Registre et fichier infecter

christorock Messages postés 605 Statut Membre -  
christorock Messages postés 605 Statut Membre -
Bonjour, voila mon rapport de malwarebytes.

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1951
Windows 6.0.6001 Service Pack 1

17/04/2009 00:57:56
mbam-log-2009-04-17 (00-57-40).txt

Type de recherche: Examen rapide
Eléments examinés: 62811
Temps écoulé: 6 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\alain\AppData\Roaming\drivers\srosa2.sys (Trojan.Agent) -> No action taken.
C:\Users\alain\AppData\Roaming\drivers\winupgro.exe (Trojan.Agent) -> No action taken.
C:\Users\alain\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> No action taken.
C:\Users\alain\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> No action taken.
C:\Users\alain\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> No action taken.

Suis-je bien infecter par un Bagle? (Sa va faire la 3eme fois...)

Merci d'avance.
Configuration: Windows Vista
Safari 525.19

4 réponses

  1. jimkiller Messages postés 2177 Statut Membre 487
     
    Salut ! as-tu supprimé toutes ces infections à la fin du scan de malwarebyte ? effectivement il y a du bagle.
    0
  2. christorock Messages postés 605 Statut Membre 10
     
    non j'avais oublier^^

    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 1951
    Windows 6.0.6001 Service Pack 1

    17/04/2009 01:04:03
    mbam-log-2009-04-17 (01-04-03).txt

    Type de recherche: Examen rapide
    Eléments examinés: 62811
    Temps écoulé: 6 minute(s), 41 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Delete on reboot.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\alain\AppData\Roaming\drivers\srosa2.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\alain\AppData\Roaming\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
    C:\Users\alain\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
    C:\Users\alain\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    C:\Users\alain\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
    0
  3. christorock Messages postés 605 Statut Membre 10
     
    ############################## [ FindyKill V4.724 ]

    # User : alain (Administrateurs) # PC-DE-ALAIN
    # Update on 15/04/09 by Chiquitine29
    # Start at: 01:12:19 | 17/04/2009
    # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

    # Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Disabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 144,29 Go (21,49 Go free) [OS] # NTFS
    # D:\ # Disque fixe local # 21 Go (5,65 Go free) [ne pas toucher] # NTFS
    # E:\ # Disque fixe local # 277,08 Go (23,78 Go free) [libre] # NTFS
    # F:\ # Disque fixe local # 144,04 Go (39,73 Go free) [LIBRE] # NTFS
    # G:\ # Disque CD-ROM
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque amovible
    # K:\ # Disque amovible
    # L:\ # Disque CD-ROM
    # M:\ # Disque CD-ROM

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\TUProgSt.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\WINDOWS\SYSTEM32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\WINDOWS\SYSTEM32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\wintems.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\alain\AppData\Roaming\drivers\winupgro.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\alain\AppData\Roaming\drivers\downld\409019.exe

    ################## [ Processus infectieux stoppés ]

    "C:\Windows\System32\wintems.exe" (3612)
    "C:\Users\alain\AppData\Roaming\drivers\winupgro.exe" (3004)
    "C:\Users\alain\AppData\Roaming\drivers\downld\409019.exe" (3184)

    ################## [ C:\Windows # C:\Windows\Prefetch ]

    ################## [ C:\Windows\System32... ]

    Found ! C:\Windows\system32\mdelk.exe
    Found ! C:\Windows\system32\wintems.exe
    Found ! C:\Windows\system32\ban_list.txt

    ################## [ C:\Users\alain\AppData\Roaming ]

    Found ! "C:\Users\alain\AppData\Roaming\m\shared"
    Found ! "C:\Users\alain\AppData\Roaming\m\flec006.exe"
    Found ! "C:\Users\alain\AppData\Roaming\m\list.oct"
    Found ! "C:\Users\alain\AppData\Roaming\m\data.oct"
    Found ! "C:\Users\alain\AppData\Roaming\m\srvlist.oct"
    Found ! "C:\Users\alain\AppData\Roaming\m"
    Found ! "C:\Users\alain\AppData\Roaming\drivers"
    Found ! "C:\Users\alain\AppData\Roaming\drivers\srosa2.sys"
    Found ! "C:\Users\alain\AppData\Roaming\drivers\wfsintwq.sys"
    Found ! "C:\Users\alain\AppData\Roaming\drivers\winupgro.exe"
    Found ! "C:\Users\alain\AppData\Roaming\drivers\downld"

    ################## [ C:\Users\alain...\Temp Files... ]

    Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64[1].jpg
    Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_2[1].jpg
    Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_3[1].jpg
    Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\file[1].txt

    ################## [ Registre / Clés infectieuses ]

    Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Local AppWizard-Generated Applications\msnmsgr
    Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Local AppWizard-Generated Applications\run
    Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Local AppWizard-Generated Applications\winupgro
    Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\bisoft
    Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\DateTime4
    Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\FirtR
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Found ! HKEY_CURRENT_USER\Software\bisoft
    Found ! HKEY_CURRENT_USER\Software\DateTime4
    Found ! HKEY_CURRENT_USER\Software\FirtR
    Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
    Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
    Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
    Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
    Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
    Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

    ################## [ Recherche dans supports amovibles]

    # Recherche fichiers connus :

    Found ! D:\autorun.inf
    Found ! E:\autorun.inf
    Found ! F:\autorun.inf

    ################## [ Registre / Mountpoint2 ]

    # -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.724 ! ]

    et ben...
    0
  4. christorock Messages postés 605 Statut Membre 10
     
    ############################## [ FindyKill V4.724 ]

    # User : alain (Administrateurs) # PC-DE-ALAIN
    # Update on 15/04/09 by Chiquitine29
    # Start at: 01:21:05 | 17/04/2009
    # Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

    # Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Disabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 144,29 Go (21,51 Go free) [OS] # NTFS
    # D:\ # Disque fixe local # 21 Go (5,65 Go free) [ne pas toucher] # NTFS
    # E:\ # Disque fixe local # 277,08 Go (23,78 Go free) [libre] # NTFS
    # F:\ # Disque fixe local # 144,04 Go (39,73 Go free) [LIBRE] # NTFS
    # G:\ # Disque CD-ROM
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque amovible
    # K:\ # Disque amovible
    # L:\ # Disque CD-ROM
    # M:\ # Disque CD-ROM

    ############################## [ Active Processes ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\WINDOWS\SYSTEM32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\runonce.exe
    C:\Windows\system32\conime.exe
    C:\WINDOWS\SYSTEM32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\TUProgSt.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\WINDOWS\SYSTEM32\LogonUI.exe

    ################## [ C:\Windows # C:\Windows\Prefetch ]

    Deleted ! C:\Windows\Prefetch\WINUPGRO.EXE-9432A083.pf

    ################## [ C:\Windows\System32... ]

    Deleted ! C:\Windows\system32\mdelk.exe
    Deleted ! C:\Windows\system32\wintems.exe
    Deleted ! C:\Windows\system32\ban_list.txt

    ################## [ C:\Users\...\AppData\Roaming ]

    Deleted ! "C:\Users\alain\AppData\Roaming\m\flec006.exe"
    Deleted ! "C:\Users\alain\AppData\Roaming\m\list.oct"
    Deleted ! "C:\Users\alain\AppData\Roaming\m\data.oct"
    Deleted ! "C:\Users\alain\AppData\Roaming\m\srvlist.oct"
    Deleted ! "C:\Users\alain\AppData\Roaming\drivers\srosa2.sys"
    Deleted ! "C:\Users\alain\AppData\Roaming\drivers\wfsintwq.sys"
    Deleted ! "C:\Users\alain\AppData\Roaming\drivers\winupgro.exe"
    Deleted ! "C:\Users\alain\AppData\Roaming\m\shared"
    Deleted ! "C:\Users\alain\AppData\Roaming\m"
    Deleted ! "C:\Users\alain\AppData\Roaming\drivers\downld"
    Deleted ! "C:\Users\alain\AppData\Roaming\drivers"

    ################## [ Cleaning .. Temp Files... ]

    Deleted ! C:\Users\alain\AppData\Local\Temp\pxsetup.exe
    Deleted ! C:\Users\alain\AppData\Local\Temp\bye430E.tmp\Disk1\setup.exe
    Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.80.1065\Setup\Setup.exe
    Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.90.1263\Setup.exe
    Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.90.1263\Elevated\Setup.exe
    Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.90.1263\Setup\Setup.exe
    Deleted ! C:\Users\alain\AppData\Local\Temp\Rar$EX00.535\run.exe
    Deleted ! C:\Users\alain\AppData\Local\Temp\Rar$EX00.615\run.exe
    Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64[1].jpg
    Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_2[1].jpg
    Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_3[1].jpg
    Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\file[1].txt

    ################## [ Registry / Infected keys ]

    Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
    Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
    Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Deleted ! HKEY_CURRENT_USER\Software\bisoft
    Deleted ! HKEY_CURRENT_USER\Software\DateTime4
    Deleted ! HKEY_CURRENT_USER\Software\FirtR
    Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
    Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
    Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
    Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
    Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

    ################## [ Cleaning Removable drives ]

    # Deleting Files :

    Not deleted ! D:\autorun.inf
    Not deleted ! E:\autorun.inf
    Not deleted ! F:\autorun.inf

    ################## [ Registry / Mountpoint2 ]

    # -> Not found !

    ################## [ States / Restarting of services ]

    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    # Ndisuio -> # Type of startup =3
    # EapHost -> # Type of startup =2
    # Wlansvc -> # Type of startup =2
    # SharedAccess -> # Type of startup =2
    # wuauserv -> # Type of startup =2
    # wscsvc -> # Type of startup =2
    # WinDefend -> # Type of startup =2
    # -> UAC is Enable.

    ################## [ Searching Other Infections ]

    # Références de comparaison Bagle MD5 :

    File ... : C:\Users\alain\AppData\Roaming\drivers\winupgro.exe
    CRC32 .. : c3d97877
    MD5 .... : 83132a97816b29363d78be838cede31a

    Deleted ! : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    # Taille : 864256 # MD5 : 83132A97816B29363D78BE838CEDE31A

    Deleted ! : E:\emule\Incoming\BitDefender Total Security 2009 Build 12.0.10 Final.zip
    Contain run.exe [864256] with Bagle CRC32 : C801C378

    Deleted ! : E:\emule\Incoming\Mediator Pro 8 build 127.zip
    Contain run.exe [864256] with Bagle CRC32 : E435B851

    ################## [ Corrupted files # Re-Installation required ]

    C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Launch.exe
    C:\Program Files\Acer GameZone\Alice Greenfingers\Launch.exe
    C:\Program Files\Acer GameZone\Azada\Launch.exe
    C:\Program Files\Acer GameZone\Backspin Billiards\Launch.exe
    C:\Program Files\Acer GameZone\Big Kahuna Reef\Launch.exe
    C:\Program Files\Acer GameZone\Bricks of Egypt\Launch.exe
    C:\Program Files\Acer GameZone\Cake Mania\Launch.exe
    C:\Program Files\Acer GameZone\Chicken Invaders 3\Launch.exe
    C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Launch.exe
    C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Launch.exe
    C:\Program Files\Acer GameZone\Kick N Rush\Launch.exe
    C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Launch.exe
    C:\Program Files\Acer GameZone\Mahjongg Artifacts\Launch.exe
    C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Launch.exe
    C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Launch.exe
    C:\Program Files\Acer GameZone\Turbo Pizza\Launch.exe
    C:\Program Files\Acer GameZone\Zuma Deluxe\Launch.exe
    C:\Program Files\ASUS\ASUSUpdate\Update.exe
    F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6000.16724_none_c6a4f64faeb4680c\mcupdate.exe
    F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6000.20889_none_c6f2b504c7fe2e2f\mcupdate.exe
    F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6001.18115_none_c897052babd1f663\mcupdate.exe
    F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6001.22237_none_c90d02b2c4fe00bd\mcupdate.exe

    ################## [ ! End of Report # FindyKill V4.724 ! ]
    0