A voir également:
- PC infecté par un Bagle (Winupgro)
- Benchmark pc - Guide
- Reinitialiser pc - Guide
- Pc lent - Guide
- Whatsapp pc - Télécharger - Messagerie
- Double ecran pc - Guide
4 réponses
Utilisateur anonyme
11 déc. 2008 à 15:31
11 déc. 2008 à 15:31
Salut,
Telecharge FindyKill sur ton bureau :
--> Lance l installation avec les parametres par default
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
Telecharge FindyKill sur ton bureau :
--> Lance l installation avec les parametres par default
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
############################## | FindyKill V5.002 |
# User : david (Administrators) # SN119900350310
# Update on 12/06/09 by Chiquitine29
# Start at: 23:35:41 | 13/06/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html
# Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : ESET NOD32 antivirus system 2.70 2.70 [ Enabled | Updated ]
# FW : Norton Internet Worm Protection[ (!) Disabled ]2006
# C:\ # Disco fijo local # 232,88 Go (138,42 Go free) [HDD] # NTFS
# D:\ # Disco fijo local # 232,89 Go (17,31 Go free) [DATA] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco extraíble
# G:\ # Disco extraíble
# H:\ # Disco extraíble # 486,25 Mo (454,89 Mo free) [NIKON] # FAT
# I:\ # Disco extraíble
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\apps\ABoard\ABoard.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\WINDOWS |
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\david\Application Data |
Présent ! C:\Documents and Settings\david\Application Data\drivers
Présent ! C:\Documents and Settings\david\Application Data\drivers\11s11ro1s1a2.sys
Présent ! C:\Documents and Settings\david\Application Data\drivers\downld
################## | Autres ... |
################## | C:\Documents and Settings\david\Temporary Internet Files |
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_1[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_1[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_1[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_3[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_3[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_3[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_3[4].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64_1[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64_1[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64_3[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_1[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_1[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_1[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_3[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_3[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_3[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_3[4].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_1[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_1[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[4].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[5].jpg
################## | Registre / Clés infectieuses |
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-739730305-1964288483-1861597863-1005\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-739730305-1964288483-1861597863-1005\Software\bisoft]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\install_patch]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-739730305-1964288483-1861597863-1005\Software\Local AppWizard-Generated Applications\install_patch]
Présent ! [HKU\S-1-5-21-739730305-1964288483-1861597863-1005\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify" 0x1
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | ! Fin du rapport # FindyKill V5.002 ! |
# User : david (Administrators) # SN119900350310
# Update on 12/06/09 by Chiquitine29
# Start at: 23:35:41 | 13/06/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html
# Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : ESET NOD32 antivirus system 2.70 2.70 [ Enabled | Updated ]
# FW : Norton Internet Worm Protection[ (!) Disabled ]2006
# C:\ # Disco fijo local # 232,88 Go (138,42 Go free) [HDD] # NTFS
# D:\ # Disco fijo local # 232,89 Go (17,31 Go free) [DATA] # NTFS
# E:\ # Disco CD-ROM
# F:\ # Disco extraíble
# G:\ # Disco extraíble
# H:\ # Disco extraíble # 486,25 Mo (454,89 Mo free) [NIKON] # FAT
# I:\ # Disco extraíble
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\apps\ABoard\ABoard.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
################## | C:\WINDOWS |
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\david\Application Data |
Présent ! C:\Documents and Settings\david\Application Data\drivers
Présent ! C:\Documents and Settings\david\Application Data\drivers\11s11ro1s1a2.sys
Présent ! C:\Documents and Settings\david\Application Data\drivers\downld
################## | Autres ... |
################## | C:\Documents and Settings\david\Temporary Internet Files |
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_1[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_1[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_1[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_3[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_3[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_3[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\3X1U8IU2\b64_3[4].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64_1[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64_1[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\5MF3ZM16\b64_3[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_1[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_1[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_1[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_3[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_3[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_3[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\C2HZP9C2\b64_3[4].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_1[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_1[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[1].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[2].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[3].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[4].jpg
Présent ! C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\S799SE5L\b64_3[5].jpg
################## | Registre / Clés infectieuses |
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-739730305-1964288483-1861597863-1005\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-739730305-1964288483-1861597863-1005\Software\bisoft]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\install_patch]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-739730305-1964288483-1861597863-1005\Software\Local AppWizard-Generated Applications\install_patch]
Présent ! [HKU\S-1-5-21-739730305-1964288483-1861597863-1005\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify" 0x1
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | ! Fin du rapport # FindyKill V5.002 ! |
bonsoir
Voila pour moi ,
Infecter by emule -_- ,
essayer de le supprimé avec combo-fix sans succés apparament , ce fix sur windows live messange aussi
avec l'impossibilité de se connecter
############################## | FindyKill V5.006 |
# User : Spencer (Administrateurs) # XPSP2-C5496A4EE
# Update on 14/08/09 by Chiquitine29
# Start at: 21:15:30 | 21/08/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# AMD Phenom(tm) 9500 Quad-Core Processor
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# C:\ # Disque fixe local # 335,34 Go (130,19 Go free) # NTFS
# D:\ # Disque CD-ROM # 1,91 Go (0 Mo free) [BF2 DVD] # UDF
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque CD-ROM
# K:\ # Disque CD-ROM
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Bill2's Process Manager\ProcessManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
Présent ! D:\autorun.inf
################## | C:\WINDOWS |
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\Spencer\Application Data |
Présent ! C:\Documents and Settings\Spencer\Application Data\drivers
Présent ! C:\Documents and Settings\Spencer\Application Data\drivers\11s11ro1s1a2.sys
Présent ! C:\Documents and Settings\Spencer\Application Data\drivers\downld
Présent ! C:\Documents and Settings\Spencer\Application Data\drivers\winupgro.exe
################## | C:\Documents and Settings\Spencer\Temporary Internet Files |
################## | Registre / Clés infectieuses |
Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\ControlSet001\Services\111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-1801674531-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-1801674531-1580436667-725345543-1003\Software\bisoft]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-1801674531-1580436667-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKLM\software\microsoft\security center] "AntiVirusOverride" 0x1
Présent ! [HKLM\software\microsoft\security center] "FirewallOverride" 0x1
Présent ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify" 0x1
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | ! Fin du rapport # FindyKill V5.006 ! |
Voila pour moi ,
Infecter by emule -_- ,
essayer de le supprimé avec combo-fix sans succés apparament , ce fix sur windows live messange aussi
avec l'impossibilité de se connecter
############################## | FindyKill V5.006 |
# User : Spencer (Administrateurs) # XPSP2-C5496A4EE
# Update on 14/08/09 by Chiquitine29
# Start at: 21:15:30 | 21/08/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# AMD Phenom(tm) 9500 Quad-Core Processor
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# C:\ # Disque fixe local # 335,34 Go (130,19 Go free) # NTFS
# D:\ # Disque CD-ROM # 1,91 Go (0 Mo free) [BF2 DVD] # UDF
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque CD-ROM
# K:\ # Disque CD-ROM
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Bill2's Process Manager\ProcessManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
Présent ! D:\autorun.inf
################## | C:\WINDOWS |
################## | C:\WINDOWS\system32 |
################## | C:\WINDOWS\system32\drivers |
################## | C:\Documents and Settings\Spencer\Application Data |
Présent ! C:\Documents and Settings\Spencer\Application Data\drivers
Présent ! C:\Documents and Settings\Spencer\Application Data\drivers\11s11ro1s1a2.sys
Présent ! C:\Documents and Settings\Spencer\Application Data\drivers\downld
Présent ! C:\Documents and Settings\Spencer\Application Data\drivers\winupgro.exe
################## | C:\Documents and Settings\Spencer\Temporary Internet Files |
################## | Registre / Clés infectieuses |
Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\ControlSet001\Services\111111s1ro1s1a]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-1801674531-1580436667-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-1801674531-1580436667-725345543-1003\Software\bisoft]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-1801674531-1580436667-725345543-1003\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKLM\software\microsoft\security center] "AntiVirusOverride" 0x1
Présent ! [HKLM\software\microsoft\security center] "FirewallOverride" 0x1
Présent ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify" 0x1
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )
################## | ! Fin du rapport # FindyKill V5.006 ! |
Bonjour
ci-dessous le résultat du scan
----------------- FindyKill V4.709 ------------------
* User : Imad.Touati - ITOUATI-LAP
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 10/12/08 par Chiquitine29
* Recherche effectuée à 20:49:15 le 11/12/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\ccmsetup\ccmsetup.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\stsystra.exe
C:\Documents and Settings\IMAD.TOUATI\Application Data\drivers\winupgro.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\taskmgr.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\Documents and Settings\IMAD.TOUATI\Application Data\drivers\winupgro.exe" (864)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-1CFCC2EC.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-2435B0FD.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\imad.touati\Application Data
Found ! [10/12/2008 21:26] - "C:\Documents and Settings\imad.touati\Application Data\drivers"
Found ! [11/12/2008 20:48] - "C:\Documents and Settings\imad.touati\Application Data\drivers\srosa.sys"
Found ! [11/12/2008 20:48] - "C:\Documents and Settings\imad.touati\Application Data\drivers\srosa2.sys"
Found ! [03/10/2004 07:10] - "C:\Documents and Settings\imad.touati\Application Data\drivers\winupgro.exe"
Found ! [07/12/2008 18:01] - "C:\Documents and Settings\imad.touati\Application Data\drivers\downld"
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12560328.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12563500.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12564203.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12615937.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12638437.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12640109.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12643609.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\307093.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\309156.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\351625.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\362421.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\362937.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\364109.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\386609.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\386953.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\387453.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\388328.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\388937.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\389281.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\390000.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\390031.exe
»»»» Presence des fichiers dans C:\DOCUME~1\IMAD~1.TOU\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\imad.touati\Local Settings\Temporary Internet Files\Content.IE5
Found ! [30/11/2008 13:19] - C:\Documents and Settings\IMAD.TOUATI\Local Settings\Temporary Internet Files\Content.IE5\L1IFI9G8\s_36234b95778dd3a7e1167b6439f7ff47[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
IDMan=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
ModemOnHold=C:\Program Files\NetWaiting\netWaiting.exe
SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster=
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}=
Desc=BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
CmdLine="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
Icon=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=10 (0xa)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\ctfmon.exe=
Desc=ctfmon.exe
CmdLine=C:\WINDOWS\system32\ctfmon.exe
Icon=C:\WINDOWS\system32\ctfmon.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=4 (0x4)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\IDMan=
Desc=IDMan
CmdLine=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Icon=C:\Program Files\Internet Download Manager\IDMan.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=13 (0xd)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\ModemOnHold=
Desc=ModemOnHold
CmdLine=C:\Program Files\NetWaiting\netWaiting.exe
Icon=C:\Program Files\NetWaiting\netWaiting.exe
DelayTime=0 (0x0)
Enable=0 (0x0)
Order=14 (0xe)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\MsnMsgr=
Desc=MsnMsgr
CmdLine="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Icon=ThisFileWillNeverExists.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=18 (0x12)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\SuperCopier2.exe=
Desc=SuperCopier2.exe
CmdLine=C:\Program Files\SuperCopier2\SuperCopier2.exe
Icon=C:\Program Files\SuperCopier2\SuperCopier2.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=16 (0x10)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\swg=
Desc=swg
CmdLine=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Icon=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
DelayTime=0 (0x0)
Enable=0 (0x0)
Order=22 (0x16)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Acrobat Assistant 7.0="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Apoint=C:\Program Files\Apoint\Apoint.exe
Broadcom Wireless Manager UI=C:\WINDOWS\system32\WLTRAY.exe
Dell QuickSet=C:\Program Files\Dell\QuickSet\quickset.exe
Document Manager=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
DVDLauncher="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
McAfeeUpdaterUI="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NVHotkey=rundll32.exe nvHotkey.dll,Start
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
SigmatelSysTrayApp=stsystra.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Acrobat Assistant 7.0=
Desc=Acrobat Assistant 7.0
CmdLine="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Icon=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=20 (0x14)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Apoint=
Desc=Apoint
CmdLine=C:\Program Files\Apoint\Apoint.exe
Icon=C:\Program Files\Apoint\Apoint.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Broadcom Wireless Manager UI=
Desc=Broadcom Wireless Manager UI
CmdLine=C:\WINDOWS\system32\WLTRAY.exe
Icon=C:\WINDOWS\system32\WLTRAY.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=5 (0x5)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Dell QuickSet=
Desc=Dell QuickSet
CmdLine=C:\Program Files\Dell\QuickSet\quickset.exe
Icon=C:\Program Files\Dell\QuickSet\quickset.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=19 (0x13)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Document Manager=
Desc=Document Manager
CmdLine=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
Icon=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=7 (0x7)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\DVDLauncher=
Desc=DVDLauncher
CmdLine="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Icon=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=8 (0x8)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\ISUSPM Startup=
Desc=ISUSPM Startup
CmdLine=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Icon=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=17 (0x11)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\ISUSScheduler=
Desc=ISUSScheduler
CmdLine="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
Icon=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=9 (0x9)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\McAfeeUpdaterUI=
Desc=McAfeeUpdaterUI
CmdLine="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
Icon=C:\Program Files\McAfee\Common Framework\UdaterUI.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=2 (0x2)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\NeroFilterCheck=
Desc=NeroFilterCheck
CmdLine=C:\WINDOWS\system32\NeroCheck.exe
Icon=C:\WINDOWS\system32\NeroCheck.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=6 (0x6)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\NvCplDaemon=
Desc=NvCplDaemon
CmdLine=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Icon=C:\WINDOWS\system32\NvCpl.dll
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=11 (0xb)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\NVHotkey=
Desc=NVHotkey
CmdLine=rundll32.exe nvHotkey.dll,Start
Icon=C:\WINDOWS\system32\nvHotkey.dll
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=12 (0xc)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\QuickTime Task=
Desc=QuickTime Task
CmdLine="C:\Program Files\QuickTime\qttask.exe" -atboottime
Icon=C:\Program Files\QuickTime\QTTask.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=15 (0xf)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\ShStatEXE=
Desc=ShStatEXE
CmdLine="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
Icon=C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=3 (0x3)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\SigmatelSysTrayApp=
Desc=SigmatelSysTrayApp
CmdLine=stsystra.exe
Icon=C:\WINDOWS\stsystra.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Startup Faster Agent=
Desc=Startup Faster Agent
CmdLine=C:\Program Files\Startup Faster\sfAgent.exe
Icon=C:\Program Files\Startup Faster\sfAgent.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=21 (0x15)
[HKEY_CURRENT_USER\software\local appwizard-generated applications\netWaiting]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NMBgMonitor]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-746137067-484763869-725345543-22006\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_USERS\S-1-5-21-746137067-484763869-725345543-22006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-746137067-484763869-725345543-22006\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
ci-dessous le résultat du scan
----------------- FindyKill V4.709 ------------------
* User : Imad.Touati - ITOUATI-LAP
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 10/12/08 par Chiquitine29
* Recherche effectuée à 20:49:15 le 11/12/2008
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\ccmsetup\ccmsetup.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\stsystra.exe
C:\Documents and Settings\IMAD.TOUATI\Application Data\drivers\winupgro.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\taskmgr.exe
--------------- [ Processus infectieux stoppés ] ----------------
"C:\Documents and Settings\IMAD.TOUATI\Application Data\drivers\winupgro.exe" (864)
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-1CFCC2EC.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-2435B0FD.pf
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\imad.touati\Application Data
Found ! [10/12/2008 21:26] - "C:\Documents and Settings\imad.touati\Application Data\drivers"
Found ! [11/12/2008 20:48] - "C:\Documents and Settings\imad.touati\Application Data\drivers\srosa.sys"
Found ! [11/12/2008 20:48] - "C:\Documents and Settings\imad.touati\Application Data\drivers\srosa2.sys"
Found ! [03/10/2004 07:10] - "C:\Documents and Settings\imad.touati\Application Data\drivers\winupgro.exe"
Found ! [07/12/2008 18:01] - "C:\Documents and Settings\imad.touati\Application Data\drivers\downld"
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12560328.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12563500.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12564203.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12615937.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12638437.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12640109.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\12643609.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\307093.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\309156.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\351625.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\362421.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\362937.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\364109.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\386609.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\386953.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\387453.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\388328.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\388937.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\389281.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\390000.exe
Found ! [07/12/2008 18:01] - C:\Documents and Settings\imad.touati\Application Data\drivers\downld\390031.exe
»»»» Presence des fichiers dans C:\DOCUME~1\IMAD~1.TOU\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\imad.touati\Local Settings\Temporary Internet Files\Content.IE5
Found ! [30/11/2008 13:19] - C:\Documents and Settings\IMAD.TOUATI\Local Settings\Temporary Internet Files\Content.IE5\L1IFI9G8\s_36234b95778dd3a7e1167b6439f7ff47[1].jpg
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
IDMan=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
ModemOnHold=C:\Program Files\NetWaiting\netWaiting.exe
SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster=
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}=
Desc=BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
CmdLine="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
Icon=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=10 (0xa)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\ctfmon.exe=
Desc=ctfmon.exe
CmdLine=C:\WINDOWS\system32\ctfmon.exe
Icon=C:\WINDOWS\system32\ctfmon.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=4 (0x4)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\IDMan=
Desc=IDMan
CmdLine=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Icon=C:\Program Files\Internet Download Manager\IDMan.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=13 (0xd)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\ModemOnHold=
Desc=ModemOnHold
CmdLine=C:\Program Files\NetWaiting\netWaiting.exe
Icon=C:\Program Files\NetWaiting\netWaiting.exe
DelayTime=0 (0x0)
Enable=0 (0x0)
Order=14 (0xe)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\MsnMsgr=
Desc=MsnMsgr
CmdLine="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Icon=ThisFileWillNeverExists.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=18 (0x12)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\SuperCopier2.exe=
Desc=SuperCopier2.exe
CmdLine=C:\Program Files\SuperCopier2\SuperCopier2.exe
Icon=C:\Program Files\SuperCopier2\SuperCopier2.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=16 (0x10)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\StartupFaster\swg=
Desc=swg
CmdLine=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Icon=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
DelayTime=0 (0x0)
Enable=0 (0x0)
Order=22 (0x16)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Acrobat Assistant 7.0="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Apoint=C:\Program Files\Apoint\Apoint.exe
Broadcom Wireless Manager UI=C:\WINDOWS\system32\WLTRAY.exe
Dell QuickSet=C:\Program Files\Dell\QuickSet\quickset.exe
Document Manager=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
DVDLauncher="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
McAfeeUpdaterUI="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NVHotkey=rundll32.exe nvHotkey.dll,Start
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
SigmatelSysTrayApp=stsystra.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Acrobat Assistant 7.0=
Desc=Acrobat Assistant 7.0
CmdLine="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Icon=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=20 (0x14)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Apoint=
Desc=Apoint
CmdLine=C:\Program Files\Apoint\Apoint.exe
Icon=C:\Program Files\Apoint\Apoint.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Broadcom Wireless Manager UI=
Desc=Broadcom Wireless Manager UI
CmdLine=C:\WINDOWS\system32\WLTRAY.exe
Icon=C:\WINDOWS\system32\WLTRAY.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=5 (0x5)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Dell QuickSet=
Desc=Dell QuickSet
CmdLine=C:\Program Files\Dell\QuickSet\quickset.exe
Icon=C:\Program Files\Dell\QuickSet\quickset.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=19 (0x13)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Document Manager=
Desc=Document Manager
CmdLine=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
Icon=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=7 (0x7)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\DVDLauncher=
Desc=DVDLauncher
CmdLine="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Icon=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=8 (0x8)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\ISUSPM Startup=
Desc=ISUSPM Startup
CmdLine=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
Icon=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=17 (0x11)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\ISUSScheduler=
Desc=ISUSScheduler
CmdLine="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
Icon=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=9 (0x9)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\McAfeeUpdaterUI=
Desc=McAfeeUpdaterUI
CmdLine="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
Icon=C:\Program Files\McAfee\Common Framework\UdaterUI.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=2 (0x2)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\NeroFilterCheck=
Desc=NeroFilterCheck
CmdLine=C:\WINDOWS\system32\NeroCheck.exe
Icon=C:\WINDOWS\system32\NeroCheck.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=6 (0x6)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\NvCplDaemon=
Desc=NvCplDaemon
CmdLine=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Icon=C:\WINDOWS\system32\NvCpl.dll
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=11 (0xb)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\NVHotkey=
Desc=NVHotkey
CmdLine=rundll32.exe nvHotkey.dll,Start
Icon=C:\WINDOWS\system32\nvHotkey.dll
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=12 (0xc)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\QuickTime Task=
Desc=QuickTime Task
CmdLine="C:\Program Files\QuickTime\qttask.exe" -atboottime
Icon=C:\Program Files\QuickTime\QTTask.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=15 (0xf)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\ShStatEXE=
Desc=ShStatEXE
CmdLine="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
Icon=C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=3 (0x3)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\SigmatelSysTrayApp=
Desc=SigmatelSysTrayApp
CmdLine=stsystra.exe
Icon=C:\WINDOWS\stsystra.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\StartupFaster\Startup Faster Agent=
Desc=Startup Faster Agent
CmdLine=C:\Program Files\Startup Faster\sfAgent.exe
Icon=C:\Program Files\Startup Faster\sfAgent.exe
DelayTime=0 (0x0)
Enable=1 (0x1)
Order=21 (0x15)
[HKEY_CURRENT_USER\software\local appwizard-generated applications\netWaiting]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\NMBgMonitor]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\patch]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]
--------------- [ Registre / Clés infectieuses ] ----------------
Found ! - HKEY_USERS\S-1-5-21-746137067-484763869-725345543-22006\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_USERS\S-1-5-21-746137067-484763869-725345543-22006\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-746137067-484763869-725345543-22006\Software\bisoft
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\patch
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\bisoft
--------------- [ Etat / Services ] ----------------
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
- sans echec non fonctionnel !!
Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
- sans echec non fonctionnel !!
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
/!\ Ndisuio - Type de démarrage = 4
EapHost - Type de démarrage = 3
/!\ Ip6Fw - Type de démarrage = 4
/!\ SharedAccess - Type de démarrage = 4
/!\ wuauserv - Type de démarrage = 4
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur fixe
+- presence des fichiers :
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
25 déc. 2008 à 13:23
Merci à toi (ou à l'auteur) pour cet outil qui m'a permis de récupérer mon PC en état en un rien de temps.
5 févr. 2009 à 15:18
Web avec ton éfectif programe FindyKill donc grace á lui j'ai pû finalement me débarrasser , avec deux clics
même pas, de souris, du maudit Bagle/Winupgro d'aprés avoir instaleé un tas de programes
malwares-antivirus et je ne sais pas combien d'heures emploiès à l'éliminer sans succés, jusqu'a le présent.
Ainsi que mercie compagnon pour ce impayable faveur, plût a Dieu qu'un jour je puise te le rendre.
Si jamais quelconque tombe infecté du Bagle ou Winpgro, n'ésitez pas, FindyKill c'est la solution.