller ID Display 3.6.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Caelum8 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\CDBF for Windows 2.99.03.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\CD_WAVE_Ripper_1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Chinup - Chinese Popup Translator 0.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ClickAndTimeSaver_1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Clip_Downloader_3.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\CQ_Web_1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Data Doctor Recovery - SIM Card 3.0.1.5.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\DaySmart 6.0.4.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Digital Image Viewer 1.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Disk_Space_Detective_2.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EaseDictionary 2.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EDictionary_1.0_With_Crack.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Eisoo_AnyBackup_2007_Standard_Edition_2.1_build_8627.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EM_Menu_1.2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EnhancaCursor 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\EN_ScrapBook_2.20.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Examiner_1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Fantasysavers Privacy Toolbar 5.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\File_Properties_Changer_1.05.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Firefly Living Desktop 1.3.0 [Patch].zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Folder_Fuse_1.0.0.85_(Crack).zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Four_Calorie_Web_Server_'Journaling'_Edition_1.1.5.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\GeoLocation 1.2.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Greylist for Exchange 1.3.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Happy_Snowman_Screensaver_4.10.0510_(Crack).zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Hearts_of_Iron_1.05_patch_(Asian).zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\HLP_To_RTF_Lite_5.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ImTOO_DivX_to_DVD_Converter_3.0.30.0803.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Income_Calculator_1.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\InfoStore_1.5.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Intelli Balancer 1.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\JADS 3.0 [Crack].zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\JavaScript_Spiral_PopMenu_1.0_(Patch).zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\JoyceCD_3.9_Key+Serial.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Kaspersky.Anti.Virus.Personal.v5.0.527.German.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\KeyCounter 2.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Keylogger_Hunter_2.14_[Key].zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Knight Time 1.04.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\LightWayText 4.1.6.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\LiquidGuardian 1.0.5.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Lode Runner 1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\LogRover_2.3.3.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\MagicCamera 3.1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Marvin's Thoughts 01.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\MedBaseEHR_10.1a.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\medi_1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Mini_Digital_Signal_Scope_1.11.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Morovia MSI Plessey Barcode Fontware 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Morpheus_Photo_Compressor_2.00_(With_Crack).zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\MSN Messenger 6.2.0208.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\NoIndent 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Panda.Titanium.2006.Antivirus.Antispyware.Keygen.Serials.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\PhantomMailer 2.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\PhotoS_2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Plasmaplugs_Progress_Bar_1.0_Serial.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\POP-3 2.01.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\PowerCrypt_2000_4.4_revision_233.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ProxyToy 1.5.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Quality_Window_5.0.667.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Quran-Radio 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\radio2XS WMP Tuner 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Recovery_for_BizTalk_1.0.0722_Serial.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Repair_Registry_Pro_1.2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ReportBuilder_Standard_10.04_[Serial].zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\SchemaToDoc_Entreprise_Edition_1.5_Serial.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ScreenShotHost Saver 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ScreenViewer_1.8.3.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Serial_Monitor_4.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Server2Go_1.4.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\ShareMusic_1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Shortcut_Wizard_1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Sidereal_Time_1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\SmartClock 1.2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Smart_Photo_Import_1.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Solid To Mesh for AutoCAD 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\SOS_Online_Backup_3.0.0.0_Patch.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\SQL_VB_Code_Generator_1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\StudioEase 5.3.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Sync_'Em!_2.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Taco_Bell_Dog_1.2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Tagkeys 2.2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\TAMS_1.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\TechSkills_TestPrep_for_70-210_1.035.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\The Popup Stopper Wizard 2.1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\The Sims - Khan skin.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\TourGroup Manager 3.00.10.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Turbo-Edit_97_1.40.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Ultimate_Stopwatch_1.0_Crack.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Unofficial_AlltheWeb_Toolbar_1.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\UPGRAYED 1.3.0.36329.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\US Constitution and Related Documents 1.2.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Utiliphoto Easy 2.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\VersaTimer 1.01.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Vistascript_Developer_1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Visual Organizer 1.0.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Visual Ping 0.8.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Visustin_4.03.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\WarBreeds_demo.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Webcam Publisher 2.0 Beta 0014.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\WinNotes_2005_1.2_(Key).zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\WWW Photo Album 1.16.zip
    Deleted ! - C:\Documents and Settings\mic\Application Data\m\shared\Zip_Search_1.00.zip
    Deleted ! - "C:\Documents and Settings\mic\Application Data\m\shared"
    Not deleted !! - "C:\Documents and Settings\mic\Application Data\m"

    »»»» Supression des fichiers dans C:\DOCUME~1\mic\LOCALS~1\Temp

    »»»» Supression des fichiers dans C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5

    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64[2].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\b64_3[3].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\5CGGT8SU\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[2].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[3].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64[4].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\J43K6R3Q\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[2].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[3].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[4].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\b64_3[5].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[2].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[3].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\PX950434\mxd[4].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\b64[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\b64_1[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\mxd[1].jpg
    Deleted ! - C:\Documents and Settings\mic\Local Settings\Temporary Internet Files\Content.IE5\UA53TIBZ\mxd[2].jpg

    --------------- [ Registre / Clés infectieuses ] ----------------

    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Deleted ! - HKEY_CURRENT_USER\Software\bisoft
    Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
    Deleted ! - HKEY_CURRENT_USER\Software\FFC
    Deleted ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\Local AppWizard-Generated Applications\nideiect
    Deleted ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\Local AppWizard-Generated Applications\winfilse
    Deleted ! - HKEY_USERS\S-1-5-21-796845957-1644491937-682003330-1003\Software\MuleAppData

    --------------- [ Etat / Redémarage des services ] ----------------

    +- Mode sans echec restauré !

    +- Affichage des fichiers cachés réparé !

    +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    Ndisuio - Type de démarrage = 3

    EapHost - Type de démarrage = 2

    Ip6Fw - Type de démarrage = 2

    SharedAccess - Type de démarrage = 2

    wuauserv - Type de démarrage = 2

    wscsvc - Type de démarrage = 2

    --------------- [ Nettoyage des supports amovibles ] ----------------

    +- Informations :

    C: - Lecteur fixe

    D: - Lecteur fixe

    E: - Lecteur fixe

    F: - Lecteur de CD-ROM

    G: - Lecteur fixe

    H: - Lecteur fixe

    I: - Lecteur amovible

    N: - Lecteur amovible

    +- Suppression des fichiers :

    Not deleted !! - F:\autorun.inf
    Deleted ! - I:\autorun.inf
    Deleted ! - I:\nideiect.com
    Deleted ! - N:\autorun.inf
    Deleted ! - N:\nideiect.com

    --------------- [ Registre / Moutpoint2 ] ----------------

    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\AutoRun\command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\explore\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b275e3-ada1-11dd-ae6d-00508d7ef477}\Shell\open\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\AutoRun\command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\explore\Command
    Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{783b5f42-a8ca-11dd-a893-806d6172696f}\Shell\open\Command

    --------------- [ Recherche Cracks / Keygen ] ----------------

    C:\Documents and Settings\mic\Recent\Crack & Serial.lnk
    C:\Documents and Settings\mic\Recent\Jeux PC Titan Quest [Jeu complet avec patches crack et serial][Version Francaise].lnk
    C:\Documents and Settings\mic\Recent\serial.keygen.crack.generator.Mission Pr‚sident - Geo Political Simulator.lnk

    ---------------- ! Fin du rapport ! ------------------
    0
  7. chtimic
     
    bonjour,

    ce matin en redemarrant le pc; le parefeu windows bloquait le programme "flec006" que j'ai debloquer (ai-je bien fait?)
    i y avait egalement cette fenetre ouverte "NTSB investigation flight recorder (black box) analyzer" que j'ai fermée.

    merci
    0
  8. Utilisateur anonyme
     
    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau

    -> Double clique sur killbagle.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    Une fois fait, sur ton bureau double-clic sur killbagle.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
    0
  9. chtimic
     
    bonjour,
    voici le rapport de combofix

    ComboFix 08-11-11.01 - mic 2008-11-13 12:43:43.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1621 [GMT 1:00]
    Lancé depuis: c:\documents and settings\mic\Bureau\killbagle.exe
    * Un nouveau point de restauration a été créé

    [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\mic\Application Data\m
    c:\documents and settings\mic\Application Data\m\data.oct
    c:\documents and settings\mic\Application Data\m\list.oct
    c:\documents and settings\mic\Application Data\m\shared\#1_Sound_Recorder_4.1_Cracked.zip
    c:\documents and settings\mic\Application Data\m\shared\1-ACT Spyware Remover 2006 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\1st Simple HTML Editor 2.1.6.zip
    c:\documents and settings\mic\Application Data\m\shared\3D Earth Space Tour 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\3D Happy Birthday Girl 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\96.1 KISS HD2 Radio 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\A1 SpeechTRON 1.zip
    c:\documents and settings\mic\Application Data\m\shared\ABF_Magnifying_Tools_1.2_[Serial].zip
    c:\documents and settings\mic\Application Data\m\shared\Able Image Browser 1.7.1.6.zip
    c:\documents and settings\mic\Application Data\m\shared\AccSmart_-_Battery_Monitoring_Utility_1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Active LogView 2.09.1.8.zip
    c:\documents and settings\mic\Application Data\m\shared\Active Sound Studio Professional 2.1.zip
    c:\documents and settings\mic\Application Data\m\shared\AdventNet_SNMP_API_-_Free_Edition_4.zip
    c:\documents and settings\mic\Application Data\m\shared\AFSearch offline html search engine 9.55.zip
    c:\documents and settings\mic\Application Data\m\shared\Amazing Waterfall 5.07.zip
    c:\documents and settings\mic\Application Data\m\shared\Amiga_Explorer_2007.0.2_Key+Serial.zip
    c:\documents and settings\mic\Application Data\m\shared\Arjan Mels' Font Viewer 1.14.1.564.zip
    c:\documents and settings\mic\Application Data\m\shared\Aspose.Total for Reporting Services 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\AssetPak_1.7.19.zip
    c:\documents and settings\mic\Application Data\m\shared\AutoTrace 0.31.1.zip
    c:\documents and settings\mic\Application Data\m\shared\Back2Life_for_TC_2.3.zip
    c:\documents and settings\mic\Application Data\m\shared\BangaBangarasoft_Family_1.zip
    c:\documents and settings\mic\Application Data\m\shared\Batch_TIFF_Resizer_1.57_(Cracked).zip
    c:\documents and settings\mic\Application Data\m\shared\BeCyIconGrabber 2.30.zip
    c:\documents and settings\mic\Application Data\m\shared\BlackJack_Calculator_1.1_Serial.zip
    c:\documents and settings\mic\Application Data\m\shared\Block-IT!_1.1_(Patch).zip
    c:\documents and settings\mic\Application Data\m\shared\Bound_1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\CellPos_1.30_Serial.zip
    c:\documents and settings\mic\Application Data\m\shared\Championship_Chess_Pro_6.62.zip
    c:\documents and settings\mic\Application Data\m\shared\Childishness Diary 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Chinese_Radicals_1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\CHM EBook Editor 1.06.zip
    c:\documents and settings\mic\Application Data\m\shared\Cleantouch_Multi-Level_Yarn_Trading_1.0_Key.zip
    c:\documents and settings\mic\Application Data\m\shared\D'Notes_0.5.1_Build_103.zip
    c:\documents and settings\mic\Application Data\m\shared\DataMite 1.21.zip
    c:\documents and settings\mic\Application Data\m\shared\Deep Space 3D Screensaver 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\DesignWorks Lite 4.6.zip
    c:\documents and settings\mic\Application Data\m\shared\Desktop Magnifier 1.7.2.zip
    c:\documents and settings\mic\Application Data\m\shared\Distance Marker 2005.zip
    c:\documents and settings\mic\Application Data\m\shared\dsDictionary 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Easy_DVD_Extractor_3.7.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Easy_Java_1.2.zip
    c:\documents and settings\mic\Application Data\m\shared\EasyEx html mail 2.03.zip
    c:\documents and settings\mic\Application Data\m\shared\Easykeys 1.36 Cracked.zip
    c:\documents and settings\mic\Application Data\m\shared\Ergo_Romanian_1.5.zip
    c:\documents and settings\mic\Application Data\m\shared\Excel Search and Replace 2.0.zip
    c:\documents and settings\mic\Application Data\m\shared\FAR Manager Password Recovery 1.0.145.2006.zip
    c:\documents and settings\mic\Application Data\m\shared\Fincalc 6.0.zip
    c:\documents and settings\mic\Application Data\m\shared\FinePrint 5.85.zip
    c:\documents and settings\mic\Application Data\m\shared\FlexCell_Grid_Control_for_.NET_2.0_2.4.0_[Crack].zip
    c:\documents and settings\mic\Application Data\m\shared\Free Vista Icons 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\GaussSum 2.1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\GDS Images and Document Maps 2.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Haihaisoft Universal Player 1.0.5.5.zip
    c:\documents and settings\mic\Application Data\m\shared\HoliDates_UK_2.71.zip
    c:\documents and settings\mic\Application Data\m\shared\Hotels 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\HTMLHelp_ePublisher_1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\HTMLtoRTF Converter Pro 2.07.03.zip
    c:\documents and settings\mic\Application Data\m\shared\Huge_Clock_2.3.zip
    c:\documents and settings\mic\Application Data\m\shared\IM2001_1.3.zip
    c:\documents and settings\mic\Application Data\m\shared\IT_Outsourcing_Toolkit_3.1_[Patch].zip
    c:\documents and settings\mic\Application Data\m\shared\Jmol 11.1.26.zip
    c:\documents and settings\mic\Application Data\m\shared\Kaspersky.Anti-Virus.V.6.0.0.300.Final.Keyfile.Kaspersky.zip
    c:\documents and settings\mic\Application Data\m\shared\Kaspersky.Intenet.Security.V.6.0.1.411.New.Key.2008.zip
    c:\documents and settings\mic\Application Data\m\shared\Kaspersky.Internet.Security.6.0.0.300.Final.German.Incl.Key.zip
    c:\documents and settings\mic\Application Data\m\shared\KFSensor_4.2.zip
    c:\documents and settings\mic\Application Data\m\shared\Kijiji_Montreal_1.1.zip
    c:\documents and settings\mic\Application Data\m\shared\LabelsWin Lite 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Last_Changed_Files_1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Lexipedia 1.1.zip
    c:\documents and settings\mic\Application Data\m\shared\Li'l Atomic Clock 1.0.1.zip
    c:\documents and settings\mic\Application Data\m\shared\LingvoSoft Talking Dictionary 2006 Russian Armenian 3.1.41.zip
    c:\documents and settings\mic\Application Data\m\shared\LingvoSoft_Suite_2006_English_Dutch_1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Liquid_Screen_Saver_Maker_4.5_(Cracked).zip
    c:\documents and settings\mic\Application Data\m\shared\London Live Camera 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Macro Express 3.7a (Key+Serial).zip
    c:\documents and settings\mic\Application Data\m\shared\Mall23_eCommerce_4.21.zip
    c:\documents and settings\mic\Application Data\m\shared\Manny's_Simple_Finance_Program_1.04_[Patch].zip
    c:\documents and settings\mic\Application Data\m\shared\MarketBrowser_1.0_[KeyGen].zip
    c:\documents and settings\mic\Application Data\m\shared\McAfee.VShield.7.10.EN.zip
    c:\documents and settings\mic\Application Data\m\shared\MkAlbum 2.8.zip
    c:\documents and settings\mic\Application Data\m\shared\Monex_Portable_Edition_0.7.1.1b.zip
    c:\documents and settings\mic\Application Data\m\shared\MSDict_English_Phrases_Dictionary_(Symbian_UIQ)_2.40.zip
    c:\documents and settings\mic\Application Data\m\shared\MSN_Content_Adder_2.zip
    c:\documents and settings\mic\Application Data\m\shared\MySQL Oracle Import, Export & Convert Software 7.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Nature Clock Screensaver 1.zip
    c:\documents and settings\mic\Application Data\m\shared\NikSaver 1.6.2 build 192.zip
    c:\documents and settings\mic\Application Data\m\shared\NOD.32.antivirus.zip
    c:\documents and settings\mic\Application Data\m\shared\Norton.AntiVirus.2007.14.0.0.1+crack-multilenguaje-byzven.zip
    c:\documents and settings\mic\Application Data\m\shared\Onyx Ceph 2.7.7.zip
    c:\documents and settings\mic\Application Data\m\shared\Outlook Email Address Extractor Pro 2.1.zip
    c:\documents and settings\mic\Application Data\m\shared\Pin_Action_Bowling_1.12.04.zip
    c:\documents and settings\mic\Application Data\m\shared\Popup_Annihilator_Pro_3.0.zip
    c:\documents and settings\mic\Application Data\m\shared\ProgeCAD 2006 Professional 6.1.11.zip
    c:\documents and settings\mic\Application Data\m\shared\Qir'at Quran Reciter 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\QwikSecure File Protection System 3.01 [KeyGen].zip
    c:\documents and settings\mic\Application Data\m\shared\Rapid_File_Defragmentor_1.4_build_614.zip
    c:\documents and settings\mic\Application Data\m\shared\Rebate_Genie_1.0.5.zip
    c:\documents and settings\mic\Application Data\m\shared\rebuilt.Kaspersky.Internet.Security.v6.0.0.300.FR.Incl-Key.zip
    c:\documents and settings\mic\Application Data\m\shared\SAM (Beauty Salon Software) 6.1.zip
    c:\documents and settings\mic\Application Data\m\shared\SANITARY_1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Simple_Contact_Manager_2.5.001.zip
    c:\documents and settings\mic\Application Data\m\shared\SlideMate_3.8.zip
    c:\documents and settings\mic\Application Data\m\shared\Slimf's_Bowliebash_1.1.zip
    c:\documents and settings\mic\Application Data\m\shared\Smartworks-PE_4.5.zip
    c:\documents and settings\mic\Application Data\m\shared\Softdiv Audio Converter 3.5.zip
    c:\documents and settings\mic\Application Data\m\shared\Sort_Text_Lists_Alphabetically_Software_7.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Sploidz 1.zip
    c:\documents and settings\mic\Application Data\m\shared\Stator-AFM (Standard) 2.0 Build 216.zip
    c:\documents and settings\mic\Application Data\m\shared\Stock NeuroMaster 1.31.zip
    c:\documents and settings\mic\Application Data\m\shared\Symantec.AntiVirus.Corporate.Edition.v10.2.276.For.WinVista.zip
    c:\documents and settings\mic\Application Data\m\shared\SyncJe Personal Server for Outlook 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Tadpole_0.5.zip
    c:\documents and settings\mic\Application Data\m\shared\TextSpeech_Pro_1.0.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Timers_OCX_1.1_[Key+Serial].zip
    c:\documents and settings\mic\Application Data\m\shared\Toponoky_1.0_Beta.zip
    c:\documents and settings\mic\Application Data\m\shared\Total PDF Printer 1.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Trisnap 2.0.zip
    c:\documents and settings\mic\Application Data\m\shared\True_Trend_Charts_2.0.4_[Cracked].zip
    c:\documents and settings\mic\Application Data\m\shared\TsiLang Dictionary Manager 2.1.4.5.zip
    c:\documents and settings\mic\Application Data\m\shared\Video Bitrate Calculator 1.0.0.2.zip
    c:\documents and settings\mic\Application Data\m\shared\Visual Fractal 1.2.zip
    c:\documents and settings\mic\Application Data\m\shared\VivoStatic_3.0_[Crack].zip
    c:\documents and settings\mic\Application Data\m\shared\WaveBox_1.1.zip
    c:\documents and settings\mic\Application Data\m\shared\WendzelNNTPd_1.0.0.zip
    c:\documents and settings\mic\Application Data\m\shared\Willy_Wonka_and_the_Chocolate_Factory_Trailer.zip
    c:\documents and settings\mic\Application Data\m\shared\WinBackup 2.0.555.zip
    c:\documents and settings\mic\Application Data\m\shared\YoGen Audio Recorder 3.1.7.zip
    c:\documents and settings\mic\Application Data\m\srvlist.oct
    c:\windows\system32\ban_list.txt
    c:\windows\system32\drivers\downld
    c:\windows\system32\mdelk.exe
    I:\autorun.inf
    I:\nideiect.com
    N:\autorun.inf
    N:\nideiect.com

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SROSA
    -------\Service_srosa

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-13 au 2008-11-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-13 07:23 . 2008-11-13 07:23 197 --a------ c:\windows\system32\MRT.INI
    2008-11-13 07:19 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2008-11-13 07:19 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 19:47 . 2008-11-12 20:45 <REP> d-------- c:\program files\FindyKill
    2008-11-11 21:27 . 2008-11-11 21:27 173 --a------ C:\curr_ver.tmp
    2008-11-11 21:13 . 2008-11-11 21:13 <REP> d-------- c:\program files\ESET
    2008-11-11 20:49 . 2008-11-11 20:49 <REP> d-------- c:\program files\CCleaner
    2008-11-08 15:24 . 2008-04-14 03:33 159,232 --a------ c:\windows\system32\ptpusd.dll
    2008-11-08 15:24 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2008-11-08 15:24 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2008-11-08 15:24 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
    2008-11-08 15:15 . 2008-11-08 15:24 <REP> d-------- c:\documents and settings\mic\Application Data\FUJIFILM
    2008-11-08 15:14 . 2008-11-08 15:14 <REP> d-------- c:\program files\REGSHAVE
    2008-11-08 15:14 . 2008-11-11 21:24 <REP> d-------- c:\program files\FinePixViewer
    2008-11-08 15:14 . 2003-09-03 16:45 274,432 --a------ c:\windows\system32\FFTIFF16.dll
    2008-11-08 15:14 . 2006-07-12 14:39 208,896 --a------ c:\windows\system32\FFRafShellEx.dll
    2008-11-08 15:14 . 2004-07-24 21:28 155,648 --a------ c:\windows\system32\FFRAFLIB.DLL
    2008-11-08 15:14 . 2001-11-25 12:11 81,924 --------- c:\windows\system32\drivers\VC4CB104.SYS
    2008-11-08 15:14 . 2002-02-05 17:33 69,632 --------- c:\windows\system32\FREGSHEX.DLL
    2008-11-08 15:14 . 2002-02-27 12:27 65,536 --------- c:\windows\system32\FINFCHECK.dll
    2008-11-08 15:14 . 2002-06-25 10:06 45,056 --------- c:\windows\system32\FINFCOPY.dll
    2008-11-08 15:14 . 2002-02-13 11:00 45,056 --------- c:\windows\system32\FCLKBTN.DLL
    2008-11-08 14:14 . 2008-11-08 14:14 <REP> d-------- c:\program files\Syncrosoft
    2008-11-08 14:14 . 2008-11-08 14:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
    2008-11-08 14:14 . 2004-05-19 23:27 737,280 --a------ c:\windows\system32\SYNSOACC.dll
    2008-11-08 14:14 . 2004-05-10 14:58 147,456 --a------ c:\windows\system32\SynsoLChk.dll
    2008-11-08 14:14 . 2003-07-31 19:28 147,425 --a------ c:\windows\system32\SYNSOACC-Aide.chm
    2008-11-08 14:14 . 2003-05-26 14:29 120,468 --a------ c:\windows\system32\SYNSOACC-Hilfe.chm
    2008-11-08 14:14 . 2003-05-26 14:29 114,279 --a------ c:\windows\system32\SYNSOACC-Help.chm
    2008-11-08 14:14 . 2002-11-25 07:36 45,056 --a------ c:\windows\system32\Synsopos.exe
    2008-11-08 14:14 . 2002-11-25 04:46 16,896 --a------ c:\windows\system32\drivers\SynasUSB.sys
    2008-11-08 14:05 . 2008-11-08 14:05 <REP> d-------- c:\documents and settings\mic\Application Data\Propellerhead Software
    2008-11-08 14:04 . 2008-11-08 14:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Propellerhead Software
    2008-11-07 22:29 . 2008-11-07 22:29 <REP> d-------- c:\documents and settings\All Users\Application Data\ATI
    2008-11-07 22:29 . 2008-11-07 22:29 0 --a------ c:\windows\ativpsrm.bin
    2008-11-07 22:27 . 2008-11-07 22:37 <REP> d-------- c:\program files\ATI
    2008-11-07 22:24 . 2008-11-07 22:24 <REP> d-------- C:\ATI
    2008-11-07 21:21 . 2008-11-07 21:21 <REP> d-------- c:\program files\Mindscape
    2008-11-07 14:21 . 2008-11-07 14:29 <REP> d-------- c:\documents and settings\mic\Application Data\Steinberg
    2008-11-07 14:02 . 2008-11-07 14:02 <REP> d-------- c:\program files\Steinberg
    2008-11-07 13:59 . 2001-01-23 07:05 159,811 --a------ c:\windows\system32\Wnaspi32.dll
    2008-11-07 03:01 . 2008-11-07 03:01 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
    2008-11-06 15:12 . 2008-11-06 15:12 <REP> d-------- c:\program files\Fichiers communs\mapserv
    2008-11-06 15:12 . 2008-11-06 15:12 <REP> d-------- c:\program files\Fichiers communs\GIS
    2008-11-06 10:51 . 2008-11-06 10:51 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
    2008-11-05 21:15 . 2004-10-11 18:21 372,736 -ra------ c:\windows\system32\LVUI2RC.dll
    2008-11-05 21:15 . 2004-10-11 18:22 211,712 -ra------ c:\windows\system32\drivers\LV561AV.SYS
    2008-11-05 21:15 . 2004-10-11 18:18 204,800 -ra------ c:\windows\system32\LVUI2.dll
    2008-11-05 21:15 . 2004-10-11 18:16 204,800 -ra------ c:\windows\system32\lvcodec2.dll
    2008-11-05 21:15 . 2004-10-11 18:14 106,496 -ra------ c:\windows\system32\lvcoinst.dll
    2008-11-05 21:15 . 2008-04-14 03:33 54,784 --a------ c:\windows\system32\vfwwdm32.dll
    2008-11-05 21:15 . 2008-04-14 03:33 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
    2008-11-05 21:15 . 2004-10-11 18:18 22,016 -ra------ c:\windows\system32\drivers\LVUSBSta.sys
    2008-11-05 21:15 . 2004-10-11 17:58 6,812 -ra------ c:\windows\system32\lvcoinst.ini
    2008-11-05 21:08 . 2008-11-05 21:08 <REP> d-------- c:\program files\Fichiers communs\Logitech
    2008-11-05 21:08 . 2004-12-14 19:16 53,248 -ra------ c:\windows\system32\InstMed.exe
    2008-11-05 13:55 . 2008-11-05 13:55 <REP> d-------- c:\program files\Xvid
    2008-11-04 18:48 . 2008-11-04 18:48 <REP> d-------- c:\program files\Fichiers communs\Adobe
    2008-11-04 18:48 . 2008-11-04 18:48 <REP> d-------- c:\documents and settings\mic\Application Data\AdobeUM
    2008-11-04 14:28 . 2008-11-04 14:28 <REP> d-------- c:\program files\SuperCopier2
    2008-11-04 14:22 . 2008-11-04 14:22 <REP> d-------- c:\program files\Realtek AC97
    2008-11-04 14:22 . 2006-11-17 05:40 18,804,736 --a------ c:\windows\system32\alsndmgr.cpl
    2008-11-04 14:22 . 2006-12-08 15:20 10,528,768 --a------ c:\windows\system32\RTLCPL.exe
    2008-11-04 14:22 . 2008-09-24 10:40 4,122,368 -ra------ c:\windows\system32\drivers\alcxwdm.sys
    2008-11-04 14:22 . 2007-04-16 15:28 577,536 --a------ c:\windows\soundman.exe
    2008-11-04 14:22 . 2006-07-31 11:19 315,392 --a------ c:\windows\alcupd.exe
    2008-11-04 14:22 . 2006-07-31 11:27 217,088 --a------ c:\windows\Alcrmv.exe
    2008-11-04 14:22 . 2006-10-18 02:53 147,456 --a------ c:\windows\system32\RtlCPAPI.dll
    2008-11-04 14:22 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\alsndmgr.wav
    2008-11-04 14:22 . 2006-08-01 15:02 49,152 --a------ c:\windows\system32\ChCfg.exe
    2008-11-03 16:31 . 2008-11-03 16:31 <REP> d-------- c:\program files\Eden Flirt
    2008-11-03 12:58 . 2008-11-03 12:57 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
    2008-11-03 12:57 . 2008-11-03 12:57 22,328 --a------ c:\documents and settings\mic\Application Data\PnkBstrK.sys
    2008-11-03 12:56 . 2008-11-05 13:14 <REP> d-------- c:\windows\system32\LogFiles
    2008-11-03 12:56 . 2008-11-03 12:56 103,736 --a------ c:\windows\system32\PnkBstrB.exe
    2008-11-03 12:56 . 2008-11-03 12:56 66,872 --a------ c:\windows\system32\PnkBstrA.exe
    2008-11-03 12:56 . 2008-11-03 12:56 319 --a------ c:\windows\game.ini
    2008-11-03 12:50 . 2008-11-03 12:50 <REP> d--hs---- c:\windows\ftpcache
    2008-11-03 10:49 . 2008-11-03 10:49 <REP> d-------- c:\program files\MSBuild
    2008-11-03 10:49 . 2008-11-03 10:49 <REP> d-------- c:\program files\Microsoft Works
    2008-11-03 10:48 . 2008-11-03 10:48 <REP> d-------- c:\program files\Microsoft.NET
    2008-11-03 10:47 . 2008-11-03 10:47 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2008-11-03 10:46 . 2008-11-03 10:49 <REP> d-------- c:\windows\SHELLNEW
    2008-11-03 10:46 . 2008-11-03 10:46 <REP> dr-h----- C:\MSOCache
    2008-11-03 10:46 . 2008-11-13 07:23 <REP> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-11-02 22:11 . 2008-11-02 22:11 <REP> d-------- c:\documents and settings\mic\Application Data\Media Player Classic
    2008-11-02 21:43 . 2008-11-02 21:43 1,172 --a------ c:\windows\mozver.dat
    2008-11-02 20:00 . 2008-03-01 13:58 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
    2008-11-02 20:00 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
    2008-11-02 20:00 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
    2008-11-02 20:00 . 2008-03-01 13:58 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
    2008-11-02 20:00 . 2008-03-01 13:58 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
    2008-11-02 20:00 . 2008-03-01 13:58 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
    2008-11-02 20:00 . 2008-03-01 13:58 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
    2008-11-02 20:00 . 2008-03-01 13:58 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
    2008-11-02 20:00 . 2008-02-22 11:00 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
    2008-11-02 19:59 . 2008-11-02 19:59 268 --ah----- C:\sqmdata01.sqm
    2008-11-02 19:59 . 2008-11-02 19:59 244 --ah----- C:\sqmnoopt01.sqm
    2008-11-02 19:38 . 2008-11-02 19:38 <REP> d-------- c:\program files\Alcohol Soft
    2008-11-02 19:32 . 2008-11-02 19:32 685,816 --a------ c:\windows\system32\drivers\sptd.sys
    2008-11-02 19:23 . 2008-11-10 19:34 <REP> d-------- c:\program files\eMule
    2008-11-02 19:17 . 2008-11-02 19:17 <REP> d-------- c:\program files\K-Lite Codec Pack
    2008-11-02 19:13 . 2008-11-02 19:13 <REP> d-------- c:\documents and settings\mic\Application Data\Logitech
    2008-11-02 19:13 . 2008-11-02 19:13 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
    2008-11-02 19:07 . 2008-11-02 19:07 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-11-02 19:07 . 2008-11-02 19:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2008-11-02 19:07 . 2008-11-02 19:07 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2008-11-02 19:06 . 2008-11-02 19:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
    2008-11-02 19:06 . 2008-05-02 02:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll
    2008-11-02 19:06 . 2008-05-02 02:39 170,512 --a------ c:\windows\system32\kemutb.dll
    2008-11-02 19:06 . 2008-05-02 02:39 145,936 --a------ c:\windows\system32\KemUtil.dll
    2008-11-02 19:06 . 2008-05-02 02:40 117,264 --a------ c:\windows\system32\KemWnd.dll
    2008-11-02 19:06 . 2008-05-02 02:40 84,496 --a------ c:\windows\system32\KemXML.dll
    2008-11-02 19:05 . 2008-11-05 21:07 <REP> d-------- c:\program files\Logitech
    2008-11-02 19:05 . 2008-11-02 19:06 <REP> d-------- c:\program files\Fichiers communs\Logishrd
    2008-11-02 19:05 . 2008-11-02 19:05 <REP> d-------- c:\documents and settings\mic\Application Data\InstallShield
    2008-11-02 18:59 . 2008-11-04 14:17 <REP> d-------- c:\program files\ma-config.com
    2008-11-02 18:59 . 2008-11-04 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
    2008-11-02 18:53 . 2008-11-02 18:53 268 --ah----- C:\sqmdata00.sqm
    2008-11-02 18:53 . 2008-11-02 18:53 244 --ah----- C:\sqmnoopt00.sqm
    2008-11-02 18:02 . 2008-11-02 18:26 <REP> d-------- c:\documents and settings\mic\Contacts
    2008-11-02 18:02 . 2008-11-02 18:02 <REP> d-------- c:\documents and settings\mic\Application Data\Iminent
    2008-11-02 18:00 . 2008-11-02 18:01 <REP> d-------- c:\program files\Iminent
    2008-11-02 17:56 . 2008-11-02 17:57 <REP> d--h----- c:\documents and settings\All Users\Application Data\{D007B483-C907-4C86-A4E2-E9A50F17891F}
    2008-11-02 17:53 . 2008-11-02 17:53 <REP> d----c--- c:\windows\system32\DRVSTORE

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-08 14:16 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-07 21:29 --------- d-----w c:\documents and settings\mic\Application Data\ATI
    2008-11-07 21:27 --------- d-----w c:\program files\ATI Technologies
    2008-11-02 10:50 --------- d-----w c:\program files\Alice_Triway_WiFi
    2008-11-02 10:41 --------- d-----w c:\program files\Fichiers communs\ATI Technologies
    2008-11-02 10:35 --------- d-----w c:\program files\Fichiers communs\InstallShield
    2008-11-02 10:28 --------- d-----w c:\program files\AMD
    2008-11-02 10:24 --------- d-----w c:\program files\NVIDIA Corporation
    2008-11-02 09:54 --------- d-----w c:\program files\microsoft frontpage
    2008-11-02 09:53 --------- d-----w c:\program files\Services en ligne
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-09-24 03:09 3,331,072 ----a-w c:\windows\system32\drivers\ati2mtag.sys
    2008-09-24 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "IMBooster"="c:\program files\Iminent\imbooster.exe" [2008-08-19 536576]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-02-24 266240]
    "EdenFlirt"="c:\program files\Eden Flirt\EdenFlirt.exe" [2008-07-03 499712]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-11-08 303104]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-02 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Mindscape\\Mission Président - Geo-Political Simulator\\EReg.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10101:TCP"= 10101:TCP:10101
    "10111:UDP"= 10111:UDP:10111

    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\DRIVERS\nvcchflt.sys [2005-02-10 16640]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d21a4415-a8c9-11dd-9f47-806d6172696f}]
    \Shell\AutoRun\command - J:\Autorun.exe root.ini
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\mic\Application Data\Mozilla\Firefox\Profiles\xyagux6d.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://tempsreel.nouvelobs.com/index.html
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-13 12:46:51
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Logitech\Video\FxSvr2.exe
    c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-13 12:51:21 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-13 11:51:18

    Avant-CF: 4 880 248 832 octets libres
    Après-CF: 4,705,583,104 octets libres

    383 --- E O F --- 2008-11-13 06:23:34
    0
  10. chtimic
     
    bonsoir,
    1/ est ce qu'il reste une manip à faire ? j'ai l'impression que la clé usb (une corsair flash voyager)est nettoyé car quand elle etait infectée elle clignotait tout le temps, et là elle ne le fait plus.

    2/ quand est il du pc branché en reseau? faut il le scanner aussi?

    3/ avez vous egalement un antivirus a conseillé? on m'a dit que nod32 etait particulierement efficace pour detecter les virus inconnus?

    merci d'avance et merci pour votre aide!..
    0
  11. Utilisateur anonyme
     
    Telecharge malwarebytes

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
    1. chtimic
       
      bonsoir, voici le rapport malwarebytes:

      Malwarebytes' Anti-Malware 1.30
      Version de la base de données: 1395
      Windows 5.1.2600 Service Pack 3

      13/11/2008 21:07:23
      mbam-log-2008-11-13 (21-07-23).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
      Eléments examinés: 154121
      Temps écoulé: 1 hour(s), 5 minute(s), 57 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      H:\System Volume Information\_restore{F2E5B2CC-8451-462A-8C0B-CA6BBA9AF224}\RP32\A0013255.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
      H:\System Volume Information\_restore{F2E5B2CC-8451-462A-8C0B-CA6BBA9AF224}\RP32\A0013259.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
      0
  12. chtimic
     
    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1395
    Windows 5.1.2600 Service Pack 3

    13/11/2008 21:07:23
    mbam-log-2008-11-13 (21-07-23).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
    Eléments examinés: 154121
    Temps écoulé: 1 hour(s), 5 minute(s), 57 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    H:\System Volume Information\_restore{F2E5B2CC-8451-462A-8C0B-CA6BBA9AF224}\RP32\A0013255.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    H:\System Volume Information\_restore{F2E5B2CC-8451-462A-8C0B-CA6BBA9AF224}\RP32\A0013259.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    0
  13. Utilisateur anonyme
     
    Télécharge HijackThis (outils de dignostic) ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    -> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
    0
  14. chtimic
     
    bonsoir,

    voilà le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:20:10, on 14/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    C:\Program Files\Eden Flirt\EdenFlirt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Iminent\imbooster.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [EdenFlirt] C:\Program Files\Eden Flirt\EdenFlirt.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IMBooster] C:\Program Files\Iminent\imbooster.exe /warmup
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  15. Utilisateur anonyme
     
    Désactive et réactive ta restauration system :

    (1) Désactiver la Restauration du système

    cliques sur Démarrer
    Cliques droit sur Poste de travail
    cliques sur Propriétés
    Cliques sur l'onglet Restauration du système
    Coches Désactiver la Restauration du système sur tous les lecteurs
    Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
    cliques sur Oui.
    Cliques sur OK.

    (2) Activer la Restauration du système

    cliques sur Démarrer
    Cliques droit sur Poste de travail
    cliques sur Propriétsuite :

    Cliques sur l'onglet Restauration du système
    Décoches Désactiver la Restauration du système sur tous les lecteurs
    Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
    cliques sur Oui.
    Cliques sur OK.

    Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

    ensuite :

    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    http://pc-system.fr/
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
    0
  16. chtimic
     
    bonjour,

    voici le [ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Combofix.txt: trouvé !
    C:\FindyKill.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\mic\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\mic\Bureau\HJTInstall.exe: trouvé !
    C:\Documents and Settings\mic\Menu Démarrer\Programmes\FindyKill: trouvé !
    C:\Program Files\FindyKill: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\mic\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\mic\Bureau\HJTInstall.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\FindyKill.txt: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\mic\Menu Démarrer\Programmes\FindyKill: supprimé !
    C:\Program Files\FindyKill: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    merci
    0
  17. chtimic
     
    bonjour,

    apparemment je ne peux pas modifié le statut du post, je dois etre membre non inscrit.
    Merci en tout cas de votre aide, tout à l'air de fonctionner.
    Je ne pense pas que mon 2è PC soit infecté, aurait il pi l'etre via un reseau local internet?

    Bonne journée
    0
  18. Utilisateur anonyme
     
    non mais via les usbb c possible

    @+
    0