Sujet Précédent Sujet Suivant

Virus Dr guard

Fermé
Leya - 1 mars 2010 à 20:33
 Leya - 2 mars 2010 à 15:07
Bonjour,
J'ai vu vos messages sur la suppression de ce virus. Mais à la fin du rapport opéré par AD-Remover je sais pas quoi faire. ce virus à l'air vraiment coriace et j'ai peur pour mon PC ...

Merci beaucoup de votre aide
A voir également:

6 réponses

Réponse 1 / 6
Helpeur95 Messages postés 79 Date d'inscription dimanche 4 octobre 2009 Statut Membre Dernière intervention 24 juillet 2011 24
1 mars 2010 à 20:40
Bonsoir
Suivre ce tutoriel , pour la suppression du virus Dr guard :
http://www.commentcamarche.net/faq/26988-dr-guard

Tenez moi au courant

Si vous avez résolu le problème : cliquez sur " Résolu "

Sinon je suis à votre disposition

Cordialement,
Helpeur95
0
Réponse 2 / 6
Leya
2 mars 2010 à 11:56
Oui j'ai suivi le tutoriel, au moment de la première étape, je n'ai pas trouvé "DR. Guard", donc je l'ai rechercher et effacer les dossier où le nom apparaissait ... Mais je ne suis pas sure d'avoir tout effacé!
0
Réponse 3 / 6
Leya
2 mars 2010 à 13:38
Je viens de finir l'analyse avec List'em et j'ai le rapport "COMPLETED" et sur le tuto il faut le poster ... Mais je ne sais pas où ^^
0
Réponse 4 / 6
Helpeur95 Messages postés 79 Date d'inscription dimanche 4 octobre 2009 Statut Membre Dernière intervention 24 juillet 2011 24
2 mars 2010 à 14:19
Poste le ici ;)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Leya
2 mars 2010 à 14:25
List'em by g3n-h@ckm@n 1.2.8.2

User : leila (Administrateurs)
Update on 01/03/2010 by g3n-h@ckm@n ::::: 11.30
Start at: 12:22:26 | 02/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Turion(tm) 64 X2 Mobile Technology TL-62
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Disabled
AV : Dr. Guard 1.0 [ Enabled | (!) Outdated ]

C:\ -> Disque fixe local | 111,69 Go (58,77 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 111,43 Go (111,34 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Users\leila\AppData\Local\Temp\iqgfypvt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\leila\AppData\Local\Temp\jmp01vxt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\leila\Desktop\Virus Removal Tool\setup_9.0.0.722_01.03.2010_10-09\setup_9.0.0.722_01.03.2010_10-09.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Users\leila\AppData\Local\Temp\AE0A.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
uishf9wuifwuh387fh3wufinhjfdwefe REG_SZ C:\Users\leila\AppData\Local\Temp\jmp01vxt.exe
Remote System Protection REG_SZ rundll32.exe C:\Windows\system32\zd4vt3.dll, HUI_proc

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
24462 REG_SZ C:\Users\leila\AppData\Local\Temp\iqgfypvt.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
*WerKernelReporting REG_EXPAND_SZ %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableTaskMgr REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)
allocatecdroms REG_SZ 0
Taskman REG_SZ C:\RECYCLER\S-1-5-21-8267254438-0047955639-152972999-7280\nissan.exe

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{A3BA40A2-74F0-42BD-F434-00B15A2C8953}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7ABF207-AB0A-463C-8A3E-84E70B83EEA1}: DhcpNameServer=10.188.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7ABF207-AB0A-463C-8A3E-84E70B83EEA1}: DhcpNameServer=10.188.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A7ABF207-AB0A-463C-8A3E-84E70B83EEA1}: DhcpNameServer=10.188.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.188.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.188.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.188.0.1

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x4 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\leila\AppData\Local\Temp\AE0A.tmp
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\leila\AppData\Local\Temp\AE0A.tmp
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\leila\AppData\Local\Temp\AE0A.tmp
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
##
19048,4f4fcb8b6ea06784fb6d475b7ec7300f,6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\leila\AppData\Local\Temp\AE0A.tmp
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\leila\AppData\Local\Temp\AE0A.tmp
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\leila\AppData\Local\Temp\AE0A.tmp
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\lsass.exe
Present !! : C:\Windows\System32\ACER.exe
Present !! : C:\Windows\System32\service
Present !! : C:\Windows\System32\x64
Present !! : C:\Users\leila\Local Settings\Temp\1.ico
Present !! : C:\Users\leila\Local Settings\Temp\2.ico
Present !! : C:\Users\leila\Local Settings\Temp\238.exe
Present !! : C:\Users\leila\Local Settings\Temp\3.ico
Present !! : C:\Users\leila\Local Settings\Temp\366.exe
Present !! : C:\Users\leila\Local Settings\Temp\516.exe
Present !! : C:\Users\leila\Local Settings\Temp\drg.dat
Present !! : C:\Users\leila\LOCAL Settings\Temp\238.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\366.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\516.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\asd698C.tmp.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\asr64_ldm.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\c9r5679.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\hha5ri.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\hruw7.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\iqgfypvt.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\itsrdx.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\MsgPlusUninstall.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\n1cepfx7.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\RtkBtMnt.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\SHSetup.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\SPAM.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\wwjd9.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\xno4m.exe
Present !! : C:\Users\leila\LOCAL Settings\Temp\drg.dat
Present !! : C:\Users\leila\LOCAL Settings\Temp\drgr.dat
Present !! : C:\Users\leila\LOCAL Settings\Temp\isconfig.dat
Present !! : C:\Users\leila\LOCAL Settings\Temp\TMP1.tmp

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Present !! : "HKCU\Software\Malware Defense"
Present !! : "HKLM\SOFTWARE\Malware Defense"
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}

============


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe >>UNKNOWN [0x87DE6FDA]<<
kernel: MBR read successfully

==========
Programs
==========

Acer
Acer GameZone
Acer Inc
Adobe
Alwil Software
Apoint2K
Apple Software Update
Big Kahuna Reef
Canon
CanonBJ
Common Files
CONEXANT
CyberLink
desktop.ini
DivX
Dr. Guard
Ediser
Fichiers communs
Google
InstallShield Installation Information
Internet Explorer
iPod
iTunes
Java
Launch Manager
List_Kill'em
Malwarebytes' Anti-Malware
Microsoft
Microsoft CAPICOM 2.1.0.2
Microsoft Games
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSXML 4.0
NewTech Infosystems
Norton Security Scan
NortonInstaller
QuickTime
Realtek
Reference Assemblies
ScanSoft
SiteAdvisor
Uninstall Information
VideoLAN
Windows Calendar
Windows Collaboration
Windows Defender
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar

============
Drive C:
============

$RECYCLE.BIN
Acer
Ad-Remover
Ad-Report-CLEAN[1].log
Arcade.log
autoexec.bat
bknowsetup.log
Book
Boot
bootmgr
BOOTSECT.BAK
config.sys
Convesoft
Documents and Settings
DRV
IO.SYS
Kill'em
List'em.txt
lsass.exe
MSDOS.SYS
MSOCache
pagefile.sys
PerfLogs
Program Files
ProgramData
RECYCLER
RHDSetup.log
setup.log
SoftDMA.log
System Volume Information
TB.txt
ToolBar SD
Users
Windows

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 13:26:32,48


Voila merci :)
0
Réponse 6 / 6
Leya
2 mars 2010 à 15:07
Après le scan j'ai effectué la fonction 2: suppression du logiciel List&Kill'em. la tâche est à 85%
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Musique Générique Dr House
Tekalex -
bloodist -

28 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Musique Générique Dr.House
pitchounou38 -
vincent -

4 réponses