bibs
-
Compteur de contenus
3 -
Inscription
-
Dernière visite
bibs's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Tout d'abord, merci à tous les deux pour la rapidité de vos réponses. Avant d'effectuer ceci, je voulais vous faire part de cela : En redémarrant mon PC en mode sans échec, j'ai pu localiser et supprimer un fichier winupgro ainsi que 2 autres qui semblaient liés, srosa ou srosys, qqch dans le genre... Désormais, au redémarrage, le processus winupgro.exe n'apparaît plus dans mon gestionnaire de tâche. En-suis enfin débarasser ? Ai-je besoin de réinstaller combofix ? Par contre plus rien ne marche (avast, winamp...) => je dois tout réinstaller je suppose ? Enfin dernière question pour le néophyte que je suis : je ne peux plus me connecter à Internet depuis ce virus via mon wifi, mais uniquement en filaire. Dès que je débranche mon cable, mon pc ne détecte plus ma box. Comment puis-je réparer mon wifi ? Un tout grand merci !
-
Juste pour ajouter une petite modif dans mon rapport findykill : désormais, dès que je lance la recherche, mon processus winupgro.exe se stoppe (mais pas ses effets indésirables). Il est en revanche toujours présent et réapparaît à chaque redémarrage. C'est comme si il se stoppait de lui-même pour ne pas être repéré par Findykill... Et je ne comprends vraiment pas pourquoi je n'arrive pas à utiliser la fonction 2 de Findykill "Suppression de fichiers infectieux" =>est-ce que winupgro empêche de le faire bien fonctionner ? Merci Ci joint mon deuxième rapport : ----------------- FindyKill V4.710 ------------------ * User : Bib's - PC-DE-BIBS * Emplacement : C:\Program Files\FindyKill * Outils Mis a jours le 21/12/08 par Chiquitine29 * Recherche effectuée à 11:52:50 le 24/12/2008 * Windows Vista - Internet Explorer 7.0.6000.16764 ((((((((((((((((( *** Recherche *** )))))))))))))))))) --------------- [ Processus actifs ] ---------------- C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Bib's\AppData\Roaming\drivers\winupgro.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\conime.exe --------------- [ Processus infectieux stoppés ] ---------------- "C:\Users\Bib's\AppData\Roaming\drivers\winupgro.exe" (2264) --------------- [ Fichiers/Dossiers infectieux ] ---------------- »»»» Presence des fichiers dans C: »»»» Presence des fichiers dans C:\Windows »»»» Presence des fichiers dans C:\Windows\Prefetch Found ! - C:\Windows\prefetch\100059.EXE-B9CF3ECD.pf Found ! - C:\Windows\prefetch\124020.EXE-E4DA37E7.pf Found ! - C:\Windows\prefetch\265201.EXE-559AF4FA.pf Found ! - C:\Windows\prefetch\353888.EXE-7BD7D6A1.pf Found ! - C:\Windows\prefetch\73882.EXE-BA4F33D6.pf Found ! - C:\Windows\prefetch\FLEC006.EXE-5B670364.pf Found ! - C:\Windows\Prefetch\KEY_GEN.EXE-478AB767.pf »»»» Presence des fichiers dans C:\Windows\system32 Found ! [24/12/2008 11:51] - C:\Windows\system32\mdelk.exe Found ! [24/12/2008 11:51] - C:\Windows\system32\wintems.exe Found ! [24/12/2008 11:51] - C:\Windows\system32\ban_list.txt »»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming »»»» Presence des fichiers dans C:\Windows\system32\drivers Found ! [23/12/2008 23:09] - C:\Windows\system32\drivers\srosa2.sys »»»» Presence des fichiers dans C:\Users\Bib's\AppData\Roaming Found ! [24/12/2008 11:51] - "C:\Users\Bib's\AppData\Roaming\m\flec006.exe" Found ! [24/12/2008 11:52] - "C:\Users\Bib's\AppData\Roaming\m\list.oct" Found ! [24/12/2008 11:52] - "C:\Users\Bib's\AppData\Roaming\m\data.oct" Found ! [24/12/2008 11:52] - "C:\Users\Bib's\AppData\Roaming\m\srvlist.oct" Found ! [24/12/2008 11:53] - "C:\Users\Bib's\AppData\Roaming\m\shared" Found ! [24/12/2008 11:06] - "C:\Users\Bib's\AppData\Roaming\m" Found ! [24/12/2008 11:02] - "C:\Users\Bib's\AppData\Roaming\drivers" Found ! [24/12/2008 11:50] - "C:\Users\Bib's\AppData\Roaming\drivers\srosa.sys" Found ! [24/12/2008 11:50] - "C:\Users\Bib's\AppData\Roaming\drivers\srosa2.sys" Found ! [16/08/2006 08:10] - "C:\Users\Bib's\AppData\Roaming\drivers\winupgro.exe" Found ! [24/12/2008 11:52] - "C:\Users\Bib's\AppData\Roaming\drivers\downld" Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\100059.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\100558.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\101338.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\105409.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\107406.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1074612.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\107734.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1077701.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1077717.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1080306.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1099042.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1099697.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1099994.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1114237.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1143019.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1143549.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1143565.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\115113.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1153346.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1154485.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1154875.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1155577.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1156154.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1156685.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1174125.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1174703.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1175015.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1180521.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1182113.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1182440.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\118264.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\119106.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1197026.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\120370.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1205794.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1206059.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1206090.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\121087.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\121384.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\124020.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\125814.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\129574.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\134082.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\139683.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\155314.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\156983.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\157186.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\157311.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\157654.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\157732.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\168013.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\168496.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\168652.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\169245.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\169307.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\169978.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\170025.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\170399.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\170961.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\171226.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\171289.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\171694.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\171881.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\171975.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\172240.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\172521.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\172552.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\173129.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\178246.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\181522.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\181819.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\182287.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\182973.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\183769.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\184221.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\184377.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\184783.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\185547.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\186187.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\186811.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\188511.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\188761.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\189354.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\189728.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\189775.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\190087.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\195438.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\196732.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\197154.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\199462.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\200710.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\201038.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\206560.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\207621.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\208011.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\211677.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\212426.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\213253.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\213799.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\219899.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\220148.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\220367.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\220445.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\221022.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\221474.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\228276.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\228947.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\228993.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\231552.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\231833.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\232035.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\243751.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\244609.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\245358.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\250849.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\251411.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\251676.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\254843.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\256403.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\257152.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\258244.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\258821.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\259429.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\265201.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\266090.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\266558.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\266730.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\275326.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\276620.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\276917.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\283953.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\285029.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\285435.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\293250.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\293671.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\293687.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\302813.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\303796.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\304170.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\304794.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\305403.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\305808.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\307384.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\307930.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\307977.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\322204.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\322781.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\323062.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\331938.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\333296.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\333623.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\353888.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\361844.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\362171.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\362234.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41842822.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41843180.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41871058.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41871401.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41871713.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41961055.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41984564.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41984595.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41984611.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41995812.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41996592.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41996966.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41997575.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41998261.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\41998947.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42014563.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42014906.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42015218.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42024812.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42025514.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42025826.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42040522.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42049585.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42049726.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\42049757.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\63227.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\68266.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\68328.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\68546.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\71557.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\71620.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\73882.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\76580.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\78530.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\80090.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\81167.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\81182.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\81448.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\81463.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\83944.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\85285.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\90761.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\94333.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\98046.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\99528.exe Found ! [24/12/2008 11:52] - C:\Users\Bib's\AppData\Roaming\drivers\downld\99544.exe »»»» Presence des fichiers dans C:\Users\Bib's\AppData\Local\Temp Found ! - C:\Users\Bib's\AppData\Local\Temp\PatchByFile.tmp Found ! - C:\Users\Bib's\AppData\Local\Temp\NeroDemo11545\Setup\APATCH.DLL »»»» Presence des fichiers dans C:\Users\Bib's\Local Settings\Temporary Internet Files\Content.IE5 Found ! [23/12/2008 21:20] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVBB1S6E\b64[1].jpg Found ! [23/12/2008 22:13] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVBB1S6E\b64[2].jpg Found ! [23/12/2008 21:21] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVBB1S6E\b64_2[1].jpg Found ! [23/12/2008 23:03] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVBB1S6E\b64_3[1].jpg Found ! [23/12/2008 23:20] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVBB1S6E\b64_3[2].jpg Found ! [24/12/2008 11:02] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVBB1S6E\b64_3[3].jpg Found ! [23/12/2008 23:06] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M17UX8AY\b64_2[1].jpg Found ! [23/12/2008 23:13] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M17UX8AY\b64_2[2].jpg Found ! [23/12/2008 23:22] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M17UX8AY\b64_2[3].jpg Found ! [24/12/2008 10:59] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M17UX8AY\b64_2[4].jpg Found ! [24/12/2008 11:03] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4AJWNUV\b64[1].jpg Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4AJWNUV\b64_2[1].jpg Found ! [23/12/2008 22:12] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4AJWNUV\b64_3[1].jpg Found ! [24/12/2008 11:51] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4AJWNUV\b64_3[2].jpg Found ! [23/12/2008 23:20] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZD9X7N8\b64[1].jpg Found ! [24/12/2008 11:51] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZD9X7N8\b64[2].jpg Found ! [19/12/2008 21:50] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M950S09V\6363482ACBA3F4149C3D5B7B643D3[1].jpg Found ! [08/12/2008 21:27] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MT1GPO3C\1F95E9393DDE399DFC95B648AD1A9[1].jpg --------------- [ Registre / Startup ] ---------------- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ehTray.exe=C:\Windows\ehome\ehTray.exe msnmsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background RocketDock="C:\Program Files\RocketDock\RocketDock.exe" swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Lyad=C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart BitTorrent DNA="C:\Program Files\DNA\btdna.exe" DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide IgfxTray=C:\Windows\system32\igfxtray.exe HotKeysCmds=C:\Windows\system32\hkcmd.exe Persistence=C:\Windows\system32\igfxpers.exe SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe QPService="C:\Program Files\HP\QuickPlay\QPService.exe" QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start HP Health Check Scheduler=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe hpWirelessAssistant=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe WAWifiMessage=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" WinampAgent=C:\Program Files\Winamp\winampa.exe Symantec PIF AlertEng="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" avast!=C:\PROGRA~1\AVASTS~1\Avast4\ashDisp.exe Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" NeroFilterCheck=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents= <NO NAME>= HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL= Installed=1 <NO NAME>= HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI= NoChange=1 Installed=1 <NO NAME>= HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS= Installed=1 <NO NAME>= [HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen] [HKEY_CURRENT_USER\software\local appwizard-generated applications\RocketDock] [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro] --------------- [ Registre / Clés infectieuses ] ---------------- Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\bisoft Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\DateTime4 Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\FirtR Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\MuleAppData Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA Found ! - HKEY_CURRENT_USER\Software\bisoft Found ! - HKEY_CURRENT_USER\Software\DateTime4 Found ! - HKEY_CURRENT_USER\Software\FirtR Found ! - HKEY_CURRENT_USER\Software\MuleAppData --------------- [ Etat / Services ] ---------------- +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ] /!\ Ndisuio - Type de démarrage = 4 EapHost - Type de démarrage = 3 Wlansvc - Type de démarrage = 2 /!\ SharedAccess - Type de démarrage = 4 /!\ wuauserv - Type de démarrage = 4 /!\ wscsvc - Type de démarrage = 4 /!\ WinDefend - Type de démarrage = 4 --------------- [ Recherche dans supports amovibles] ---------------- +- Informations : C: - Lecteur fixe D: - Lecteur fixe +- presence des fichiers : --------------- [ Registre / Mountpoint2 ] ---------------- Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2a25ae8-5041-11dd-9c5a-001b382e2527}\Shell\AutoRun\command ------------------- ! Fin du rapport ! --------------------
-
Salut, Je sollicite moi aussi votre aide car ma situation est identique, à savoir que j'ai été infecté par winupgro. Sur les conseils d'un forum, j'ai installé Findykill qui était censé trouver et supprimer les dossiers infectueux; Si je n'ai pas eu de difficultés à exécuter la première étape, je ne parviens en revanche pas à supprimer les dossiers infectés; En effet, dès le début de cette étape, Findykill m'annonce qu'il fera redémarrer mon PC 2 fois, mais dès le premier redémarrage, Findykill ne reprend pas, comme si je ne l'avais jamais lancé... Je suis donc venu sur ce forum et installé Mbam. Il m'a trouvé 12 fichiers infectieux et me les a supprimé...sauf Winupgro... car au redémarrage, Winupgro était toujours bel et bien présent ? Ai-je loupé une étape ou mal exécuté qqch ? Voici, en espérant que cela puisse vous aider, les rapports générés par Findykill et Mbam : 1. Recherche de fichiers infectieux par Findykill : ----------------- FindyKill V4.710 ------------------ * User : Bib's - PC-DE-BIBS * Emplacement : C:\Program Files\FindyKill * Outils Mis a jours le 21/12/08 par Chiquitine29 * Recherche effectuée à 22:47:34 le 23/12/2008 * Windows Vista - Internet Explorer 7.0.6000.16764 ((((((((((((((((( *** Recherche *** )))))))))))))))))) --------------- [ Processus actifs ] ---------------- C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe --------------- [ Fichiers/Dossiers infectieux ] ---------------- »»»» Presence des fichiers dans C: »»»» Presence des fichiers dans C:\Windows »»»» Presence des fichiers dans C:\Windows\Prefetch Found ! - C:\Windows\prefetch\265201.EXE-559AF4FA.pf Found ! - C:\Windows\prefetch\353888.EXE-7BD7D6A1.pf Found ! - C:\Windows\prefetch\FLEC006.EXE-5B670364.pf Found ! - C:\Windows\Prefetch\KEY_GEN.EXE-478AB767.pf »»»» Presence des fichiers dans C:\Windows\system32 Found ! [23/12/2008 22:12] - C:\Windows\system32\mdelk.exe Found ! [23/12/2008 22:12] - C:\Windows\system32\wintems.exe Found ! [23/12/2008 22:13] - C:\Windows\system32\ban_list.txt »»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming »»»» Presence des fichiers dans C:\Windows\system32\drivers »»»» Presence des fichiers dans C:\Users\Bib's\AppData\Roaming Found ! [23/12/2008 22:13] - "C:\Users\Bib's\AppData\Roaming\m\flec006.exe" Found ! [23/12/2008 22:13] - "C:\Users\Bib's\AppData\Roaming\m\list.oct" Found ! [23/12/2008 22:13] - "C:\Users\Bib's\AppData\Roaming\m\data.oct" Found ! [23/12/2008 22:13] - "C:\Users\Bib's\AppData\Roaming\m\srvlist.oct" Found ! [23/12/2008 22:17] - "C:\Users\Bib's\AppData\Roaming\m\shared" Found ! [23/12/2008 21:20] - "C:\Users\Bib's\AppData\Roaming\m" Found ! [23/12/2008 21:19] - "C:\Users\Bib's\AppData\Roaming\drivers" Found ! [23/12/2008 21:56] - "C:\Users\Bib's\AppData\Roaming\drivers\srosa.sys" Found ! [23/12/2008 21:56] - "C:\Users\Bib's\AppData\Roaming\drivers\srosa2.sys" Found ! [16/08/2006 08:10] - "C:\Users\Bib's\AppData\Roaming\drivers\winupgro.exe" Found ! [23/12/2008 22:14] - "C:\Users\Bib's\AppData\Roaming\drivers\downld" Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1074612.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1077701.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1077717.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1080306.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1099042.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1099697.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1099994.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1114237.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1143019.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1143549.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1143565.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1153346.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1154485.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1154875.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1155577.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1156154.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1156685.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1174125.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1174703.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1175015.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1180521.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1182113.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1182440.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1197026.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1205794.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1206059.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\1206090.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\228276.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\228947.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\228993.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\250849.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\251411.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\251676.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\265201.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\293250.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\293671.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\293687.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\302813.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\303796.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\304170.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\304794.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\305403.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\305808.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\322204.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\322781.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\323062.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\331938.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\333296.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\333623.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\353888.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\361844.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\362171.exe Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Roaming\drivers\downld\362234.exe »»»» Presence des fichiers dans C:\Users\Bib's\AppData\Local\Temp Found ! - C:\Users\Bib's\AppData\Local\Temp\PatchByFile.tmp Found ! - C:\Users\Bib's\AppData\Local\Temp\NeroDemo11545\Setup\APATCH.DLL »»»» Presence des fichiers dans C:\Users\Bib's\Local Settings\Temporary Internet Files\Content.IE5 Found ! [23/12/2008 21:20] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVBB1S6E\b64[1].jpg Found ! [23/12/2008 22:13] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVBB1S6E\b64[2].jpg Found ! [23/12/2008 21:21] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVBB1S6E\b64_2[1].jpg Found ! [23/12/2008 22:14] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4AJWNUV\b64_2[1].jpg Found ! [23/12/2008 22:12] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4AJWNUV\b64_3[1].jpg Found ! [19/12/2008 21:50] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\M950S09V\6363482ACBA3F4149C3D5B7B643D3[1].jpg Found ! [08/12/2008 21:27] - C:\Users\Bib's\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MT1GPO3C\1F95E9393DDE399DFC95B648AD1A9[1].jpg --------------- [ Registre / Startup ] ---------------- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun ehTray.exe=C:\Windows\ehome\ehTray.exe msnmsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background RocketDock="C:\Program Files\RocketDock\RocketDock.exe" swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Lyad=C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart BitTorrent DNA="C:\Program Files\DNA\btdna.exe" DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide IgfxTray=C:\Windows\system32\igfxtray.exe HotKeysCmds=C:\Windows\system32\hkcmd.exe Persistence=C:\Windows\system32\igfxpers.exe SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe QPService="C:\Program Files\HP\QuickPlay\QPService.exe" QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start HP Health Check Scheduler=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe hpWirelessAssistant=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe WAWifiMessage=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" WinampAgent=C:\Program Files\Winamp\winampa.exe Symantec PIF AlertEng="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" avast!=C:\PROGRA~1\AVASTS~1\Avast4\ashDisp.exe Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" NeroFilterCheck=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents= <NO NAME>= HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL= Installed=1 <NO NAME>= HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI= NoChange=1 Installed=1 <NO NAME>= HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS= Installed=1 <NO NAME>= [HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen] [HKEY_CURRENT_USER\software\local appwizard-generated applications\RocketDock] [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro] --------------- [ Registre / Clés infectieuses ] ---------------- Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\bisoft Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\DateTime4 Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\FirtR Found ! - HKEY_USERS\S-1-5-21-81689522-3102959000-3166865149-1000\Software\MuleAppData Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA Found ! - HKEY_CURRENT_USER\Software\bisoft Found ! - HKEY_CURRENT_USER\Software\DateTime4 Found ! - HKEY_CURRENT_USER\Software\FirtR Found ! - HKEY_CURRENT_USER\Software\MuleAppData Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s --------------- [ Etat / Services ] ---------------- +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ] /!\ Ndisuio - Type de démarrage = 4 EapHost - Type de démarrage = 3 Wlansvc - Type de démarrage = 2 /!\ SharedAccess - Type de démarrage = 4 /!\ wuauserv - Type de démarrage = 4 /!\ wscsvc - Type de démarrage = 4 /!\ WinDefend - Type de démarrage = 4 --------------- [ Recherche dans supports amovibles] ---------------- +- Informations : C: - Lecteur fixe D: - Lecteur fixe +- presence des fichiers : --------------- [ Registre / Mountpoint2 ] ---------------- Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2a25ae8-5041-11dd-9c5a-001b382e2527}\Shell\AutoRun\command ------------------- ! Fin du rapport ! -------------------- 2. Comme impossible à supprimer, j'ai utilisé MBAM : Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1538 Windows 6.0.6000 24/12/2008 10:58:11 mbam-log-2008-12-24 (10-58-11).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 161242 Temps écoulé: 1 hour(s), 38 minute(s), 28 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Users\Bib's\AppData\Roaming\m (Trojan.Agent) -> Delete on reboot. Fichier(s) infecté(s): C:\Users\Bib's\AppData\Roaming\drivers\srosa2.sys (Worm.Bagel) -> Quarantined and deleted successfully. C:\Users\Bib's\AppData\Roaming\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Bib's\AppData\Roaming\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Bib's\AppData\Roaming\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully. C:\Windows\System32\wintems.exe (Trojan.Spammer) -> Delete on reboot. C:\Users\Bib's\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully. En conclusion, je suis perdu, jai essayé les 2 solutions les plus préconisés par les forums et ce ne marche pas... Mbam m'a apparemment bien supprimer des fichiers indésirables, mais pas tous, puisque Findykill a l'air d'en avoir trouvé bien plus, mais ne parvient pas à les supprimer... Si l'un de vous saurait m'aider...