Sos Rootkit
Fermé
Sam
-
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Bonjour,
J'ai un rootkit ds mon ordi, à chaq lancement d'avast il est signalé, bien q'à chaque fois j le supprime.
Pourriez vous m'aider svp ?!!
Merci
Sam
Configuration: Windows XP
Opera 9.62Répondre à Sam Signaler ce message aux modérateurs Aller au dernier message1
Ce message vous semble utile, votez !Signaler ce message aux modérateurs totobetourne, le dimanche 25 janvier 2009 à 12:58:23
bonjour
1)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
https://www.commentcamarche.net/telecharger/ 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
2)comme tres util et fait un scan antirootkit passe le (pas sur qu il repere toute l infection)on verra pour autreschose sinon.il est tres util et te reperera peut etre autrechose.
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: http://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
Tant qu'on croira toutes les âneries qu'on peut nous raconter à échelle mondiale on continuera d'aller droit dans le mur voire même d accélérer sur celui ci .
REVEIL DE NOS VIES.
Répondre à totobetourne
2
Ce message vous semble utile, votez !Signaler ce message aux modérateurs Sam, le dimanche 25 janvier 2009 à 15:56:28
Merci, j'ai suivi les instructions ci-dessous les 2 rapports:
RAPPORT HIJACK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:04, on 25/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvwh.exe] C:\WINDOWS\system32\kdvwh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/fr/11/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2965B9F5-2622-4055-9F21-07442B0AC6AC}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{53985A3A-66D9-4099-A236-33B051C832E7}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E5AA468-1D0F-41AF-8C8F-D71E5A2F8C91}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{75626259-843C-44E5-B9CC-7CB3288635EB}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5551029-367C-42D2-A6D1-292913D5A0D8}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABAABC2B-A786-4380-9EAB-E906248EF501}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABDC18F1-B93A-4681-ABC3-D177CBDF2823}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF316031-ADF5-4302-BDDA-EC7C43971915}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3689720-D9AC-4DFE-A06F-3E0940A9C92E}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5470383-0D07-430C-9F3C-0614C594C576}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{2965B9F5-2622-4055-9F21-07442B0AC6AC}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11
O17 - HKLM\System\CS3\Services\Tcpip\..\{2965B9F5-2622-4055-9F21-07442B0AC6AC}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Program Files\Dell\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (WLTRYSVC) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
End of file - 9382 bytes
RAPPORT MALWAREBYTES
Malwarebytes' Anti-Malware 1.33
Database version: 1691
Windows 5.1.2600 Service Pack 3
25/01/2009 15:02:47
mbam-log-2009-01-25 (15-02-47).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 118895
Time elapsed: 1 hour(s), 24 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 64
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{d32667aa-2db2-45ab-a801-6bb9cbb1b81a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f38f89cf-b319-4cb5-81d7-4420ec5b3d1f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8d4ea80-00d9-43be-a614-c0d5c3893b11} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f757152c-fa01-4916-a3df-620d9ecee65b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b576fc38-a12b-4dfb-8b92-e4ba8b1d7014} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdvwh.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166 85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a94cf24e-8192-4ef6-bb2b-d7340c7a6516}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{abdc18f1-b93a-4681-abc3-d177cbdf2823}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166 85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a94cf24e-8192-4ef6-bb2b-d7340c7a6516}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{abdc18f1-b93a-4681-abc3-d177cbdf2823}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166 85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a94cf24e-8192-4ef6-bb2b-d7340c7a6516}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{abdc18f1-b93a-4681-abc3-d177cbdf2823}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\kdvwh.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
Le logiciel indiquait qu'un dossier n pouvait pas être supprimé, il m semble k c'est celui qui contient le rootkit.
Bonjour,
J'ai un rootkit ds mon ordi, à chaq lancement d'avast il est signalé, bien q'à chaque fois j le supprime.
Pourriez vous m'aider svp ?!!
Merci
Sam
Configuration: Windows XP
Opera 9.62Répondre à Sam Signaler ce message aux modérateurs Aller au dernier message1
Ce message vous semble utile, votez !Signaler ce message aux modérateurs totobetourne, le dimanche 25 janvier 2009 à 12:58:23
bonjour
1)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
https://www.commentcamarche.net/telecharger/ 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
2)comme tres util et fait un scan antirootkit passe le (pas sur qu il repere toute l infection)on verra pour autreschose sinon.il est tres util et te reperera peut etre autrechose.
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: http://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
Tant qu'on croira toutes les âneries qu'on peut nous raconter à échelle mondiale on continuera d'aller droit dans le mur voire même d accélérer sur celui ci .
REVEIL DE NOS VIES.
Répondre à totobetourne
2
Ce message vous semble utile, votez !Signaler ce message aux modérateurs Sam, le dimanche 25 janvier 2009 à 15:56:28
Merci, j'ai suivi les instructions ci-dessous les 2 rapports:
RAPPORT HIJACK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:04, on 25/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdvwh.exe] C:\WINDOWS\system32\kdvwh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Dell\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/fr/11/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2965B9F5-2622-4055-9F21-07442B0AC6AC}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{53985A3A-66D9-4099-A236-33B051C832E7}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E5AA468-1D0F-41AF-8C8F-D71E5A2F8C91}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{75626259-843C-44E5-B9CC-7CB3288635EB}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5551029-367C-42D2-A6D1-292913D5A0D8}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABAABC2B-A786-4380-9EAB-E906248EF501}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABDC18F1-B93A-4681-ABC3-D177CBDF2823}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF316031-ADF5-4302-BDDA-EC7C43971915}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3689720-D9AC-4DFE-A06F-3E0940A9C92E}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5470383-0D07-430C-9F3C-0614C594C576}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{2965B9F5-2622-4055-9F21-07442B0AC6AC}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11
O17 - HKLM\System\CS3\Services\Tcpip\..\{2965B9F5-2622-4055-9F21-07442B0AC6AC}: NameServer = 85.255.116.166,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.166 85.255.112.11
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Program Files\Dell\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (WLTRYSVC) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
End of file - 9382 bytes
RAPPORT MALWAREBYTES
Malwarebytes' Anti-Malware 1.33
Database version: 1691
Windows 5.1.2600 Service Pack 3
25/01/2009 15:02:47
mbam-log-2009-01-25 (15-02-47).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 118895
Time elapsed: 1 hour(s), 24 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 64
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{d32667aa-2db2-45ab-a801-6bb9cbb1b81a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f38f89cf-b319-4cb5-81d7-4420ec5b3d1f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e8d4ea80-00d9-43be-a614-c0d5c3893b11} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f757152c-fa01-4916-a3df-620d9ecee65b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b576fc38-a12b-4dfb-8b92-e4ba8b1d7014} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdvwh.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166 85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a94cf24e-8192-4ef6-bb2b-d7340c7a6516}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{abdc18f1-b93a-4681-abc3-d177cbdf2823}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166 85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a94cf24e-8192-4ef6-bb2b-d7340c7a6516}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{abdc18f1-b93a-4681-abc3-d177cbdf2823}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166 85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2965b9f5-2622-4055-9f21-07442b0ac6ac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{53985a3a-66d9-4099-a236-33b051c832e7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6e5aa468-1d0f-41af-8c8f-d71e5a2f8c91}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{75626259-843c-44e5-b9cc-7cb3288635eb}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a5551029-367c-42d2-a6d1-292913d5a0d8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a94cf24e-8192-4ef6-bb2b-d7340c7a6516}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{abaabc2b-a786-4380-9eab-e906248ef501}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{abdc18f1-b93a-4681-abc3-d177cbdf2823}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cf316031-adf5-4302-bdda-ec7c43971915}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d3689720-d9ac-4dfe-a06f-3e0940a9c92e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e5470383-0d07-430c-9f3c-0614c594c576}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.166,85.255.112.11 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\kdvwh.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
Le logiciel indiquait qu'un dossier n pouvait pas être supprimé, il m semble k c'est celui qui contient le rootkit.
A voir également:
- Sos Rootkit
- Rootkit - Télécharger - Antivirus & Antimalwares
- Rootkit hunter - Télécharger - Antivirus & Antimalwares
- Sophos anti rootkit - Télécharger - Antivirus & Antimalwares
- Avg anti rootkit - Télécharger - Antivirus & Antimalwares
- Panda anti-rootkit - Télécharger - Antivirus & Antimalwares
1 réponse
DOUBLON !
Continue sur cette discussion : http://www.commentcamarche.net/forum/affich 10685103 sos rootkit
Continue sur cette discussion : http://www.commentcamarche.net/forum/affich 10685103 sos rootkit
