Virus help
Résolu
igrebaux
Messages postés
90
Date d'inscription
Statut
Membre
Dernière intervention
-
igrebaux Messages postés 90 Date d'inscription Statut Membre Dernière intervention - 13 janv. 2009 à 19:02
igrebaux Messages postés 90 Date d'inscription Statut Membre Dernière intervention - 13 janv. 2009 à 19:02
A voir également:
- Virus help
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Faux message virus iphone ✓ - Forum Virus
- Undisclosed-recipients virus - Guide
- Youtu.be virus - Accueil - Guide virus
10 réponses
Bonjour
Télécharge FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistre-le sur ton bureau et pas ailleurs !
!! Déconnecte toi et ferme toutes les applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
Tuto : https://www.malekal.com/tutorial-findykill/
--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisse travailler l'outil sans rien toucher ...
Une fois terminé, poste le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Télécharge FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistre-le sur ton bureau et pas ailleurs !
!! Déconnecte toi et ferme toutes les applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
Tuto : https://www.malekal.com/tutorial-findykill/
--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisse travailler l'outil sans rien toucher ...
Une fois terminé, poste le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
c est chose faite j ai un ecran noire avec semble t il un rapport qui defile mais qui n a pas l air encore terminé car le fichier txt n apparait pas encore et on ne m a pas demandé de l enregistrer
si je ne me suis pas trompée voila ce que j ai dans findykill txt
Found ! - C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\9DWENNXX\Ranger_vernis_3d_crackle_accents[1].jpg
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5
Found ! - C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\9DWENNXX\Ranger_vernis_3d_crackle_accents[1].jpg
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
désolé il vient juste de se terminer et d apparaitre
Found ! - C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\Temporary Internet
Files\Content.IE5\9DWENNXX\Ranger_vernis_3d_crackle_accents[1].jpg
»»»» Presence des fichiers dans C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5
Found ! [12/01/2009 17:37] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\68AL7PCG\b64_1[1].jpg
Found ! [12/01/2009 17:48] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\68AL7PCG\b64_1[2].jpg
Found ! [12/01/2009 18:01] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\68AL7PCG\b64_1[3].jpg
Found ! [12/01/2009 20:13] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\68AL7PCG\b64_3[1].jpg
Found ! [12/01/2009 20:19] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\812VWLYB\b64_1[1].jpg
Found ! [12/01/2009 17:36] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\812VWLYB\b64_3[1].jpg
Found ! [12/01/2009 20:18] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\812VWLYB\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\9OQ4RWHD\b64[1].jpg
Found ! [12/01/2009 21:00] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\9OQ4RWHD\b64_2[1].jpg
Found ! [12/01/2009 20:53] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\B2U707RR\b64_1[1].jpg
Found ! [12/01/2009 17:45] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\B2U707RR\b64_3[1].jpg
Found ! [12/01/2009 20:42] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\GTQNSTM3\b64_3[1].jpg
Found ! [12/01/2009 20:13] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\GTQNSTM3\mxd[1].jpg
Found ! [12/01/2009 18:01] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\MRAM709K\b64[1].jpg
Found ! [12/01/2009 20:59] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\MRAM709K\b64_1[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\MRAM709K\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\OPEB4LYJ\b64_1[1].jpg
Found ! [12/01/2009 18:02] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\RENTXTZR\b64_1[1].jpg
Found ! [12/01/2009 18:02] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\SDQ38PMV\b64_2[1].jpg
Found ! [12/01/2009 20:17] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\TNBPZ1FO\b64[1].jpg
Found ! [12/01/2009 17:57] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\TNBPZ1FO\b64_1[1].jpg
Found ! [12/01/2009 17:49] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\TNBPZ1FO\b64_2[1].jpg
Found ! [12/01/2009 21:47] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\TNBPZ1FO\file[1].txt
Found ! [12/01/2009 20:54] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\WPMBWDYF\b64[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe"
/background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
updateMgr=C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
swg=C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
esigwse="c:\documents and settings\administrateur.titanium\local
settings\application data\esigwse.exe" esigwse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Motive SmartBridge=C:\PROGRA~1\Numericable\Mon Assistant
Internet\SmartBridge\MotiveSB.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
PinnacleDriverCheck=C:\WINDOWS\system32\\PSDrvCheck.exe
SunJavaUpdateSched="C:\Program
Files\Java\jre1.6.0_02\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
RemoteControl="C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
ContentTransferWMDetector.exe=C:\Program Files\Sony\Content
Transfer\ContentTransferWMDetector.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
avast!="C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Option
alComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Option
alComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Option
alComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Option
alComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\KYE]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\looksingle]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\Personal Navigation Assistant]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local
AppWizard-Generated Applications\msnmsgr
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local
AppWizard-Generated Applications\winupgro
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\bisoft
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\DateTi
me4
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FFC
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated
Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated
Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
/!\ Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
Found ! - C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\Temporary Internet
Files\Content.IE5\9DWENNXX\Ranger_vernis_3d_crackle_accents[1].jpg
»»»» Presence des fichiers dans C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5
Found ! [12/01/2009 17:37] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\68AL7PCG\b64_1[1].jpg
Found ! [12/01/2009 17:48] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\68AL7PCG\b64_1[2].jpg
Found ! [12/01/2009 18:01] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\68AL7PCG\b64_1[3].jpg
Found ! [12/01/2009 20:13] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\68AL7PCG\b64_3[1].jpg
Found ! [12/01/2009 20:19] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\812VWLYB\b64_1[1].jpg
Found ! [12/01/2009 17:36] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\812VWLYB\b64_3[1].jpg
Found ! [12/01/2009 20:18] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\812VWLYB\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\9OQ4RWHD\b64[1].jpg
Found ! [12/01/2009 21:00] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\9OQ4RWHD\b64_2[1].jpg
Found ! [12/01/2009 20:53] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\B2U707RR\b64_1[1].jpg
Found ! [12/01/2009 17:45] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\B2U707RR\b64_3[1].jpg
Found ! [12/01/2009 20:42] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\GTQNSTM3\b64_3[1].jpg
Found ! [12/01/2009 20:13] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\GTQNSTM3\mxd[1].jpg
Found ! [12/01/2009 18:01] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\MRAM709K\b64[1].jpg
Found ! [12/01/2009 20:59] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\MRAM709K\b64_1[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\MRAM709K\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\OPEB4LYJ\b64_1[1].jpg
Found ! [12/01/2009 18:02] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\RENTXTZR\b64_1[1].jpg
Found ! [12/01/2009 18:02] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\SDQ38PMV\b64_2[1].jpg
Found ! [12/01/2009 20:17] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\TNBPZ1FO\b64[1].jpg
Found ! [12/01/2009 17:57] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\TNBPZ1FO\b64_1[1].jpg
Found ! [12/01/2009 17:49] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\TNBPZ1FO\b64_2[1].jpg
Found ! [12/01/2009 21:47] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\TNBPZ1FO\file[1].txt
Found ! [12/01/2009 20:54] - C:\Documents and
Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet
Files\Content.IE5\WPMBWDYF\b64[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe"
/background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
updateMgr=C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
swg=C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
esigwse="c:\documents and settings\administrateur.titanium\local
settings\application data\esigwse.exe" esigwse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Motive SmartBridge=C:\PROGRA~1\Numericable\Mon Assistant
Internet\SmartBridge\MotiveSB.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
PinnacleDriverCheck=C:\WINDOWS\system32\\PSDrvCheck.exe
SunJavaUpdateSched="C:\Program
Files\Java\jre1.6.0_02\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
RemoteControl="C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
ContentTransferWMDetector.exe=C:\Program Files\Sony\Content
Transfer\ContentTransferWMDetector.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
avast!="C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Option
alComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Option
alComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Option
alComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Option
alComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\KYE]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\looksingle]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\Personal Navigation Assistant]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated
applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local
AppWizard-Generated Applications\msnmsgr
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local
AppWizard-Generated Applications\winupgro
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\bisoft
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\DateTi
me4
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FFC
Found ! -
HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated
Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated
Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! -
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
/!\ Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
Important :
Branche toutes tes unités externes au PC ( DD externes , clé USB , lecteur mp3, ect...) mais sans les ouvrir !
Tu les retireras après la manipe ...
Ferme toutes les applications en cours !
Relance FindyKill :
-> choisis cette fois-ci l'option 2 (suppression).
/!\ ton PC va redémarrer de lui même , c'est normal !... Laisse travailler l'outil jusqu' à l'apparition du message :
"nettoyage terminé" .
Note : lors du message d'avertissement , cliques sur " Ok " .
--> Poste le nouveau rapport FindyKill.txt qui est généré.
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tapes explorer.exe et valide .
Branche toutes tes unités externes au PC ( DD externes , clé USB , lecteur mp3, ect...) mais sans les ouvrir !
Tu les retireras après la manipe ...
Ferme toutes les applications en cours !
Relance FindyKill :
-> choisis cette fois-ci l'option 2 (suppression).
/!\ ton PC va redémarrer de lui même , c'est normal !... Laisse travailler l'outil jusqu' à l'apparition du message :
"nettoyage terminé" .
Note : lors du message d'avertissement , cliques sur " Ok " .
--> Poste le nouveau rapport FindyKill.txt qui est généré.
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tapes explorer.exe et valide .
ok je ferais ca ce soir vers 18 h car la je suis au travail
j ai fais option 2 hier mais aparemment j ai toujours le meme probleme
je referai un rapport vers 18 h
merci du temps passer a m aider
j ai fais option 2 hier mais aparemment j ai toujours le meme probleme
je referai un rapport vers 18 h
merci du temps passer a m aider
voici le nouveau rapport
----------------- FindyKill V4.711 ------------------
* User : Administrateur - TITANIUM
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:07:21 le 13/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\administrateur.titanium\local settings\application data\esigwse.exe
C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\AsstCommon\MotiveDirectory.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe" (1908)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\1092859.EXE-064FAB65.pf
Found ! - C:\WINDOWS\prefetch\1135562.EXE-1E1AA576.pf
Found ! - C:\WINDOWS\prefetch\115859.EXE-15F815A9.pf
Found ! - C:\WINDOWS\prefetch\148796.EXE-14AAEF32.pf
Found ! - C:\WINDOWS\prefetch\154578.EXE-0A04C81F.pf
Found ! - C:\WINDOWS\prefetch\161296.EXE-15CABB94.pf
Found ! - C:\WINDOWS\prefetch\175078.EXE-1237ED87.pf
Found ! - C:\WINDOWS\prefetch\187390.EXE-10064BF7.pf
Found ! - C:\WINDOWS\prefetch\253390.EXE-06C5D2A7.pf
Found ! - C:\WINDOWS\prefetch\271343.EXE-1BDCC261.pf
Found ! - C:\WINDOWS\prefetch\28857953.EXE-16874C93.pf
Found ! - C:\WINDOWS\prefetch\293046.EXE-20C9F503.pf
Found ! - C:\WINDOWS\prefetch\300937.EXE-0C6E78E2.pf
Found ! - C:\WINDOWS\prefetch\307640.EXE-00338970.pf
Found ! - C:\WINDOWS\prefetch\767781.EXE-044EEFE9.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-38C70FD6.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-337EFD06.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [13/01/2009 18:05] - C:\WINDOWS\system32\mdelk.exe
Found ! [13/01/2009 18:05] - C:\WINDOWS\system32\wintems.exe
Found ! [13/01/2009 18:06] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Application Data
Found ! [12/01/2009 23:01] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\flec006.exe"
Found ! [13/01/2009 18:05] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\list.oct"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\data.oct"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\srvlist.oct"
Found ! [13/01/2009 18:07] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\shared"
Found ! [12/01/2009 17:47] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m"
Found ! [12/01/2009 17:36] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers"
Found ! [13/01/2009 18:05] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\srosa.sys"
Found ! [13/01/2009 18:05] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\srosa2.sys"
Found ! [25/01/2005 09:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\downld"
»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp
Found ! - C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\9DWENNXX\Ranger_vernis_3d_crackle_accents[1].jpg
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5
Found ! [12/01/2009 17:37] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[1].jpg
Found ! [12/01/2009 17:48] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[2].jpg
Found ! [12/01/2009 18:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[3].jpg
Found ! [12/01/2009 20:13] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_3[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\file[1].txt
Found ! [12/01/2009 20:19] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_1[1].jpg
Found ! [12/01/2009 17:36] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_3[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_5[1].jpg
Found ! [12/01/2009 20:18] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64[1].jpg
Found ! [12/01/2009 23:04] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64_1[1].jpg
Found ! [12/01/2009 21:00] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64_2[1].jpg
Found ! [12/01/2009 20:53] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\b64_1[1].jpg
Found ! [12/01/2009 17:45] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\b64_3[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\mxd[1].jpg
Found ! [12/01/2009 20:42] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\b64_3[1].jpg
Found ! [12/01/2009 20:13] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\mxd[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\servernames[1].htm
Found ! [12/01/2009 18:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64[2].jpg
Found ! [12/01/2009 20:59] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_1[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_1[2].jpg
Found ! [12/01/2009 23:05] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_2[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\OPEB4LYJ\b64_1[1].jpg
Found ! [12/01/2009 18:02] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_1[1].jpg
Found ! [12/01/2009 23:00] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_3[1].jpg
Found ! [13/01/2009 18:05] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_3[2].jpg
Found ! [12/01/2009 18:02] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\SDQ38PMV\b64_2[1].jpg
Found ! [12/01/2009 20:17] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64[1].jpg
Found ! [12/01/2009 17:57] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64_1[1].jpg
Found ! [12/01/2009 17:49] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64_2[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\WLQ34PA7\b64[1].jpg
Found ! [12/01/2009 20:54] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\WPMBWDYF\b64[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
updateMgr=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
esigwse="c:\documents and settings\administrateur.titanium\local settings\application data\esigwse.exe" esigwse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Motive SmartBridge=C:\PROGRA~1\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
PinnacleDriverCheck=C:\WINDOWS\system32\\PSDrvCheck.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
RemoteControl="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
ContentTransferWMDetector.exe=C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
avast!="C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\KYE]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\looksingle]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Personal Navigation Assistant]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
/!\ Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
----------------- FindyKill V4.711 ------------------
* User : Administrateur - TITANIUM
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:07:21 le 13/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\administrateur.titanium\local settings\application data\esigwse.exe
C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\AsstCommon\MotiveDirectory.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe" (1908)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\1092859.EXE-064FAB65.pf
Found ! - C:\WINDOWS\prefetch\1135562.EXE-1E1AA576.pf
Found ! - C:\WINDOWS\prefetch\115859.EXE-15F815A9.pf
Found ! - C:\WINDOWS\prefetch\148796.EXE-14AAEF32.pf
Found ! - C:\WINDOWS\prefetch\154578.EXE-0A04C81F.pf
Found ! - C:\WINDOWS\prefetch\161296.EXE-15CABB94.pf
Found ! - C:\WINDOWS\prefetch\175078.EXE-1237ED87.pf
Found ! - C:\WINDOWS\prefetch\187390.EXE-10064BF7.pf
Found ! - C:\WINDOWS\prefetch\253390.EXE-06C5D2A7.pf
Found ! - C:\WINDOWS\prefetch\271343.EXE-1BDCC261.pf
Found ! - C:\WINDOWS\prefetch\28857953.EXE-16874C93.pf
Found ! - C:\WINDOWS\prefetch\293046.EXE-20C9F503.pf
Found ! - C:\WINDOWS\prefetch\300937.EXE-0C6E78E2.pf
Found ! - C:\WINDOWS\prefetch\307640.EXE-00338970.pf
Found ! - C:\WINDOWS\prefetch\767781.EXE-044EEFE9.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-38C70FD6.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-337EFD06.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [13/01/2009 18:05] - C:\WINDOWS\system32\mdelk.exe
Found ! [13/01/2009 18:05] - C:\WINDOWS\system32\wintems.exe
Found ! [13/01/2009 18:06] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Application Data
Found ! [12/01/2009 23:01] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\flec006.exe"
Found ! [13/01/2009 18:05] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\list.oct"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\data.oct"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\srvlist.oct"
Found ! [13/01/2009 18:07] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\shared"
Found ! [12/01/2009 17:47] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m"
Found ! [12/01/2009 17:36] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers"
Found ! [13/01/2009 18:05] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\srosa.sys"
Found ! [13/01/2009 18:05] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\srosa2.sys"
Found ! [25/01/2005 09:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\downld"
»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp
Found ! - C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\9DWENNXX\Ranger_vernis_3d_crackle_accents[1].jpg
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5
Found ! [12/01/2009 17:37] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[1].jpg
Found ! [12/01/2009 17:48] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[2].jpg
Found ! [12/01/2009 18:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[3].jpg
Found ! [12/01/2009 20:13] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_3[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\file[1].txt
Found ! [12/01/2009 20:19] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_1[1].jpg
Found ! [12/01/2009 17:36] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_3[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_5[1].jpg
Found ! [12/01/2009 20:18] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64[1].jpg
Found ! [12/01/2009 23:04] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64_1[1].jpg
Found ! [12/01/2009 21:00] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64_2[1].jpg
Found ! [12/01/2009 20:53] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\b64_1[1].jpg
Found ! [12/01/2009 17:45] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\b64_3[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\mxd[1].jpg
Found ! [12/01/2009 20:42] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\b64_3[1].jpg
Found ! [12/01/2009 20:13] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\mxd[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\servernames[1].htm
Found ! [12/01/2009 18:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64[2].jpg
Found ! [12/01/2009 20:59] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_1[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_1[2].jpg
Found ! [12/01/2009 23:05] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_2[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\OPEB4LYJ\b64_1[1].jpg
Found ! [12/01/2009 18:02] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_1[1].jpg
Found ! [12/01/2009 23:00] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_3[1].jpg
Found ! [13/01/2009 18:05] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_3[2].jpg
Found ! [12/01/2009 18:02] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\SDQ38PMV\b64_2[1].jpg
Found ! [12/01/2009 20:17] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64[1].jpg
Found ! [12/01/2009 17:57] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64_1[1].jpg
Found ! [12/01/2009 17:49] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64_2[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\WLQ34PA7\b64[1].jpg
Found ! [12/01/2009 20:54] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\WPMBWDYF\b64[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
updateMgr=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
esigwse="c:\documents and settings\administrateur.titanium\local settings\application data\esigwse.exe" esigwse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Motive SmartBridge=C:\PROGRA~1\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
PinnacleDriverCheck=C:\WINDOWS\system32\\PSDrvCheck.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
RemoteControl="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
ContentTransferWMDetector.exe=C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
avast!="C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\KYE]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\looksingle]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Personal Navigation Assistant]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
/!\ Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
je viens de refaire option 2 supprimer
mais toujours le meme probleme
voici le 3ème rapport et j attends de savoir koi faire maintenant
----------------- FindyKill V4.711 ------------------
* User : Administrateur - TITANIUM
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:39:45 le 13/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\administrateur.titanium\local settings\application data\esigwse.exe
C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\AsstCommon\MotiveDirectory.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe" (1556)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\1092859.EXE-064FAB65.pf
Found ! - C:\WINDOWS\prefetch\1135562.EXE-1E1AA576.pf
Found ! - C:\WINDOWS\prefetch\115859.EXE-15F815A9.pf
Found ! - C:\WINDOWS\prefetch\148796.EXE-14AAEF32.pf
Found ! - C:\WINDOWS\prefetch\154578.EXE-0A04C81F.pf
Found ! - C:\WINDOWS\prefetch\161296.EXE-15CABB94.pf
Found ! - C:\WINDOWS\prefetch\175078.EXE-1237ED87.pf
Found ! - C:\WINDOWS\prefetch\187390.EXE-10064BF7.pf
Found ! - C:\WINDOWS\prefetch\253390.EXE-06C5D2A7.pf
Found ! - C:\WINDOWS\prefetch\271343.EXE-1BDCC261.pf
Found ! - C:\WINDOWS\prefetch\28857953.EXE-16874C93.pf
Found ! - C:\WINDOWS\prefetch\293046.EXE-20C9F503.pf
Found ! - C:\WINDOWS\prefetch\300937.EXE-0C6E78E2.pf
Found ! - C:\WINDOWS\prefetch\307640.EXE-00338970.pf
Found ! - C:\WINDOWS\prefetch\767781.EXE-044EEFE9.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-38C70FD6.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-337EFD06.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [13/01/2009 18:05] - C:\WINDOWS\system32\mdelk.exe
Found ! [13/01/2009 18:05] - C:\WINDOWS\system32\wintems.exe
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Application Data
Found ! [12/01/2009 23:01] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\flec006.exe"
Found ! [13/01/2009 18:05] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\list.oct"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\data.oct"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\srvlist.oct"
Found ! [13/01/2009 18:40] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\shared"
Found ! [12/01/2009 17:47] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m"
Found ! [12/01/2009 17:36] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers"
Found ! [13/01/2009 18:39] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\srosa.sys"
Found ! [13/01/2009 18:39] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\srosa2.sys"
Found ! [25/01/2005 09:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe"
Found ! [13/01/2009 18:39] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\downld"
»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp
Found ! - C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\9DWENNXX\Ranger_vernis_3d_crackle_accents[1].jpg
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5
Found ! [12/01/2009 17:37] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[1].jpg
Found ! [12/01/2009 17:48] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[2].jpg
Found ! [12/01/2009 18:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[3].jpg
Found ! [12/01/2009 20:13] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_3[1].jpg
Found ! [13/01/2009 18:39] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_3[2].jpg
Found ! [13/01/2009 18:40] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\file[1].txt
Found ! [12/01/2009 20:19] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_1[1].jpg
Found ! [12/01/2009 17:36] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_3[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_5[1].jpg
Found ! [12/01/2009 20:18] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64[1].jpg
Found ! [12/01/2009 23:04] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64_1[1].jpg
Found ! [12/01/2009 21:00] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64_2[1].jpg
Found ! [12/01/2009 20:53] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\b64_1[1].jpg
Found ! [12/01/2009 17:45] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\b64_3[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\mxd[1].jpg
Found ! [12/01/2009 20:42] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\b64_3[1].jpg
Found ! [12/01/2009 20:13] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\mxd[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\servernames[1].htm
Found ! [12/01/2009 18:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64[2].jpg
Found ! [12/01/2009 20:59] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_1[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_1[2].jpg
Found ! [12/01/2009 23:05] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_2[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\OPEB4LYJ\b64_1[1].jpg
Found ! [12/01/2009 18:02] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_1[1].jpg
Found ! [12/01/2009 23:00] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_3[1].jpg
Found ! [13/01/2009 18:05] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_3[2].jpg
Found ! [12/01/2009 18:02] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\SDQ38PMV\b64_2[1].jpg
Found ! [12/01/2009 20:17] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64[1].jpg
Found ! [12/01/2009 17:57] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64_1[1].jpg
Found ! [12/01/2009 17:49] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64_2[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\WLQ34PA7\b64[1].jpg
Found ! [12/01/2009 20:54] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\WPMBWDYF\b64[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
updateMgr=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
esigwse="c:\documents and settings\administrateur.titanium\local settings\application data\esigwse.exe" esigwse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Motive SmartBridge=C:\PROGRA~1\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
PinnacleDriverCheck=C:\WINDOWS\system32\\PSDrvCheck.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
RemoteControl="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
ContentTransferWMDetector.exe=C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
avast!="C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\KYE]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\looksingle]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Personal Navigation Assistant]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
/!\ Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
mais toujours le meme probleme
voici le 3ème rapport et j attends de savoir koi faire maintenant
----------------- FindyKill V4.711 ------------------
* User : Administrateur - TITANIUM
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 18:39:45 le 13/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\documents and settings\administrateur.titanium\local settings\application data\esigwse.exe
C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\PROGRA~1\Motive\AsstCommon\MotiveDirectory.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe" (1556)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\1092859.EXE-064FAB65.pf
Found ! - C:\WINDOWS\prefetch\1135562.EXE-1E1AA576.pf
Found ! - C:\WINDOWS\prefetch\115859.EXE-15F815A9.pf
Found ! - C:\WINDOWS\prefetch\148796.EXE-14AAEF32.pf
Found ! - C:\WINDOWS\prefetch\154578.EXE-0A04C81F.pf
Found ! - C:\WINDOWS\prefetch\161296.EXE-15CABB94.pf
Found ! - C:\WINDOWS\prefetch\175078.EXE-1237ED87.pf
Found ! - C:\WINDOWS\prefetch\187390.EXE-10064BF7.pf
Found ! - C:\WINDOWS\prefetch\253390.EXE-06C5D2A7.pf
Found ! - C:\WINDOWS\prefetch\271343.EXE-1BDCC261.pf
Found ! - C:\WINDOWS\prefetch\28857953.EXE-16874C93.pf
Found ! - C:\WINDOWS\prefetch\293046.EXE-20C9F503.pf
Found ! - C:\WINDOWS\prefetch\300937.EXE-0C6E78E2.pf
Found ! - C:\WINDOWS\prefetch\307640.EXE-00338970.pf
Found ! - C:\WINDOWS\prefetch\767781.EXE-044EEFE9.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-38C70FD6.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-337EFD06.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [13/01/2009 18:05] - C:\WINDOWS\system32\mdelk.exe
Found ! [13/01/2009 18:05] - C:\WINDOWS\system32\wintems.exe
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Application Data
Found ! [12/01/2009 23:01] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\flec006.exe"
Found ! [13/01/2009 18:05] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\list.oct"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\data.oct"
Found ! [13/01/2009 18:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\srvlist.oct"
Found ! [13/01/2009 18:40] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m\shared"
Found ! [12/01/2009 17:47] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\m"
Found ! [12/01/2009 17:36] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers"
Found ! [13/01/2009 18:39] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\srosa.sys"
Found ! [13/01/2009 18:39] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\srosa2.sys"
Found ! [25/01/2005 09:06] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\winupgro.exe"
Found ! [13/01/2009 18:39] - "C:\Documents and Settings\Administrateur.TITANIUM\Application Data\drivers\downld"
»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp
Found ! - C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\9DWENNXX\Ranger_vernis_3d_crackle_accents[1].jpg
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5
Found ! [12/01/2009 17:37] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[1].jpg
Found ! [12/01/2009 17:48] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[2].jpg
Found ! [12/01/2009 18:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_1[3].jpg
Found ! [12/01/2009 20:13] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_3[1].jpg
Found ! [13/01/2009 18:39] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\b64_3[2].jpg
Found ! [13/01/2009 18:40] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\68AL7PCG\file[1].txt
Found ! [12/01/2009 20:19] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_1[1].jpg
Found ! [12/01/2009 17:36] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_3[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\b64_5[1].jpg
Found ! [12/01/2009 20:18] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\812VWLYB\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64[1].jpg
Found ! [12/01/2009 23:04] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64_1[1].jpg
Found ! [12/01/2009 21:00] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\9OQ4RWHD\b64_2[1].jpg
Found ! [12/01/2009 20:53] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\b64_1[1].jpg
Found ! [12/01/2009 17:45] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\b64_3[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\B2U707RR\mxd[1].jpg
Found ! [12/01/2009 20:42] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\b64_3[1].jpg
Found ! [12/01/2009 20:13] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\mxd[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\GTQNSTM3\servernames[1].htm
Found ! [12/01/2009 18:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64[2].jpg
Found ! [12/01/2009 20:59] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_1[1].jpg
Found ! [13/01/2009 18:06] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_1[2].jpg
Found ! [12/01/2009 23:05] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\b64_2[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\MRAM709K\mxd[1].jpg
Found ! [12/01/2009 17:47] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\OPEB4LYJ\b64_1[1].jpg
Found ! [12/01/2009 18:02] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_1[1].jpg
Found ! [12/01/2009 23:00] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_3[1].jpg
Found ! [13/01/2009 18:05] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\RENTXTZR\b64_3[2].jpg
Found ! [12/01/2009 18:02] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\SDQ38PMV\b64_2[1].jpg
Found ! [12/01/2009 20:17] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64[1].jpg
Found ! [12/01/2009 17:57] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64_1[1].jpg
Found ! [12/01/2009 17:49] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\TNBPZ1FO\b64_2[1].jpg
Found ! [12/01/2009 23:01] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\WLQ34PA7\b64[1].jpg
Found ! [12/01/2009 20:54] - C:\Documents and Settings\Administrateur.TITANIUM\Local Settings\Temporary Internet Files\Content.IE5\WPMBWDYF\b64[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
updateMgr=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
esigwse="c:\documents and settings\administrateur.titanium\local settings\application data\esigwse.exe" esigwse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Motive SmartBridge=C:\PROGRA~1\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe
MessengerPlus3="C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
PinnacleDriverCheck=C:\WINDOWS\system32\\PSDrvCheck.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
RemoteControl="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
ContentTransferWMDetector.exe=C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
avast!="C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\KYE]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\looksingle]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Personal Navigation Assistant]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\setup]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1275210071-1958367476-682003330-500\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
/!\ Mode sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
/!\ Mode sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
