Ordinateur infecté
Résolu
thiefer
-
neor Messages postés 1119 Statut Membre -
neor Messages postés 1119 Statut Membre -
Bonjour à tous,
voilà deux jours que je me bagarre avec mon pc qui semble avoir été infecté par un virus .
Les symptômes :
- je démarre en mode normal, une fenêtre "NTBS investigators flight recorder (black box) analyser" s'affiche...
- Impossible de démarrer en mode sans échec
- Impossible d'installer spybot S&D (%1 n'est pas une application valide win32, ou quelque chose dans ce goût)
- Mon antivirus ne démarre plus (McAfee 2008). Je l'ai finalement désinstaller. Impossible de l'installer à nouveau
- pleins de dysfonctionnement de type ralentissementde PC, classique pour le coup.
Voici le rapport de log d'HijackThis 2.02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:49:12, on 08/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {95F987A5-021B-3B15-259A-4E697F6DA389} - (no file)
O2 - BHO: (no name) - {1DA9F980-1CBC-9FA6-A178-3694A704F868} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{242B3480-1907-40A2-94E1-A2C7884E7E05}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{58FE2436-7AEB-4509-A7EB-7BA71127E0B7}: NameServer = 212.27.40.240,212.27.40.241
O20 - AppInit_DLLs: Runner.dll,Runner.dll,Runner.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c8e806c37ae2a0) (gupdate1c8e806c37ae2a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
voilà deux jours que je me bagarre avec mon pc qui semble avoir été infecté par un virus .
Les symptômes :
- je démarre en mode normal, une fenêtre "NTBS investigators flight recorder (black box) analyser" s'affiche...
- Impossible de démarrer en mode sans échec
- Impossible d'installer spybot S&D (%1 n'est pas une application valide win32, ou quelque chose dans ce goût)
- Mon antivirus ne démarre plus (McAfee 2008). Je l'ai finalement désinstaller. Impossible de l'installer à nouveau
- pleins de dysfonctionnement de type ralentissementde PC, classique pour le coup.
Voici le rapport de log d'HijackThis 2.02
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:49:12, on 08/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {95F987A5-021B-3B15-259A-4E697F6DA389} - (no file)
O2 - BHO: (no name) - {1DA9F980-1CBC-9FA6-A178-3694A704F868} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.secuser.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{242B3480-1907-40A2-94E1-A2C7884E7E05}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{58FE2436-7AEB-4509-A7EB-7BA71127E0B7}: NameServer = 212.27.40.240,212.27.40.241
O20 - AppInit_DLLs: Runner.dll,Runner.dll,Runner.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c8e806c37ae2a0) (gupdate1c8e806c37ae2a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
A voir également:
- Ordinateur infecté
- Ordinateur qui rame - Guide
- Réinitialiser ordinateur - Guide
- Clavier de l'ordinateur - Guide
- # Sur ordinateur - Guide
- Pad ordinateur bloqué - Guide
4 réponses
Bonjour,
peut etre Infection par un Bagle :
1-IMPORTANT :
je rappelle que bagle est amené par un crack et qu'il se relance dès que tu te sers de celui ci; même si tu ne sers pas, il peut se relancer de lui même au démarrage de ton PC . En claire :
Essaye surtout de te rappeler si récemment tu n'as pas cliquer sur un "patch" ou un "keygen" pour installer un logiciel, un jeu cracké ou avoir une version complète d'un soft , et qu'il ne se soit rien passé de particulier ... C'est la que les bagles s'infiltrent ! Si tu retrouves ce crack en particulier ,scratch tout ( le crack, le soft ou encore les zip concernés). Si tu ne te rappelles plus trop , je te conseille fortement de supprimer tous les cracks qui sont sur ton PC ... Wink
2-Télécharge FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistre le sur ton bureau et pas ailleurs !
!! Déconnecte toi et ferme toutes applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
Notes importantes :
* si tu as le prg Elibagla sur ton PC , supprime le ( risque de conflit entre les deux outils ) .
--> Double clique sur le raccourci " FindyKill " qui est sur ton bureau .
( sur la 1er fenêtre , tapes f puis [entrèe] pour la version en français ).
-->choisis l'option 1 ( recherche ) . Puis laisse travailler l'outil sans rien toucher ...
Une fois terminé, poste le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Tuto : https://www.malekal.com/tutorial-findykill/
peut etre Infection par un Bagle :
1-IMPORTANT :
je rappelle que bagle est amené par un crack et qu'il se relance dès que tu te sers de celui ci; même si tu ne sers pas, il peut se relancer de lui même au démarrage de ton PC . En claire :
Essaye surtout de te rappeler si récemment tu n'as pas cliquer sur un "patch" ou un "keygen" pour installer un logiciel, un jeu cracké ou avoir une version complète d'un soft , et qu'il ne se soit rien passé de particulier ... C'est la que les bagles s'infiltrent ! Si tu retrouves ce crack en particulier ,scratch tout ( le crack, le soft ou encore les zip concernés). Si tu ne te rappelles plus trop , je te conseille fortement de supprimer tous les cracks qui sont sur ton PC ... Wink
2-Télécharge FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistre le sur ton bureau et pas ailleurs !
!! Déconnecte toi et ferme toutes applications en cours !!
( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)
-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
Notes importantes :
* si tu as le prg Elibagla sur ton PC , supprime le ( risque de conflit entre les deux outils ) .
--> Double clique sur le raccourci " FindyKill " qui est sur ton bureau .
( sur la 1er fenêtre , tapes f puis [entrèe] pour la version en français ).
-->choisis l'option 1 ( recherche ) . Puis laisse travailler l'outil sans rien toucher ...
Une fois terminé, poste le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Tuto : https://www.malekal.com/tutorial-findykill/
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 2 (Suppression)
/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !
-------> ensuite post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
--> Au menu principal,choisi l option 2 (Suppression)
/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"
/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !
-------> ensuite post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
Salut Neor et merci,
après une petite frayeur (écran bleu sur lancement option 2 avec msg concernant fichier srosa.sys puis rebootmanuel et nouveau lancement de fyndikill ok), voicile nouveau rapport généré :
----------------- FindyKill V4.707 ------------------
* User : Administrateur - SALON
* executed from : C:\Program Files\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 10:53:37 the 08/12/2008
* Windows XP - Internet Explorer 6.0.2900.5512
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\118510.EXE-2195581E.pf
Deleted ! - C:\WINDOWS\prefetch\119241.EXE-0B3F5CB3.pf
Deleted ! - C:\WINDOWS\prefetch\14906884.EXE-03A78C53.pf
Deleted ! - C:\WINDOWS\prefetch\29747915.EXE-39E10671.pf
Deleted ! - C:\WINDOWS\prefetch\29751900.EXE-38876545.pf
Deleted ! - C:\WINDOWS\prefetch\29755856.EXE-3A26E07A.pf
Deleted ! - C:\WINDOWS\prefetch\29764699.EXE-1894E9EF.pf
Deleted ! - C:\WINDOWS\prefetch\29796214.EXE-3941E56C.pf
Deleted ! - C:\WINDOWS\prefetch\44269496.EXE-3ADD56D7.pf
Deleted ! - C:\WINDOWS\prefetch\44272510.EXE-2D0DC30C.pf
Deleted ! - C:\WINDOWS\prefetch\44292028.EXE-10028C72.pf
Deleted ! - C:\WINDOWS\prefetch\44296204.EXE-31D7D042.pf
Deleted ! - C:\WINDOWS\prefetch\44299829.EXE-37ECF0C6.pf
Deleted ! - C:\WINDOWS\prefetch\44311686.EXE-0714BDEE.pf
Deleted ! - C:\WINDOWS\prefetch\44342170.EXE-2F1CF49C.pf
Deleted ! - C:\WINDOWS\prefetch\74457.EXE-1960D552.pf
Deleted ! - C:\WINDOWS\prefetch\77000.EXE-1F11B329.pf
Deleted ! - C:\WINDOWS\prefetch\AUPATCH.DAT-1F983EE8.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-0695BA6E.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\MEDIAMONKEY.EXE-0382EE81.pf
Deleted ! - C:\WINDOWS\prefetch\PATCH.EXE-1DE617D3.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Supression files in C:\WINDOWS\system32
Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression files in C:\WINDOWS\system32\drivers
Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\118510.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\119241.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\133672.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\134022.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\138549.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\140451.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\141122.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14710492.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14759002.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14771199.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14772661.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14807972.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14868349.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14872205.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14885293.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14886906.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14913905.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14916018.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14919072.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14926122.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14928796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14944959.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15005056.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15011235.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15020207.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15052053.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15068156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15163814.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15247354.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15281894.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\157957.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\164776.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\169924.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\172958.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\173349.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\174651.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\174971.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\180219.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\182282.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\184094.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\184885.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\184965.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\186267.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\186678.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\190744.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\193257.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194539.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194699.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\196152.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\196582.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\199296.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\207268.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\207428.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\208629.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\210873.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\212325.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\213807.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\216691.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\221017.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\227717.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\229540.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\229720.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\230811.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\231292.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\239464.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\242708.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\248557.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\252773.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\256498.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\260704.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\261245.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\264910.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\271580.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\278490.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\283647.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\285129.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\286071.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\287112.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\291929.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\291989.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\294513.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\294954.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29541989.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29557291.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29558432.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29608514.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29652958.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29654470.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29657555.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29694708.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29704502.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29733885.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29741686.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29742667.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29747915.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29751900.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29755856.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29769386.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29796214.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29809894.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29813799.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29845145.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29854067.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\301974.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\304177.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\317136.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\323114.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\330174.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\332598.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\335242.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\347299.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\348601.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\351395.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\368820.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\388138.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\404952.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\418752.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\434865.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\439511.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44268494.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44272510.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44284327.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44285609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44292028.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44296204.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44299829.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44314160.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44342170.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44383259.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44415786.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44425300.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\47157.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\48740.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\50152.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\52024.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\54127.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\57702.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\58323.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\59145.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\60376.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\63391.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\64893.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\72193.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\74457.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\77000.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80726.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\82007.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\87806.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\90980.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\91181.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\97380.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\99793.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"
»»»» Supression files in C:\Documents and Settings\Administrateur\Application Data
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AllToTray 4.6.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AlphaV_1.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AoA_Audio_Extractor_1.1.8.0813.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ASCII_Art_Studio_2.2.0_(Serial).zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Binary Clock 3.0.czip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Binary Clock 3.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Business_Card_Studio_2.0.6000.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Common_Sense_-_How_To_Exercise_It_1.0_[Cracked].zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Expense_1.1e.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\FolderScavenger 1.0.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Hail Stone Number 1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Java Script toolbar for IE 4.5.131.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Keyboard_Wizard_1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Mafia_'67_Camaro_SS_Pro_Street_Skin.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Magic_AAC_to_MP3_Converter_3.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Morse converter 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Outlook_Reminder_1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\popStumbler 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Privacy Cleaner 4.10.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Quickie_Engineer_3.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\RImageOrFlashControl 1.1.2.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\RunFirst 1.1.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Sami FTP Server 2.0.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Seasons_Sceensavers_1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\SoftAmbulance Partition Doctor 1.55.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Spyware_Remover_SE_2007_1.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Subnet ScanPro 1.0.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Turn Online 5C.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Unreal_Tournament_2003_-_Pain_skin.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Whizlabs_MCSE_Exam_(70-217)_Simulator_6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Whorld_1.6.0.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Worksheet_Search_2.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Zigzag_Cleaner_1.zip
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m"
»»»» Supression files in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»» Supression files in C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\01EFCP2V\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\01EFCP2V\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OT2J8LMN\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\UN41C52N\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\WD6BGPQ3\b64_1[1].jpg
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-682003330-1202660629-854245398-500\Software\Local AppWizard-Generated Applications\flec006
Deleted ! - HKEY_USERS\S-1-5-21-682003330-1202660629-854245398-500\Software\Local AppWizard-Generated Applications\winfilse
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
EapHost - Type of startup = 2
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- deleting files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
quid à présent ?
TF
après une petite frayeur (écran bleu sur lancement option 2 avec msg concernant fichier srosa.sys puis rebootmanuel et nouveau lancement de fyndikill ok), voicile nouveau rapport généré :
----------------- FindyKill V4.707 ------------------
* User : Administrateur - SALON
* executed from : C:\Program Files\FindyKill
* Update on 06/12/08 par Chiquitine29
* Start at 10:53:37 the 08/12/2008
* Windows XP - Internet Explorer 6.0.2900.5512
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\118510.EXE-2195581E.pf
Deleted ! - C:\WINDOWS\prefetch\119241.EXE-0B3F5CB3.pf
Deleted ! - C:\WINDOWS\prefetch\14906884.EXE-03A78C53.pf
Deleted ! - C:\WINDOWS\prefetch\29747915.EXE-39E10671.pf
Deleted ! - C:\WINDOWS\prefetch\29751900.EXE-38876545.pf
Deleted ! - C:\WINDOWS\prefetch\29755856.EXE-3A26E07A.pf
Deleted ! - C:\WINDOWS\prefetch\29764699.EXE-1894E9EF.pf
Deleted ! - C:\WINDOWS\prefetch\29796214.EXE-3941E56C.pf
Deleted ! - C:\WINDOWS\prefetch\44269496.EXE-3ADD56D7.pf
Deleted ! - C:\WINDOWS\prefetch\44272510.EXE-2D0DC30C.pf
Deleted ! - C:\WINDOWS\prefetch\44292028.EXE-10028C72.pf
Deleted ! - C:\WINDOWS\prefetch\44296204.EXE-31D7D042.pf
Deleted ! - C:\WINDOWS\prefetch\44299829.EXE-37ECF0C6.pf
Deleted ! - C:\WINDOWS\prefetch\44311686.EXE-0714BDEE.pf
Deleted ! - C:\WINDOWS\prefetch\44342170.EXE-2F1CF49C.pf
Deleted ! - C:\WINDOWS\prefetch\74457.EXE-1960D552.pf
Deleted ! - C:\WINDOWS\prefetch\77000.EXE-1F11B329.pf
Deleted ! - C:\WINDOWS\prefetch\AUPATCH.DAT-1F983EE8.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-0695BA6E.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\MEDIAMONKEY.EXE-0382EE81.pf
Deleted ! - C:\WINDOWS\prefetch\PATCH.EXE-1DE617D3.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Supression files in C:\WINDOWS\system32
Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression files in C:\WINDOWS\system32\drivers
Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\srosa2.sys
Deleted ! - C:\WINDOWS\system32\drivers\winfilse.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\118510.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\119241.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\133672.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\134022.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\138549.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\140451.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\141122.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14710492.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14759002.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14771199.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14772661.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14807972.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14868349.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14872205.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14885293.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14886906.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14913905.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14916018.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14919072.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14926122.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14928796.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\14944959.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15005056.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15011235.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15020207.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15052053.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15068156.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15163814.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15247354.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\15281894.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\157957.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\164776.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\169924.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\172958.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\173349.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\174651.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\174971.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\180219.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\182282.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\184094.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\184885.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\184965.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\186267.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\186678.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\190744.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\193257.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194539.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\194699.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\196152.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\196582.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\199296.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\207268.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\207428.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\208629.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\210873.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\212325.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\213807.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\216691.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\221017.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\227717.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\229540.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\229720.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\230811.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\231292.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\239464.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\242708.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\248557.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\252773.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\256498.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\260704.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\261245.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\264910.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\271580.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\278490.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\283647.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\285129.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\286071.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\287112.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\291929.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\291989.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\294513.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\294954.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29541989.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29557291.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29558432.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29608514.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29652958.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29654470.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29657555.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29694708.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29704502.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29733885.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29741686.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29742667.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29747915.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29751900.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29755856.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29769386.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29796214.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29809894.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29813799.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29845145.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\29854067.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\301974.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\304177.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\317136.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\323114.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\330174.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\332598.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\335242.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\347299.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\348601.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\351395.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\368820.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\388138.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\404952.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\418752.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\434865.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\439511.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44268494.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44272510.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44284327.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44285609.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44292028.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44296204.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44299829.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44314160.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44342170.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44383259.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44415786.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\44425300.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\47157.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\48740.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\50152.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\52024.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\54127.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\57702.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\58323.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\59145.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\60376.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\63391.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\64893.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\72193.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\74457.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\77000.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\80726.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\82007.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\87806.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\90980.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\91181.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\97380.exe
Deleted ! - C:\WINDOWS\system32\drivers\downld\99793.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"
»»»» Supression files in C:\Documents and Settings\Administrateur\Application Data
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AllToTray 4.6.3.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AlphaV_1.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\AoA_Audio_Extractor_1.1.8.0813.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\ASCII_Art_Studio_2.2.0_(Serial).zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Binary Clock 3.0.czip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Binary Clock 3.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Business_Card_Studio_2.0.6000.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Common_Sense_-_How_To_Exercise_It_1.0_[Cracked].zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Expense_1.1e.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\FolderScavenger 1.0.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Hail Stone Number 1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Java Script toolbar for IE 4.5.131.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Keyboard_Wizard_1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Mafia_'67_Camaro_SS_Pro_Street_Skin.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Magic_AAC_to_MP3_Converter_3.1.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Morse converter 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Outlook_Reminder_1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\popStumbler 1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Privacy Cleaner 4.10.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Quickie_Engineer_3.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\RImageOrFlashControl 1.1.2.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\RunFirst 1.1.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Sami FTP Server 2.0.2.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Seasons_Sceensavers_1.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\SoftAmbulance Partition Doctor 1.55.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Spyware_Remover_SE_2007_1.5.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Subnet ScanPro 1.0.7.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Turn Online 5C.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Unreal_Tournament_2003_-_Pain_skin.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Whizlabs_MCSE_Exam_(70-217)_Simulator_6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Whorld_1.6.0.6.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Worksheet_Search_2.0.zip
Deleted ! - C:\Documents and Settings\Administrateur\Application Data\m\shared\Zigzag_Cleaner_1.zip
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\Administrateur\Application Data\m"
»»»» Supression files in C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»» Supression files in C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\01EFCP2V\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\01EFCP2V\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\OT2J8LMN\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\UN41C52N\b64[1].jpg
Deleted ! - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\WD6BGPQ3\b64_1[1].jpg
--------------- [ Registry / Infected keys ] ----------------
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! - HKEY_USERS\S-1-5-21-682003330-1202660629-854245398-500\Software\Local AppWizard-Generated Applications\flec006
Deleted ! - HKEY_USERS\S-1-5-21-682003330-1202660629-854245398-500\Software\Local AppWizard-Generated Applications\winfilse
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
EapHost - Type of startup = 2
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- deleting files :
--------------- [ Registry / Mountpoint2 ] ----------------
-> Not found !
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
quid à présent ?
TF
here it is !!!
ccleaner fonctionne à nouveau et les intall également (spybot...)
Je pense qu'on lui a tordu le coup.
Mille mercis pour ton aide mais j'attends ton retour avant declorelepost
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:38, on 08/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {95F987A5-021B-3B15-259A-4E697F6DA389} - (no file)
O2 - BHO: (no name) - {1DA9F980-1CBC-9FA6-A178-3694A704F868} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.secuser.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{242B3480-1907-40A2-94E1-A2C7884E7E05}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{58FE2436-7AEB-4509-A7EB-7BA71127E0B7}: NameServer = 212.27.40.240,212.27.40.241
O20 - AppInit_DLLs: Runner.dll,Runner.dll,Runner.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c8e806c37ae2a0) (gupdate1c8e806c37ae2a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
ccleaner fonctionne à nouveau et les intall également (spybot...)
Je pense qu'on lui a tordu le coup.
Mille mercis pour ton aide mais j'attends ton retour avant declorelepost
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:38, on 08/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {95F987A5-021B-3B15-259A-4E697F6DA389} - (no file)
O2 - BHO: (no name) - {1DA9F980-1CBC-9FA6-A178-3694A704F868} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.secuser.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{242B3480-1907-40A2-94E1-A2C7884E7E05}: NameServer = 212.27.40.240,212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{58FE2436-7AEB-4509-A7EB-7BA71127E0B7}: NameServer = 212.27.40.240,212.27.40.241
O20 - AppInit_DLLs: Runner.dll,Runner.dll,Runner.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c8e806c37ae2a0) (gupdate1c8e806c37ae2a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Lance Malwarebyte's https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html…
Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ).
--> Laisses le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
http://site-naheulbeuk.com/
Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ).
--> Laisses le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
http://site-naheulbeuk.com/
voili voulou,
je croisqu'on lui a tordu le coup cette fois, non ?
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1474
Windows 5.1.2600 Service Pack 3
08/12/2008 12:58:25
mbam-log-2008-12-08 (12-58-25).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 104727
Temps écoulé: 25 minute(s), 6 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{8E3FF576-974D-4081-8ED7-F7227EE9A4B3}\RP274\A0085715.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8E3FF576-974D-4081-8ED7-F7227EE9A4B3}\RP274\A0086982.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\asc3550p.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
TF
je croisqu'on lui a tordu le coup cette fois, non ?
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1474
Windows 5.1.2600 Service Pack 3
08/12/2008 12:58:25
mbam-log-2008-12-08 (12-58-25).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 104727
Temps écoulé: 25 minute(s), 6 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\System Volume Information\_restore{8E3FF576-974D-4081-8ED7-F7227EE9A4B3}\RP274\A0085715.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8E3FF576-974D-4081-8ED7-F7227EE9A4B3}\RP274\A0086982.sys (Worm.Bagel) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\asc3550p.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
TF
désacctive et reactiver la restauration systeme pour purger
https://www.tayo.fr/desactiver-restauration-systeme-sur-windows-xp-tutoriel.php
https://www.tayo.fr/desactiver-restauration-systeme-sur-windows-xp-tutoriel.php
Salut à tous,
Bizarrement infecté par ce fameux "bagle - NTBS investigators flight recorder (black box) analyzer", je me suis posté sur plusieurs sites pour savoir ce qu'était réellement cette fameuse boîte noire.
J'ai bien compris que la mode était lancé par des petits malins du genre "non respectueux", et que beaucoup d'internautes étaient finalement infectés suite à des téléchargements diverses.
Suite aux nombreux conseils que j'ai pu lire sur ces différents sites, je vais également les tester.
Merci à tous, en particulier à néor
pour les conseils ...
Bizarrement infecté par ce fameux "bagle - NTBS investigators flight recorder (black box) analyzer", je me suis posté sur plusieurs sites pour savoir ce qu'était réellement cette fameuse boîte noire.
J'ai bien compris que la mode était lancé par des petits malins du genre "non respectueux", et que beaucoup d'internautes étaient finalement infectés suite à des téléchargements diverses.
Suite aux nombreux conseils que j'ai pu lire sur ces différents sites, je vais également les tester.
Merci à tous, en particulier à néor
pour les conseils ...
En effet, j'ai dl en p2p un crack il y a quelques jours, Ca devait être pour tester le plugin minilyrics il me semble.
Tant pis pour moi...
Il m'a ouvert le fenêtre NSTB et forcer un reboot du pc.
J'ai ensuite immédiatement supprimé le fake du pc.
Je ne comprends donc pas pourquoi il se manifeste à nouveau.
Merci pour findykill ,
voici le rapport généré.
apparemment, plein de ligne "found"
Mauvais signe non ?
Quoi faire à présent,lancer l'option 2 de findykill ?
@+
TF
----------------- FindyKill V4.707 ------------------
* User : Administrateur - SALON
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 06/12/08 par Chiquitine29
* Recherche effectuée à 10:11:35 le 08/12/2008
* Windows XP - Internet Explorer 6.0.2900.5512
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\118510.EXE-2195581E.pf
Found ! - C:\WINDOWS\prefetch\14906884.EXE-03A78C53.pf
Found ! - C:\WINDOWS\prefetch\29747915.EXE-39E10671.pf
Found ! - C:\WINDOWS\prefetch\29751900.EXE-38876545.pf
Found ! - C:\WINDOWS\prefetch\29755856.EXE-3A26E07A.pf
Found ! - C:\WINDOWS\prefetch\29764699.EXE-1894E9EF.pf
Found ! - C:\WINDOWS\prefetch\29796214.EXE-3941E56C.pf
Found ! - C:\WINDOWS\prefetch\44269496.EXE-3ADD56D7.pf
Found ! - C:\WINDOWS\prefetch\44272510.EXE-2D0DC30C.pf
Found ! - C:\WINDOWS\prefetch\44292028.EXE-10028C72.pf
Found ! - C:\WINDOWS\prefetch\44296204.EXE-31D7D042.pf
Found ! - C:\WINDOWS\prefetch\44299829.EXE-37ECF0C6.pf
Found ! - C:\WINDOWS\prefetch\44311686.EXE-0714BDEE.pf
Found ! - C:\WINDOWS\prefetch\44342170.EXE-2F1CF49C.pf
Found ! - C:\WINDOWS\prefetch\77000.EXE-1F11B329.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-0695BA6E.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\MEDIAMONKEY.EXE-0382EE81.pf
Found ! - C:\WINDOWS\Prefetch\AUPATCH.DAT-1F983EE8.pf
Found ! - C:\WINDOWS\Prefetch\PATCH.EXE-1DE617D3.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [08/12/2008 07:18] - C:\WINDOWS\system32\wintems.exe
Found ! [08/12/2008 10:03] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
Found ! [08/12/2008 10:03] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [08/12/2008 10:03] - C:\WINDOWS\system32\drivers\srosa2.sys
Found ! [07/10/2005 04:01] - C:\WINDOWS\system32\drivers\winfilse.exe
Found ! [08/12/2008 10:05] - "C:\WINDOWS\system32\drivers\downld"
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\118510.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\133672.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\140451.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\141122.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14710492.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14759002.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14771199.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14772661.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14807972.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14868349.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14872205.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14885293.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14886906.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14913905.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14916018.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14919072.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14926122.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14928796.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\14944959.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\15005056.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\15011235.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\15020207.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\15052053.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\15068156.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\15163814.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\15247354.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\15281894.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\157957.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\164776.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\172958.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\173349.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\174651.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\174971.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\180219.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\182282.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\184885.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\184965.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\186267.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\186678.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\190744.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\193257.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\194539.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\194699.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\196152.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\196582.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\199296.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\207268.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\207428.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\208629.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\210873.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\212325.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\213807.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\216691.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\221017.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\227717.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\229540.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\229720.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\230811.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\231292.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\239464.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\242708.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\248557.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\252773.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\256498.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\260704.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\261245.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\264910.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\271580.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\278490.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\283647.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\285129.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\286071.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\287112.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\291929.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\291989.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\294513.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\294954.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29541989.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29557291.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29558432.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29608514.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29652958.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29654470.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29657555.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29694708.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29704502.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29733885.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29741686.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29742667.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29747915.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29751900.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29755856.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29769386.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29796214.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29809894.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29813799.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29845145.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\29854067.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\301974.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\304177.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\317136.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\323114.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\330174.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\332598.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\335242.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\347299.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\348601.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\351395.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\368820.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\388138.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\404952.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\418752.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\434865.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\439511.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44268494.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44272510.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44284327.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44285609.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44292028.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44296204.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44299829.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44314160.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44342170.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44383259.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44415786.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\44425300.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\47157.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\48740.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\57702.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\58323.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\59145.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\60376.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\72193.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\77000.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\80726.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\82007.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\87806.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\91181.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\97380.exe
Found ! [08/12/2008 10:05] - C:\WINDOWS\system32\drivers\downld\99793.exe
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Application Data
Found ! [08/12/2008 10:03] - "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe"
Found ! [08/12/2008 10:03] - "C:\Documents and Settings\Administrateur\Application Data\m\list.oct"
Found ! [08/12/2008 10:04] - "C:\Documents and Settings\Administrateur\Application Data\m\data.oct"
Found ! [08/12/2008 10:04] - "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct"
Found ! [08/12/2008 10:04] - "C:\Documents and Settings\Administrateur\Application Data\m\shared"
Found ! [08/12/2008 10:04] - "C:\Documents and Settings\Administrateur\Application Data\m"
»»»» Presence des fichiers dans C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5
Found ! [08/12/2008 10:03] - C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\UN41C52N\b64[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WireLessMouse =C:\Program Files\Multimedia Combo Set\MouseDrv.exe
ANIWZCS2Service=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
WireLessKeyboard =C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
snpstd3=C:\WINDOWS\vsnpstd3.exe
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
<NO NAME>=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
<NO NAME>=
NoChange=1
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
<NO NAME>=
Installed=1
[HKEY_CURRENT_USER\software\local appwizard-generated applications\flec006]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winfilse]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-682003330-1202660629-854245398-500\Software\Local AppWizard-Generated Applications\flec006
Found ! - HKEY_USERS\S-1-5-21-682003330-1202660629-854245398-500\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_USERS\S-1-5-21-682003330-1202660629-854245398-500\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-682003330-1202660629-854245398-500\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-682003330-1202660629-854245398-500\Software\FFC
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\flec006
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------