Sujet Précédent Sujet Suivant

Voila rapport

Fermé
loulou59 - 23 janv. 2009 à 16:46
toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 - 23 janv. 2009 à 16:47
Bonjour,


###################### [ FindyKill V4.714 ]

# User : cedric - PC-DE-CEDRIC
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours le 19/01/09 par Chiquitine29
# Recherche effectuée à 16:31:49 le 23/01/2009
# Windows Vista - Internet Explorer 7.0.6001.18000

# [ FindyKill V4.714 - Scan ] ##############

\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\aol\1229522254\ee\aolsoftware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\cedric\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\cedric\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\cedric\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AxBx\Vista Dual Scan\vd_scan.exe
C:\Windows\system32\conime.exe

\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////


################## [ C:\ ]

Found ! [21/01/2009 18:40] - "C:\Avenger"

################## [ C:\Windows ]


################## [ C:\Windows\Prefetch ]


################## [ C:\Windows\system32 ]

Found ! [21/01/2009 18:37] - C:\Windows\system32\ban_list.txt

################## [ C:\Windows\system32\drivers ]


################## [ C:\Users\cedric\AppData\Roaming ]

Found ! [27/12/2008 21:27] - "C:\Users\cedric\AppData\Roaming\drivers"
Found ! [21/01/2009 16:36] - "C:\Users\cedric\AppData\Roaming\drivers\srosa.sys"
Found ! [21/01/2009 16:36] - "C:\Users\cedric\AppData\Roaming\drivers\srosa2.sys"
Found ! [21/01/2009 16:43] - "C:\Users\cedric\AppData\Roaming\drivers\downld"

################## [ C:\Users\cedric\AppData\Local\Temp ]


\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
AlcoholAutomount="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
RtHDVCpl=RtHDVCpl.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
eDataSecurity Loader=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
BkupTray="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
ZPdtWzdVitaKey MC3000="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
PLFSetI=C:\Windows\PLFSetI.exe
LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
eRecoveryService=
ePower_DMC=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
eAudio="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
ArcadeDeluxeAgent="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
CLMLServer="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
PlayMovie="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
WarReg_PopUp=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HostManager=C:\Program Files\Common Files\AOL\1229522254\ee\AOLSoftware.exe
Anti Trojan Elite=C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\software\local appwizard-generated applications\Launch Tool]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////


Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Ubisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////


# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - # Type de démarrage = 4

EapHost - # Type de démarrage = 3

Wlansvc - # Type de démarrage = 2

/!\ SharedAccess - # Type de démarrage = 4

/!\ wuauserv - # Type de démarrage = 4

/!\ wscsvc - # Type de démarrage = 4

/!\ WinDefend - # Type de démarrage = 4

/!\ UAC is Disable -> Start = 0x0

\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////


# Informations :

C: - Lecteur fixe
D: - Lecteur fixe

# presence des fichiers :



\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////


-> Not found !


################## [ ! Fin du rapport # FindyKill V4.714 ! ]

2 réponses

Réponse 1 / 2
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
23 janv. 2009 à 16:47
Doublon.

Continue sur cette discussion :
http://www.commentcamarche.net/forum/affich 10652353 bjour et merci a tout le monde virus bagle li

;)
1
Réponse 2 / 2
toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 2 228
23 janv. 2009 à 16:47
DOUBLON !

Continue sur cette discussion : http://www.commentcamarche.net/forum/affich 10652353 bjour et merci a tout le monde virus bagle li

Colle ton rapport à la suite du dernier message.
1

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
Probleme bogue
Ines -
Pimmer -

1 réponse