Sujet Précédent Sujet Suivant

HELP J'ai un BAGLE

Fermé
POLYPHONE - 2 janv. 2009 à 21:16
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 2 janv. 2009 à 23:40
Bonjour,J' ai un bagle qui m'empeche d'ouvrir les antivirus j' ai fait le scan pour le rapport sur findykillet sur elibaglasur elibagla il me trouve le bagle il se nomme MDELK.EXE Et sur le rapport findykill : ----------------- FindyKill V4.710 ------------------* User : E Cime - PC-DE-ECIME* Emplacement : C:\Program Files\FindyKill* Outils Mis a jours le 21/12/08 par Chiquitine29* Recherche effectuée à 20:51:34 le 02/01/2009* Windows Vista - Internet Explorer 7.0.6001.18000 ((((((((((((((((( *** Recherche *** ))))))))))))))))))    --------------- [ Processus actifs ] ----------------   C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\rundll32.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exeC:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exeC:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exeC:\Windows\system32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\SearchIndexer.exeC:\Acer\Empowering Technology\eRecovery\eRecoveryService.exeC:\Acer\Empowering Technology\eSettings\Service\capuserv.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskeng.exeC:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exeC:\Windows\System32\nvraidservice.exeC:\Program Files\Orange\Systray\SystrayApp.exeC:\Windows\System32\rundll32.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Users\E Cime\AppData\Roaming\drivers\winupgro.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\ehome\ehmsas.exeC:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXEC:\Acer\Empowering Technology\eRecovery\ERAGENT.EXEC:\Windows\system32\wbem\unsecapp.exeC:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Windows\system32\conime.exeC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Users\E Cime\AppData\Roaming\drivers\downld\7600680.exeC:\Windows\system32\SearchFilterHost.exe --------------- [ Processus infectieux stoppés ] ----------------   "C:\Users\E Cime\AppData\Roaming\drivers\downld\7600680.exe"  (4904)"C:\Users\E Cime\AppData\Roaming\drivers\winupgro.exe"  (3420) --------------- [ Fichiers/Dossiers infectieux ] ----------------    »»»» Presence des fichiers dans C:  Found ! [02/01/2009 20:47] - C:\InfoSat.txt  »»»» Presence des fichiers dans C:\Windows   »»»» Presence des fichiers dans C:\Windows\Prefetch  Found ! - C:\Windows\prefetch\98506.EXE-C9758129.pf  »»»» Presence des fichiers dans C:\Windows\system32  Found ! [02/01/2009 18:38] - C:\Windows\system32\mdelk.exe Found ! [02/01/2009 18:38] - C:\Windows\system32\wintems.exe Found ! [06/06/2007 00:04] - C:\Windows\system32\AutoRun.inf  »»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming   »»»» Presence des fichiers dans C:\Windows\system32\drivers   »»»» Presence des fichiers dans C:\Users\E Cime\AppData\Roaming  Found ! [02/01/2009 20:34] - "C:\Users\E Cime\AppData\Roaming\m\flec006.exe" Found ! [02/01/2009 20:52] - "C:\Users\E Cime\AppData\Roaming\m\shared" Found ! [02/01/2009 20:47] - "C:\Users\E Cime\AppData\Roaming\m" Found ! [02/01/2009 18:09] - "C:\Users\E Cime\AppData\Roaming\drivers" Found ! [02/01/2009 18:38] - "C:\Users\E Cime\AppData\Roaming\drivers\srosa.sys" Found ! [02/01/2009 18:38] - "C:\Users\E Cime\AppData\Roaming\drivers\srosa2.sys" Found ! [07/06/2005 08:04] - "C:\Users\E Cime\AppData\Roaming\drivers\winupgro.exe" Found ! [02/01/2009 20:45] - "C:\Users\E Cime\AppData\Roaming\drivers\downld" Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\106876.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\110308.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\110323.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\187965.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\190867.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\191834.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\192271.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\195360.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\196280.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\2283885.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\2285196.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\235561.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\237464.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\238073.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\263142.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\263984.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\273797.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\387069.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\394198.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\395025.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\49077.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\52572.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\52587.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\53071.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\55271.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\55286.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\59841.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\62852.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\6923059.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\6983899.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\6995381.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7007362.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7018375.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7163721.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7190881.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7210600.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7256542.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7267150.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7278725.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7306665.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7328490.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7339769.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7476878.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7488359.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7496721.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7511994.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7549824.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7551743.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7558482.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7600680.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7630367.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7638276.exe Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7641225.exe  »»»» Presence des fichiers dans C:\Users\ECIME~1\AppData\Local\Temp   »»»» Presence des fichiers dans C:\Users\E Cime\Local Settings\Temporary Internet Files\Content.IE5  Found ! [02/01/2009 20:43] - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AD7J4E9Q\b64_1[1].jpg Found ! [02/01/2009 20:44] - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91T74BZ\b64_2[1].jpg Found ! [02/01/2009 20:34] - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDTGYKB7\b64[1].jpg Found ! [02/01/2009 20:33] - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDTGYKB7\b64_1[1].jpg  --------------- [ Registre / Startup ] ----------------   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]   Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun   WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter   ehTray.exe=C:\Windows\ehome\ehTray.exe   SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]   Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide   RtHDVCpl=RtHDVCpl.exe   Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe   eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe   PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe   Apanel=C:\ACERSW\config\SetApanel.cmd   WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe   eRecoveryService=   NVRaidService=C:\Windows\system32\nvraidservice.exe   SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"   ORAHSSSessionManager=C:\Program Files\Orange\SessionManager\SessionManager.exe   Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"   SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"   NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup   NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit   HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe   ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=   <NO NAME>=HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=   Installed=1   <NO NAME>=HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=   NoChange=1   Installed=1   <NO NAME>=HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=   Installed=1   <NO NAME>= [HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator][HKEY_CURRENT_USER\software\local appwizard-generated applications\RtHDVCpl][HKEY_CURRENT_USER\software\local appwizard-generated applications\SkyTel][HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro] --------------- [ Registre / Clés infectieuses ] ----------------    Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\Local AppWizard-Generated Applications\key_generator Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\Local AppWizard-Generated Applications\RtHDVCpl Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\FFC Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\FirtR Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\MuleAppData Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\RtHDVCpl Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA    Found ! - HKEY_CURRENT_USER\Software\FirtR Found ! - HKEY_CURRENT_USER\Software\MuleAppData   Found ! - HKEY_CURRENT_USER\Software\FFC  Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s  --------------- [ Etat / Services ] ----------------  +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]  /!\ Ndisuio - Type de démarrage = 4   EapHost - Type de démarrage = 3   Wlansvc - Type de démarrage = 3   SharedAccess - Type de démarrage = 2   wuauserv - Type de démarrage = 2   /!\ wscsvc - Type de démarrage = 4   /!\ WinDefend - Type de démarrage = 4    --------------- [ Recherche dans supports amovibles] ----------------    +- Informations : C: - Lecteur fixeD: - Lecteur fixe +- presence des fichiers :    --------------- [ Registre / Mountpoint2 ] ----------------    -> Not found !   

6 réponses

Réponse 1 / 6
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
2 janv. 2009 à 21:44
Salut,

Oh, quel beau pâté !

---> Reposte le rapport FindyKill.
0
POLYPHONE
2 janv. 2009 à 23:02
OH AIDER MOI J4EN PEUX PLUS EN PLUS JE SUIS UN NAZ EN ORDI ET J4EN AI INCROYEBLEMENT BESOIN POUR CR2ER MES MUSIQUE
0
Réponse 2 / 6
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
2 janv. 2009 à 23:05
Poste le rapport de FindyKill.
0
POLYPHONE
2 janv. 2009 à 23:07
JE LE POSTE OU
0
Réponse 3 / 6
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
2 janv. 2009 à 23:07
Ici.
0
POLYPHONE
2 janv. 2009 à 23:21
Tu as une idée de command je poyurrai faire quitte à tout formater tu crois que c'est une bonne idée
0
Réponse 4 / 6
POLYPHONE
2 janv. 2009 à 23:09
----------------- FindyKill V4.710 ------------------

* User : E Cime - PC-DE-ECIME
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 20:51:34 le 02/01/2009
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\E Cime\AppData\Roaming\drivers\winupgro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\E Cime\AppData\Roaming\drivers\downld\7600680.exe
C:\Windows\system32\SearchFilterHost.exe

--------------- [ Processus infectieux stoppés ] ----------------


"C:\Users\E Cime\AppData\Roaming\drivers\downld\7600680.exe" (4904)
"C:\Users\E Cime\AppData\Roaming\drivers\winupgro.exe" (3420)


--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:

Found ! [02/01/2009 20:47] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\prefetch\98506.EXE-C9758129.pf

»»»» Presence des fichiers dans C:\Windows\system32

Found ! [02/01/2009 18:38] - C:\Windows\system32\mdelk.exe
Found ! [02/01/2009 18:38] - C:\Windows\system32\wintems.exe
Found ! [06/06/2007 00:04] - C:\Windows\system32\AutoRun.inf

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming


»»»» Presence des fichiers dans C:\Windows\system32\drivers


»»»» Presence des fichiers dans C:\Users\E Cime\AppData\Roaming

Found ! [02/01/2009 20:34] - "C:\Users\E Cime\AppData\Roaming\m\flec006.exe"
Found ! [02/01/2009 20:52] - "C:\Users\E Cime\AppData\Roaming\m\shared"
Found ! [02/01/2009 20:47] - "C:\Users\E Cime\AppData\Roaming\m"
Found ! [02/01/2009 18:09] - "C:\Users\E Cime\AppData\Roaming\drivers"
Found ! [02/01/2009 18:38] - "C:\Users\E Cime\AppData\Roaming\drivers\srosa.sys"
Found ! [02/01/2009 18:38] - "C:\Users\E Cime\AppData\Roaming\drivers\srosa2.sys"
Found ! [07/06/2005 08:04] - "C:\Users\E Cime\AppData\Roaming\drivers\winupgro.exe"
Found ! [02/01/2009 20:45] - "C:\Users\E Cime\AppData\Roaming\drivers\downld"
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\106876.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\110308.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\110323.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\187965.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\190867.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\191834.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\192271.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\195360.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\196280.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\2283885.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\2285196.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\235561.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\237464.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\238073.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\263142.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\263984.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\273797.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\387069.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\394198.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\395025.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\49077.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\52572.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\52587.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\53071.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\55271.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\55286.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\59841.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\62852.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\6923059.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\6983899.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\6995381.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7007362.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7018375.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7163721.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7190881.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7210600.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7256542.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7267150.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7278725.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7306665.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7328490.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7339769.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7476878.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7488359.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7496721.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7511994.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7549824.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7551743.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7558482.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7600680.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7630367.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7638276.exe
Found ! [02/01/2009 20:45] - C:\Users\E Cime\AppData\Roaming\drivers\downld\7641225.exe

»»»» Presence des fichiers dans C:\Users\ECIME~1\AppData\Local\Temp


»»»» Presence des fichiers dans C:\Users\E Cime\Local Settings\Temporary Internet Files\Content.IE5

Found ! [02/01/2009 20:43] - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AD7J4E9Q\b64_1[1].jpg
Found ! [02/01/2009 20:44] - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91T74BZ\b64_2[1].jpg
Found ! [02/01/2009 20:34] - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDTGYKB7\b64[1].jpg
Found ! [02/01/2009 20:33] - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDTGYKB7\b64_1[1].jpg

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter
ehTray.exe=C:\Windows\ehome\ehTray.exe
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl=RtHDVCpl.exe
Acer Empowering Technology Monitor=C:\Acer\Empowering Technology\SysMonitor.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
Apanel=C:\ACERSW\config\SetApanel.cmd
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe
eRecoveryService=
NVRaidService=C:\Windows\system32\nvraidservice.exe
SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"
ORAHSSSessionManager=C:\Program Files\Orange\SessionManager\SessionManager.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\key_generator]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\RtHDVCpl]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\SkyTel]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\Local AppWizard-Generated Applications\RtHDVCpl
Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\RtHDVCpl
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

/!\ wscsvc - Type de démarrage = 4

/!\ WinDefend - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
2 janv. 2009 à 23:19
--> Supprime tes cracks et keygens.

--> Clique droit sur le raccourci FindyKill situé sur ton Bureau et choisis Exécuter en tant qu'administrateur.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0
POLYFONE
2 janv. 2009 à 23:34
----------------- FindyKill V4.710 ------------------* User : E Cime - PC-DE-ECIME* executed from : C:\Program Files\FindyKill* Update on 21/12/08 par Chiquitine29* Start at 23:28:14 the 02/01/2009* Windows Vista - Internet Explorer 7.0.6001.18000  ((((((((((((((( *** deleting *** ))))))))))))))))))    --------------- [ Active Processes ] ----------------   C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\LogonUI.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\svchost.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\userinit.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\DllHost.exeC:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exeC:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exeC:\Windows\system32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\SearchIndexer.exeC:\Acer\Empowering Technology\eRecovery\eRecoveryService.exeC:\Acer\Empowering Technology\eSettings\Service\capuserv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\runonce.exeC:\Windows\system32\conime.exeC:\Windows\system32\wbem\wmiprvse.exe --------------- [ Infected files / folders ] ----------------    »»»» Supression files in C:  Deleted ! - C:\InfoSat.txt   »»»» Supression files in C:\Windows   »»»» Supression files in C:\Windows\Prefetch  Deleted ! - C:\Windows\prefetch\98506.EXE-C9758129.pf  »»»» Supression files in C:\Windows\system32  Deleted ! - C:\Windows\system32\autorun.inf  Deleted ! - C:\Windows\system32\mdelk.exe  Deleted ! - C:\Windows\system32\wintems.exe  Deleted ! - C:\Windows\system32\ban_list.txt   »»»» Supression files in C:\Windows\system32\config\systemprofile\AppData\Roaming   »»»» Supression files in C:\Windows\system32\drivers  Deleted ! - C:\Windows\system32\drivers\srosa.sys  Deleted ! - C:\Windows\system32\drivers\srosa2.sys   »»»» Supression files in C:\Users\E Cime\AppData\Roaming  Deleted ! - "C:\Users\E Cime\AppData\Roaming\m\flec006.exe"  Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\3D Salt Water Fish Tank 2.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Access Manager for Windows 8.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Active Keylogger Home 2.1.8.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\AGuardDog Suite Complete Protection 1.0.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\AIM Monitor 3.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Airstrip One Regular 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Aiseesoft MP4 Video Converter 3.1.22.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\AutoClip 4.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\AZBrowser 1.04.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\BHead 5.0.1.1672.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Bulk Image Downloader 1.39.0.6.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Ceph Basic 1.0.4 build 28.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Citroen Sports Screensaver 3.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\ClinSoft 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\CloudBerry Explorer for Amazon S3 1.1.0.10 Beta.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Command Line SFV Checker 0.1.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\DBQwikEdit Lite 2.4.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\DBSync for MS Access & MS FoxPro 2.1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Delete Start Programs Shortcut Entries Software 7.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\DFX Audio Enhancement for J.River Media Center 8.403.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Discrete Browser 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\DWeb Pro 6.8.5.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\DYDLO 1.01.03.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Easy HR Uptime 1.01.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Easy PC Firewall 2.0.2.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\EasyPhotoTools 2.0.0.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Eisoo AnyEncrypt 2006 Free Edition.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Encryption 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\EtherSnoop Light 1.11.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Fasttweak 2.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Fighter Jets 1.1.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\File List Pro 9.1.46.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Firefly Data Transfer Tool 2.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Fix Focus 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\foo amipwrapper 2.63.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\FrostWire Acceleration Tool 2.3.2.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Genie Online Backup 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\GIFmation 2.24.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\HuMMeR.bitdefender.10+serial.25.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Interpolating Bob 0.10.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Irvine ContextMenu 1.3.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\iView Catalog Reader 3.1b10.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Kaspersky.Anti-Virus.6.0.Keys.updated-fixed.Release.12-2006.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Kaspersky.Antivirus.Personal.5.0.227.ITA.+.Key.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Kernel Linux 4.02.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\killgenix.myLink 0.89.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Kingdia DVD to PSP Converter 3.5.1.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\KonSoulmate 1.3.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\KSSWare Presentation Manager Lite 1.1.2652.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\LiveAlpha 1.0.091.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Locate32 3.1.8.9210 RC 3.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Locked 2.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\LogoManager Classic 1.4.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Magic MP3 To WAV Converter 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Mcafee.Viruscan.2005.Ita.By.King.Markus.Clone.Cd.Iso.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Media Purveyor 3.2.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\MenuShrink 2.41.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Metric Conversion 1.2.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\MIDIDMP 1.3.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Miniloop 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Miscellaneous Icons.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Mobile Fighter.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\MP3 Strip It! Digital 5.7.0.223.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Multimedia Power Pack 1.0.1.0209.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\mwMapserverExport 1.0.2455.38043.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\NetMarks Manager Firefox Add-on 3.3.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Nitro PDF Express.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\NOD32.-.Antivirus.-.V.2.50.39.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\NOD32.2.51.26.NL.¶¸.By.M@$TeR.M@Rk.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Nod32.2.7.espaÇñol.+.fix.2.1.+.nodlogin.(por.Aguja).updated-fixed.Release.11-2006.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\NOD32.Anti-Virus.System.Personal.v.2.51.26.Italiano!.+.Crack.NOD.Fix.v.2.1_DnGnMsTr.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\NOD32_2.50_ver.PL+CRACK.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Norton Utilities 2005.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Oriens Enhancer 3.0.1.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\OutLook XP Unlocker 1.0.0.6.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Panda.Titanium.Antivirus.2004.v3.00.00.Crack.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Password Killer 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\PicBlow 1.0.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Pocket Watch 2.01.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Porcupine 0.5.2.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Pornblocker 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Psychrosoft Feb 2008.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\PWM 1.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Question of Time.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\QuickCalc 327.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Renuncio Webcam 1.00.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Request Commander 1.3.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\RM MP3 Converter 1.10.7.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\route 66 mobile 8 code serial cds.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\RSSMate 5.2n.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\RST IP Locator 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Sango.Fighter.[Panda.Software][1993][rip][group.Excrete].zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\School Management System 6.0.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Screen Privacy 1.2.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\SDE for IBM WebSphere (CE) for Windows SP2 4.2.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Search Images on Google With a Single Click 1.2.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Setsongs 2.3.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\ShotGenius 1.1.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Simple Project Snapshot 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Simplebean Health Guide 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Smart Thesaurus English 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\SpiceLogic Document 2 Text Converter 1.1.0.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Spyware Terminator Corporate Edition 1.1.0.19.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\SqlPro 1.4.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\SUI Message Board 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\SuperPro Client Management 5.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Tag 2.0.43.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\TAPI Modem ActiveX 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\The Cat in The Hat 3D Screensaver 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\The Uniform Server 3.5.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Thumbs Firefox Add-on 0.6.5.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\TPropertyPageSaver 2.3.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Travel Dictionary Portuguese PPC 3.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Tunbit WMA MP3 Converter 2.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Turbine Video Encoder 4.0.001.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Ultra trigger FX 1.144.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\USB to Ethernet Connector 3.0.6.406.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\UtawaNET Utilities 2003.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Vanix.Net.Symantec.Pcanywhere.v12.0.Web.Remote.Addon-Dvt.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\VisualCVS 1.04.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\WebSpeedReader 8.8.14.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\WindList 1.1.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Wondershare DVD to RM ConverterWondershare DVD to RM Converter 3.2.49.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\WordToys 2.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\World Cup Toolbar 1.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\Xenocode Postbuild 2008 6.1 Build 367.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\XML to Excel Convert Software 7.0.zip Deleted ! - C:\Users\E Cime\AppData\Roaming\m\shared\ZylCPUUsage 2.01.zip Deleted ! - "C:\Users\E Cime\AppData\Roaming\m\shared"  Deleted ! - "C:\Users\E Cime\AppData\Roaming\m"  Deleted ! - "C:\Users\E Cime\AppData\Roaming\drivers\srosa.sys"  Deleted ! - "C:\Users\E Cime\AppData\Roaming\drivers\srosa2.sys"  Deleted ! - "C:\Users\E Cime\AppData\Roaming\drivers\winupgro.exe"  Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\106876.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\110308.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\110323.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\187965.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\190867.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\191834.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\192271.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\195360.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\196280.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\2283885.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\2285196.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\235561.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\237464.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\238073.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\263142.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\263984.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\273797.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\387069.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\394198.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\395025.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\49077.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\52572.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\52587.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\53071.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\55271.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\55286.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\59841.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\62852.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\6923059.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\6983899.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\6995381.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7007362.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7018375.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7163721.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7190881.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7210600.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7256542.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7267150.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7278725.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7306665.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7328490.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7339769.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7476878.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7488359.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7496721.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7511994.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7549824.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7551743.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7558482.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7600680.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7630367.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7638276.exe Deleted ! - C:\Users\E Cime\AppData\Roaming\drivers\downld\7641225.exe Deleted ! - "C:\Users\E Cime\AppData\Roaming\drivers\downld"  Deleted ! - "C:\Users\E Cime\AppData\Roaming\drivers"   »»»» Supression files in C:\Users\ECIME~1\AppData\Local\Temp   »»»» Supression files in C:\Users\E Cime\Local Settings\Temporary Internet Files\Content.IE5  Deleted ! - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AD7J4E9Q\b64_1[1].jpg    Deleted ! - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91T74BZ\b64_2[1].jpg    Deleted ! - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDTGYKB7\b64[1].jpg    Deleted ! - C:\Users\E Cime\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDTGYKB7\b64_1[1].jpg     --------------- [  Registry / Infected keys ] ----------------  Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA   Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA   Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA      Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA   Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S   Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S   Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S   Deleted ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\Local AppWizard-Generated Applications\key_generator   Deleted ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\Local AppWizard-Generated Applications\RtHDVCpl   Deleted ! - HKEY_USERS\S-1-5-21-2459640836-3337803280-3900055799-1000\Software\Local AppWizard-Generated Applications\winupgro   Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\key_generator   Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\RtHDVCpl   Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro    --------------- [ States / Restarting of services ] ----------------  +- Services : [ Auto=2 / Request=3 / Disable=4 ]  Ndisuio - Type of startup  = 3   EapHost - Type of startup  = 2   Wlansvc - Type of startup  = 2   SharedAccess - Type of startup  = 2   wuauserv - Type of startup  = 2   wscsvc - Type of startup  = 2   WinDefend - Type of startup  = 2   ---------------   [ Cleaning removable drives ] ----------------   +- Informations : C: - Lecteur fixeD: - Lecteur fixe +- deleting files :   --------------- [ Registry / Mountpoint2 ] ----------------     -> Not found !   --------------- [ Searching Cracks / Keygen ] ----------------     ---------------- ! End of report ! ------------------   
0
Réponse 6 / 6
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
2 janv. 2009 à 23:40
Tes rapports apparaissent en pâté !

---> Réinstalle les applications qui ont été infectés (Antivirus par exemple).

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0

Discussions similaires

worm bagle
manu2531 -
Utilisateur anonyme -

30 réponses
Infécté par virus Bagle
cadum87 -
cadum87 -

2 réponses