Findykill

filtek Messages postés 3 Date d'inscription Statut Membre Dernière intervention -
filtek Messages postés 3 Date d'inscription Statut Membre Dernière intervention - 9 févr. 2009 à 15:30

Bonjour, j'ai execute l'option 2 de findykill et je vous joins le rapport ci-dessous ; Que faire maintenant : l' install de l'antivirus est toujours impossible . cordialement merci

###################### [ FindyKill V4.715 ]

# User : UTIL - P8145
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 22:07:52 the 02/02/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

################## [ C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\292609.EXE-22E81951.pf
Deleted ! - C:\WINDOWS\prefetch\310906.EXE-2C0A2A6A.pf
Deleted ! - C:\WINDOWS\prefetch\311625.EXE-1EFEA0BB.pf
Deleted ! - C:\WINDOWS\prefetch\336156.EXE-2E662E8D.pf
Deleted ! - C:\WINDOWS\prefetch\469109.EXE-03658B10.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-235225EF.pf
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-08A7CE44.pf
Deleted ! - C:\WINDOWS\prefetch\PATCH FRAN€AIS NERO 6.6.0.16.-39235255.pf
Deleted ! - C:\WINDOWS\prefetch\PATCH.TMP-282EB789.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-02F90485.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Deleted ! - "C:\WINDOWS\system32\drivers\down"

################## [ C:\Documents and Settings\UTIL\Application Data ]

Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers"

################## [ C:\DOCUME~1\UTIL\LOCALS~1\Temp ]

################## [ C:\Documents and Settings\UTIL\Local Settings\Temporary Internet Files\Content.IE5 ]

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-1484400983-1726409691-3697291689-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1484400983-1726409691-3697291689-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1484400983-1726409691-3697291689-1003\Software\MuleAppData

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Safe boot mode restored !

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Lecteur fixe

E: - Lecteur fixe

G: - Lecteur amovible

# deleting files :
reponse à l'install de panda 2009 qui echoue :

Cannot create PavShld\shldrv51.sys
Cannot create Files\wnmflt.sys
Cannot create PavShld\PavProc.sys
Cannot create Files\Netfltdi.sys
Cannot create Files\pavcpl.cpl
Cannot create Files\avldr.dll
Cannot create Files\Appflt.sys
Cannot create Files\dsaflt.sys
Cannot create Files\fnetmon.sys
Cannot create Files\idsflt.sys

Afficher la suite

22 réponses

Réponse 21 / 22

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

après recherche sur le net les fichier cteng peuvent venir d'incredimail , tu l'as ?

Réponse 22 / 22

jlpjlp Messages postés 51580 Date d'inscription Statut Contributeur sécurité Dernière intervention 5 040

cteng peut venir de la messagerie incredimail tu l'as?

________________

cré un point de restauration puis mets le sp3 si souci tu restaurera avant l'installation

Discussions similaires

rapport findykill

Votre réponse

Discussions similaires