----------------- FindyKill V4.005 ------------------ * User : huba - HUBERT * Emplacement : C:\Program Files\FindyKill * Outils Mis a jours le 17/10/08 par Chiquitine29 * Recherche effectuée à 15:33:36 le wo 20/01/2010 * Windows XP - Internet Explorer 8.0.6001.18702 ((((((((((((((((( *** Recherche *** )))))))))))))))))) --------------- [ Processus actifs ] ---------------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\SysMonitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Acer\LANScope Agent\awtray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Lexmark 3300 Series\lxccmon.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\mHotkey.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Replay Media Catcher\FLVSrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Registry Mechanic\RegMech.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Acer\LANScope Agent\awServ.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\internet explorer\iexplore.exe C:\Acer\LANScope Agent\LockKM.exe C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\WINDOWS\inf\unregmp2.exe C:\WINDOWS\system32\lxcccoms.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MailWasher Pro\MailWasher.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe --------------- [ Fichiers/Dossiers infectieux ] ---------------- »»»» Presence des fichiers dans C: »»»» Presence des fichiers dans C:\WINDOWS »»»» Presence des fichiers dans C:\WINDOWS\Prefetch Present ! - C:\WINDOWS\prefetch\MDELK.EXE-086F0B56.pf »»»» Presence des fichiers dans C:\WINDOWS\system32 »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers »»»» Presence des fichiers dans C:\Documents and Settings\huba\Application Data »»»» Presence des fichiers dans C:\DOCUME~1\huba\LOCALS~1\Temp --------------- [ Registre / Startup ] ---------------- ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run LaunchApp REG_SZ Alaunch RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" Acer Empowering Technology Monitor REG_SZ C:\WINDOWS\system32\SysMonitor.exe eLockMonitor REG_SZ C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 IMEKRMIG6.1 REG_SZ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName AzMixerSel REG_SZ C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup AdminWorks Tray REG_SZ "C:\Acer\LANScope Agent\awtray.exe" eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\eRAgent.exe avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe TrueImageMonitor.exe REG_SZ C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe AcronisTimounterMonitor REG_SZ C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe Acronis Scheduler2 Service REG_SZ "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" lxccmon.exe REG_SZ "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" FaxCenterServer REG_SZ "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s COMODO Internet Security REG_SZ "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h Nero MediaHome 4 REG_SZ "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN CHotkey REG_SZ mHotkey.exe NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe" Ask and Record FLV Service REG_SZ "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run RTHDCPL REG_SZ RTHDCPL.EXE LXCCCATS REG_SZ rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run RegistryMechanic REG_SZ C:\Program Files\Registry Mechanic\RegMech.exe /H Google Update REG_SZ "C:\Documents and Settings\huba\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c AnyDVD REG_SZ C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe RoboForm REG_SZ "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe --------------- [ Registre / Clés infectieuses ] ---------------- --------------- [ Etat / Services ] ---------------- +- Services : [ Auto=2 Demande=3 Désactivé=4 ] Ndisuio - Type de démarrage = 3 EapHost - Type de démarrage = 3 Ip6Fw - Type de démarrage = 3 SharedAccess - Type de démarrage = 2 wuauserv - Type de démarrage = 2 wscsvc - Type de démarrage = 2 --------------- [ Recherche dans supports amovibles] ---------------- +- Informations : C: - vast station D: - vast station G: - verwisselbaar station H: - vast station I: - vast station +- presence des fichiers : --------------- [ Registre / Moutpoint2 ] ---------------- -> Recherche négative. ------------------- ! Fin du rapport ! --------------------