[Résolu] PC infecté par le virus Winupgro.exe

[laurentludo]

bonjour a tous

 

visiblement j ai un super virus tres embetant ... que vs connaissez certainement win up gro exe le fameux W32 BEAGLE. EB

 

Apres quelques recherches sur les forum j ai telechargé COMBO FIX

et voila le rapport

 

merci d'avance a qui peux m'aider

 

ComboFix 10-01-30.05 - utilisateur 31/01/2010 12:51:46.2.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.612 [GMT 1:00]

Lancé depuis: c:\documents and settings\utilisateur\Bureau\123456.exe

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Bureau\Registry Doktor 4.1.lnk

c:\windows\system32\MSVolumeRDFr.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-31 ))))))))))))))))))))))))))))))))))))

.

 

2010-01-31 11:44 . 2010-01-31 11:49 -------- d-----w- c:\documents and settings\All Users\AVP 2009

2010-01-31 11:44 . 2010-01-31 11:44 -------- d-----w- c:\program files\RegistryDoktor 4.1

2010-01-29 22:32 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\Scxpx86.dll

2010-01-29 22:32 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSvix86.sys

2010-01-29 22:32 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSXpx86.sys

2010-01-29 22:32 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSxpx86.dll

2010-01-29 22:32 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSviA64.sys

2010-01-29 18:28 . 2009-08-29 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVENG.SYS

2010-01-29 18:28 . 2009-08-29 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVENG32.DLL

2010-01-29 18:28 . 2009-08-29 09:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVEX32A.DLL

2010-01-29 18:28 . 2009-08-29 09:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\NAVEX15.SYS

2010-01-29 18:28 . 2009-12-09 22:58 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\CCERASER.DLL

2010-01-29 18:28 . 2009-10-30 15:21 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\ECMSVR32.DLL

2010-01-29 18:28 . 2009-08-29 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\EECTRL.SYS

2010-01-29 18:28 . 2009-08-29 09:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100129.006\ERASER.SYS

2010-01-28 19:56 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSvix86.sys

2010-01-28 19:56 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSXpx86.sys

2010-01-28 19:56 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\Scxpx86.dll

2010-01-28 19:56 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSxpx86.dll

2010-01-28 19:56 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100125.001\IDSviA64.sys

2010-01-28 19:55 . 2009-12-05 04:54 529456 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHDrvx86.sys

2010-01-28 19:55 . 2009-12-05 04:54 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHRules.dll

2010-01-28 19:55 . 2009-12-05 04:54 1405840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHEngine.dll

2010-01-28 19:55 . 2009-12-05 04:54 668720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHDrvx64.sys

2010-01-28 19:55 . 2009-12-05 04:54 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\bbRGen.dll

2010-01-28 19:50 . 2010-01-28 19:50 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Norton Utilities 14

2010-01-28 19:15 . 2010-01-31 10:04 -------- d-----w- c:\program files\Norton Utilities 14

2010-01-27 20:12 . 2010-01-27 20:12 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Windows Desktop Search

2010-01-27 20:12 . 2010-01-27 20:12 -------- d-----w- c:\program files\Windows Desktop Search

2010-01-27 20:12 . 2010-01-27 20:12 -------- d-----w- c:\windows\system32\GroupPolicy

2010-01-27 19:28 . 2010-01-27 19:28 74730 ----a-w- c:\windows\Désinstaller reparermsn.exe

2010-01-26 19:18 . 2010-01-26 19:35 -------- d-----w- c:\documents and settings\utilisateur\Application Data\PanoramaStudio2Pro

2010-01-26 19:18 . 2010-01-26 19:18 -------- d-----w- c:\program files\PanoramaStudio2Pro

2010-01-25 19:07 . 2010-01-31 11:07 -------- d--h--w- c:\documents and settings\utilisateur\Application Data\drivers

2010-01-25 12:07 . 2010-01-25 12:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-01-25 12:03 . 2010-01-25 12:05 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\Temp

2010-01-24 23:22 . 2010-01-24 23:22 -------- d-sh--w- c:\documents and settings\utilisateur\IECompatCache

2010-01-23 19:50 . 2010-01-23 19:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-01-23 19:48 . 2010-01-23 19:48 -------- d-sh--w- c:\documents and settings\utilisateur\PrivacIE

2010-01-23 19:46 . 2010-01-23 19:46 -------- d-sh--w- c:\documents and settings\utilisateur\IETldCache

2010-01-23 19:26 . 2010-01-23 19:26 -------- d--h--w- c:\windows\msdownld.tmp

2010-01-23 19:22 . 2010-01-25 02:01 -------- d-----w- c:\windows\ie8updates

2010-01-23 19:18 . 2010-01-23 19:19 -------- dc-h--w- c:\windows\ie8

2010-01-23 19:14 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-01-23 19:14 . 2009-12-21 19:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-01-23 19:12 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-01-20 00:10 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\Scxpx86.dll

2010-01-20 00:10 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSvix86.sys

2010-01-20 00:10 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSXpx86.sys

2010-01-20 00:10 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSxpx86.dll

2010-01-20 00:10 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100119.001\IDSviA64.sys

2010-01-18 17:31 . 2010-01-18 17:31 -------- d-----w- c:\program files\iPod

2010-01-18 17:31 . 2010-01-18 17:32 -------- d-----w- c:\program files\iTunes

2010-01-18 17:31 . 2010-01-18 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-01-18 17:27 . 2010-01-18 17:29 -------- d-----w- c:\program files\QuickTime

2010-01-13 07:33 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-01-10 11:55 . 2010-01-10 11:55 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\PanaVue

2010-01-10 11:52 . 2010-01-10 11:52 -------- d-----w- c:\program files\PanaVue

2010-01-03 00:57 . 2010-01-28 18:06 -------- d-----w- c:\documents and settings\utilisateur\Application Data\vlc

2010-01-02 20:44 . 2010-01-02 20:44 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Panasonic

2010-01-02 20:44 . 2010-01-02 20:44 -------- d-----w- C:\MC_TMP

2010-01-02 20:38 . 2010-01-02 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Panasonic

2010-01-02 20:27 . 2006-02-20 18:17 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys

2010-01-02 20:27 . 2007-06-15 11:57 59488 ----a-w- c:\windows\system32\GenSvcInst.exe

2010-01-02 20:27 . 2007-06-15 11:57 145504 ----a-w- c:\windows\system32\bgsvcgen.exe

2010-01-02 20:26 . 2010-01-02 20:26 -------- d-----w- c:\program files\Fichiers communs\Panasonic

2010-01-02 20:26 . 2010-01-02 20:26 -------- d-----w- c:\program files\Panasonic

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-31 11:16 . 2004-08-05 12:00 93648 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-31 11:16 . 2004-08-05 12:00 533246 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-31 10:54 . 2008-08-24 15:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-30 15:15 . 2008-05-22 05:09 -------- d-----w- c:\documents and settings\utilisateur\Application Data\OpenOffice.org2

2010-01-30 15:15 . 2008-05-22 05:09 1 ----a-w- c:\documents and settings\utilisateur\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys

2010-01-30 07:45 . 2009-05-14 05:26 -------- d-----w- c:\program files\SPAMfighter

2010-01-25 12:06 . 2008-05-25 16:17 -------- d-----w- c:\program files\Google

2010-01-25 09:27 . 2008-09-29 05:20 -------- d-----w- c:\documents and settings\utilisateur\Application Data\dvdcss

2010-01-23 19:27 . 2009-09-09 18:19 -------- d-----w- c:\documents and settings\utilisateur\Application Data\Apple Computer

2010-01-18 17:31 . 2009-09-09 18:14 -------- d-----w- c:\program files\Fichiers communs\Apple

2010-01-02 20:26 . 2008-05-25 21:14 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-24 17:36 . 2008-06-01 14:55 -------- d-----w- c:\program files\Free Easy Burner

2009-12-23 17:48 . 2009-12-22 23:39 -------- d-----w- c:\program files\Movavi Video Editor 5

2009-12-23 14:08 . 2009-12-23 14:08 -------- d-----w- c:\documents and settings\utilisateur\Application Data\MOVAVI

2009-12-21 19:07 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-12-11 10:33 . 2009-12-11 10:33 -------- d-----w- c:\program files\PIXELA

2009-12-11 09:48 . 2009-10-14 18:48 -------- d-----w- c:\program files\FACTOURE

2009-12-10 03:16 . 2009-10-30 15:13 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll

2009-12-06 16:48 . 2009-12-06 16:48 20299200 ----a-w- c:\documents and settings\utilisateur\Application Data\TomTom\HOME\Profiles\9lxmd17c.default\Updates\v2_7_3_1894_win.exe

2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-12 16:07 . 2009-11-12 16:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-06 08:38 . 2008-05-07 16:53 45912 ----a-w- c:\documents and settings\utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2008-11-25 17:41 . 2008-11-25 17:41 23 --sha-w- c:\windows\system32\dbcdafdf_g.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-01-31_11.12.17 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-01-31 11:36 . 2010-01-31 11:36 16384 c:\windows\Temp\Perflib_Perfdata_3c0.dat

+ 2004-08-05 12:00 . 2010-01-31 11:16 71196 c:\windows\system32\perfc009.dat

- 2004-08-05 12:00 . 2010-01-27 22:31 71196 c:\windows\system32\perfc009.dat

+ 2004-08-05 12:00 . 2010-01-31 11:16 441260 c:\windows\system32\perfh009.dat

- 2004-08-05 12:00 . 2010-01-27 22:31 441260 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]

2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RegDokFRT"="c:\program files\RegistryDoktor 4.1\RegistryDoktor.exe" [2010-01-29 14445664]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]

backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HD Writer AE.lnk]

backup=c:\windows\pss\HD Writer AE.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rupsmon Daemon.lnk]

backup=c:\windows\pss\Rupsmon Daemon.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin710.exe.lnk]

backup=c:\windows\pss\TrayMin710.exe.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]

backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-09-20 13:35 202024 ----a-w- c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 02:33 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 15:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]

2008-04-14 02:34 172544 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-09-20 07:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57 153136 ----a-w- c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NIS]

2010-01-28 19:02 726912 ----a-w- c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.0.0.136\InstStub.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUtilities]

2009-09-23 09:15 4105576 ----a-w- c:\program files\Norton Utilities 14\nu.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-09-17 22:55 13574144 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-09-17 22:55 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-09-17 22:55 1657376 ----a-w- c:\windows\system32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc710]

2005-07-20 17:56 339968 ----a-w- c:\windows\vphc700.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2005-05-17 16:48 77824 ----a-w- c:\windows\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]

2009-03-12 08:43 326792 ----a-w- c:\program files\SPAMfighter\SFAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]

2010-01-26 20:38 583048 ----a-w- c:\program files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2008-11-09 08:16 185872 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"xmlprov"=3 (0x3)

"WZCSVC"=2 (0x2)

"WudfSvc"=3 (0x3)

"WSearch"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"WmiApSrv"=3 (0x3)

"WmdmPmSN"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"winmgmt"=2 (0x2)

"WebClient"=2 (0x2)

"W32Time"=2 (0x2)

"VSS"=3 (0x3)

"USBMate"=2 (0x2)

"UPS"=3 (0x3)

"upnphost"=3 (0x3)

"TrkWks"=2 (0x2)

"TomTomHOMEService"=2 (0x2)

"Themes"=2 (0x2)

"TermService"=3 (0x3)

"TapiSrv"=3 (0x3)

"SysmonLog"=3 (0x3)

"SwPrv"=3 (0x3)

"stisvc"=2 (0x2)

"SSDPSRV"=3 (0x3)

"srservice"=2 (0x2)

"Spooler"=2 (0x2)

"SPAMfighter Update Service"=2 (0x2)

"SLService"=2 (0x2)

"ShellHWDetection"=2 (0x2)

"SENS"=2 (0x2)

"seclogon"=2 (0x2)

"Schedule"=2 (0x2)

"SCardSvr"=3 (0x3)

"SamSs"=2 (0x2)

"Rupsmon"=2 (0x2)

"RSVP"=3 (0x3)

"RDSessMgr"=3 (0x3)

"RasMan"=3 (0x3)

"RasAuto"=3 (0x3)

"ProtectedStorage"=2 (0x2)

"PolicyAgent"=2 (0x2)

"Pml Driver HPZ12"=2 (0x2)

"PlugPlay"=2 (0x2)

"Planificateur LiveUpdate automatique"=2 (0x2)

"NVSvc"=2 (0x2)

"NtmsSvc"=3 (0x3)

"NtLmSsp"=3 (0x3)

"NMIndexingService"=3 (0x3)

"Nla"=3 (0x3)

"NIS"=2 (0x2)

"Netman"=3 (0x3)

"Netlogon"=3 (0x3)

"Nero BackItUp Scheduler 3"=2 (0x2)

"napagent"=3 (0x3)

"MSIServer"=3 (0x3)

"MSDTC"=3 (0x3)

"mnmsrvc"=3 (0x3)

"MioNet"=2 (0x2)

"LmHosts"=2 (0x2)

"LiveUpdate Notice Service"=2 (0x2)

"LiveUpdate Notice Ex"=2 (0x2)

"LiveUpdate"=3 (0x3)

"lanmanworkstation"=2 (0x2)

"lanmanserver"=2 (0x2)

"iPod Service"=3 (0x3)

"ImapiService"=3 (0x3)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"HTTPFilter"=3 (0x3)

"hkmsvc"=3 (0x3)

"helpsvc"=2 (0x2)

"gusvc"=3 (0x3)

"gupdate"=2 (0x2)

"FontCache3.0.0.0"=3 (0x3)

"FastUserSwitchingCompatibility"=3 (0x3)

"EventSystem"=3 (0x3)

"Eventlog"=2 (0x2)

"ERSvc"=2 (0x2)

"EapHost"=3 (0x3)

"Dot3svc"=3 (0x3)

"Dnscache"=2 (0x2)

"dmserver"=3 (0x3)

"dmadmin"=3 (0x3)

"Dhcp"=2 (0x2)

"CryptSvc"=2 (0x2)

"COMSysApp"=3 (0x3)

"clr_optimization_v2.0.50727_32"=3 (0x3)

"CiSvc"=3 (0x3)

"Browser"=2 (0x2)

"Bonjour Service"=2 (0x2)

"BITS"=2 (0x2)

"bgsvcgen"=2 (0x2)

"AudioSrv"=2 (0x2)

"aspnet_state"=3 (0x3)

"AppMgmt"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

"ALG"=3 (0x3)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1700:TCP"= 1700:TCP:MioNet Remote Drive Access

"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

 

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\symds.sys [21/01/2010 22:18 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\symefa.sys [21/01/2010 22:18 172592]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHDrvx86.sys [28/01/2010 20:55 529456]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.07F\cchpx86.sys [21/01/2010 22:18 501888]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F\ironx86.sys [21/01/2010 22:18 116272]

R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [21/01/2010 22:17 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/01/2010 02:28 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSXpx86.sys [29/01/2010 23:32 329592]

S2 turtqmps;turtqmps;\??\c:\windows\system32\drivers\turtqmps.sys --> c:\windows\system32\drivers\turtqmps.sys [?]

S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/05/2005 10:25 710144]

S3 phc700;USB PC Camera (phc710);c:\windows\system32\drivers\phc700.sys [19/09/2008 12:46 541568]

S3 PIXMC10;JVC Communication PIX-MC10 Driver;c:\windows\system32\drivers\pixmc10c.sys [11/12/2009 11:48 31232]

S3 PIXMC10A;JVC PIX-MC10 Audio Capture;c:\windows\system32\drivers\pixmc10a.sys [11/12/2009 11:49 28060]

S3 PIXMC10V;JVC PIX-MC10 Video Capture;c:\windows\system32\drivers\pixmc10v.sys [11/12/2009 11:49 22652]

S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/06/2009 00:10 133104]

S4 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [15/07/2005 21:38 139264]

S4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12/03/2009 09:44 184968]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05 92008]

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 23:10]

 

2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 23:10]

 

2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{4E5C5605-7896-431B-B778-E257854C9F67}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Examen supplémentaire -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-31 12:59

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(544)

c:\windows\system32\sirenacm.dll

.

Heure de fin: 2010-01-31 13:01:54

ComboFix-quarantined-files.txt 2010-01-31 12:01

ComboFix2.txt 2010-01-31 11:16

 

Avant-CF: 30 824 792 064 octets libres

Après-CF: 30 781 423 616 octets libres

 

- - End Of File - - 9610BDF6430DA93ED3607DAAC85C09B0

 

 

j attends vos solutions...

[Apollo]

Bonjour,

 

On connait, et on sait aussi avec quoi cela se chope...

 

Si tu as bien lu sur ce forum, tu ne peux pas avoir manqué ça:

 

ComboFix ne doit pas être utilisé comme un outil de diagnostic, il ne doit être employé que sur demande expresse d'un conseiller formé à cet outil et sous son contrôle. Cet outil peut être dangereux!

 

Ceci:

 

FW: Norton Internet Security *enabled*

Erreur d'utilisation! L'antivirus DOIT être désactivé pour passer ComboFix.

 

Ceci:

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

Erreur d'utilisation! Il faut toujours installer la console dès que CF le propose.

 

Tu as XP Home, mais quel service pack ?

 

@++

[laurentludo]

merci de me venir à l'aide apollo

j ai le pack trois

 

par ailleurs je viens de faire un scan avec un autre outil ...

findykill

car je n y connais ps grd chose et je suis assez en colere et impatient de me debarasser de cette ........ bipppppp

[laurentludo]

les degats en ce moment??

plus de connexion internet ( heureusement j ai un portable)

plus de carte son visiblement

plus de detection d imprimante...

 

la merde quoi...

[Apollo]

Ne précipite pas les choses, il faut y aller méthodiquement.

 

Tu as toujours ComboFix?

 

Poste le ou les rapports de FindyKill en attendant.

 

@++

[laurentludo]

oui j ai tjrs combo fix j y ai mis l application en plus pr la console de windows

[laurentludo]

oui j ai tjrs combo fix j y ai mis l application en plus pr la console de windows

 

voila le rapport de findykill

 

 

############################## | FindyKill V5.028 |

 

# User : utilisateur () # USER-02081FBA89

# Update on 26/01/2010 by El Desaparecido

# Start at: 15:15:24 | 31/01/2010

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# AMD Athlon 64 Processor 3400+

# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 8.0.6001.18702

# Windows Firewall Status : Enabled

# AV : Norton Internet Security 17.5.0.127 [ (!) Disabled | Updated ]

# FW : Norton Internet Security[ Enabled ]17.5.0.127

 

# A:\ # Lecteur de disquettes 3 ½ pouces

# C:\ # Disque fixe local # 78,13 Go (28,68 Go free) # NTFS

# D:\ # Disque fixe local # 108,18 Go (50,4 Go free) # NTFS

# E:\ # Disque amovible # 1,89 Go (478,69 Mo free) [uDISK] # FAT32

# F:\ # Disque amovible

# G:\ # Disque amovible

# H:\ # Disque amovible

# I:\ # Disque CD-ROM

# J:\ # Disque amovible

# K:\ # Disque amovible

 

############################## | Processus actifs |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

################## | C: |

 

 

################## | C:\WINDOWS |

 

 

################## | C:\WINDOWS\Prefetch |

 

 

################## | C:\WINDOWS\system32 |

 

 

################## | C:\WINDOWS\system32\drivers |

 

 

################## | C:\Documents and Settings\utilisateur\Application Data |

 

C:\Documents and Settings\utilisateur\Application Data\drivers

 

################## | Zip File ... |

 

 

################## | Temporary Internet Files |

 

 

################## | Registre |

 

[HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]

[HKLM\SYSTEM\ControlSet001\Services\srosa]

[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]

[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]

[HKCU\Software\Local AppWizard-Generated Applications\patch]

[HKCU\Software\Local AppWizard-Generated Applications\winupgro]

[HKU\S-1-5-21-725345543-1614895754-2146997909-1004\Software\Local AppWizard-Generated Applications\patch]

[HKU\S-1-5-21-725345543-1614895754-2146997909-1004\Software\Local AppWizard-Generated Applications\winupgro]

 

################## | Etat |

 

# Affichage des fichiers cachés : OK

 

# Mode sans echec : OK

 

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )

# (!) EapHost -> Start = 4 ( Good = 2 | Bad = 4 )

# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )

# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | ! Fin du rapport # FindyKill V5.028 ! |

[Apollo]

########### [ Option 2 ( Suppression ) XP ]

 

 

 

! Déconnecte toi et ferme toutes applications en cours ( navigateur compris ) .

 

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

 

Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

 

Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

 

Le pc va redémarrer automatiquement ...

 

le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

 

--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

 

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide

 

Aides en images : http://pagesperso-orange.fr/NosTools/findykill.html

 

@++

[laurentludo]

ok je fais ce que tu dis... merci de donner de ton temps

par ailleurs tu dis qu on sait comment on attrappe ce genre de virus??

 

et comment se fait il que mon anti virus n ai pas detecte cela?

 

merci de ta reponse

[laurentludo]

voila le rapport de findykill

 

 

############################## | FindyKill V5.028 |

 

# User : utilisateur () # USER-02081FBA89

# Update on 26/01/2010 by El Desaparecido

# Start at: 15:54:33 | 31/01/2010

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# AMD Athlon 64 Processor 3400+

# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 8.0.6001.18702

# Windows Firewall Status : Enabled

# AV : Norton Internet Security 17.5.0.127 [ (!) Disabled | Updated ]

# FW : Norton Internet Security[ Enabled ]17.5.0.127

 

# A:\ # Lecteur de disquettes 3 ½ pouces

# C:\ # Disque fixe local # 78,13 Go (29,06 Go free) # NTFS

# D:\ # Disque fixe local # 108,18 Go (50,4 Go free) # NTFS

# F:\ # Disque amovible

# G:\ # Disque amovible

# H:\ # Disque amovible

# I:\ # Disque CD-ROM

# J:\ # Disque amovible

# K:\ # Disque amovible

 

############################## | Processus actifs |

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

 

################## | C: |

 

 

################## | C:\WINDOWS |

 

 

################## | C:\WINDOWS\Prefetch |

 

 

################## | C:\WINDOWS\system32 |

 

 

################## | C:\WINDOWS\system32\drivers |

 

 

################## | C:\Documents and Settings\utilisateur\Application Data |

 

Supprimé ! C:\Documents and Settings\utilisateur\Application Data\drivers

 

################## | Autres suppressions ... |

 

 

################## | Zip File ... |

 

################## | Temporary Internet Files |

 

 

################## | Registre |

 

Supprimé ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]

Supprimé ! [HKLM\SYSTEM\ControlSet001\Services\srosa]

Supprimé ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]

Supprimé ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]

Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\patch]

Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]

 

################## | Etat |

 

# Mode sans echec : OK

 

 

# Affichage des fichiers cachés : OK

 

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )

# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )

# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )

# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )

# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )

# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

 

################## | PEH |

 

Corrompu : C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[Offset = 000000FC - Valeur = 0x0001]

 

Corrompu : C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

[Offset = 0000011C - Valeur = 0x0001]

 

Corrompu : C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

[Offset = 0000011C - Valeur = 0x0001]

 

Corrompu : C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

[Offset = 00000134 - Valeur = 0x0001]

 

Corrompu : C:\WINDOWS\SoftwareDistribution\Download\f83b9e65e848a33e802c86bb8999c36b\update\update.exe

[Offset = 000000EC - Valeur = 0x0001]

 

Tentative de réparation...

Sauvegarde : update.exe.REN

[Offset = 000000EC - Nouvelle valeur = 0x4C01]

Fichier réparé avec succès.

 

 

 

################## | ! Fin du rapport # FindyKill V5.028 ! |

 

merci

a+