Svp aide pour lire rapport findykill
Killia2744
Messages postés
16
Statut
Membre
-
totobetourne Messages postés 5677 Statut Membre -
totobetourne Messages postés 5677 Statut Membre -
Bonjour,
Pouvez vous m'indiquer la marche à suivre suite à mon rapport findykill ci-joint, d'avance merci:
FindyKill V4.710 ------------------
* User : Administrateur - ALTERPC-49C6822
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 12:28:32 the 26/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-287381C7.pf
»»»» Supression files in C:\WINDOWS\system32
Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Supression files in C:\WINDOWS\system32\drivers
Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
»»»» Supression files in C:\Documents and Settings\Administrateur\Application Data
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\m"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\101078.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\13394750.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\13397000.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\13397015.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\136484.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\139000.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\139984.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\142312.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\142562.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\143859.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\144515.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\148031.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\148968.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\160125.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\163203.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\164515.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\283734.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\297250.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\304078.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\349531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\350718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\350890.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\370468.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\372640.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\372671.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\385578.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\386968.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\387078.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\410875.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\413890.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\414578.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\415578.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\417187.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\417953.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\485953.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\488312.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\489328.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\520421.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\523953.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\524656.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\531531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\539421.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\544921.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\54781.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\640750.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\642687.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\642843.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\69375.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\69531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\72718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\77531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\77734.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\82265.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\82328.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\82406.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\87187.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\87203.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\94750.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\94765.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\96031.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99000.exe
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers"
»»»» Supression files in c:\tmp
»»»» Supression files in C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-1060284298-1202660629-1801674531-500\Software\Local AppWizard-Generated Applications\winupgro
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
+- deleting files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
Pouvez vous m'indiquer la marche à suivre suite à mon rapport findykill ci-joint, d'avance merci:
FindyKill V4.710 ------------------
* User : Administrateur - ALTERPC-49C6822
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 12:28:32 the 26/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-287381C7.pf
»»»» Supression files in C:\WINDOWS\system32
Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Supression files in C:\WINDOWS\system32\drivers
Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
»»»» Supression files in C:\Documents and Settings\Administrateur\Application Data
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\m"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\101078.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\13394750.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\13397000.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\13397015.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\136484.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\139000.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\139984.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\142312.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\142562.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\143859.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\144515.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\148031.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\148968.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\160125.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\163203.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\164515.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\283734.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\297250.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\304078.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\349531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\350718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\350890.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\370468.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\372640.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\372671.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\385578.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\386968.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\387078.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\410875.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\413890.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\414578.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\415578.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\417187.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\417953.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\485953.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\488312.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\489328.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\520421.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\523953.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\524656.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\531531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\539421.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\544921.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\54781.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\640750.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\642687.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\642843.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\69375.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\69531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\72718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\77531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\77734.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\82265.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\82328.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\82406.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\87187.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\87203.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\94750.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\94765.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\96031.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99000.exe
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers"
»»»» Supression files in c:\tmp
»»»» Supression files in C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-1060284298-1202660629-1801674531-500\Software\Local AppWizard-Generated Applications\winupgro
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
+- deleting files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
A voir également:
- Svp aide pour lire rapport findykill
- Lire le coran en français pdf - Télécharger - Histoire & Religion
- Lire epub - Guide
- Lire fichier bin - Guide
- Lire iso - Guide
- Comment lire un message supprimé sur whatsapp - Guide
19 réponses
une partie n a pas ete elimine.
voyons ce que cela donne en utilisant ce programme.
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
voyons ce que cela donne en utilisant ce programme.
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
fait moi un hijack.
telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
Bonjour Killia2744,
Merci d'eviter de poster 36 000 fois ton log Fink
Supprime tous les cracks que tu as sur ton PC
Merci d'eviter de poster 36 000 fois ton log Fink
Supprime tous les cracks que tu as sur ton PC
Rebonjour totobourne,
voici rapport hijack et merci:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:28, on 26/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\MYOAIC4B\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\tmp\E_SA1.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
voici rapport hijack et merci:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:28, on 26/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\MYOAIC4B\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\tmp\E_SA1.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
effectue ce que te dit marie,maintenant ton hijack a l air propre mais la j en doute.si marie a une autre idee.
le mode sans echec pas accessible ainsi que le telechargement d antivir et c cleaner ou du changement?
le mode sans echec pas accessible ainsi que le telechargement d antivir et c cleaner ou du changement?
Voici le rapport findykill option 1 :
----------------- FindyKill V4.710 ------------------
* User : Administrateur - ALTERPC-49C6822
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 18:42:34 le 26/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Found ! [26/12/2008 17:51] - C:\WINDOWS\system32\drivers\srosa.sys
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data
Found ! [26/12/2008 18:39] - "C:\Documents and Settings\Administrateur\Application Data\drivers"
Found ! [25/12/2008 22:12] - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Found ! [26/12/2008 18:39] - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
»»»» Presence des fichiers dans c:\tmp
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
msnmsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Creative Live! Cam Manager="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
EPSON Stylus DX4400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\tmp\E_SA1.tmp" /EF "HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SiS Tray=C:\WINDOWS\system32\sistray.EXE
SiS KHooker=C:\WINDOWS\system32\khooker.exe
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
V0420Mon.exe=C:\WINDOWS\V0420Mon.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
Adobe Reader Speed Launcher="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"
ORAHSSSessionManager=C:\Program Files\Orange\SessionManager\SessionManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NMBgMonitor]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1060284298-1202660629-1801674531-500\Software\bisoft
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio - Type de démarrage = 3
Ip6Fw - Type de démarrage = 2
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
wscsvc - Type de démarrage = 2
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
----------------- FindyKill V4.710 ------------------
* User : Administrateur - ALTERPC-49C6822
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 18:42:34 le 26/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Found ! [26/12/2008 17:51] - C:\WINDOWS\system32\drivers\srosa.sys
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data
Found ! [26/12/2008 18:39] - "C:\Documents and Settings\Administrateur\Application Data\drivers"
Found ! [25/12/2008 22:12] - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Found ! [26/12/2008 18:39] - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
»»»» Presence des fichiers dans c:\tmp
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
msnmsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Creative Live! Cam Manager="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
EPSON Stylus DX4400 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\tmp\E_SA1.tmp" /EF "HKCU"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SiS Tray=C:\WINDOWS\system32\sistray.EXE
SiS KHooker=C:\WINDOWS\system32\khooker.exe
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
V0420Mon.exe=C:\WINDOWS\V0420Mon.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
Adobe Reader Speed Launcher="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SystrayORAHSS="C:\Program Files\Orange\Systray\SystrayApp.exe"
ORAHSSSessionManager=C:\Program Files\Orange\SessionManager\SessionManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NMBgMonitor]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1060284298-1202660629-1801674531-500\Software\bisoft
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio - Type de démarrage = 3
Ip6Fw - Type de démarrage = 2
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
wscsvc - Type de démarrage = 2
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
Voici rapport findykill option 2:
----------------- FindyKill V4.710 ------------------
* User : Administrateur - ALTERPC-49C6822
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 18:54:19 the 26/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
»»»» Supression files in C:\WINDOWS\system32
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Supression files in C:\WINDOWS\system32\drivers
Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
»»»» Supression files in C:\Documents and Settings\Administrateur\Application Data
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers"
»»»» Supression files in c:\tmp
»»»» Supression files in C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
+- deleting files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
----------------- FindyKill V4.710 ------------------
* User : Administrateur - ALTERPC-49C6822
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 18:54:19 the 26/12/2008
* Windows XP - Internet Explorer 7.0.5730.11
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
»»»» Supression files in C:\WINDOWS\system32
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Supression files in C:\WINDOWS\system32\drivers
Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
»»»» Supression files in C:\Documents and Settings\Administrateur\Application Data
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers"
»»»» Supression files in c:\tmp
»»»» Supression files in C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
--------------- [ States / Restarting of services ] ----------------
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
+- deleting files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
Voici mon rapport malwarebyte mais je n'ai pas pu l'effectué en mode sans echec et je ne peux tjr pas installer d'antivirus (merci pour ton aide):
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 2
26/12/2008 15:46:56
mbam-log-2008-12-26 (15-46-56).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 105369
Temps écoulé: 38 minute(s), 36 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 30
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\messengerskinner (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qomsu (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MessengerSkinner (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Local Settings\Application Data\qomsu_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\qomsu_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\qomsu.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\qomsu.exe (Adware.Navipromo.H) -> Delete on reboot.
C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F13FA36C-9359-41BC-A5CA-53F1C1C844FA}\RP525\A0058343.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F13FA36C-9359-41BC-A5CA-53F1C1C844FA}\RP525\A0058389.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F13FA36C-9359-41BC-A5CA-53F1C1C844FA}\RP525\A0058502.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F13FA36C-9359-41BC-A5CA-53F1C1C844FA}\RP526\A0058566.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\uninst.exe (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download\defaultPack.cab (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\appconfig.xml (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btn.rgn (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnBnr.rgn (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnIn.rgn (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInNormal.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInOver.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\languages_v2.xml (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully