Registre et fichier infecter
christorock
Messages postés
605
Statut
Membre
-
christorock Messages postés 605 Statut Membre -
christorock Messages postés 605 Statut Membre -
Bonjour, voila mon rapport de malwarebytes.
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1951
Windows 6.0.6001 Service Pack 1
17/04/2009 00:57:56
mbam-log-2009-04-17 (00-57-40).txt
Type de recherche: Examen rapide
Eléments examinés: 62811
Temps écoulé: 6 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\alain\AppData\Roaming\drivers\srosa2.sys (Trojan.Agent) -> No action taken.
C:\Users\alain\AppData\Roaming\drivers\winupgro.exe (Trojan.Agent) -> No action taken.
C:\Users\alain\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> No action taken.
C:\Users\alain\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> No action taken.
C:\Users\alain\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> No action taken.
Suis-je bien infecter par un Bagle? (Sa va faire la 3eme fois...)
Merci d'avance.
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1951
Windows 6.0.6001 Service Pack 1
17/04/2009 00:57:56
mbam-log-2009-04-17 (00-57-40).txt
Type de recherche: Examen rapide
Eléments examinés: 62811
Temps écoulé: 6 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\alain\AppData\Roaming\drivers\srosa2.sys (Trojan.Agent) -> No action taken.
C:\Users\alain\AppData\Roaming\drivers\winupgro.exe (Trojan.Agent) -> No action taken.
C:\Users\alain\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> No action taken.
C:\Users\alain\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> No action taken.
C:\Users\alain\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> No action taken.
Suis-je bien infecter par un Bagle? (Sa va faire la 3eme fois...)
Merci d'avance.
A voir également:
- Registre et fichier infecter
- Registre windows - Guide
- Fichier bin - Guide
- Fichier epub - Guide
- Fichier rar - Guide
- Comment réduire la taille d'un fichier - Guide
4 réponses
Salut ! as-tu supprimé toutes ces infections à la fin du scan de malwarebyte ? effectivement il y a du bagle.
non j'avais oublier^^
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1951
Windows 6.0.6001 Service Pack 1
17/04/2009 01:04:03
mbam-log-2009-04-17 (01-04-03).txt
Type de recherche: Examen rapide
Eléments examinés: 62811
Temps écoulé: 6 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\alain\AppData\Roaming\drivers\srosa2.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\alain\AppData\Roaming\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\alain\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\alain\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\Users\alain\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 1951
Windows 6.0.6001 Service Pack 1
17/04/2009 01:04:03
mbam-log-2009-04-17 (01-04-03).txt
Type de recherche: Examen rapide
Eléments examinés: 62811
Temps écoulé: 6 minute(s), 41 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sk9ou0s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk9ou0s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\alain\AppData\Roaming\drivers\srosa2.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\alain\AppData\Roaming\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\alain\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\alain\Application Data\drivers\srosa2.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\Users\alain\Application Data\drivers\wfsintwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
############################## [ FindyKill V4.724 ]
# User : alain (Administrateurs) # PC-DE-ALAIN
# Update on 15/04/09 by Chiquitine29
# Start at: 01:12:19 | 17/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 144,29 Go (21,49 Go free) [OS] # NTFS
# D:\ # Disque fixe local # 21 Go (5,65 Go free) [ne pas toucher] # NTFS
# E:\ # Disque fixe local # 277,08 Go (23,78 Go free) [libre] # NTFS
# F:\ # Disque fixe local # 144,04 Go (39,73 Go free) [LIBRE] # NTFS
# G:\ # Disque CD-ROM
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible
# K:\ # Disque amovible
# L:\ # Disque CD-ROM
# M:\ # Disque CD-ROM
############################## [ Processus actifs ]
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\wintems.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\alain\AppData\Roaming\drivers\winupgro.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\alain\AppData\Roaming\drivers\downld\409019.exe
################## [ Processus infectieux stoppés ]
"C:\Windows\System32\wintems.exe" (3612)
"C:\Users\alain\AppData\Roaming\drivers\winupgro.exe" (3004)
"C:\Users\alain\AppData\Roaming\drivers\downld\409019.exe" (3184)
################## [ C:\Windows # C:\Windows\Prefetch ]
################## [ C:\Windows\System32... ]
Found ! C:\Windows\system32\mdelk.exe
Found ! C:\Windows\system32\wintems.exe
Found ! C:\Windows\system32\ban_list.txt
################## [ C:\Users\alain\AppData\Roaming ]
Found ! "C:\Users\alain\AppData\Roaming\m\shared"
Found ! "C:\Users\alain\AppData\Roaming\m\flec006.exe"
Found ! "C:\Users\alain\AppData\Roaming\m\list.oct"
Found ! "C:\Users\alain\AppData\Roaming\m\data.oct"
Found ! "C:\Users\alain\AppData\Roaming\m\srvlist.oct"
Found ! "C:\Users\alain\AppData\Roaming\m"
Found ! "C:\Users\alain\AppData\Roaming\drivers"
Found ! "C:\Users\alain\AppData\Roaming\drivers\srosa2.sys"
Found ! "C:\Users\alain\AppData\Roaming\drivers\wfsintwq.sys"
Found ! "C:\Users\alain\AppData\Roaming\drivers\winupgro.exe"
Found ! "C:\Users\alain\AppData\Roaming\drivers\downld"
################## [ C:\Users\alain...\Temp Files... ]
Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64[1].jpg
Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_2[1].jpg
Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_3[1].jpg
Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\file[1].txt
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Recherche dans supports amovibles]
# Recherche fichiers connus :
Found ! D:\autorun.inf
Found ! E:\autorun.inf
Found ! F:\autorun.inf
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.724 ! ]
et ben...
# User : alain (Administrateurs) # PC-DE-ALAIN
# Update on 15/04/09 by Chiquitine29
# Start at: 01:12:19 | 17/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 144,29 Go (21,49 Go free) [OS] # NTFS
# D:\ # Disque fixe local # 21 Go (5,65 Go free) [ne pas toucher] # NTFS
# E:\ # Disque fixe local # 277,08 Go (23,78 Go free) [libre] # NTFS
# F:\ # Disque fixe local # 144,04 Go (39,73 Go free) [LIBRE] # NTFS
# G:\ # Disque CD-ROM
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible
# K:\ # Disque amovible
# L:\ # Disque CD-ROM
# M:\ # Disque CD-ROM
############################## [ Processus actifs ]
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\wintems.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\alain\AppData\Roaming\drivers\winupgro.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\alain\AppData\Roaming\drivers\downld\409019.exe
################## [ Processus infectieux stoppés ]
"C:\Windows\System32\wintems.exe" (3612)
"C:\Users\alain\AppData\Roaming\drivers\winupgro.exe" (3004)
"C:\Users\alain\AppData\Roaming\drivers\downld\409019.exe" (3184)
################## [ C:\Windows # C:\Windows\Prefetch ]
################## [ C:\Windows\System32... ]
Found ! C:\Windows\system32\mdelk.exe
Found ! C:\Windows\system32\wintems.exe
Found ! C:\Windows\system32\ban_list.txt
################## [ C:\Users\alain\AppData\Roaming ]
Found ! "C:\Users\alain\AppData\Roaming\m\shared"
Found ! "C:\Users\alain\AppData\Roaming\m\flec006.exe"
Found ! "C:\Users\alain\AppData\Roaming\m\list.oct"
Found ! "C:\Users\alain\AppData\Roaming\m\data.oct"
Found ! "C:\Users\alain\AppData\Roaming\m\srvlist.oct"
Found ! "C:\Users\alain\AppData\Roaming\m"
Found ! "C:\Users\alain\AppData\Roaming\drivers"
Found ! "C:\Users\alain\AppData\Roaming\drivers\srosa2.sys"
Found ! "C:\Users\alain\AppData\Roaming\drivers\wfsintwq.sys"
Found ! "C:\Users\alain\AppData\Roaming\drivers\winupgro.exe"
Found ! "C:\Users\alain\AppData\Roaming\drivers\downld"
################## [ C:\Users\alain...\Temp Files... ]
Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64[1].jpg
Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_2[1].jpg
Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_3[1].jpg
Found ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\file[1].txt
################## [ Registre / Clés infectieuses ]
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\bisoft
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\DateTime4
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! HKEY_CURRENT_USER\Software\bisoft
Found ! HKEY_CURRENT_USER\Software\DateTime4
Found ! HKEY_CURRENT_USER\Software\FirtR
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
Found ! HKEY_USERS\S-1-5-21-2081871274-3087758580-1657631680-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Recherche dans supports amovibles]
# Recherche fichiers connus :
Found ! D:\autorun.inf
Found ! E:\autorun.inf
Found ! F:\autorun.inf
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.724 ! ]
et ben...
############################## [ FindyKill V4.724 ]
# User : alain (Administrateurs) # PC-DE-ALAIN
# Update on 15/04/09 by Chiquitine29
# Start at: 01:21:05 | 17/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 144,29 Go (21,51 Go free) [OS] # NTFS
# D:\ # Disque fixe local # 21 Go (5,65 Go free) [ne pas toucher] # NTFS
# E:\ # Disque fixe local # 277,08 Go (23,78 Go free) [libre] # NTFS
# F:\ # Disque fixe local # 144,04 Go (39,73 Go free) [LIBRE] # NTFS
# G:\ # Disque CD-ROM
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible
# K:\ # Disque amovible
# L:\ # Disque CD-ROM
# M:\ # Disque CD-ROM
############################## [ Active Processes ]
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM32\LogonUI.exe
################## [ C:\Windows # C:\Windows\Prefetch ]
Deleted ! C:\Windows\Prefetch\WINUPGRO.EXE-9432A083.pf
################## [ C:\Windows\System32... ]
Deleted ! C:\Windows\system32\mdelk.exe
Deleted ! C:\Windows\system32\wintems.exe
Deleted ! C:\Windows\system32\ban_list.txt
################## [ C:\Users\...\AppData\Roaming ]
Deleted ! "C:\Users\alain\AppData\Roaming\m\flec006.exe"
Deleted ! "C:\Users\alain\AppData\Roaming\m\list.oct"
Deleted ! "C:\Users\alain\AppData\Roaming\m\data.oct"
Deleted ! "C:\Users\alain\AppData\Roaming\m\srvlist.oct"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers\srosa2.sys"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers\wfsintwq.sys"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers\winupgro.exe"
Deleted ! "C:\Users\alain\AppData\Roaming\m\shared"
Deleted ! "C:\Users\alain\AppData\Roaming\m"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers\downld"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers"
################## [ Cleaning .. Temp Files... ]
Deleted ! C:\Users\alain\AppData\Local\Temp\pxsetup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\bye430E.tmp\Disk1\setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.80.1065\Setup\Setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.90.1263\Setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.90.1263\Elevated\Setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.90.1263\Setup\Setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\Rar$EX00.535\run.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\Rar$EX00.615\run.exe
Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64[1].jpg
Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_2[1].jpg
Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_3[1].jpg
Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\file[1].txt
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\FirtR
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
# Deleting Files :
Not deleted ! D:\autorun.inf
Not deleted ! E:\autorun.inf
Not deleted ! F:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Wlansvc -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# WinDefend -> # Type of startup =2
# -> UAC is Enable.
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Users\alain\AppData\Roaming\drivers\winupgro.exe
CRC32 .. : c3d97877
MD5 .... : 83132a97816b29363d78be838cede31a
Deleted ! : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
# Taille : 864256 # MD5 : 83132A97816B29363D78BE838CEDE31A
Deleted ! : E:\emule\Incoming\BitDefender Total Security 2009 Build 12.0.10 Final.zip
Contain run.exe [864256] with Bagle CRC32 : C801C378
Deleted ! : E:\emule\Incoming\Mediator Pro 8 build 127.zip
Contain run.exe [864256] with Bagle CRC32 : E435B851
################## [ Corrupted files # Re-Installation required ]
C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Launch.exe
C:\Program Files\Acer GameZone\Alice Greenfingers\Launch.exe
C:\Program Files\Acer GameZone\Azada\Launch.exe
C:\Program Files\Acer GameZone\Backspin Billiards\Launch.exe
C:\Program Files\Acer GameZone\Big Kahuna Reef\Launch.exe
C:\Program Files\Acer GameZone\Bricks of Egypt\Launch.exe
C:\Program Files\Acer GameZone\Cake Mania\Launch.exe
C:\Program Files\Acer GameZone\Chicken Invaders 3\Launch.exe
C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Launch.exe
C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Launch.exe
C:\Program Files\Acer GameZone\Kick N Rush\Launch.exe
C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Launch.exe
C:\Program Files\Acer GameZone\Mahjongg Artifacts\Launch.exe
C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Launch.exe
C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Launch.exe
C:\Program Files\Acer GameZone\Turbo Pizza\Launch.exe
C:\Program Files\Acer GameZone\Zuma Deluxe\Launch.exe
C:\Program Files\ASUS\ASUSUpdate\Update.exe
F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6000.16724_none_c6a4f64faeb4680c\mcupdate.exe
F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6000.20889_none_c6f2b504c7fe2e2f\mcupdate.exe
F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6001.18115_none_c897052babd1f663\mcupdate.exe
F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6001.22237_none_c90d02b2c4fe00bd\mcupdate.exe
################## [ ! End of Report # FindyKill V4.724 ! ]
# User : alain (Administrateurs) # PC-DE-ALAIN
# Update on 15/04/09 by Chiquitine29
# Start at: 01:21:05 | 17/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 144,29 Go (21,51 Go free) [OS] # NTFS
# D:\ # Disque fixe local # 21 Go (5,65 Go free) [ne pas toucher] # NTFS
# E:\ # Disque fixe local # 277,08 Go (23,78 Go free) [libre] # NTFS
# F:\ # Disque fixe local # 144,04 Go (39,73 Go free) [LIBRE] # NTFS
# G:\ # Disque CD-ROM
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible
# K:\ # Disque amovible
# L:\ # Disque CD-ROM
# M:\ # Disque CD-ROM
############################## [ Active Processes ]
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\WINDOWS\SYSTEM32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\WINDOWS\SYSTEM32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM32\LogonUI.exe
################## [ C:\Windows # C:\Windows\Prefetch ]
Deleted ! C:\Windows\Prefetch\WINUPGRO.EXE-9432A083.pf
################## [ C:\Windows\System32... ]
Deleted ! C:\Windows\system32\mdelk.exe
Deleted ! C:\Windows\system32\wintems.exe
Deleted ! C:\Windows\system32\ban_list.txt
################## [ C:\Users\...\AppData\Roaming ]
Deleted ! "C:\Users\alain\AppData\Roaming\m\flec006.exe"
Deleted ! "C:\Users\alain\AppData\Roaming\m\list.oct"
Deleted ! "C:\Users\alain\AppData\Roaming\m\data.oct"
Deleted ! "C:\Users\alain\AppData\Roaming\m\srvlist.oct"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers\srosa2.sys"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers\wfsintwq.sys"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers\winupgro.exe"
Deleted ! "C:\Users\alain\AppData\Roaming\m\shared"
Deleted ! "C:\Users\alain\AppData\Roaming\m"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers\downld"
Deleted ! "C:\Users\alain\AppData\Roaming\drivers"
################## [ Cleaning .. Temp Files... ]
Deleted ! C:\Users\alain\AppData\Local\Temp\pxsetup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\bye430E.tmp\Disk1\setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.80.1065\Setup\Setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.90.1263\Setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.90.1263\Elevated\Setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\QuickCam_11.90.1263\Setup\Setup.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\Rar$EX00.535\run.exe
Deleted ! C:\Users\alain\AppData\Local\Temp\Rar$EX00.615\run.exe
Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64[1].jpg
Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_2[1].jpg
Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\b64_3[1].jpg
Deleted ! C:\Users\alain\Local Settings\Temporary Internet Files\Content.IE5\X3ZXYV4X\file[1].txt
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\FirtR
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\msnmsgr
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\run
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
# Deleting Files :
Not deleted ! D:\autorun.inf
Not deleted ! E:\autorun.inf
Not deleted ! F:\autorun.inf
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# EapHost -> # Type of startup =2
# Wlansvc -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# WinDefend -> # Type of startup =2
# -> UAC is Enable.
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Users\alain\AppData\Roaming\drivers\winupgro.exe
CRC32 .. : c3d97877
MD5 .... : 83132a97816b29363d78be838cede31a
Deleted ! : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
# Taille : 864256 # MD5 : 83132A97816B29363D78BE838CEDE31A
Deleted ! : E:\emule\Incoming\BitDefender Total Security 2009 Build 12.0.10 Final.zip
Contain run.exe [864256] with Bagle CRC32 : C801C378
Deleted ! : E:\emule\Incoming\Mediator Pro 8 build 127.zip
Contain run.exe [864256] with Bagle CRC32 : E435B851
################## [ Corrupted files # Re-Installation required ]
C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Launch.exe
C:\Program Files\Acer GameZone\Alice Greenfingers\Launch.exe
C:\Program Files\Acer GameZone\Azada\Launch.exe
C:\Program Files\Acer GameZone\Backspin Billiards\Launch.exe
C:\Program Files\Acer GameZone\Big Kahuna Reef\Launch.exe
C:\Program Files\Acer GameZone\Bricks of Egypt\Launch.exe
C:\Program Files\Acer GameZone\Cake Mania\Launch.exe
C:\Program Files\Acer GameZone\Chicken Invaders 3\Launch.exe
C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Launch.exe
C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Launch.exe
C:\Program Files\Acer GameZone\Kick N Rush\Launch.exe
C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Launch.exe
C:\Program Files\Acer GameZone\Mahjongg Artifacts\Launch.exe
C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Launch.exe
C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Launch.exe
C:\Program Files\Acer GameZone\Turbo Pizza\Launch.exe
C:\Program Files\Acer GameZone\Zuma Deluxe\Launch.exe
C:\Program Files\ASUS\ASUSUpdate\Update.exe
F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6000.16724_none_c6a4f64faeb4680c\mcupdate.exe
F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6000.20889_none_c6f2b504c7fe2e2f\mcupdate.exe
F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6001.18115_none_c897052babd1f663\mcupdate.exe
F:\SoftwareDistribution\Download\85fed4faadb2c3bfb4a2c4c7143088fb\x86_mcupdate_31bf3856ad364e35_6.0.6001.22237_none_c90d02b2c4fe00bd\mcupdate.exe
################## [ ! End of Report # FindyKill V4.724 ! ]
