Infection wintems.exe j
Fermé
abdo-star
Messages postés
7
Date d'inscription
samedi 22 août 2009
Statut
Membre
Dernière intervention
26 août 2009
-
23 août 2009 à 13:18
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 - 23 août 2009 à 15:54
Ced_King Messages postés 3519 Date d'inscription lundi 2 mars 2009 Statut Contributeur Dernière intervention 10 octobre 2016 - 23 août 2009 à 15:54
A voir également:
- Infection wintems.exe j
- [Pnkbstra]infection ✓ - Forum Virus
- Infection virus ✓ - Forum Virus
- Infection Bloom ? ✓ - Forum Virus
- Blacklist infection ✓ - Forum Virus
- Infection cvtres.exe ✓ - Forum Virus
4 réponses
Ced_King
Messages postés
3519
Date d'inscription
lundi 2 mars 2009
Statut
Contributeur
Dernière intervention
10 octobre 2016
571
23 août 2009 à 13:28
23 août 2009 à 13:28
Salut,
Télécharges FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistres le sur ton bureau et pas ailleurs !
!! Déconnectes toi et fermes toute applications en cours !!
->double Cliques sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
--> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...
Une fois terminé, postes le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
Télécharges FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
->Enregistres le sur ton bureau et pas ailleurs !
!! Déconnectes toi et fermes toute applications en cours !!
->double Cliques sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.
--> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...
Une fois terminé, postes le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
Ced_King
Messages postés
3519
Date d'inscription
lundi 2 mars 2009
Statut
Contributeur
Dernière intervention
10 octobre 2016
571
23 août 2009 à 15:06
23 août 2009 à 15:06
Re,
- Il serait préférable d'envoyer les rapports complets ( du début à la fin...)
***** Findykill option2 ( suppression) *****
Déconnecte toi et ferme toutes les applications en cours ( navigateur compris ) .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Relances "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
* Le pc va redémarrer automatiquement ...
--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c'est normal !
* Postes le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
- Il serait préférable d'envoyer les rapports complets ( du début à la fin...)
***** Findykill option2 ( suppression) *****
Déconnecte toi et ferme toutes les applications en cours ( navigateur compris ) .
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
* Relances "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .
* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
* Le pc va redémarrer automatiquement ...
--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c'est normal !
* Postes le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
abdo-star
Messages postés
7
Date d'inscription
samedi 22 août 2009
Statut
Membre
Dernière intervention
26 août 2009
23 août 2009 à 15:36
23 août 2009 à 15:36
Re
voila le reste
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Glary Utilities\initialize.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\213046.EXE-06F45228.pf
Deleted ! - C:\WINDOWS\prefetch\249187.EXE-0E2E295A.pf
Deleted ! - C:\WINDOWS\prefetch\425453.EXE-3950A38A.pf
Deleted ! - C:\WINDOWS\prefetch\497031.EXE-1D36AE91.pf
Deleted ! - C:\WINDOWS\prefetch\723609.EXE-26C5C966.pf
Deleted ! - C:\WINDOWS\prefetch\754828.EXE-3004B4E1.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-20EDD0A8.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\SAFEBOOTKEYREPAIR.EXE-3B3E79B1.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Supression files in C:\WINDOWS\system32
Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression files in C:\WINDOWS\system32\drivers
»»»» Supression files in C:\Documents and Settings\abdelkabir\Application Data
Not deleted !! - "C:\Documents and Settings\abdelkabir\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\abdelkabir\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\abdelkabir\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\abdelkabir\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\3D_Mummys_Tomb_1.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\ABest Video to WMV SWF FLV Converter 5.01.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Active Stop Button 1.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\America_Began_Here_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Audit Trail Wizard 1.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\BiblePromise
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Boston Traffic 1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\BurnRights_1.0.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Chemical Reagent Calculator 2.5.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Chilkat Upload Component 1.2.0.czip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\CLC_Combined_Workbench_3.0.1.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Comfortable PDF to Text 1.1.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\ConnectedText_2.1.0.3.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Cultures_demo.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\DAFFTIN_Simple_Family_Budget_1.3.1.0_Key.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\DigiWrap_2.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\EasyWare Shopping Cart 3.004.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\EvJO Photo-Image Resizer 2.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\ExpressZIP_4.5.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Financial Market Simulation 0.8.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\FlexiMusic Generator 1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Fraps_2.9.1_[With_Crack].zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\GalleryPlayer 2.51.1379.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Guitar Synthesiser PC 1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\IZArc_3.5_beta_3.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\LingvoSoft Talking Dictionary 2008 English - Vietnamese 4.1.29.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\liteCam 2.92.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\M4A to MP3 Converter 1.2.3.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\MAGIX FunPix Maker 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\MakeCDROM_4.33_[Patch].zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Manchester_City_RSS_Feed_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Merriam-Webster English-Spanish 6.3.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\MITCalc - Tension Springs 1.17.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\MpPlaya 1.2.0.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Multi_Data_Rescue_1.1.67c_Crack.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\NetXtremeFtp Component 2.1.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\NOD32.2.50.35(german).W2K+WINXP+Crack.by.Reddy.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Password_Revealer_Pro_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\PIMShare_3.0.1.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\PPCD 0.02.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\QB_-_SAT_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Ringz_1.5.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Rocade_Lille_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Shrek_3_Screensaver_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Smart Date Picker ASP.NET Web Control 1.173.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\SmartRead_0.72_build_070531_(Key).zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\SMS PC text to Mobile 1.01.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Snapshotter_Pro_1.0_[Crack].zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Snowglobe_3D_1_Key+Serial.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\SoftoDown Bulk PAD Submitter 2.1.918.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Splitter.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Staff_Tracker_Web_Employee_In-out_Board_2.29.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\TNL Antispam 1.1.2562.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Unreal_Tournament_2004_Xan_Boss_Voice_Pack.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\WMS Log Analizer 1.3 build 0075.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\YoGen Audio Recorder 3.5.6.zip
Deleted ! - "C:\Documents and Settings\abdelkabir\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\abdelkabir\Application Data\m"
Not deleted !! - "C:\Documents and Settings\abdelkabir\Application Data\hidires\flec003.exe"
Not deleted !! - "C:\Documents and Settings\abdelkabir\Application Data\hidires"
»»»» Supression files in C:\DOCUME~1\ABDELK~1\LOCALS~1\Temp
»»»» Supression files in C:\Documents and Settings\abdelkabir\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
--------------- [ Registry / Infected keys ] ----------------
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- deleting files :
Not deleted !! - D:\autorun.inf
--------------- [ Registry / Mountpoint2 ] ----------------
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a10792-875e-11de-88bb-4d6564696130}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a10792-875e-11de-88bb-4d6564696130}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a10792-875e-11de-88bb-4d6564696130}\Shell\open\Command
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
voila le reste
((((((((((((((( *** deleting *** ))))))))))))))))))
--------------- [ Active Processes ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Glary Utilities\initialize.exe
--------------- [ Infected files / folders ] ----------------
»»»» Supression files in C:
»»»» Supression files in C:\WINDOWS
»»»» Supression files in C:\WINDOWS\Prefetch
Deleted ! - C:\WINDOWS\prefetch\213046.EXE-06F45228.pf
Deleted ! - C:\WINDOWS\prefetch\249187.EXE-0E2E295A.pf
Deleted ! - C:\WINDOWS\prefetch\425453.EXE-3950A38A.pf
Deleted ! - C:\WINDOWS\prefetch\497031.EXE-1D36AE91.pf
Deleted ! - C:\WINDOWS\prefetch\723609.EXE-26C5C966.pf
Deleted ! - C:\WINDOWS\prefetch\754828.EXE-3004B4E1.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-20EDD0A8.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\SAFEBOOTKEYREPAIR.EXE-3B3E79B1.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
»»»» Supression files in C:\WINDOWS\system32
Not deleted !! - C:\WINDOWS\system32\mdelk.exe
Not deleted !! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt
»»»» Supression files in C:\WINDOWS\system32\drivers
»»»» Supression files in C:\Documents and Settings\abdelkabir\Application Data
Not deleted !! - "C:\Documents and Settings\abdelkabir\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\abdelkabir\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\abdelkabir\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\abdelkabir\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\3D_Mummys_Tomb_1.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\ABest Video to WMV SWF FLV Converter 5.01.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Active Stop Button 1.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\America_Began_Here_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Audit Trail Wizard 1.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\BiblePromise
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Boston Traffic 1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\BurnRights_1.0.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Chemical Reagent Calculator 2.5.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Chilkat Upload Component 1.2.0.czip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\CLC_Combined_Workbench_3.0.1.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Comfortable PDF to Text 1.1.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\ConnectedText_2.1.0.3.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Cultures_demo.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\DAFFTIN_Simple_Family_Budget_1.3.1.0_Key.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\DigiWrap_2.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\EasyWare Shopping Cart 3.004.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\EvJO Photo-Image Resizer 2.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\ExpressZIP_4.5.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Financial Market Simulation 0.8.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\FlexiMusic Generator 1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Fraps_2.9.1_[With_Crack].zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\GalleryPlayer 2.51.1379.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Guitar Synthesiser PC 1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\IZArc_3.5_beta_3.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\LingvoSoft Talking Dictionary 2008 English - Vietnamese 4.1.29.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\liteCam 2.92.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\M4A to MP3 Converter 1.2.3.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\MAGIX FunPix Maker 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\MakeCDROM_4.33_[Patch].zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Manchester_City_RSS_Feed_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Merriam-Webster English-Spanish 6.3.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\MITCalc - Tension Springs 1.17.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\MpPlaya 1.2.0.2.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Multi_Data_Rescue_1.1.67c_Crack.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\NetXtremeFtp Component 2.1.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\NOD32.2.50.35(german).W2K+WINXP+Crack.by.Reddy.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Password_Revealer_Pro_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\PIMShare_3.0.1.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\PPCD 0.02.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\QB_-_SAT_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Ringz_1.5.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Rocade_Lille_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Shrek_3_Screensaver_1.0.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Smart Date Picker ASP.NET Web Control 1.173.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\SmartRead_0.72_build_070531_(Key).zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\SMS PC text to Mobile 1.01.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Snapshotter_Pro_1.0_[Crack].zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Snowglobe_3D_1_Key+Serial.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\SoftoDown Bulk PAD Submitter 2.1.918.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Splitter.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Staff_Tracker_Web_Employee_In-out_Board_2.29.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\TNL Antispam 1.1.2562.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\Unreal_Tournament_2004_Xan_Boss_Voice_Pack.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\WMS Log Analizer 1.3 build 0075.zip
Deleted ! - C:\Documents and Settings\abdelkabir\Application Data\m\shared\YoGen Audio Recorder 3.5.6.zip
Deleted ! - "C:\Documents and Settings\abdelkabir\Application Data\m\shared"
Not deleted !! - "C:\Documents and Settings\abdelkabir\Application Data\m"
Not deleted !! - "C:\Documents and Settings\abdelkabir\Application Data\hidires\flec003.exe"
Not deleted !! - "C:\Documents and Settings\abdelkabir\Application Data\hidires"
»»»» Supression files in C:\DOCUME~1\ABDELK~1\LOCALS~1\Temp
»»»» Supression files in C:\Documents and Settings\abdelkabir\Local Settings\Temporary Internet Files\Content.IE5
Deleted ! - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
--------------- [ Registry / Infected keys ] ----------------
--------------- [ States / Restarting of services ] ----------------
+- Safe boot mode restored !
+- Services : [ Auto=2 / Request=3 / Disable=4 ]
Ndisuio - Type of startup = 3
Ip6Fw - Type of startup = 2
SharedAccess - Type of startup = 2
wuauserv - Type of startup = 2
wscsvc - Type of startup = 2
--------------- [ Cleaning removable drives ] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- deleting files :
Not deleted !! - D:\autorun.inf
--------------- [ Registry / Mountpoint2 ] ----------------
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a10792-875e-11de-88bb-4d6564696130}\Shell\AutoRun\command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a10792-875e-11de-88bb-4d6564696130}\Shell\explore\Command
Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a10792-875e-11de-88bb-4d6564696130}\Shell\open\Command
--------------- [ Searching Cracks / Keygen ] ----------------
---------------- ! End of report ! ------------------
Utilisateur anonyme
23 août 2009 à 15:25
23 août 2009 à 15:25
Salut ,
Cette version de FindyKill n est pas du tout a jours .
+
Cette version de FindyKill n est pas du tout a jours .
+
abdo-star
Messages postés
7
Date d'inscription
samedi 22 août 2009
Statut
Membre
Dernière intervention
26 août 2009
23 août 2009 à 15:37
23 août 2009 à 15:37
salut
ou je peux trouver une version a jour
ou je peux trouver une version a jour
Ced_King
Messages postés
3519
Date d'inscription
lundi 2 mars 2009
Statut
Contributeur
Dernière intervention
10 octobre 2016
571
23 août 2009 à 15:54
23 août 2009 à 15:54
23 août 2009 à 14:54
Merci d'abord de votre interessement j'ai sui les etatapes et voila le raport
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Mx One\mogtr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\cidaemon.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\213046.EXE-06F45228.pf
Found ! - C:\WINDOWS\prefetch\249187.EXE-0E2E295A.pf
Found ! - C:\WINDOWS\prefetch\425453.EXE-3950A38A.pf
Found ! - C:\WINDOWS\prefetch\497031.EXE-1D36AE91.pf
Found ! - C:\WINDOWS\prefetch\723609.EXE-26C5C966.pf
Found ! - C:\WINDOWS\prefetch\754828.EXE-3004B4E1.pf
Found ! - C:\WINDOWS\prefetch\FLEC003.EXE-2F15151F.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-20EDD0A8.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\Prefetch\SAFEBOOTKEYREPAIR.EXE-3B3E79B1.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
Found ! [23/08/2009 11:13] - C:\WINDOWS\system32\mdelk.exe
Found ! [23/08/2009 11:05] - C:\WINDOWS\system32\wintems.exe
Found ! [23/08/2009 11:08] - C:\WINDOWS\system32\ban_list.txt
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\abdelkabir\Application Data
Found ! [23/08/2009 11:05] - "C:\Documents and Settings\abdelkabir\Application Data\m\flec006.exe"
Found ! [23/08/2009 11:06] - "C:\Documents and Settings\abdelkabir\Application Data\m\list.oct"
Found ! [23/08/2009 11:07] - "C:\Documents and Settings\abdelkabir\Application Data\m\data.oct"
Found ! [23/08/2009 11:07] - "C:\Documents and Settings\abdelkabir\Application Data\m\srvlist.oct"
Found ! [23/08/2009 11:09] - "C:\Documents and Settings\abdelkabir\Application Data\m\shared"
Found ! [22/08/2009 15:42] - "C:\Documents and Settings\abdelkabir\Application Data\m"
Found ! [22/08/2009 20:00] - "C:\Documents and Settings\abdelkabir\Application Data\hidires\flec003.exe"
Found ! [23/08/2009 11:52] - "C:\Documents and Settings\abdelkabir\Application Data\hidires"
»»»» Presence des fichiers dans C:\DOCUME~1\ABDELK~1\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\abdelkabir\Local Settings\Temporary Internet Files\Content.IE5
Found ! [09/03/2009 22:53] - C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Local Cache\D3987B641C134048B815DB578D607F42_more.jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
flec003.exe=C:\Documents and Settings\abdelkabir\Application Data\hidires\flec003.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Cmaudio=RunDll32 cmicnfg.cpl,CMICtrlWnd
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
Mx_One_Guardian_Tiempo_Real=C:\Program Files\Mx One\mogtr.exe
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\software\local appwizard-generated applications\msmsgs]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\qttask]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-583907252-1979792683-725345543-1003\Software\bisoft
Found ! - HKEY_USERS\S-1-5-21-583907252-1979792683-725345543-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-583907252-1979792683-725345543-1003\Software\FFC
Found ! - HKEY_CURRENT_USER\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\DateTime4
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- Contenu de l'autorun : D:\autorun.inf
+- presence des fichiers :
Found ! [24/03/2009 12:18][d--------] - D:\autorun.inf
--------------- [ Registre / Mountpoint2 ] ----------------
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a10792-875e-11de-88bb-4d6564696130}\Shell\AutoRun\command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a10792-875e-11de-88bb-4d6564696130}\Shell\explore\Command
Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a10792-875e-11de-88bb-4d6564696130}\Shell\open\Command
------------------- ! Fin du rapport ! -------------------- bonne reception