virus wfsin etc Résolu/Fermé

Question

Bonjour,
voila j'ai télécharger mon premier et dernier jeux et j'ai eu un virus vous allez me dire bien fait et vous avez raison
mais voila je veux me debarase de se virus alors pouvez vous m'aidez merci
j ai executer FindyKil et voici le raport

############################## | FindyKill V5.037 |

# User : Administrateur (Administrateurs) # HP19152189591
# Update on 18/02/2010 by El Desaparecido
# Start at: 14:02:06 | 01/03/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) Dual Core Processor 5400B
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Total Protection 4.9.0.340 [ Enabled | Updated ]

# C:\ # Disque fixe local # 232,88 Go (98,1 Go free) # NTFS
# D:\ # Disque CD-ROM # 4,34 Go (0 Mo free) [Sims2DoubleDeluxe] # UDF
# E:\ # Disque amovible
# I:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wintems.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Autorun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
 
############################## | Processus infectieux stoppés  | 

"C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe"  (1972)
"C:\WINDOWS\wintems.exe"  (3448)

################## | C: |

D:\autorun.inf  

################## | C:\WINDOWS |

C:\WINDOWS\ban_list.txt  
C:\WINDOWS\mdelk.exe  
C:\WINDOWS\wintems.exe  

################## | C:\WINDOWS\Prefetch |

C:\WINDOWS\Prefetch\MDELK.EXE-087EF2B4.pf  
C:\WINDOWS\Prefetch\WINTEMS.EXE-127B61D4.pf  

################## | C:\WINDOWS\system32 |

C:\WINDOWS\system32\srosa2.sys  
C:\WINDOWS\system32\wfsintwq.sys  

################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\Administrateur\Application Data |

C:\Documents and Settings\Administrateur\Application Data\drivers  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\100203.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\100750.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\101218.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\101687.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\101796.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\101921.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\102093.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\102265.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\102375.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\102500.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\102562.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\102671.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\102765.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\102875.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\104765.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\106062.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\106453.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\106843.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\107109.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\107343.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\107687.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\108593.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\108734.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\108875.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\109531.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\110093.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\110359.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\110640.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\112234.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\114593.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\114906.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\115265.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\115328.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\115406.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\115812.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\116218.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\116328.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\116437.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\116578.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\116750.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\116906.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\117046.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\117187.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\117375.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\117500.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\41562.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\41828.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\42093.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\44703.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\45062.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\45687.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\49734.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\50015.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\50453.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\50562.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\50671.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\50781.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\50906.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\51046.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\51312.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\51828.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\52359.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\52515.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\52656.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\53390.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\54234.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\54828.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\55406.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\55546.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\55703.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\55796.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\55937.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\56812.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\57640.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\57796.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\57984.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\58093.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\58203.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\58625.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\59125.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\59218.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\59359.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\59515.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\59718.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\61203.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\62546.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\62718.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\62890.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\63343.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\63687.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\64203.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\64750.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\64968.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\65187.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\65296.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\65421.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\65687.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\65984.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\66750.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\67562.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\70343.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\70453.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\70625.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\70812.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\70921.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\71046.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\71265.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\71390.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\71687.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\72062.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\72375.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\72687.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\74750.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\76062.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\76828.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\77593.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\77734.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\77890.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\78031.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\78218.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\78359.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\78453.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\78578.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\78750.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\78875.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\79031.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\79203.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\82390.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\82671.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\82984.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\83406.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\83843.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\84390.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\84921.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\85453.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\86015.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\86125.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\86265.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\86390.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\86546.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\86750.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\86968.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\87281.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\87640.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\88406.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\89203.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\89281.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\89406.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\89531.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\89671.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\90468.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\91265.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\91453.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\91687.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\91843.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\92031.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\92171.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\92343.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\92796.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\94265.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\95062.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\95625.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\95734.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\95875.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\96015.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\96125.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\97312.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\98421.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99015.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\downld\99671.exe  
C:\Documents and Settings\Administrateur\Application Data\drivers\winupgro.exe  

################## | Temporary Internet Files |


################## | Registre |

[HKLM\SYSTEM\CurrentControlSet\Services\srosa]  
[HKLM\SYSTEM\ControlSet001\Services\srosa]  
[HKLM\SYSTEM\ControlSet002\Services\srosa]  
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]  
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]  
[HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA]  
[HKCU\Software\bisoft]  
[HKCU\Software\DateTime4]  
[HKCU\Software\WS4001]  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
[HKU\S-1-5-21-1353277950-2612609428-1979475589-500\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
[HKU\S-1-5-21-1353277950-2612609428-1979475589-500\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
[HKU\S-1-5-21-1353277950-2612609428-1979475589-500\Software\bisoft]  
[HKU\S-1-5-21-1353277950-2612609428-1979475589-500\Software\DateTime4]  
[HKCU\Software\Local AppWizard-Generated Applications\key_gen]  
[HKCU\Software\Local AppWizard-Generated Applications\winupgro]  
[HKU\S-1-5-21-1353277950-2612609428-1979475589-500\Software\Local AppWizard-Generated Applications\key_gen]  
[HKU\S-1-5-21-1353277950-2612609428-1979475589-500\Software\Local AppWizard-Generated Applications\winupgro]  

################## | Etat |

# Affichage des fichiers cachés : OK
 
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !  
 
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )  
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )  

################## | ! Fin du rapport # FindyKill V5.037 ! |

merci je suprime sé sa?????,

benurrr · Answer

bonjour

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir 


--> Double clic sur le raccourci FindyKill sur ton bureau 

--> Au menu principal,choisi l option 2 (Suppression) 


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu'à  l apparition du message "nettoyage effectué" 

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal ! 

-------> ensuite post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque 
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides 

-----------------
 Attention aux cracks, c'est un important vecteur d'infection (télécharger un crack ou même visiter un site de crack a de grandes chances d'infecter l'ordinateur) : plus de 40%des infections
1-IMPORTANT :
je rappelle que bagle est amené par un crack et qu'il se relance dès que tu te sers de celui ci; même si tu ne sers pas, il peut se relancer de lui même au démarrage de ton PC . En claire :
Essayes surtout de te rappeler si récemment tu n' as pas clicker sur un "patch" ou un "keygen" pour installer un logiciel, un jeu cracké ou avoir une version complète d'un soft , et qu'il ne se soit rien passé de particulier ... C'est la que les bagles s'infiltrent ! Si tu retrouves ce crack en particulier ,scratch tout ( le crack, le soft ou encore les zip concernés). Si tu ne te rappelles plus trop , je te conseille fortement de supprimer tous les cracks qui sont sur ton PC ... ;) 

https://forum.malekal.com/viewtopic.php?f=33&t=893 

Si tu en as, il faut les supprimer, ou il vont réinfecter continuellement ton pc...

Virus wfsin etc

1 réponse

Discussions similaires