euhh..le rapport est la
############################## [ FindyKill V4.728 ]
# User : Mike-D (Administrators) # HOME-626A311250
# Update on 13/05/09 by Chiquitine29
# Start at: 11:22:35 AM | 5/17/2009
# Website :
http://pagesperso-orange.fr/NosTools/findykill.html# Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Symantec AntiVirus Corporate Edition 10.1.7.7000 [ (!) Disabled | Updated ]
# A:\ # 3 1/2 Inch Floppy Drive
# C:\ # Local Fixed Disk # 30 Go (16.38 Go free) [Xp] # NTFS
# D:\ # Local Fixed Disk # 49 Go (19.68 Go free) [Vista] # NTFS
# E:\ # Local Fixed Disk # 35.02 Go (24.74 Go free) [7] # NTFS
# F:\ # CD-ROM Disc
# M:\ # Local Fixed Disk # 44.53 Go (18.56 Go free) [Music] # NTFS
############################## [ Active Processes ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Infected Files \ Folders ]
Deleted ! C:\WINDOWS\Prefetch\15324328.EXE-12462604.pf
Deleted ! C:\WINDOWS\Prefetch\15505968.EXE-0B9EA243.pf
Deleted ! C:\WINDOWS\Prefetch\15531578.EXE-214A8D2A.pf
Deleted ! C:\WINDOWS\Prefetch\155640.EXE-17C5132D.pf
Deleted ! C:\WINDOWS\Prefetch\157062.EXE-32AB398D.pf
Deleted ! C:\WINDOWS\Prefetch\15812171.EXE-143D14E7.pf
Deleted ! C:\WINDOWS\Prefetch\313828.EXE-17AB0240.pf
Deleted ! C:\WINDOWS\Prefetch\327359.EXE-0D329B35.pf
Deleted ! C:\WINDOWS\Prefetch\349187.EXE-32678E18.pf
Deleted ! C:\WINDOWS\Prefetch\352468.EXE-0B67D883.pf
Deleted ! C:\WINDOWS\Prefetch\390968.EXE-361F1DC7.pf
Deleted ! C:\WINDOWS\Prefetch\401328.EXE-15D65B02.pf
Deleted ! C:\WINDOWS\Prefetch\418531.EXE-365CE2FC.pf
Deleted ! C:\WINDOWS\Prefetch\487265.EXE-08B955B2.pf
Deleted ! C:\WINDOWS\Prefetch\540031.EXE-216C6ED5.pf
Deleted ! C:\WINDOWS\Prefetch\719906.EXE-0713ACDA.pf
Deleted ! C:\WINDOWS\Prefetch\740750.EXE-30651172.pf
Deleted ! C:\WINDOWS\Prefetch\838156.EXE-12F11F87.pf
Deleted ! C:\WINDOWS\Prefetch\FLEC006.EXE-1D53D499.pf
Deleted ! C:\WINDOWS\Prefetch\MDELK.EXE-3B00332D.pf
Deleted ! C:\WINDOWS\Prefetch\WINTEMS.EXE-2B1270B6.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-16ABE98D.pf
Deleted ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-1A1A4116.pf
Deleted ! C:\WINDOWS\system32\mdelk.exe
Deleted ! C:\WINDOWS\system32\wintems.exe
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\drivers\srosa2.sys"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\drivers\wfsintwq.sys"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\drivers\winupgro.exe"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\m\data.oct"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\m\flec006.exe"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\m\list.oct"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\m\srvlist.oct"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\drivers\downld"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\drivers"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\m\shared"
Deleted ! "C:\Documents and Settings\Mike-D\Application Data\m"
################## [ Infected Temp Files ]
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\2H4JMP65\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\CX6FQZHW\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\D3ZOZ9F3\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\D3ZOZ9F3\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\E9W3OB36\b64[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\E9W3OB36\mxd[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\FQDRDRDI\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\KBV76O11\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\KP0LUJK9\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\KP0LUJK9\mxd[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\KP0LUJK9\mxd[2].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\M2HYEE9H\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\MFU94O7E\b64[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\MFU94O7E\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\TAG9JIWS\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\U7IJ6PYB\file[1].txt
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\V2R8HCVY\b64[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\V2R8HCVY\b64_1[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\XXJG73H6\b64_3[1].jpg
Deleted ! C:\Documents and Settings\Mike-D\Local Settings\Temporary Internet Files\Content.IE5\YCOO5C95\b64_1[1].jpg
################## [ Registry / Infected keys ]
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_CURRENT_USER\Software\bisoft
Deleted ! HKEY_CURRENT_USER\Software\DateTime4
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
Deleted ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! HKEY_USERS\S-1-5-21-1659004503-73586283-725345543-1003\Software\FFC
Deleted ! HKEY_USERS\S-1-5-21-1659004503-73586283-725345543-1003\Software\MuleAppData
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
Deleted ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
################## [ Cleaning Removable drives ]
################## [ Registry / Mountpoint2 ]
# -> Not found !
################## [ States / Restarting of services ]
# Services : [ Auto=2 / Request=3 / Disable=4 ]
# Ndisuio -> # Type of startup =3
# Ip6Fw -> # Type of startup =2
# SharedAccess -> # Type of startup =2
# wuauserv -> # Type of startup =2
# wscsvc -> # Type of startup =2
# Safe boot mode restored !
################## [ Searching Other Infections ]
# Références de comparaison Bagle MD5 :
File ... : C:\Documents and Settings\Mike-D\Application Data\drivers\winupgro.exe
CRC32 .. : a1f7a07d
MD5 .... : 1fc635eea11997dfaa632a6055d7ae9e
Deleted ! : C:\Program Files\eMule\Incoming\642-432 Practice Exam Testing Engine Software 1.0 [With Crack].zip
Contain install_patch.exe [864256] with Bagle CRC32 : A1F7A07D
Deleted ! : C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
# Taille : 864256 # MD5 : 1FC635EEA11997DFAA632A6055D7AE9E
################## [ Corrupted files # Re-Installation required ]
C:\Documents and Settings\All Users\Desktop\ComboFix.exe
C:\Program Files\account\bank accoun\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
C:\Program Files\Symantec\LiveUpdate\LuConfig.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
################################### [ Cracks / Keygens / Serials ]
# -> Nothing found !
################## [ ! End of Report # FindyKill V4.728 ! ]