Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

NTSB investigators flights recorder

Dernière réponse le 20 jan 2009 à 10:20:30 apolosio, le 17 jan 2009 à 23:37:03

Signaler ce message aux modérateurs

Bonjour,
j'ai le même problème que :

AnToiinee, le samedi 3 janvier 2009 à 17:44:43
Bonjour,
Voila j'ai un problème avec mon ordinateur au démarrage "NTBS investigators flight recorder (black box) analyser" s'affiche j'ai tout essaye Elibagla, Malwarebytes, mon anti virus ne marche plus et je ne peux plus en installer un autre, mon ordinateur rame et je n'arrive pas a accéder au mode sans échec impossible j'ai ce probleme depuis hier et j'ai regardé dans les autres sujets, ou on a éxpliqué qu'il fallait utiliser le logiciel FindyKill mais quand j'analyse il me dise no matching processus not found, et voila le premier scan :

pour gagné du temps je suis passé au Findykill de chiquitine 29 option 2 (ci-dessous le rapport)
ensuite j'ai réussi à re-installer Ccleaner mais malheureusement pour très peu de temps
j'ai juste eu le temps de faire :

▶ Lance-le. Va dans "Options" puis "Avancé",
▶ Tu décoches la case "Effacer uniquement les fichiers etc...".
▶ Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage.
▶ Tu vas dans "Registre", tu fais "Chercher des erreurs".
Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.
▶ Un tuto ( aide )

le problème persiste re-apparition de la fenetre "NTBS investigators flight recorder (black box) analyser".
Impossible de relancer Ccleaner et surtout impossible d'installer un antivirus.
Que dois je faire SVP aider moi.

Désolé d'être aussi bref
Vous remerciant

----------------- FindyKill V4.712 ------------------

* User : Polo - APOLOSIO
* executed from : C:\Program Files\FindyKill
* Update on 14/01/09 par Chiquitine29
* Start at 17:05:47 the 17/01/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-377E42D4.pf

»»»» Supression files in C:\WINDOWS\system32

Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\Polo\Application Data

Not deleted !! - "C:\Documents and Settings\Polo\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\1Z0-007 Oracle OCP DBA9i Introduction to Oracle9i
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\360Voice Desktop 4.02.2a.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\3D Grapher 1.21.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\3D Tropical Island Screen Saver 1.0b.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Actualizacion.Mcafee.De.Por.Vida.updated-fixed.01-2007.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Alice DVD to H.264 MP4 Converter 5.38.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Ambages 001.000.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AMORTSC 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AnimatedCamero ScreenMate 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AppCompactor 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Atomic Word Password Recovery 1.50.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Attachments Processor for Outlook 4.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Australian Landscapes 09 Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Auto-Talk 4.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\AWT Font Shower 2.7 Build 9228.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Background Buddy Pro 3.05.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Big Clock 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Black Steel 1.2.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\BMW E39 Screensaver 1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Calvary of Albuquerque 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Chilkat Zip C++ Library -.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Christmas Textures 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Classic Menu for Excel 3.5.0.113.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\COM Explorer 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Coollector 2.28.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\CopyShell 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\CPU Led Indicator 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Crack.Panda.Platinum.Internet.Security.2005.v9.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Dark Super 1.0.4.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Delete FXP Files 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Directory Synchronizer 0.3 Build 226.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\DX 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Easy Text To HTML Converter 3.0.0.057.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Eset.NOD32.Antivirus.Administrator.Edition.v2.50.16.PROPER-DVT.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Eva Mendes Screensaver1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Find Toolbar Tweaks 2.0.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Font Viewer 2.00.382.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Free System Tweaker 4.5.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\FreeNetEnumerator 1.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Freewind SQL Converter 1.8.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Gimao Browser 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Glossword 1.8.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\GoodOk DVD Ripper 5.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\HTML Template Browser 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Humanclock 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IBFireBackup 2.6.0.76.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\icecream 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IceLand 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\ID AntiPopup 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\iMiser Web Organizer 3.1 SR1 Build 1075.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Ivan Video to 3GP + DVD to 3GP 1.11.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\IWEB Dashboard 1.0.0.40.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Java HTTP Client 2.5.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Jokes Screen Saver 2.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Jovem Pan AM 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\K2xMon 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Kaufman Launch Cleaner 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\KingConvert For Coby PMP-3522 4.0.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\LingvoSoft FlashCards English German 1.5.07.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\LvG Spellcheck 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MacAfee.Virusscan.-.8.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MailChecker 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Maximus CD Player 3.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mayweed Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mcafee.Viruscan.Enterprise-2004.8.0I.16-07-2004.Ilimitado.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Microsoft Agent Network Chat 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Mister Wong Toolbar 1.1.8a.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Morning Glory 1.0.14.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MouseaWay 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Movie to GIF Converter 2.20.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MyBusinessCatalog Gold 6.4.0.18.87.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\MySQL Delete (Remove) Duplicate Entries Software 7.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NetFilter SDK 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NetMac 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\New Chronicles Of Rebecca 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NewPlay 4 Audio Full Edition 4.05.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nod32_2.51.30_ita.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nod32_by_soft-best.net.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Nokia Gps Route 66 Mobile 2007 [Mapas de Espa¤a y Portugal].zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Norton.AntiVirus.2004.LiveUpdate.to.2090.by.Xp.for.EWS.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Noted 2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\NotePad SX 1.2.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\OBJ Export for SolidWorks 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Obsidian Menu 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Omniquad Surfwall - Enterprise Manager 2.882.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Opera Christmas Widget! 1.6.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\OSPC
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Paragon CD-ROM Emulator Network 3.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Paste MSDN URL 1.0.2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\pdf2picture 6.5.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Pepys Personal Edition 1.0.2.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Phoebus 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Photo2Web Publisher 1.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Privacy Inspector 2.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Qdeo 1.0 Beta.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\QDQ Search 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\QRCode 2D Barcode ActiveX 3.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\RE
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Registry Accelerator 5.1.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Reverb Rack R-ii 2.6.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Sam's Interactive Reader 1.10.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Scalable Fabric 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SetBrowser 1.4.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\SharePoint Vista Sidebar Gadget Preview 0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Shuffle Radio Tuner 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Shutdown System Manager 1.00.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Sony Vegas Movie Studio Platinum 9.0b Build 85.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\soul cage screensaver 01.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\StreamAware 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Super MIDI Scripter 0.830.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Symantec.Norton.Ghost.2006.v10.Retail.+.Crack.+.Code.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Telepen Barcode Font 1.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Trailfire 1.5.12010.2584.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Trojan.Lodear Removal Tool 1.3.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TTHmachine 1.02 beta.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TurboFTP 6.00 Build 712.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\TV Set 1.0.0.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Twins File Merger 3.86.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Video and Music to iPod Converter 4.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\VisualHash 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Wav to MP3 1.0.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Web Pictures Downloader 2.0 SR 100.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Window Magician 1.1.3.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Winguard Popup Remover 1.17.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\WordBanker English-Croatian 6.4.1.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\xSync File Synchronizer 2.0.26.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\XtraTools 2008 1.7.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\Zero-X BeatQuantizer 1.52.zip
Deleted ! - C:\Documents and Settings\Polo\Application Data\m\shared\[Antivirus].Panda.Platinium.Internet.Security.(2009).zip
Deleted ! - "C:\Documents and Settings\Polo\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\Polo\Application Data\m"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\drivers\srosa2.sys"
Not deleted !! - "C:\Documents and Settings\Polo\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\Polo\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Polo\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\Polo\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_1[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\0NWJOGFV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\2O51R0MA\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64[3].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JF8SIH2E\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\file[1].txt
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\mxd[2].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\T9O06ZLJ\mxd[3].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\6TEJSM4O\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\VQU82VKM\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\mxd[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\VQU82VKM\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\b64_1[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\H0BKLMN8\file[1].txt
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\JQH55AV0\servernames[1].htm
Deleted ! - C:\Documents and Settings\Polo\Local Settings\Temporary Internet Files\Content.IE5\VQU82VKM\mxd[1].jpg

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur de CD-ROM

M: - Lecteur fixe

+- deleting files :

Not deleted !! - F:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Configuration: Windows XP
Firefox 3.0.5

Meilleures réponses pour « NTSB investigators flights recorder » dans :

Ntsb investigators flight recorder (Résolu) Voir

NTBS investigators flight recorder black box Voir

Virus Ntsb investigator (Résolu) Voir

Spyware NTSB investigator... Voir

Problème NTSB Investigator Voir

NTSB INVESTIGATOR VIRUS Voir

Télécharger ISO Recorder Voir

Télécharger Free Sound Recorder VoirFree Sound Recorder fait exactement ce que son nom dit. Il permet d'enregistrer tous les sons qui sortent de votre carte son gratuitement. Les fichiers peuvent être exportés directement au format MP3, WAV ou WMA. Free Sound Recorder est l'outil idéal...

Télécharger MP3 Audio Recorder Free Voir

Microsoft Flight Simulator X Gold Edition Voir

Flight Simulator X: Acceleration Expansion Voir

Flight Simulator 98: President Air Force Expansion Voir

Fallait-il redemarer le pc après avoir désinstaller ??? voici le Lire la suite

Posez votre question Répondre

V-X, le 17 jan 2009 à 23:38:13

Salut,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

Répondre à V-X

apolosio, le 18 jan 2009 à 00:18:58

Voici le rapport
Est-ce bon ???? :-s

ComboFix 09-01-17.03 - Polo 2009-01-18 0:01:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1600 [GMT 1:00]
Lancé depuis: c:\documents and settings\Polo\Bureau\C-Fix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Polo\Application Data\drivers\winupgro.exe
c:\documents and settings\Polo\Favoris\Videos.url
c:\documents and settings\Polo\Menu Démarrer\Programmes\Videos.url
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\[u]0/u001F1EC
c:\program files\Need2Find\bar\Cache\[u]0/u001F71C
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\SuperCopier2\SuperCopier2.exe
c:\windows\pack.epk
c:\windows\Readme.txt
c:\windows\system32\mdelk.exe
c:\windows\system32\stera.log
c:\windows\system32\ucgezsn.dat
c:\windows\system32\ucgezsn_navup.dat
c:\windows\system32\windrv.exe
c:\windows\system32\wintems.exe
c:\documents and settings\Polo\Application Data\m . . . . impossible à supprimer

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Legacy_SROSA
-------\Service_oreans32

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-17 au 2009-01-17 ))))))))))))))))))))))))))))))))))))
.

2009-01-17 22:51 . 2009-01-17 22:51 <REP> d-------- c:\program files\CCleaner
2009-01-17 22:26 . 2009-01-17 22:46 <REP> d--h----- c:\documents and settings\Polo\Application Data\m
2009-01-17 19:37 . 2009-01-17 19:37 <REP> d-------- c:\documents and settings\Polo\Application Data\AVGTOOLBAR
2009-01-17 19:32 . 2009-01-17 19:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 19:32 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 19:32 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 01:40 . 2009-01-17 01:40 <REP> d-------- C:\rsit
2009-01-17 01:40 . 2009-01-17 18:16 <REP> d-------- c:\program files\trend micro
2009-01-16 21:32 . 2009-01-16 21:32 <REP> d-------- c:\program files\PeerGuardian2
2009-01-16 11:25 . 2009-01-17 22:49 <REP> d-------- c:\program files\FindyKill
2009-01-16 10:40 . 2009-01-16 10:40 <REP> d-------- C:\!KillBox
2009-01-15 22:48 . 2009-01-18 00:05 <REP> d--h----- c:\documents and settings\Polo\Application Data\drivers
2009-01-15 16:26 . 2008-11-19 09:41 16,640 --a------ c:\windows\system32\drivers\WsAudioDevice_383.sys
2009-01-15 16:25 . 2009-01-15 16:25 <REP> d-------- c:\program files\WinPcap
2008-12-31 14:17 . 2008-12-31 14:17 268 --ah----- C:\sqmdata16.sqm
2008-12-20 10:18 . 2008-12-20 10:18 <REP> d-------- c:\program files\SAGEM
2008-12-20 10:15 . 2008-12-20 10:15 <REP> d-------- c:\program files\Inventel
2008-12-19 22:57 . 2005-07-13 16:37 260,608 --a------ c:\windows\system32\drivers\WlanUZXP.sys
2008-12-19 16:24 . 2008-12-19 16:24 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-19 16:20 . 2008-12-19 16:20 278,528 --a------ c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-12-19 09:08 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-19 09:08 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-19 09:08 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-18 23:44 . 2008-12-18 23:44 <REP> d-------- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 23:07 --------- d-----w c:\program files\Symantec
2009-01-17 23:06 --------- d-----w c:\program files\Invisiblo
2009-01-17 23:02 --------- d-----w c:\program files\SuperCopier2
2009-01-17 19:16 15,360 ----a-w c:\windows\system32\dllcache\register.exe
2009-01-16 22:44 --------- d-----w c:\program files\eMule
2009-01-16 08:52 --------- d-----w c:\program files\Norton Security Scan
2009-01-15 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-11 10:59 --------- d-----w c:\program files\Vivre à Rennes 2005-2006
2009-01-10 12:27 --------- d-----w c:\program files\IDA
2009-01-10 12:26 --------- d-----w c:\program files\Macromedia
2008-12-20 09:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-11 09:24 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\U3
2008-12-08 00:09 --------- d-----w c:\program files\QuickMediaConverter
2008-12-07 20:17 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-07 15:44 --------- d-----w c:\program files\AVSMedia
2008-12-07 13:20 --------- d-----w c:\program files\AVS4YOU
2008-12-07 13:06 --------- d-----w c:\program files\Exact Audio Copy
2008-12-07 13:06 --------- d-----w c:\program files\eToro
2008-12-07 10:14 --------- d-----w c:\documents and settings\Polo\Application Data\AVS4YOU
2008-12-07 10:14 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-07 10:07 --------- d-----w c:\program files\VirtualDubMOD
2008-11-30 14:43 --------- d-----w c:\documents and settings\Polo\Application Data\U3
2008-11-29 22:58 --------- d-----w c:\documents and settings\Polo\Application Data\MP-Manager
2008-11-25 14:04 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\ACD Systems
2008-11-25 14:01 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\vlc
2008-11-23 15:27 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\Internet Download Accelerator
2008-11-23 15:21 --------- d-----w c:\documents and settings\Visiteur (e)\Application Data\GRETECH
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2007-08-02 04:53 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2005-11-19 07:46 56 --sh--r c:\windows\system32\78C97AF31E.sys
2008-08-22 23:17 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"Google Update"="c:\documents and settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InvisibloRun"="c:\program files\Invisiblo\invisiblo.exe" [2007-08-12 193024]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-02 1836544]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 226224]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-30 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Polo\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uSsiEfr.e\[u]0/uA???

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Polo\\Application Data\\m\\flec006.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [1979-12-31 16640]
R4 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2005-10-24 8864]
R4 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2005-10-24 8864]
R4 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2005-10-24 8864]
S3 256985c0-1617-47c0-9e3f-1f8fcfea5a48;256985c0-1617-47c0-9e3f-1f8fcfea5a48;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 33918970-d085-4969-96d1-ff6806ced7f1;33918970-d085-4969-96d1-ff6806ced7f1;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 521fa7ec-8579-4088-bd56-4af0f067284e;521fa7ec-8579-4088-bd56-4af0f067284e;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 558808e4-482e-4707-a336-41b385f24119;558808e4-482e-4707-a336-41b385f24119;\??\k:\player\cds300.dll --> k:\player\cds300.dll [?]
S3 ac6c26d0-6201-45b9-b71e-e8c22fe5da44;ac6c26d0-6201-45b9-b71e-e8c22fe5da44;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 eae7037d-5969-4644-bf0a-dae3e2b7753d;eae7037d-5969-4644-bf0a-dae3e2b7753d;\??\f:\player\cds300.dll --> f:\player\cds300.dll [?]
S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys [2007-09-13 42436]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [2008-12-19 260608]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-11-02 157696]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-01-15 16640]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - SROSA
*Deregistered* - srosa

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31d3d165-9b4e-11db-8f86-00016cd6f1e5}]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33019205-2d34-11dc-908b-00016cd6f1e5}]
\Shell\AutoRun\command - K:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34015fdf-cd9e-11db-8fc8-00016cd6f1e5}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f232abd-bde8-11dd-938e-00016cd6f1e5}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c34827b4-cc7b-11dd-93a9-00016cd6f1e5}]
\Shell\AutoRun\command - K:\ClickMe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-68334855-1302535486-174330245-1007.job
- c:\documents and settings\Polo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-14 00:10]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-SuperCopier2.exe - c:\program files\SuperCopier2\SuperCopier2.exe

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.wanadoo.fr
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download ALL with IDA - c:\program files\IDA\idaieall.htm
IE: Download with IDA - c:\program files\IDA\idaie.htm
FF - ProfilePath - c:\documents and settings\Polo\Application Data\Mozilla\Firefox\Profiles\cpg2ve8g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Polo\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 00:06:15
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

c:\documents and settings\Polo\Application Data\m\flec006.exe [3832] 0x892ED240

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\documents and settings\Polo\Application Data\drivers\wfsintwq.sys 121548 bytes executable
c:\documents and settings\Polo\Application Data\Symantec\Shared
c:\documents and settings\Polo\Application Data\Symantec\Shared\MyProfile.UserProfile 1409 bytes
c:\documents and settings\Polo\Application Data\Symantec\Shared\Sessions
c:\documents and settings\Polo\Application Data\Symantec\Shared\Sessions\20051024193359125.liveReg 13251 bytes
c:\documents and settings\Polo\Application Data\Symantec\Shared\Sessions\20061219200910093.liveReg 13252 bytes
c:\documents and settings\Polo\Application Data\m\flec006.exe 94996 bytes executable

Scan terminé avec succès
Fichiers cachés: 7

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"="c:\\Documents and Settings\\Polo\\Application Data\\drivers\\winupgro.exe"
"german.exe"="c:\\WINDOWS\\system32\\wintems.exe"
"mule_st_key"="c:\\Documents and Settings\\Polo\\Application Data\\m\\flec006.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srosa]
"ImagePath"="\??\c:\documents and settings\Polo\Application Data\drivers\wfsintwq.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-68334855-1302535486-174330245-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A6713125-0D53-7642-9ADD-1544DBC24BD9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"fadbninegngp"=hex:66,61,6a,65,67,6c,61,6d,6a,6b,61,6c,00,00
"jadbninefndkbmkbiffn"=hex:61,61,00,00
"kadbninelmeopidmbfjeao"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\agent.exe
.
**************************************************************************
.
Heure de fin: 2009-01-18 0:09:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-17 23:09:35

Avant-CF: 32 050 921 472 octets libres
Après-CF: 32,392,155,136 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

277 --- E O F --- 2009-01-14 21:30:28