Findykill

Fermé

filtek Messages postés 3 Date d'inscription mardi 3 février 2009 Statut Membre Dernière intervention 9 février 2009 - 3 févr. 2009 à 09:14
filtek Messages postés 3 Date d'inscription mardi 3 février 2009 Statut Membre Dernière intervention 9 février 2009 - 9 févr. 2009 à 15:30

Bonjour, j'ai execute l'option 2 de findykill et je vous joins le rapport ci-dessous ; Que faire maintenant : l' install de l'antivirus est toujours impossible . cordialement merci

###################### [ FindyKill V4.715 ]

# User : UTIL - P8145
# Executed from : C:\Program Files\FindyKill
# Update on 29/01/09Nby Chiquitine29
# Start at 22:07:52 the 02/02/2009
# Windows XP - Internet Explorer 7.0.5730.13

# [ FindyKill V4.715 - Deleting ] ###############

\\\\\\\\\\\\\\\\\\ [ Active Processes ] ///////////////////

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

\\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] ///////////////////

################## [ C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\Prefetch ]

Deleted ! - C:\WINDOWS\prefetch\292609.EXE-22E81951.pf
Deleted ! - C:\WINDOWS\prefetch\310906.EXE-2C0A2A6A.pf
Deleted ! - C:\WINDOWS\prefetch\311625.EXE-1EFEA0BB.pf
Deleted ! - C:\WINDOWS\prefetch\336156.EXE-2E662E8D.pf
Deleted ! - C:\WINDOWS\prefetch\469109.EXE-03658B10.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-235225EF.pf
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-08A7CE44.pf
Deleted ! - C:\WINDOWS\prefetch\PATCH FRAN€AIS NERO 6.6.0.16.-39235255.pf
Deleted ! - C:\WINDOWS\prefetch\PATCH.TMP-282EB789.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-02F90485.pf

################## [ C:\WINDOWS\system32 ]

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

Deleted ! - "C:\WINDOWS\system32\drivers\down"

################## [ C:\Documents and Settings\UTIL\Application Data ]

Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\srvlist.oct"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\m"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers\srosa2.sys"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers\wfsintwq.sys"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers\winupgro.exe"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\UTIL\Application Data\drivers"

################## [ C:\DOCUME~1\UTIL\LOCALS~1\Temp ]

################## [ C:\Documents and Settings\UTIL\Local Settings\Temporary Internet Files\Content.IE5 ]

\\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] ///////////////////

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_CURRENT_USER\Software\bisoft
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_USERS\S-1-5-21-1484400983-1726409691-3697291689-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1484400983-1726409691-3697291689-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1484400983-1726409691-3697291689-1003\Software\MuleAppData

\\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] ///////////////////

# Safe boot mode restored !

# Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - # Type of startup = 3

Ip6Fw - # Type of startup = 2

SharedAccess - # Type of startup = 2

wuauserv - # Type of startup = 2

wscsvc - # Type of startup = 2

\\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] ///////////////////

# Informations :

C: - Lecteur fixe

E: - Lecteur fixe

G: - Lecteur amovible

# deleting files :
reponse à l'install de panda 2009 qui echoue :

Cannot create PavShld\shldrv51.sys
Cannot create Files\wnmflt.sys
Cannot create PavShld\PavProc.sys
Cannot create Files\Netfltdi.sys
Cannot create Files\pavcpl.cpl
Cannot create Files\avldr.dll
Cannot create Files\Appflt.sys
Cannot create Files\dsaflt.sys
Cannot create Files\fnetmon.sys
Cannot create Files\idsflt.sys

22 réponses

Réponse 21 / 22

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 févr. 2009 à 10:09

après recherche sur le net les fichier cteng peuvent venir d'incredimail , tu l'as ?

Réponse 22 / 22

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 févr. 2009 à 13:04

cteng peut venir de la messagerie incredimail tu l'as?

________________

cré un point de restauration puis mets le sp3 si souci tu restaurera avant l'installation

Newsletters