Winupgro
skilele
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Bonjour,
ce message est spécialement destiné à Chiquitine29, qui m'a l'air au top pour mon problème et dont j'ai utilisé le programme Findykill. Infecté par Winupgro, j'ai tout fait comme j'ai lu et voici mon rapport Findykill, après option 2.
----------------- FindyKill V4.710 ------------------
* User : Administrateur - TITANIUM
* executed from : D:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 11:20:10 the 30/12/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\310593.EXE-0312B8C2.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-3B289C1F.pf
»»»» Supression files in C:\WINDOWS\system32
Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Supression files in C:\WINDOWS\system32\drivers
Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
»»»» Supression files in C:\Documents and Settings\Administrateur\Application Data
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\12.Numeros.De.Serie.Panda.Platinium.Internet.Security.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Abode.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ABWelcome 0.1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ACCESS Dictionary French Dutch 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Access Password Recover 1.20 build 20070426#09.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AiO FLASH Mixer 3.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\algTime 1.1.0.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Amazing Visio for Microsoft Visio 3.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Amethyst DWG-2-DWF 2.01.01.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AntiVIR.6.x.ITA.Keymaker.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Archive Search 1.1.10.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Armored Core 4 Screensaver (PS3) 1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Art of the Impressionists Screensaver.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Aton Word Card 1.2.0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Audio MP3 from Video Converter 3.6.90.042.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Avg.Anti.Spyware.7.5.0.50.Serial.Patch.Freddy.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AVI To WMV Converter 1.20.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Baby Names 2008 1.5.0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\BG.-.Signal.(2000).-.Cvetia.-.zlatni.baladi.(by.PANDA_1960).zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Big Birds Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\BmpCrop 1.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\CoffeeCup Headline Factory 4.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ContactGenie DataPorter 2.0.214.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Cycling Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\dbzEuro 2.66.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Detonator 30.xx To 40.xx Fix 1.1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Digest Calculator 1.67.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Dynacom Accounting Startup Edition 10.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Ease Real Converter 1.40.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Easy Job Application 1.4.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Easy Recruit Personal 1.0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\eBay watcher 1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Envelopes From Outlook 1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ESET-NOD32.ANTIVIRUS.V.2.12.4ESP.Sin.limite.actualizacion.funcina.comprobado.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Excel Import Multiple Text Files Software 7.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\FantasyTV Player Professional 2.70.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\FFT Properties 5.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\FIR HDL Writer 0.9 Beta.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Free Video to DVD Converter 1.1.1.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Games.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Garfield Cartoon Gadget 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\GCN Client 1.0 Beta 2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Goetz's Programming Kit 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Google Submitter 3.10.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HatchKit 2.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HDX4 Player 1.5.1.818.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Homemade Facial Scrubs 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HTMLEdit 2.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HTTP Commander 6.0 RC4.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HyperBK 0.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HyperNext Studio 3.60.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Hypertext Builder 2006.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\I-Load 1.6.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ImageArchivist 3.85.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\InnPlanner Designer 2008.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Instant Translator 1.0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\JavaScript Sliding PopMenu 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Kaspersky.Anti.Hacker.1.8.180.Ita.Seriale.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Kaspersky.Antivirus.Personal.5.0.383.En.EspaÇñol.Crack.Llave.De.Licencia.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\KeyTools 1.0.8312.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\KineticaRT .NET 2D XY Graph Component 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Laconick.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Lagoon 3D Photo Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 French - Persian (Farsi) 2.3.91.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\LiteMail 2.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Logic Minimizer 1.0.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Lottery Assistant 1.90.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\MacRCI 1.00.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Magic Pattern 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Malta Chat 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Manco .Net Licensing System 3.3.1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\McAfee NeoTrace Professional 3.25.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\McAfee.VirusScan.Enterprise.v8.5i.+AntiSpyware.Module.8.5i.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Message Spy 4.2.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\mInstaller 3.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\MoneyPennyEFT 1.01955.37804.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Morpheus Turbo Accelerator 5.4.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\MTR MusicTagReporter 1.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\MuvAudio 2.9.6.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\My Spot 2006.9.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\News Headlines 1.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\NOD32.v2.70.26.Spanish.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Office.2003.WinALL.fix.WinRAR.and.DosRAR.v3.42.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Olympic Organizer Deluxe 3.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Ontra Presentations 2.01.0029.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Opt-In List Manager 1.0.15.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\OptiShutdown 1.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\PADPDF 0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Panda.Antivirus.2007.v2.00.01.Multilanguage.Pack.1=RETAIL=.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Perfect Diet Tracker 2.3.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Pfast 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Picture Agent 3.50.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Play 99.6 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Premiere Flash Template 1.0 build 2006.10.06.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Process And Port Analyzer 2.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Protezione.-.AntiVir.Guard.+.Ad.Aware.SE.Professional.+.Microsoft.Anti.Spyware.+.SpyBot.1.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\QCD Resumer Plugin 1.2.0.470.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\RandomPlay 1.00.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Rapid File Renamer 1.14.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ReadWrite Hiragana 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\RegistryEasy 4.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Resource Meter 2.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Rivers In Nature Screensaver.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Secure Data Wiper 3.0.1.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Similar Data Finder for Excel 1.1.4.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Snake Math 1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Sync2S3 1.1.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\TN BRIDGE Integration Pack for ActiveX 3.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Traffic Secrets 2 Review 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Trojan.Vundo free Removal Tool 1.5.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\TTWinShell32 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\VideoReDo TVSuite 3.1.5.564.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Web Cafe 1.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Web Coder 1.10.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Web Developer 1.1.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\WebWatchBot Website Monitoring Software 5.1.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Windows Registry Recovery 1.4.0.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\WinShield 1.0 release 4.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Winter Valley - Animated Wallpaper 5.07.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Word OCX 2.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\WS-FTP Home 2007.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Xilisoft DVD to iPod Suite 5.0.46.1113.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ZDelete 4.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\[CRACK].Norton.AntiVirus.2005.LiveUpdate.sottoscrizione.fino.al.2090.-.funziona!.zip
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\m"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\140140.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\141531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\142171.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\310593.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\361671.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\362765.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\362890.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\384718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\386562.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\387437.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\388718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\389796.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\390359.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\424015.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\425156.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\425718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\433000.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\442859.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\473000.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\498062.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\542468.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\543125.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\543468.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\91828.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\96421.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\96515.exe
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers"
»»»» Supression files in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
»»»» Supression files in C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\Local AppWizard-Generated Applications\winupgro
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
G: - Lecteur fixe
H: - Lecteur fixe
+- deleting files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
Voilà, que dois-je faire maintenant ?
Si quelqu'un d'autre que Chiquitine a la solution, je suis preneur aussi.
Merci de votre aide.
ce message est spécialement destiné à Chiquitine29, qui m'a l'air au top pour mon problème et dont j'ai utilisé le programme Findykill. Infecté par Winupgro, j'ai tout fait comme j'ai lu et voici mon rapport Findykill, après option 2.
----------------- FindyKill V4.710 ------------------
* User : Administrateur - TITANIUM
* executed from : D:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 11:20:10 the 30/12/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\310593.EXE-0312B8C2.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-3B289C1F.pf
»»»» Supression files in C:\WINDOWS\system32
Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Supression files in C:\WINDOWS\system32\drivers
Not deleted !! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
»»»» Supression files in C:\Documents and Settings\Administrateur\Application Data
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\12.Numeros.De.Serie.Panda.Platinium.Internet.Security.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Abode.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ABWelcome 0.1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ACCESS Dictionary French Dutch 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Access Password Recover 1.20 build 20070426#09.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AiO FLASH Mixer 3.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\algTime 1.1.0.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Amazing Visio for Microsoft Visio 3.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Amethyst DWG-2-DWF 2.01.01.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AntiVIR.6.x.ITA.Keymaker.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Archive Search 1.1.10.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Armored Core 4 Screensaver (PS3) 1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Art of the Impressionists Screensaver.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Aton Word Card 1.2.0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Audio MP3 from Video Converter 3.6.90.042.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Avg.Anti.Spyware.7.5.0.50.Serial.Patch.Freddy.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AVI To WMV Converter 1.20.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Baby Names 2008 1.5.0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\BG.-.Signal.(2000).-.Cvetia.-.zlatni.baladi.(by.PANDA_1960).zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Big Birds Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\BmpCrop 1.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\CoffeeCup Headline Factory 4.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ContactGenie DataPorter 2.0.214.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Cycling Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\dbzEuro 2.66.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Detonator 30.xx To 40.xx Fix 1.1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Digest Calculator 1.67.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Dynacom Accounting Startup Edition 10.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Ease Real Converter 1.40.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Easy Job Application 1.4.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Easy Recruit Personal 1.0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\eBay watcher 1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Envelopes From Outlook 1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ESET-NOD32.ANTIVIRUS.V.2.12.4ESP.Sin.limite.actualizacion.funcina.comprobado.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Excel Import Multiple Text Files Software 7.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\FantasyTV Player Professional 2.70.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\FFT Properties 5.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\FIR HDL Writer 0.9 Beta.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Free Video to DVD Converter 1.1.1.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Games.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Garfield Cartoon Gadget 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\GCN Client 1.0 Beta 2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Goetz's Programming Kit 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Google Submitter 3.10.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HatchKit 2.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HDX4 Player 1.5.1.818.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Homemade Facial Scrubs 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HTMLEdit 2.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HTTP Commander 6.0 RC4.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HyperBK 0.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\HyperNext Studio 3.60.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Hypertext Builder 2006.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\I-Load 1.6.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ImageArchivist 3.85.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\InnPlanner Designer 2008.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Instant Translator 1.0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\JavaScript Sliding PopMenu 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Kaspersky.Anti.Hacker.1.8.180.Ita.Seriale.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Kaspersky.Antivirus.Personal.5.0.383.En.EspaÇñol.Crack.Llave.De.Licencia.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\KeyTools 1.0.8312.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\KineticaRT .NET 2D XY Graph Component 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Laconick.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Lagoon 3D Photo Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\LingvoSoft Learning PhraseBook 2008 French - Persian (Farsi) 2.3.91.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\LiteMail 2.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Logic Minimizer 1.0.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Lottery Assistant 1.90.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\MacRCI 1.00.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Magic Pattern 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Malta Chat 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Manco .Net Licensing System 3.3.1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\McAfee NeoTrace Professional 3.25.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\McAfee.VirusScan.Enterprise.v8.5i.+AntiSpyware.Module.8.5i.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Message Spy 4.2.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\mInstaller 3.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\MoneyPennyEFT 1.01955.37804.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Morpheus Turbo Accelerator 5.4.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\MTR MusicTagReporter 1.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\MuvAudio 2.9.6.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\My Spot 2006.9.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\News Headlines 1.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\NOD32.v2.70.26.Spanish.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Office.2003.WinALL.fix.WinRAR.and.DosRAR.v3.42.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Olympic Organizer Deluxe 3.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Ontra Presentations 2.01.0029.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Opt-In List Manager 1.0.15.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\OptiShutdown 1.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\PADPDF 0.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Panda.Antivirus.2007.v2.00.01.Multilanguage.Pack.1=RETAIL=.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Perfect Diet Tracker 2.3.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Pfast 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Picture Agent 3.50.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Play 99.6 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Premiere Flash Template 1.0 build 2006.10.06.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Process And Port Analyzer 2.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Protezione.-.AntiVir.Guard.+.Ad.Aware.SE.Professional.+.Microsoft.Anti.Spyware.+.SpyBot.1.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\QCD Resumer Plugin 1.2.0.470.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\RandomPlay 1.00.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Rapid File Renamer 1.14.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ReadWrite Hiragana 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\RegistryEasy 4.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Resource Meter 2.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Rivers In Nature Screensaver.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Secure Data Wiper 3.0.1.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Similar Data Finder for Excel 1.1.4.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Snake Math 1.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Sync2S3 1.1.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\TN BRIDGE Integration Pack for ActiveX 3.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Traffic Secrets 2 Review 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Trojan.Vundo free Removal Tool 1.5.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\TTWinShell32 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\VideoReDo TVSuite 3.1.5.564.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Web Cafe 1.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Web Coder 1.10.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Web Developer 1.1.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\WebWatchBot Website Monitoring Software 5.1.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Windows Registry Recovery 1.4.0.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\WinShield 1.0 release 4.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Winter Valley - Animated Wallpaper 5.07.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Word OCX 2.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\WS-FTP Home 2007.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Xilisoft DVD to iPod Suite 5.0.46.1113.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ZDelete 4.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\[CRACK].Norton.AntiVirus.2005.LiveUpdate.sottoscrizione.fino.al.2090.-.funziona!.zip
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\m"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\140140.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\141531.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\142171.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\310593.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\361671.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\362765.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\362890.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\384718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\386562.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\387437.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\388718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\389796.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\390359.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\424015.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\425156.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\425718.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\433000.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\442859.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\473000.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\498062.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\542468.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\543125.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\543468.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\91828.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\96421.exe
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\96515.exe
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
Not deleted !! - "C:\Documents and Settings\Administrateur\Application Data\drivers"
»»»» Supression files in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
»»»» Supression files in C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\Local AppWizard-Generated Applications\winupgro
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
G: - Lecteur fixe
H: - Lecteur fixe
+- deleting files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
Voilà, que dois-je faire maintenant ?
Si quelqu'un d'autre que Chiquitine a la solution, je suis preneur aussi.
Merci de votre aide.
4 réponses
Salut
Télécharge HijackThis ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
Télécharger Malwarebyte's Antimalware ici :
-> http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebytes anti malware
-> Tuto ici : https://forum.pcastuces.com/sujet.asp?f=31&s=3
-> Démarre en mode sans echec et fait un scan complet
-> Poste le rapport dans ton prochain poste
Bon courage
••RiverToo••
Télécharge HijackThis ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
Télécharger Malwarebyte's Antimalware ici :
-> http://www.commentcamarche.net/telecharger/telechargement 34055379 malwarebytes anti malware
-> Tuto ici : https://forum.pcastuces.com/sujet.asp?f=31&s=3
-> Démarre en mode sans echec et fait un scan complet
-> Poste le rapport dans ton prochain poste
Bon courage
••RiverToo••
Ou la sa en fait du monde sur ton pc o_O
Supprime la selection et reposte un rapport complet de malwarebytes
ensuite
Telecharge FindyKill
Fais un clic droit sur le lien, enregister sous .....sur le bureau
---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.rar
Dezippe le sur le bureau
Entre dans le dossier FindyKill
double clic sur FindyKill.exe
choisi l option 1 (recherche)
un rapport va s ouvrir, post le dans ta prochaine réponse stp
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Bon courage
••RiverToo••
Supprime la selection et reposte un rapport complet de malwarebytes
ensuite
Telecharge FindyKill
Fais un clic droit sur le lien, enregister sous .....sur le bureau
---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.rar
Dezippe le sur le bureau
Entre dans le dossier FindyKill
double clic sur FindyKill.exe
choisi l option 1 (recherche)
un rapport va s ouvrir, post le dans ta prochaine réponse stp
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Bon courage
••RiverToo••
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1580
Windows 5.1.2600 Service Pack 2
31/12/2008 07:35:05
mbam-log-2008-12-31 (07-35-05).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 135322
Temps écoulé: 47 minute(s), 11 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.2.3 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\m (Trojan.Agent) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
D:\program files\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
D:\program files\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
----------------- FindyKill V4.710 ------------------
* User : Administrateur - TITANIUM
* Emplacement : D:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 7:42:32 le 31/12/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
D:\program files\HP\Digital Imaging\bin\hpqtra08.exe
D:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\taskmgr.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\100906.EXE-00E555B6.pf
Found ! - C:\WINDOWS\prefetch\106625.EXE-004AB0AA.pf
Found ! - C:\WINDOWS\prefetch\10919578.EXE-0272DEC5.pf
Found ! - C:\WINDOWS\prefetch\10993234.EXE-28DCE395.pf
Found ! - C:\WINDOWS\prefetch\11189531.EXE-36A38222.pf
Found ! - C:\WINDOWS\prefetch\15007578.EXE-0188E5BF.pf
Found ! - C:\WINDOWS\prefetch\15020265.EXE-3AEEBBBF.pf
Found ! - C:\WINDOWS\prefetch\15083062.EXE-361C091D.pf
Found ! - C:\WINDOWS\prefetch\15304031.EXE-17CB0083.pf
Found ! - C:\WINDOWS\prefetch\15531875.EXE-0E149557.pf
Found ! - C:\WINDOWS\prefetch\15574875.EXE-3AF0F47E.pf
Found ! - C:\WINDOWS\prefetch\166562.EXE-399C6EBB.pf
Found ! - C:\WINDOWS\prefetch\280265.EXE-235861CB.pf
Found ! - C:\WINDOWS\prefetch\318796.EXE-18C8764E.pf
Found ! - C:\WINDOWS\prefetch\513109.EXE-0FB48D32.pf
Found ! - C:\WINDOWS\prefetch\552500.EXE-170A5FEC.pf
Found ! - C:\WINDOWS\prefetch\574109.EXE-1B22BE9E.pf
Found ! - C:\WINDOWS\prefetch\587171.EXE-04114962.pf
Found ! - C:\WINDOWS\prefetch\7054656.EXE-12A609A4.pf
Found ! - C:\WINDOWS\prefetch\7318609.EXE-201C7E17.pf
Found ! - C:\WINDOWS\prefetch\7489171.EXE-13664A9F.pf
Found ! - C:\WINDOWS\prefetch\7540640.EXE-11A99F06.pf
Found ! - C:\WINDOWS\prefetch\99578.EXE-0481CD64.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-17E717FE.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-3B289C1F.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-3B00332D.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2B1270B6.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-25D47162.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-3AEC3D36.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [31/12/2008 07:39] - C:\WINDOWS\system32\mdelk.exe
Found ! [31/12/2008 07:39] - C:\WINDOWS\system32\wintems.exe
Found ! [31/12/2008 07:39] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m\list.oct"
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m\data.oct"
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct"
Found ! [31/12/2008 07:41] - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m"
Found ! [31/12/2008 07:38] - "C:\Documents and Settings\Administrateur\Application Data\drivers"
Found ! [31/12/2008 07:38] - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Found ! [31/12/2008 07:38] - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa2.sys"
Found ! [25/10/2005 02:02] - "C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"
Found ! [31/12/2008 07:43] - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\100906.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\106625.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\137187.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\138703.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\139296.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\139796.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\141125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\141500.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\147093.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\148078.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\148687.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15000578.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15000875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15001000.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15007578.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15011890.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15012609.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15013125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15020265.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15043203.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15044671.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15045687.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15056765.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15057765.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15058515.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15083062.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15091671.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15092875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15093515.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15212203.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15212640.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15212843.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15237937.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15239890.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15241203.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15242859.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15244656.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15245625.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15286031.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15286875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15287671.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15304031.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15305515.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15306937.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15307812.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15314375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15315687.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15316359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15335828.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15359359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15360125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15360703.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15435421.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15435984.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15436312.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15460421.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15463140.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15464484.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15466328.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15468031.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15468984.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15508859.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15510468.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15514359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15525937.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15531875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15541125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15542140.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15543171.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15572328.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15574875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15599250.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15600515.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15601421.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\166562.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\174109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\175609.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\175968.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\279421.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\280265.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\283156.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\283250.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\289656.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\292015.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\292375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\306140.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\307593.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\308906.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\310109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\311312.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\312015.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\318796.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\324796.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\325812.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\326234.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\363234.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\363609.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\365890.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\366296.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\366390.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\367593.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\383187.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\385093.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\385812.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\386703.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\388015.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\388843.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\391546.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\393984.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\395468.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\413109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\414296.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\414375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\445109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\448359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\449734.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\451734.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\453875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\455578.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\492906.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\494265.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\494875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\513109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\536390.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\537437.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\538109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\544953.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\545859.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\546218.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\552500.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\563281.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\564125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\564578.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\594984.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\596750.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\597109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\605093.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\608375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\608718.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\80843.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\87093.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\91265.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\92765.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\92781.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\94593.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\94671.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99578.exe
»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
TomTomHOME.exe="D:\Program Files\TomTom HOME 2\HOMERunner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
DiskeeperSystray="D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
PinnacleDriverCheck=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
SoundMan=SOUNDMAN.EXE
SunJavaUpdateSched="D:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
HP Software Update=D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Adobe Photo Downloader="D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
SetIcon=C:\Program Files\SMSC\Seticon.exe
YeppStudioAgent=D:\program files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
Name of App=D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
InCD=D:\Program Files\Ahead\InCD\InCD.exe
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="D:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="D:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DkIcon]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\HOMERunner]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\PhLeAutoRun]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
G: - Lecteur fixe
H: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
Version de la base de données: 1580
Windows 5.1.2600 Service Pack 2
31/12/2008 07:35:05
mbam-log-2008-12-31 (07-35-05).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 135322
Temps écoulé: 47 minute(s), 11 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/anti-leech plugin,version=1.0.2.3 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\m (Trojan.Agent) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Documents and Settings\Administrateur\Application Data\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully.
D:\program files\Mozilla Firefox\plugins\alhlp.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
D:\program files\Mozilla Firefox\plugins\npalnn.dll (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
----------------- FindyKill V4.710 ------------------
* User : Administrateur - TITANIUM
* Emplacement : D:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 7:42:32 le 31/12/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
D:\program files\HP\Digital Imaging\bin\hpqtra08.exe
D:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\taskmgr.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\100906.EXE-00E555B6.pf
Found ! - C:\WINDOWS\prefetch\106625.EXE-004AB0AA.pf
Found ! - C:\WINDOWS\prefetch\10919578.EXE-0272DEC5.pf
Found ! - C:\WINDOWS\prefetch\10993234.EXE-28DCE395.pf
Found ! - C:\WINDOWS\prefetch\11189531.EXE-36A38222.pf
Found ! - C:\WINDOWS\prefetch\15007578.EXE-0188E5BF.pf
Found ! - C:\WINDOWS\prefetch\15020265.EXE-3AEEBBBF.pf
Found ! - C:\WINDOWS\prefetch\15083062.EXE-361C091D.pf
Found ! - C:\WINDOWS\prefetch\15304031.EXE-17CB0083.pf
Found ! - C:\WINDOWS\prefetch\15531875.EXE-0E149557.pf
Found ! - C:\WINDOWS\prefetch\15574875.EXE-3AF0F47E.pf
Found ! - C:\WINDOWS\prefetch\166562.EXE-399C6EBB.pf
Found ! - C:\WINDOWS\prefetch\280265.EXE-235861CB.pf
Found ! - C:\WINDOWS\prefetch\318796.EXE-18C8764E.pf
Found ! - C:\WINDOWS\prefetch\513109.EXE-0FB48D32.pf
Found ! - C:\WINDOWS\prefetch\552500.EXE-170A5FEC.pf
Found ! - C:\WINDOWS\prefetch\574109.EXE-1B22BE9E.pf
Found ! - C:\WINDOWS\prefetch\587171.EXE-04114962.pf
Found ! - C:\WINDOWS\prefetch\7054656.EXE-12A609A4.pf
Found ! - C:\WINDOWS\prefetch\7318609.EXE-201C7E17.pf
Found ! - C:\WINDOWS\prefetch\7489171.EXE-13664A9F.pf
Found ! - C:\WINDOWS\prefetch\7540640.EXE-11A99F06.pf
Found ! - C:\WINDOWS\prefetch\99578.EXE-0481CD64.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-17E717FE.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-3B289C1F.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-3B00332D.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2B1270B6.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-25D47162.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-3AEC3D36.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [31/12/2008 07:39] - C:\WINDOWS\system32\mdelk.exe
Found ! [31/12/2008 07:39] - C:\WINDOWS\system32\wintems.exe
Found ! [31/12/2008 07:39] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m\list.oct"
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m\data.oct"
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct"
Found ! [31/12/2008 07:41] - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Found ! [31/12/2008 07:40] - "C:\Documents and Settings\Administrateur\Application Data\m"
Found ! [31/12/2008 07:38] - "C:\Documents and Settings\Administrateur\Application Data\drivers"
Found ! [31/12/2008 07:38] - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa.sys"
Found ! [31/12/2008 07:38] - "C:\Documents and Settings\Administrateur\Application Data\drivers\srosa2.sys"
Found ! [25/10/2005 02:02] - "C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"
Found ! [31/12/2008 07:43] - "C:\Documents and Settings\Administrateur\Application Data\drivers\downld"
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\100906.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\106625.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\137187.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\138703.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\139296.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\139796.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\141125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\141500.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\147093.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\148078.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\148687.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15000578.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15000875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15001000.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15007578.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15011890.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15012609.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15013125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15020265.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15043203.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15044671.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15045687.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15056765.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15057765.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15058515.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15083062.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15091671.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15092875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15093515.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15212203.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15212640.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15212843.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15237937.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15239890.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15241203.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15242859.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15244656.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15245625.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15286031.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15286875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15287671.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15304031.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15305515.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15306937.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15307812.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15314375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15315687.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15316359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15335828.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15359359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15360125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15360703.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15435421.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15435984.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15436312.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15460421.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15463140.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15464484.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15466328.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15468031.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15468984.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15508859.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15510468.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15514359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15525937.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15531875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15541125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15542140.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15543171.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15572328.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15574875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15599250.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15600515.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\15601421.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\166562.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\174109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\175609.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\175968.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\279421.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\280265.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\283156.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\283250.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\289656.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\292015.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\292375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\306140.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\307593.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\308906.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\310109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\311312.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\312015.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\318796.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\324796.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\325812.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\326234.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\363234.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\363609.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\365890.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\366296.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\366390.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\367593.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\383187.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\385093.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\385812.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\386703.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\388015.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\388843.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\391546.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\393984.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\395468.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\413109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\414296.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\414375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\445109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\448359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\449734.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\451734.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\453875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\455578.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\492906.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\494265.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\494875.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\513109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\536390.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\537437.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\538109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\544953.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\545859.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\546218.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\552500.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\563281.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\564125.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\564578.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\594984.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\596750.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\597109.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\605093.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\608375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\608718.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\80843.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\87093.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\91265.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\92765.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\92781.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\94593.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\94671.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99359.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99375.exe
Found ! [31/12/2008 07:43] - C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99578.exe
»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
TomTomHOME.exe="D:\Program Files\TomTom HOME 2\HOMERunner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
DiskeeperSystray="D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
PinnacleDriverCheck=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
SoundMan=SOUNDMAN.EXE
SunJavaUpdateSched="D:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
HP Software Update=D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Adobe Photo Downloader="D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
SetIcon=C:\Program Files\SMSC\Seticon.exe
YeppStudioAgent=D:\program files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
Name of App=D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
InCD=D:\Program Files\Ahead\InCD\InCD.exe
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="D:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="D:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DkIcon]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\HOMERunner]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\PhLeAutoRun]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1085031214-725345543-77139450-500\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
G: - Lecteur fixe
H: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
Salut,
Pour avancer ••RiverToo••.
--> Supprime tes cracks et keygens.
--> Double-clique sur le raccourci FindyKill sur ton Bureau.
--> Au menu principal, choisis l'option 2 (Suppression).
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
Pour avancer ••RiverToo••.
--> Supprime tes cracks et keygens.
--> Double-clique sur le raccourci FindyKill sur ton Bureau.
--> Au menu principal, choisis l'option 2 (Suppression).
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
--> Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
Voici le rapport HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:27, on 30/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\program files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
D:\program files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: HPD018CD HP001708D018CD
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {860B81A6-9766-4435-9B5B-5B05436D5D91} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [YeppStudioAgent] D:\program files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Name of App] D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe
O4 - Startup: palmOne Registration.lnk = D:\program files\Palm\register.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = D:\program files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = D:\program files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\program files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\program files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\j80slid7180.dll (file missing)
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macro
vision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe