A voir également:
- Bjour et merci a tout le monde virus bagle li
- Svchost.exe virus - Guide
- La la li la la la 90's song - Forum Musique / Radio / Clip
- Altruistic virus ✓ - Forum Antivirus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- Youtu.be virus - Guide
6 réponses
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
23 janv. 2009 à 16:55
23 janv. 2009 à 16:55
Important :
Branche toutes tes unités externes au PC ( DD externes, clé USB, lecteur mp3, ect...) mais sans les ouvrir !
Tu les retireras après la manip ...
Ferme toutes les applications en cours !
Relance FindyKill :
-> choisis cette fois-ci l'option 2 (suppression).
/!\ ton PC va redémarrer de lui même , c'est normal !... Laisse travailler l'outil jusqu' à l'apparition du message :
"nettoyage terminé" .
Note : lors du message d'avertissement , cliques sur " Ok " .
--> Poste le nouveau rapport FindyKill.txt qui est généré.
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tapes explorer.exe et valide .
Branche toutes tes unités externes au PC ( DD externes, clé USB, lecteur mp3, ect...) mais sans les ouvrir !
Tu les retireras après la manip ...
Ferme toutes les applications en cours !
Relance FindyKill :
-> choisis cette fois-ci l'option 2 (suppression).
/!\ ton PC va redémarrer de lui même , c'est normal !... Laisse travailler l'outil jusqu' à l'apparition du message :
"nettoyage terminé" .
Note : lors du message d'avertissement , cliques sur " Ok " .
--> Poste le nouveau rapport FindyKill.txt qui est généré.
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tapes explorer.exe et valide .
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
23 janv. 2009 à 17:31
23 janv. 2009 à 17:31
Tu as remis le rapport de l'option 1
C'est celui de l'option 2 qu'il faudrait...
C'est celui de l'option 2 qu'il faudrait...
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
23 janv. 2009 à 17:41
23 janv. 2009 à 17:41
Réponds à la suite du dernier message stp parce que là, on ne s'y retrouve plus ;-)
Comment va ton PC à la suite de ce nettoyage ?
Comment va ton PC à la suite de ce nettoyage ?
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
23 janv. 2009 à 17:48
23 janv. 2009 à 17:48
Bagle peut avoir endommagé ton antivirus, si c'est le cas tu devras le réinstaller.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
toptitbal
Messages postés
25709
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 228
23 janv. 2009 à 16:39
23 janv. 2009 à 16:39
Bonjour
Télécharge FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistre-le sur ton bureau et pas ailleurs !
!! Déconnecte toi et ferme toutes les applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
Tuto : https://www.malekal.com/tutorial-findykill/
--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ). Puis laisse travailler l'outil sans rien toucher ...
Une fois terminé, poste le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Télécharge FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistre-le sur ton bureau et pas ailleurs !
!! Déconnecte toi et ferme toutes les applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
Tuto : https://www.malekal.com/tutorial-findykill/
--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ). Puis laisse travailler l'outil sans rien toucher ...
Une fois terminé, poste le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
###################### [ FindyKill V4.714 ]
# User : cedric - PC-DE-CEDRIC
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours le 19/01/09 par Chiquitine29
# Recherche effectuée à 16:31:49 le 23/01/2009
# Windows Vista - Internet Explorer 7.0.6001.18000
# [ FindyKill V4.714 - Scan ] ##############
\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\aol\1229522254\ee\aolsoftware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\cedric\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\cedric\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\cedric\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AxBx\Vista Dual Scan\vd_scan.exe
C:\Windows\system32\conime.exe
\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////
################## [ C:\ ]
Found ! [21/01/2009 18:40] - "C:\Avenger"
################## [ C:\Windows ]
################## [ C:\Windows\Prefetch ]
################## [ C:\Windows\system32 ]
Found ! [21/01/2009 18:37] - C:\Windows\system32\ban_list.txt
################## [ C:\Windows\system32\drivers ]
################## [ C:\Users\cedric\AppData\Roaming ]
Found ! [27/12/2008 21:27] - "C:\Users\cedric\AppData\Roaming\drivers"
Found ! [21/01/2009 16:36] - "C:\Users\cedric\AppData\Roaming\drivers\srosa.sys"
Found ! [21/01/2009 16:36] - "C:\Users\cedric\AppData\Roaming\drivers\srosa2.sys"
Found ! [21/01/2009 16:43] - "C:\Users\cedric\AppData\Roaming\drivers\downld"
################## [ C:\Users\cedric\AppData\Local\Temp ]
\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
AlcoholAutomount="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
RtHDVCpl=RtHDVCpl.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
eDataSecurity Loader=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
BkupTray="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
ZPdtWzdVitaKey MC3000="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
PLFSetI=C:\Windows\PLFSetI.exe
LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
eRecoveryService=
ePower_DMC=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
eAudio="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
ArcadeDeluxeAgent="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
CLMLServer="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
PlayMovie="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
WarReg_PopUp=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HostManager=C:\Program Files\Common Files\AOL\1229522254\ee\AOLSoftware.exe
Anti Trojan Elite=C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Launch Tool]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Ubisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////
# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - # Type de démarrage = 4
EapHost - # Type de démarrage = 3
Wlansvc - # Type de démarrage = 2
/!\ SharedAccess - # Type de démarrage = 4
/!\ wuauserv - # Type de démarrage = 4
/!\ wscsvc - # Type de démarrage = 4
/!\ WinDefend - # Type de démarrage = 4
/!\ UAC is Disable -> Start = 0x0
\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////
# Informations :
C: - Lecteur fixe
D: - Lecteur fixe
# presence des fichiers :
\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////
-> Not found !
################## [ ! Fin du rapport # FindyKill V4.714 ! ]
# User : cedric - PC-DE-CEDRIC
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours le 19/01/09 par Chiquitine29
# Recherche effectuée à 16:31:49 le 23/01/2009
# Windows Vista - Internet Explorer 7.0.6001.18000
# [ FindyKill V4.714 - Scan ] ##############
\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\aol\1229522254\ee\aolsoftware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\cedric\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\cedric\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\cedric\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AxBx\Vista Dual Scan\vd_scan.exe
C:\Windows\system32\conime.exe
\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////
################## [ C:\ ]
Found ! [21/01/2009 18:40] - "C:\Avenger"
################## [ C:\Windows ]
################## [ C:\Windows\Prefetch ]
################## [ C:\Windows\system32 ]
Found ! [21/01/2009 18:37] - C:\Windows\system32\ban_list.txt
################## [ C:\Windows\system32\drivers ]
################## [ C:\Users\cedric\AppData\Roaming ]
Found ! [27/12/2008 21:27] - "C:\Users\cedric\AppData\Roaming\drivers"
Found ! [21/01/2009 16:36] - "C:\Users\cedric\AppData\Roaming\drivers\srosa.sys"
Found ! [21/01/2009 16:36] - "C:\Users\cedric\AppData\Roaming\drivers\srosa2.sys"
Found ! [21/01/2009 16:43] - "C:\Users\cedric\AppData\Roaming\drivers\downld"
################## [ C:\Users\cedric\AppData\Local\Temp ]
\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
AlcoholAutomount="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
RtHDVCpl=RtHDVCpl.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
eDataSecurity Loader=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
BkupTray="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
ZPdtWzdVitaKey MC3000="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
PLFSetI=C:\Windows\PLFSetI.exe
LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
eRecoveryService=
ePower_DMC=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
eAudio="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
ArcadeDeluxeAgent="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
CLMLServer="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
PlayMovie="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
WarReg_PopUp=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HostManager=C:\Program Files\Common Files\AOL\1229522254\ee\AOLSoftware.exe
Anti Trojan Elite=C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Launch Tool]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Ubisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////
# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - # Type de démarrage = 4
EapHost - # Type de démarrage = 3
Wlansvc - # Type de démarrage = 2
/!\ SharedAccess - # Type de démarrage = 4
/!\ wuauserv - # Type de démarrage = 4
/!\ wscsvc - # Type de démarrage = 4
/!\ WinDefend - # Type de démarrage = 4
/!\ UAC is Disable -> Start = 0x0
\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////
# Informations :
C: - Lecteur fixe
D: - Lecteur fixe
# presence des fichiers :
\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////
-> Not found !
################## [ ! Fin du rapport # FindyKill V4.714 ! ]
###################### [ FindyKill V4.714 ]
# User : cedric - PC-DE-CEDRIC
# Executed from : C:\Program Files\FindyKill
# Update on 19/01/09 by Chiquitine29
# Start at 16:59:26 the 23/01/2009
# Windows Vista - Internet Explorer 7.0.6001.18000
# [ FindyKill V4.714 - Deleting ] ###############
\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////
################## [ C:\ ]
Deleted ! - "C:\Avenger\m\shared"
Deleted ! - "C:\Avenger\m"
Deleted ! - C:\Avenger\flec006.exe
Deleted ! - C:\Avenger\wintems.exe
Deleted ! - "C:\Avenger"
################## [ C:\Windows ]
################## [ C:\Windows\Prefetch ]
Deleted ! - C:\Windows\prefetch\MDELK.EXE-BA78416E.pf
################## [ C:\Windows\system32 ]
Deleted ! - C:\Windows\system32\ban_list.txt
################## [ C:\Windows\system32\drivers ]
################## [ C:\Users\cedric\AppData\Roaming ]
Deleted ! - "C:\Users\cedric\AppData\Roaming\drivers\srosa.sys"
Deleted ! - "C:\Users\cedric\AppData\Roaming\drivers\srosa2.sys"
Deleted ! - "C:\Users\cedric\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\cedric\AppData\Roaming\drivers"
################## [ C:\Users\cedric\AppData\Local\Temp ]
################## [ C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5 ]
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\31RUP70V\b64_1[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\31RUP70V\b64_1[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\31RUP70V\b64_5[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\353PG05P\b64[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\353PG05P\b64_1[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\353PG05P\b64_1[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\353PG05P\b64_2[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\HK09DL03\b64[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\HK09DL03\b64_3[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\HK09DL03\file[1].txt
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\Z9YZEFVR\b64[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\Z9YZEFVR\b64_1[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\Z9YZEFVR\b64_1[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\Z9YZEFVR\b64_2[1].jpg
\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\patch
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\MuleAppData
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Ubisoft
\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////
# Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - # Type of startup = 3
EapHost - # Type of startup = 2
Wlansvc - # Type of startup = 2
SharedAccess - # Type of startup = 2
wuauserv - # Type of startup = 2
wscsvc - # Type of startup = 2
WinDefend - # Type of startup = 2
-> UAC is Enable
\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////
# Informations :
C: - Lecteur fixe
D: - Lecteur fixe
# deleting files :
\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////
-> Not found !
\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////
\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////
################## [ ! End of report # FindyKill V4.714 ! ]
# User : cedric - PC-DE-CEDRIC
# Executed from : C:\Program Files\FindyKill
# Update on 19/01/09 by Chiquitine29
# Start at 16:59:26 the 23/01/2009
# Windows Vista - Internet Explorer 7.0.6001.18000
# [ FindyKill V4.714 - Deleting ] ###############
\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////
################## [ C:\ ]
Deleted ! - "C:\Avenger\m\shared"
Deleted ! - "C:\Avenger\m"
Deleted ! - C:\Avenger\flec006.exe
Deleted ! - C:\Avenger\wintems.exe
Deleted ! - "C:\Avenger"
################## [ C:\Windows ]
################## [ C:\Windows\Prefetch ]
Deleted ! - C:\Windows\prefetch\MDELK.EXE-BA78416E.pf
################## [ C:\Windows\system32 ]
Deleted ! - C:\Windows\system32\ban_list.txt
################## [ C:\Windows\system32\drivers ]
################## [ C:\Users\cedric\AppData\Roaming ]
Deleted ! - "C:\Users\cedric\AppData\Roaming\drivers\srosa.sys"
Deleted ! - "C:\Users\cedric\AppData\Roaming\drivers\srosa2.sys"
Deleted ! - "C:\Users\cedric\AppData\Roaming\drivers\downld"
Deleted ! - "C:\Users\cedric\AppData\Roaming\drivers"
################## [ C:\Users\cedric\AppData\Local\Temp ]
################## [ C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5 ]
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\31RUP70V\b64_1[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\31RUP70V\b64_1[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\31RUP70V\b64_5[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\353PG05P\b64[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\353PG05P\b64_1[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\353PG05P\b64_1[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\353PG05P\b64_2[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\HK09DL03\b64[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\HK09DL03\b64_3[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\HK09DL03\file[1].txt
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\Z9YZEFVR\b64[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\Z9YZEFVR\b64_1[1].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\Z9YZEFVR\b64_1[2].jpg
Deleted ! - C:\Users\cedric\Local Settings\Temporary Internet Files\Content.IE5\Z9YZEFVR\b64_2[1].jpg
\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData
Deleted ! - HKEY_CURRENT_USER\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\patch
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\MuleAppData
Deleted ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Ubisoft
\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////
# Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - # Type of startup = 3
EapHost - # Type of startup = 2
Wlansvc - # Type of startup = 2
SharedAccess - # Type of startup = 2
wuauserv - # Type of startup = 2
wscsvc - # Type of startup = 2
WinDefend - # Type of startup = 2
-> UAC is Enable
\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////
# Informations :
C: - Lecteur fixe
D: - Lecteur fixe
# deleting files :
\\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] ///////////////////
-> Not found !
\\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] ///////////////////
\\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] ///////////////////
################## [ ! End of report # FindyKill V4.714 ! ]
23 janv. 2009 à 17:28
###################### [ FindyKill V4.714 ]
# User : cedric - PC-DE-CEDRIC
# Emplacement : C:\Program Files\FindyKill
# Outils Mis a jours le 19/01/09 par Chiquitine29
# Recherche effectuée à 16:31:49 le 23/01/2009
# Windows Vista - Internet Explorer 7.0.6001.18000
# [ FindyKill V4.714 - Scan ] ##############
\\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] ///////////////////
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\aol\1229522254\ee\aolsoftware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\cedric\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\cedric\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\cedric\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AxBx\Vista Dual Scan\vd_scan.exe
C:\Windows\system32\conime.exe
\\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] ///////////////////
################## [ C:\ ]
Found ! [21/01/2009 18:40] - "C:\Avenger"
################## [ C:\Windows ]
################## [ C:\Windows\Prefetch ]
################## [ C:\Windows\system32 ]
Found ! [21/01/2009 18:37] - C:\Windows\system32\ban_list.txt
################## [ C:\Windows\system32\drivers ]
################## [ C:\Users\cedric\AppData\Roaming ]
Found ! [27/12/2008 21:27] - "C:\Users\cedric\AppData\Roaming\drivers"
Found ! [21/01/2009 16:36] - "C:\Users\cedric\AppData\Roaming\drivers\srosa.sys"
Found ! [21/01/2009 16:36] - "C:\Users\cedric\AppData\Roaming\drivers\srosa2.sys"
Found ! [21/01/2009 16:43] - "C:\Users\cedric\AppData\Roaming\drivers\downld"
################## [ C:\Users\cedric\AppData\Local\Temp ]
\\\\\\\\\\\\\\\\\\ [ Registre / Startup ] ///////////////////
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WindowsWelcomeCenter=rundll32.exe oobefldr.dll,ShowWelcomeCenter
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
AlcoholAutomount="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
RtHDVCpl=RtHDVCpl.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
eDataSecurity Loader=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
BkupTray="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
ZPdtWzdVitaKey MC3000="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
PLFSetI=C:\Windows\PLFSetI.exe
LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
eRecoveryService=
ePower_DMC=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
eAudio="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
ArcadeDeluxeAgent="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
CLMLServer="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
PlayMovie="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
WarReg_PopUp=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HostManager=C:\Program Files\Common Files\AOL\1229522254\ee\AOLSoftware.exe
Anti Trojan Elite=C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Launch Tool]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msnmsgr]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
\\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] ///////////////////
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-4016964627-1679101850-2312973305-1000\Software\Ubisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\FFC
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe
Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key
/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1
\\\\\\\\\\\\\\\\\\ [ Etat / Services ] ///////////////////
# Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - # Type de démarrage = 4
EapHost - # Type de démarrage = 3
Wlansvc - # Type de démarrage = 2
/!\ SharedAccess - # Type de démarrage = 4
/!\ wuauserv - # Type de démarrage = 4
/!\ wscsvc - # Type de démarrage = 4
/!\ WinDefend - # Type de démarrage = 4
/!\ UAC is Disable -> Start = 0x0
\\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] ///////////////////
# Informations :
C: - Lecteur fixe
D: - Lecteur fixe
# presence des fichiers :
\\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] ///////////////////
-> Not found !
################## [ ! Fin du rapport # FindyKill V4.714 ! ]