Rapport Findkill, virus bagle
meyerbsa
Messages postés
4
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Tout d'abord je vous remercie d'avance pour l'intérêt que vous porterez à cette demande.
J'ai attrapé le ver Bagle. J'ai lancé FindKill. Ne sachant comment procédé pour la suite je vous soumets le rapport ci dessous et me réjouis d'une future réponse.
Merci
############################## | FindyKill V5.043 |
# User : Samuel (Administrateurs) # BIBISCH
# Update on 12/05/2010 by El Desaparecido
# Start at: 19:49:45 | 31.05.2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Processeur Intel Pentium III Xeon
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.7.986 [VPS 100330-1] 4.7.986 [ Enabled | Updated ]
# C:\ # Disque fixe local # 149.04 Go (9.54 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
############################## | Processus infectieux stoppés |
"C:\Documents and Settings\Samuel\Application Data\drivers\winupgro.exe" (2568)
"C:\Documents and Settings\Samuel\Application Data\m\flec006.exe" (2592)
"C:\Documents and Settings\Samuel\Application Data\hidires\flec003.exe" -run (3044)
"C:\WINDOWS\wintems.exe" (252)
################## | Eléments infectieux |
C:\WINDOWS\ban_list.txt
C:\WINDOWS\mdelk.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\system32\srosa2.sys
C:\WINDOWS\system32\wfsintwq.sys
C:\Documents and Settings\Samuel\Application Data\drivers
C:\Documents and Settings\Samuel\Application Data\drivers\downld
C:\Documents and Settings\Samuel\Application Data\drivers\winupgro.exe
C:\Documents and Settings\Samuel\Application Data\hidires
C:\Documents and Settings\Samuel\Application Data\hidires\config
C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_BootstrapIPs.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_SearchStrings.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_ServerMetURLs.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\cancelled.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\clients.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\clients.met.bak
C:\Documents and Settings\Samuel\Application Data\hidires\config\cryptkey.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\emfriends.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\key_index.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\known.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\known2_64.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\load_index.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\nodes.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\preferences.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\preferences.ini
C:\Documents and Settings\Samuel\Application Data\hidires\config\preferencesKad.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\server.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\server_met.old
C:\Documents and Settings\Samuel\Application Data\hidires\config\shareddir.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\src_index.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\statistics.ini
C:\Documents and Settings\Samuel\Application Data\hidires\config\StoredSearches.met
C:\Documents and Settings\Samuel\Application Data\hidires\downloads.bak
C:\Documents and Settings\Samuel\Application Data\hidires\downloads.txt
C:\Documents and Settings\Samuel\Application Data\hidires\file.exe
C:\Documents and Settings\Samuel\Application Data\hidires\flec003.exe
C:\Documents and Settings\Samuel\Application Data\hidires\flec005.exe
C:\Documents and Settings\Samuel\Application Data\hidires\Incoming
C:\Documents and Settings\Samuel\Application Data\hidires\lang
C:\Documents and Settings\Samuel\Application Data\hidires\names.txt
C:\Documents and Settings\Samuel\Application Data\hidires\server.txt
C:\Documents and Settings\Samuel\Application Data\hidires\skins
C:\Documents and Settings\Samuel\Application Data\hidires\Temp
C:\Documents and Settings\Samuel\Application Data\hidires\WDIR
C:\Documents and Settings\Samuel\Application Data\hidires\webserver
C:\Documents and Settings\Samuel\Application Data\m
C:\Documents and Settings\Samuel\Application Data\m\data.oct
C:\Documents and Settings\Samuel\Application Data\m\flec006.exe
C:\Documents and Settings\Samuel\Application Data\m\list.oct
C:\Documents and Settings\Samuel\Application Data\m\srvlist.oct
C:\Documents and Settings\Samuel\Application Data\m\shared
################## | Registre |
[HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]
[HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
[HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]
[HKLM\SYSTEM\CurrentControlSet\Services\srosa]
[HKLM\SYSTEM\ControlSet001\Services\srosa]
[HKLM\SYSTEM\ControlSet003\Services\srosa]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
[HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
[HKCU\Software\bisoft]
[HKCU\Software\DateTime4]
[HKCU\Software\MuleAppData]
[HKCU\Software\WS4001]
[HKCR\ed2k]
[HKCU\Software\Classes\ed2k]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "flec003.exe"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "flec003.exe"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\bisoft]
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\DateTime4]
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\MuleAppData]
[HKCU\Software\Local AppWizard-Generated Applications\key_generator]
[HKCU\Software\Local AppWizard-Generated Applications\winupgro]
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Local AppWizard-Generated Applications\key_generator]
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]
################## | Etat |
# Affichage des fichiers cachés : OK
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | ! Fin du rapport # FindyKill V5.043 ! |
Tout d'abord je vous remercie d'avance pour l'intérêt que vous porterez à cette demande.
J'ai attrapé le ver Bagle. J'ai lancé FindKill. Ne sachant comment procédé pour la suite je vous soumets le rapport ci dessous et me réjouis d'une future réponse.
Merci
############################## | FindyKill V5.043 |
# User : Samuel (Administrateurs) # BIBISCH
# Update on 12/05/2010 by El Desaparecido
# Start at: 19:49:45 | 31.05.2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Processeur Intel Pentium III Xeon
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.7.986 [VPS 100330-1] 4.7.986 [ Enabled | Updated ]
# C:\ # Disque fixe local # 149.04 Go (9.54 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
############################## | Processus infectieux stoppés |
"C:\Documents and Settings\Samuel\Application Data\drivers\winupgro.exe" (2568)
"C:\Documents and Settings\Samuel\Application Data\m\flec006.exe" (2592)
"C:\Documents and Settings\Samuel\Application Data\hidires\flec003.exe" -run (3044)
"C:\WINDOWS\wintems.exe" (252)
################## | Eléments infectieux |
C:\WINDOWS\ban_list.txt
C:\WINDOWS\mdelk.exe
C:\WINDOWS\wintems.exe
C:\WINDOWS\system32\srosa2.sys
C:\WINDOWS\system32\wfsintwq.sys
C:\Documents and Settings\Samuel\Application Data\drivers
C:\Documents and Settings\Samuel\Application Data\drivers\downld
C:\Documents and Settings\Samuel\Application Data\drivers\winupgro.exe
C:\Documents and Settings\Samuel\Application Data\hidires
C:\Documents and Settings\Samuel\Application Data\hidires\config
C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_BootstrapIPs.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_SearchStrings.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_ServerMetURLs.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\cancelled.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\clients.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\clients.met.bak
C:\Documents and Settings\Samuel\Application Data\hidires\config\cryptkey.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\emfriends.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\key_index.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\known.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\known2_64.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\load_index.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\nodes.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\preferences.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\preferences.ini
C:\Documents and Settings\Samuel\Application Data\hidires\config\preferencesKad.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\server.met
C:\Documents and Settings\Samuel\Application Data\hidires\config\server_met.old
C:\Documents and Settings\Samuel\Application Data\hidires\config\shareddir.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\src_index.dat
C:\Documents and Settings\Samuel\Application Data\hidires\config\statistics.ini
C:\Documents and Settings\Samuel\Application Data\hidires\config\StoredSearches.met
C:\Documents and Settings\Samuel\Application Data\hidires\downloads.bak
C:\Documents and Settings\Samuel\Application Data\hidires\downloads.txt
C:\Documents and Settings\Samuel\Application Data\hidires\file.exe
C:\Documents and Settings\Samuel\Application Data\hidires\flec003.exe
C:\Documents and Settings\Samuel\Application Data\hidires\flec005.exe
C:\Documents and Settings\Samuel\Application Data\hidires\Incoming
C:\Documents and Settings\Samuel\Application Data\hidires\lang
C:\Documents and Settings\Samuel\Application Data\hidires\names.txt
C:\Documents and Settings\Samuel\Application Data\hidires\server.txt
C:\Documents and Settings\Samuel\Application Data\hidires\skins
C:\Documents and Settings\Samuel\Application Data\hidires\Temp
C:\Documents and Settings\Samuel\Application Data\hidires\WDIR
C:\Documents and Settings\Samuel\Application Data\hidires\webserver
C:\Documents and Settings\Samuel\Application Data\m
C:\Documents and Settings\Samuel\Application Data\m\data.oct
C:\Documents and Settings\Samuel\Application Data\m\flec006.exe
C:\Documents and Settings\Samuel\Application Data\m\list.oct
C:\Documents and Settings\Samuel\Application Data\m\srvlist.oct
C:\Documents and Settings\Samuel\Application Data\m\shared
################## | Registre |
[HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]
[HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
[HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]
[HKLM\SYSTEM\CurrentControlSet\Services\srosa]
[HKLM\SYSTEM\ControlSet001\Services\srosa]
[HKLM\SYSTEM\ControlSet003\Services\srosa]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
[HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
[HKCU\Software\bisoft]
[HKCU\Software\DateTime4]
[HKCU\Software\MuleAppData]
[HKCU\Software\WS4001]
[HKCR\ed2k]
[HKCU\Software\Classes\ed2k]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "flec003.exe"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "flec003.exe"
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\bisoft]
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\DateTime4]
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\MuleAppData]
[HKCU\Software\Local AppWizard-Generated Applications\key_generator]
[HKCU\Software\Local AppWizard-Generated Applications\winupgro]
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Local AppWizard-Generated Applications\key_generator]
[HKU\S-1-5-21-1801674531-507921405-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]
################## | Etat |
# Affichage des fichiers cachés : OK
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | ! Fin du rapport # FindyKill V5.043 ! |
A voir également:
- Rapport Findkill, virus bagle
- Virus mcafee - Accueil - Piratage
- Plan rapport de stage - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
3 réponses
Bonsoir,
! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
* Le pc va redémarrer automatiquement ...
le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
* Le pc va redémarrer automatiquement ...
le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
Bonsoir,
J'ai fini de lancer la démarche proposé et voilà ce que j'obtiens:
############################## | FindyKill V5.043 |
# User : Samuel (Administrateurs) # BIBISCH
# Update on 12/05/2010 by El Desaparecido
# Start at: 20:51:54 | 31.05.2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Processeur Intel Pentium III Xeon
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.7.986 [VPS 100330-1] 4.7.986 [ Enabled | Updated ]
# C:\ # Disque fixe local # 149.04 Go (9.48 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# I:\ # Disque amovible # 7.47 Go (1.26 Go free) [BIBICH] # FAT32
################## | Eléments infectieux |
Supprimé ! C:\WINDOWS\ban_list.txt
Supprimé ! C:\WINDOWS\mdelk.exe
Supprimé ! C:\WINDOWS\wintems.exe
Supprimé ! C:\WINDOWS\system32\srosa2.sys
Supprimé ! C:\WINDOWS\system32\wfsintwq.sys
Supprimé ! C:\Documents and Settings\Samuel\Application Data\drivers\downld
Supprimé ! C:\Documents and Settings\Samuel\Application Data\drivers\winupgro.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\drivers
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\downloads.bak
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\downloads.txt
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_BootstrapIPs.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_SearchStrings.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_ServerMetURLs.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\cancelled.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\clients.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\clients.met.bak
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\cryptkey.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\emfriends.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\key_index.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\known.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\known2_64.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\load_index.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\nodes.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\preferences.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\preferences.ini
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\preferencesKad.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\server.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\server_met.old
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\shareddir.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\src_index.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\statistics.ini
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\StoredSearches.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\file.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\flec003.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\flec005.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\Incoming
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\lang
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\names.txt
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\server.txt
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\skins
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\Temp
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\WDIR
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\webserver
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\data.oct
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\flec006.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\list.oct
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\shared
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\srvlist.oct
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m
################## | Références de comparaison Bagle MD5 : |
File : C:\Documents and Settings\Samuel\Application Data\drivers\winupgro.exe
-> Crc32 : 6f1f132f | Md5 : 8beaa9e486408710826509758e3b85ec
################## | MD5 ... |
Supprimé ! "C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe"
-> Size : 1058304 | Crc32 : 6f1f132f | Md5 : 8beaa9e486408710826509758e3b85ec
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP107\A0026773.exe"
-> Size : 1033216 | Crc32 : 7de3edef | Md5 : 301501ecb76a5bf5f9feadd1ec56e078
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP107\A0026843.exe"
-> Size : 1033216 | Crc32 : 7de3edef | Md5 : 301501ecb76a5bf5f9feadd1ec56e078
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP146\A0043010.exe"
-> Size : 1033216 | Crc32 : 7de3edef | Md5 : 301501ecb76a5bf5f9feadd1ec56e078
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP146\A0043043.exe"
-> Size : 1058304 | Crc32 : 6f1f132f | Md5 : 8beaa9e486408710826509758e3b85ec
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP155\A0045937.exe"
-> Size : 1058304 | Crc32 : 6f1f132f | Md5 : 8beaa9e486408710826509758e3b85ec
################## | CRC32 ... |
J'ai fini de lancer la démarche proposé et voilà ce que j'obtiens:
############################## | FindyKill V5.043 |
# User : Samuel (Administrateurs) # BIBISCH
# Update on 12/05/2010 by El Desaparecido
# Start at: 20:51:54 | 31.05.2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# Processeur Intel Pentium III Xeon
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.7.986 [VPS 100330-1] 4.7.986 [ Enabled | Updated ]
# C:\ # Disque fixe local # 149.04 Go (9.48 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# I:\ # Disque amovible # 7.47 Go (1.26 Go free) [BIBICH] # FAT32
################## | Eléments infectieux |
Supprimé ! C:\WINDOWS\ban_list.txt
Supprimé ! C:\WINDOWS\mdelk.exe
Supprimé ! C:\WINDOWS\wintems.exe
Supprimé ! C:\WINDOWS\system32\srosa2.sys
Supprimé ! C:\WINDOWS\system32\wfsintwq.sys
Supprimé ! C:\Documents and Settings\Samuel\Application Data\drivers\downld
Supprimé ! C:\Documents and Settings\Samuel\Application Data\drivers\winupgro.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\drivers
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\downloads.bak
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\downloads.txt
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_BootstrapIPs.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_SearchStrings.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\AC_ServerMetURLs.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\cancelled.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\clients.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\clients.met.bak
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\cryptkey.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\emfriends.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\key_index.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\known.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\known2_64.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\load_index.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\nodes.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\preferences.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\preferences.ini
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\preferencesKad.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\server.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\server_met.old
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\shareddir.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\src_index.dat
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\statistics.ini
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config\StoredSearches.met
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\config
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\file.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\flec003.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\flec005.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\Incoming
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\lang
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\names.txt
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\server.txt
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\skins
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\Temp
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\WDIR
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires\webserver
Supprimé ! C:\Documents and Settings\Samuel\Application Data\hidires
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\data.oct
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\flec006.exe
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\list.oct
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\shared
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m\srvlist.oct
Supprimé ! C:\Documents and Settings\Samuel\Application Data\m
################## | Références de comparaison Bagle MD5 : |
File : C:\Documents and Settings\Samuel\Application Data\drivers\winupgro.exe
-> Crc32 : 6f1f132f | Md5 : 8beaa9e486408710826509758e3b85ec
################## | MD5 ... |
Supprimé ! "C:\Program Files\Shock Utility\ShockAero3D\ShockAero3D.exe"
-> Size : 1058304 | Crc32 : 6f1f132f | Md5 : 8beaa9e486408710826509758e3b85ec
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP107\A0026773.exe"
-> Size : 1033216 | Crc32 : 7de3edef | Md5 : 301501ecb76a5bf5f9feadd1ec56e078
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP107\A0026843.exe"
-> Size : 1033216 | Crc32 : 7de3edef | Md5 : 301501ecb76a5bf5f9feadd1ec56e078
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP146\A0043010.exe"
-> Size : 1033216 | Crc32 : 7de3edef | Md5 : 301501ecb76a5bf5f9feadd1ec56e078
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP146\A0043043.exe"
-> Size : 1058304 | Crc32 : 6f1f132f | Md5 : 8beaa9e486408710826509758e3b85ec
Supprimé ! "C:\System Volume Information\_restore{57128E99-A996-4058-9314-66A0176EE981}\RP155\A0045937.exe"
-> Size : 1058304 | Crc32 : 6f1f132f | Md5 : 8beaa9e486408710826509758e3b85ec
################## | CRC32 ... |
