Sujet Précédent Sujet Suivant

Supprimer antispyware soft

Fermé
masterkouki - 22 mai 2010 à 13:09
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 - 23 mai 2010 à 22:01
Bonjour,

comme beaucoup d'internautes ici j'ai été infectée par antispyware soft, il n'y a plus que mozilla qui fonctionne c'est vraiment insupportable
j'ai donc téléchargé Malwarebytes et lancé l'examen complet!
que dois faire ensuite? je ne suis pas très douée en informatique donc il faut m'expliquer très simplement et pas à pas :)

merci beaucoup de toute l'aide que vous pourrez m'apporter car j'ai vraiment besoin de mon ordi pour travailler et ce virus bloque tout mes programmes


A voir également:

15 réponses

Réponse 1 / 15
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
Modifié par benurrr le 22/05/2010 à 13:13
bonjour

A la fin du scan cliquer sur Afficher les résultats
Vérifier si tout est coché et cliquer sur Supprimer la sélection
S'il est demandé de redémarrer >>> cliquer sur "Yes"

Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que ­tu es libre...Merci a australe13
0
Réponse 2 / 15
masterkouki
22 mai 2010 à 13:38
ok merci
j'attends que l'analyse se fasse, c'est plus long que je ne pensais!
0
Réponse 3 / 15
masterkouki
22 mai 2010 à 17:50
ça y est! tout à l'air de s'être déroulé normalement et mes programmes ne sont plus bloqués!

cependant j'ai eu un message de malwarebytes disant que tout n'avait pas pu être supprimé!
est ce que c'est suffisant ou dois je faire quelque chose d'autre?
merci
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
22 mai 2010 à 18:51
tu peut poster le rapport stp

tu le trouve dans l'onglet rapport log quand tu lance malwarbyte
0
Réponse 4 / 15
masterkouki
22 mai 2010 à 19:07
voila le rapport

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

22/05/2010 17:36:14
mbam-log-2010-05-22 (17-36-14).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|)
Elément(s) analysé(s): 276611
Temps écoulé: 2 heure(s), 23 minute(s), 39 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mactvava (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-7011289215-3133629092-261218919-7978\MsMxEng.exe,C:\RECYCLER\S-1-5-21-9119401146-2837386129-991815524-3289\MsMxEng.exe,C:\RECYCLER\S-1-5-21-7528299187-2442991759-818064833-4327\MsMxEng.exe,explorer.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Users\Xavière\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Xavière\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KPL6EEJ\rvqxfn[1].html (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Xavière\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KPL6EEJ\wzdcjrp[1].html (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Xavière\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IYJWCPBU\hypwhc[1].html (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\vwvxaotp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\c2e.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.
D:\0fpdq2dw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\31lyx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\8xcrbho6.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\9fo3ar0j.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\q3kku.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\y.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Users\Xavière\AppData\Local\apyppurbf\uilugixtssd.exe (Rogue.AntivirusSuite.Gen) -> Delete on reboot.
C:\Users\Xavière\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
22 mai 2010 à 19:30
? sa va il a bien travailler

Télécharge List_Kill'em

http://sd-1.archive-host.com/...

et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

? Executer Shortcut
? Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

? laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

? Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
0
Réponse 6 / 15
masterkouki
23 mai 2010 à 16:50
voila les résultats du scan
0
Réponse 7 / 15
masterkouki
23 mai 2010 à 16:53
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : Xavière (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 15:42:01 | 23/05/2010

Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 7.0.6000.17037
Windows Firewall Status : Disabled
AV : Microsoft Security Essentials 2.1.6519.0 [ Enabled | Updated ]
AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]2007

C:\ -> Disque fixe local | 91,44 Go (5,64 Go free) [System] | NTFS
D:\ -> Disque fixe local | 45,72 Go (32,42 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible | 962,09 Mo (456,06 Mo free) | FAT32

Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================
0
Réponse 8 / 15
masterkouki
23 mai 2010 à 16:54
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
StartCCC REG_SZ "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
RtHDVCpl REG_SZ RtHDVCpl.exe
SMSERIAL REG_SZ C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
NeroFilterCheck REG_SZ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
ccApp REG_SZ "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
osCheck REG_SZ "c:\Program Files\Norton Internet Security\osCheck.exe"
recinfo199 REG_SZ c:\RecInfo\RecInfo.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
SearchSettings REG_SZ C:\Program Files\pdfforge Toolbar\SearchSettings.exe
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
MSSE REG_SZ "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD -2147483609 (0x80000027)

===============


===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{58702543-8927-1A3D-1438-948CC36582EC}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{79811BDE-8074-D791-D89B-F2DA10BCD63A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8A148D8-A571-DAB3-D145-7B5FCF4BD99B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======

[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B33EEE87-726A-4BB7-B46A-E73E18A095B2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B33EEE87-726A-4BB7-B46A-E73E18A095B2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B33EEE87-726A-4BB7-B46A-E73E18A095B2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/
Local Page REG_EXPAND_SZ %SystemRoot%\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://fr.yahoo.com/
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\Windows\system32\blank.htm
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
0
Réponse 9 / 15
masterkouki
23 mai 2010 à 16:54
========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\Windows\System32\drivers\atapi.sys :
MD5 :: [b35cfcef838382ab6490b321c87edf17]
SHA256 :: [a13985b87b5918d123072c7128e12dc28b0fcfd68383afa6e1da72a25bd781e0]

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys :
MD5 :: [b35cfcef838382ab6490b321c87edf17]
SHA256 :: [a13985b87b5918d123072c7128e12dc28b0fcfd68383afa6e1da72a25bd781e0]

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys :
MD5 :: [4f4fcb8b6ea06784fb6d475b7ec7300f]
SHA256 :: [6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys :
MD5 :: [b35cfcef838382ab6490b321c87edf17]
SHA256 :: [a13985b87b5918d123072c7128e12dc28b0fcfd68383afa6e1da72a25bd781e0]

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys :
MD5 :: [e03e8c99d15d0381e02743c36afc7c6f]
SHA256 :: [8217348674fc4d0c6d567ffc95b14dfd507f47c5a4728c2ba93d72c412e8527b]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: System

Taille du volume = 91.44 Go
Espace libre = 5.56 Go
tendue d'espace libre la plus grande = 207 Mo
Pourcentage de fragmentation des fichiers = 5 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n'cessaire de d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\pdfforge Toolbar\SearchSettings.dll
Present !! : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Present !! : C:\Windows\Temp\13c3522cb9dedf27ba746588.tmp
Present !! : C:\Windows\Temp\1c175098bbf016deb856ee97.tmp
Present !! : C:\Windows\Temp\1e7437baad3bbd14450a3efb.tmp
Present !! : C:\Windows\Temp\25b3b78514b56f22e60722f7.tmp
Present !! : C:\Windows\Temp\2bf67b0eb4860a2dc26dc202.tmp
Present !! : C:\Windows\Temp\2c595e804e0c4639cc790acd.tmp
Present !! : C:\Windows\Temp\3458ac1d53fa8109ddf63a6.tmp
Present !! : C:\Windows\Temp\3bf4659ac73313425fe68fad.tmp
Present !! : C:\Windows\Temp\486b0f6658d4a35dee8a633a.tmp
Present !! : C:\Windows\Temp\48cf1052c63b78fc63130f0b.tmp
Present !! : C:\Windows\Temp\4a33dda41f90931776e6e34a.tmp
Present !! : C:\Windows\Temp\583c8cab572184e565b10ef.tmp
Present !! : C:\Windows\Temp\584cb6f3578c74e120b7b9f0.tmp
Present !! : C:\Windows\Temp\587c413c798339c232ee6949.tmp
Present !! : C:\Windows\Temp\5e02b30641211175cbf932d9.tmp
Present !! : C:\Windows\Temp\62ef382167b59563f9e03821.tmp
Present !! : C:\Windows\Temp\6a44e20fb978f4277c48a30.tmp
Present !! : C:\Windows\Temp\6e39d7f1f9968e1b9449eb5d.tmp
Present !! : C:\Windows\Temp\72331b5ec9cc73e123a97ddd.tmp
Present !! : C:\Windows\Temp\78606574732cdb1280445d6c.tmp
Present !! : C:\Windows\Temp\7dba94a67e57a2ec620fac52.tmp
Present !! : C:\Windows\Temp\829a706f170a5b84e535889d.tmp
Present !! : C:\Windows\Temp\8432b7151377a2eead3ea0da.tmp
Present !! : C:\Windows\Temp\8b586b351a08e00b96d663e1.tmp
Present !! : C:\Windows\Temp\8c16b7298c84ca10d3816d51.tmp
Present !! : C:\Windows\Temp\8e95f151794c68c566c38a27.tmp
Present !! : C:\Windows\Temp\9328f742b6cbb6afc4990298.tmp
Present !! : C:\Windows\Temp\93fbc3d7cf2989d4f3d588dd.tmp
Present !! : C:\Windows\Temp\951fd85427ecb5d5696a685a.tmp
Present !! : C:\Windows\Temp\963d161a8d9b203bef9edb1.tmp
Present !! : C:\Windows\Temp\9b57993c56de77aeb076961d.tmp
Present !! : C:\Windows\Temp\9e753cf6a26ec94a7cf88012.tmp
Present !! : C:\Windows\Temp\a40ab7ada8f2db612d596629.tmp
Present !! : C:\Windows\Temp\a876d2ab9decc78cf43c3b75.tmp
Present !! : C:\Windows\Temp\abd6224160f705b66abea994.tmp
Present !! : C:\Windows\Temp\abf14c68814af824acaeecb2.tmp
Present !! : C:\Windows\Temp\b567d9bdf8d22d777da9ab38.tmp
Present !! : C:\Windows\Temp\b9999c665e5b4abfda548788.tmp
Present !! : C:\Windows\Temp\bc32bf5e59fb5041a7153fe7.tmp
Present !! : C:\Windows\Temp\c0b3c4201af1a7fa67f69639.tmp
Present !! : C:\Windows\Temp\c609bfa1effc21f7364a8a3.tmp
Present !! : C:\Windows\Temp\c8e6339592c5a91672afa131.tmp
Present !! : C:\Windows\Temp\cd6c9a1b944059f1ff85d74b.tmp
Present !! : C:\Windows\Temp\DMI451A.tmp
Present !! : C:\Windows\Temp\DMI6518.tmp
Present !! : C:\Windows\Temp\DMIEC12.tmp
Present !! : C:\Windows\Temp\e1aca758ca32fc7c6158c789.tmp
Present !! : C:\Windows\Temp\e1f74ffede429bfff10a5164.tmp
Present !! : C:\Windows\Temp\e3a9447f797c00135e49359.tmp
Present !! : C:\Windows\Temp\e5650266f01575719ba35bb7.tmp
Present !! : C:\Windows\Temp\ee0db77fe8971b752b6df498.tmp
Present !! : C:\Windows\Temp\f011e08e29e04772bc335dd5.tmp
Present !! : C:\Windows\Temp\f883af9654511cb036a63e4b.tmp
Present !! : C:\Windows\Temp\GURB643.tmp
Present !! : C:\Windows\Temp\GURB7AA.tmp
Present !! : C:\Windows\Temp\GURCB49.tmp
Present !! : C:\Windows\Temp\GURCBC6.tmp
Present !! : C:\Windows\Temp\GURCBF5.tmp
Present !! : C:\Windows\Temp\GURCC62.tmp
Present !! : C:\Windows\Temp\GURD01A.tmp
Present !! : C:\Windows\Temp\GURDA57.tmp
Present !! : C:\Windows\Temp\GUREFCA.tmp
Present !! : C:\Windows\Temp\NCO21D2.tmp
Present !! : C:\Users\XaviSre\AppData\Local\d3d9caps.dat
Present !! : C:\Users\XaviSre\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\XaviSre\AppData\LocalLow\AskToolbar
Present !! : C:\Users\XaviSre\Local Settings\Temp\.bk
Present !! : C:\Users\XaviSre\Local Settings\Temp\afl.log
Present !! : C:\Users\XaviSre\Local Settings\Temp\alm.log
Present !! : C:\Users\XaviSre\Local Settings\Temp\amt.log
Present !! : C:\Users\XaviSre\Local Settings\Temp\VP6.reg
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\AcDeltree.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\AskInstallChecker.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\AutoRun.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\contentDATs.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\eauninstall.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\First15.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\haspdinst_x64.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\hdinst_x64.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\SecurityScan_Release.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\SHSetup.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\SkypeSetup.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\uff8AE2.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\VP6Install.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\wgvyd.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\wlsetup-cvr.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\_isA9C.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\_isBBFF.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\_isDD72.exe
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\isconfig.dat
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\AutoRunGUI.dll
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\ginstall.dll
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\SIntf16.dll
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\SIntf32.dll
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\SIntfNT.dll
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\VP6VFW.dll
Present !! : C:\Users\XaviSre\LOCAL Settings\Temp\_6zfxo2j.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : SearchSettings
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {B922D405-6D13-4A2B-AE89-08A030DA4402}
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {D4027C7F-154A-4066-A1AD-4243D8127440}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {D4027C7F-154A-4066-A1AD-4243D8127440}
Present !! : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks : {00000000-6E41-4FD3-8538-502F5495E5FC}
Present !! : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks : {E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Present !! : "HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"
Present !! : "HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : "HKCU\Software\Search Settings"
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"
Present !! : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}"
Present !! : "HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar"
Present !! : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"
Present !! : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
Present !! : "HKLM\Software\Search Settings"
Present !! : HKCR\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Present !! : HKCR\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Present !! : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Present !! : HKCR\GenericAskToolbar.ToolbarWnd
Present !! : HKCR\GenericAskToolbar.ToolbarWnd.1
Present !! : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Present !! : HKCU\software\appdatalow\AskToolbarInfo
Present !! : HKCU\software\appdatalow\software\AskToolbar
Present !! : HKCU\Software\AppDataLow\Software\pdfforge
Present !! : HKCU\software\Ask.com
Present !! : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Present !! : HKLM\software\classes\appid\GenericAskToolbar.DLL
Present !! : HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Present !! : HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Present !! : HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Present !! : HKLM\software\classes\GenericAskToolbar.ToolbarWnd
Present !! : HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
Present !! : HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Present !! : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Present !! : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Present !! : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Present !! : HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Present !! : HKLM\Software\Conduit
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
Present !! : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Present !! : HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Present !! : HKLM\Software\pdfforge

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 16:07:31
Windows 6.0.6000 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
UacDisableNotify REG_DWORD 1 (0x1)
InternetSettingsDisableNotify REG_DWORD 1 (0x1)
AutoUpdateDisableNotify REG_DWORD 1 (0x1)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 16:07:36,38
0
Réponse 10 / 15
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
23 mai 2010 à 19:53
relance List_Kill'em avec un clic droit "exécuter en tant qu'administrateur"

et fait l'option clean

poste le rapport après suppression
0
Réponse 11 / 15
masterkouki
23 mai 2010 à 20:25
j'ai fait l'option clean, cela a redémarré mon ordinateur et effectué des opérations
mais aucun rapport ne c'est ouvert
où puis-je le trouver?
merci
0
Réponse 12 / 15
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
23 mai 2010 à 21:23
sur le bureau
0
Réponse 13 / 15
masterkouki
23 mai 2010 à 21:40
ok merci !
voila le rapport

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : Xavière (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 19:57:10 | 23/05/2010

Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 7.0.6000.17037
Windows Firewall Status : Disabled
AV : Microsoft Security Essentials 2.1.6519.0 [ Enabled | Updated ]
AV : Norton Internet Security 2007 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]2007

C:\ -> Disque fixe local | 91,44 Go (4,22 Go free) [System] | NTFS
D:\ -> Disque fixe local | 45,72 Go (33,11 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible | 962,09 Mo (456,06 Mo free) | FAT32


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\PresentationSettings.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\pdfforge Toolbar\SearchSettings.dll
Quarantined & Deleted !! : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Quarantined & Deleted !! : C:\Windows\Temp\13c3522cb9dedf27ba746588.tmp
Quarantined & Deleted !! : C:\Windows\Temp\1c175098bbf016deb856ee97.tmp
Quarantined & Deleted !! : C:\Windows\Temp\1e7437baad3bbd14450a3efb.tmp
Quarantined & Deleted !! : C:\Windows\Temp\25b3b78514b56f22e60722f7.tmp
Quarantined & Deleted !! : C:\Windows\Temp\2bf67b0eb4860a2dc26dc202.tmp
Quarantined & Deleted !! : C:\Windows\Temp\2c595e804e0c4639cc790acd.tmp
Quarantined & Deleted !! : C:\Windows\Temp\3458ac1d53fa8109ddf63a6.tmp
Quarantined & Deleted !! : C:\Windows\Temp\3bf4659ac73313425fe68fad.tmp
Quarantined & Deleted !! : C:\Windows\Temp\486b0f6658d4a35dee8a633a.tmp
Quarantined & Deleted !! : C:\Windows\Temp\48cf1052c63b78fc63130f0b.tmp
Quarantined & Deleted !! : C:\Windows\Temp\4a33dda41f90931776e6e34a.tmp
Quarantined & Deleted !! : C:\Windows\Temp\583c8cab572184e565b10ef.tmp
Quarantined & Deleted !! : C:\Windows\Temp\584cb6f3578c74e120b7b9f0.tmp
Quarantined & Deleted !! : C:\Windows\Temp\587c413c798339c232ee6949.tmp
Quarantined & Deleted !! : C:\Windows\Temp\5e02b30641211175cbf932d9.tmp
Quarantined & Deleted !! : C:\Windows\Temp\62ef382167b59563f9e03821.tmp
Quarantined & Deleted !! : C:\Windows\Temp\6a44e20fb978f4277c48a30.tmp
Quarantined & Deleted !! : C:\Windows\Temp\6e39d7f1f9968e1b9449eb5d.tmp
Quarantined & Deleted !! : C:\Windows\Temp\72331b5ec9cc73e123a97ddd.tmp
Quarantined & Deleted !! : C:\Windows\Temp\78606574732cdb1280445d6c.tmp
Quarantined & Deleted !! : C:\Windows\Temp\7dba94a67e57a2ec620fac52.tmp
Quarantined & Deleted !! : C:\Windows\Temp\829a706f170a5b84e535889d.tmp
Quarantined & Deleted !! : C:\Windows\Temp\8432b7151377a2eead3ea0da.tmp
Quarantined & Deleted !! : C:\Windows\Temp\8b586b351a08e00b96d663e1.tmp
Quarantined & Deleted !! : C:\Windows\Temp\8c16b7298c84ca10d3816d51.tmp
Quarantined & Deleted !! : C:\Windows\Temp\8e95f151794c68c566c38a27.tmp
Quarantined & Deleted !! : C:\Windows\Temp\9328f742b6cbb6afc4990298.tmp
Quarantined & Deleted !! : C:\Windows\Temp\93fbc3d7cf2989d4f3d588dd.tmp
Quarantined & Deleted !! : C:\Windows\Temp\951fd85427ecb5d5696a685a.tmp
Quarantined & Deleted !! : C:\Windows\Temp\963d161a8d9b203bef9edb1.tmp
Quarantined & Deleted !! : C:\Windows\Temp\9b57993c56de77aeb076961d.tmp
Quarantined & Deleted !! : C:\Windows\Temp\9e753cf6a26ec94a7cf88012.tmp
Quarantined & Deleted !! : C:\Windows\Temp\a40ab7ada8f2db612d596629.tmp
Quarantined & Deleted !! : C:\Windows\Temp\a876d2ab9decc78cf43c3b75.tmp
Quarantined & Deleted !! : C:\Windows\Temp\abd6224160f705b66abea994.tmp
Quarantined & Deleted !! : C:\Windows\Temp\abf14c68814af824acaeecb2.tmp
Quarantined & Deleted !! : C:\Windows\Temp\b567d9bdf8d22d777da9ab38.tmp
Quarantined & Deleted !! : C:\Windows\Temp\b9999c665e5b4abfda548788.tmp
Quarantined & Deleted !! : C:\Windows\Temp\bc32bf5e59fb5041a7153fe7.tmp
Quarantined & Deleted !! : C:\Windows\Temp\c0b3c4201af1a7fa67f69639.tmp
Quarantined & Deleted !! : C:\Windows\Temp\c609bfa1effc21f7364a8a3.tmp
Quarantined & Deleted !! : C:\Windows\Temp\c8e6339592c5a91672afa131.tmp
Quarantined & Deleted !! : C:\Windows\Temp\cd6c9a1b944059f1ff85d74b.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI451A.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMI6518.tmp
Quarantined & Deleted !! : C:\Windows\Temp\DMIEC12.tmp
Quarantined & Deleted !! : C:\Windows\Temp\e1aca758ca32fc7c6158c789.tmp
Quarantined & Deleted !! : C:\Windows\Temp\e1f74ffede429bfff10a5164.tmp
Quarantined & Deleted !! : C:\Windows\Temp\e3a9447f797c00135e49359.tmp
Quarantined & Deleted !! : C:\Windows\Temp\e5650266f01575719ba35bb7.tmp
Quarantined & Deleted !! : C:\Windows\Temp\ee0db77fe8971b752b6df498.tmp
Quarantined & Deleted !! : C:\Windows\Temp\f011e08e29e04772bc335dd5.tmp
Quarantined & Deleted !! : C:\Windows\Temp\f883af9654511cb036a63e4b.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURB643.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURB7AA.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURCB49.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURCBC6.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURCBF5.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURCC62.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURD01A.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GURDA57.tmp
Quarantined & Deleted !! : C:\Windows\Temp\GUREFCA.tmp
Quarantined & Deleted !! : C:\Windows\Temp\NCO21D2.tmp
Quarantined & Deleted !! : C:\Users\XaviSre\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\XaviSre\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\XaviSre\AppData\LocalLow\AskToolbar
Quarantined & Deleted !! : C:\Users\XaviSre\Local Settings\Temp\.bk
Quarantined & Deleted !! : C:\Users\XaviSre\Local Settings\Temp\afl.log
Quarantined & Deleted !! : C:\Users\XaviSre\Local Settings\Temp\alm.log
Quarantined & Deleted !! : C:\Users\XaviSre\Local Settings\Temp\amt.log
Quarantined & Deleted !! : C:\Users\XaviSre\Local Settings\Temp\VP6.reg
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\AcDeltree.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\AskInstallChecker.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\AutoRun.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\contentDATs.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\eauninstall.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\First15.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\haspdinst_x64.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\hdinst_x64.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\SecurityScan_Release.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\SHSetup.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\SkypeSetup.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\uff8AE2.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\VP6Install.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\wgvyd.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\wlsetup-cvr.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\_isA9C.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\_isBBFF.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\_isDD72.exe
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\isconfig.dat
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\AutoRunGUI.dll
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\ginstall.dll
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\SIntf16.dll
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\SIntf32.dll
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\SIntfNT.dll
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\VP6VFW.dll
Quarantined & Deleted !! : C:\Users\XaviSre\LOCAL Settings\Temp\_6zfxo2j.dll
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$I265YPX.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$I36QCBL.avi
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$I42JTB6.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$I7MZG60.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$I9UUMTK.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IA5EBBK.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IAA5QT6.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IAS0YLJ.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IBF842H.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IBHGQ2H.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$ID599FM.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$ID5MMTC.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IDKHUX4.vwx
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IE099Z3.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IG5IK40.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IH3741R.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$II1K8Y5.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IJ6626M.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IL8RHOP.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$ILZ9982
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IM3ST2H.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IMYB69C.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$INU39C5.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IP82UV2.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IPF4450.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IRB8S0X.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IS30J0V.avi
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$ISJ9UVJ.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$ITIPQ8Z.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$ITZRSAC.avi
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IUYRHLN.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IVOAOC5.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IVTYEMV.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IVVHLTV.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IWHFKYT.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IWQBMA0.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IWSUMR2.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IX5YZJN.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IXOOCNL.zip
Deleted !! : C:\$Recycle.bin\S-1-5-21-2216252805-27747377-2183292881-1000\$IZS778K.psd
0
Réponse 14 / 15
masterkouki
23 mai 2010 à 21:42
=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : SearchSettings
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {B922D405-6D13-4A2B-AE89-08A030DA4402}
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks : {00000000-6E41-4FD3-8538-502F5495E5FC}
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks : {E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : "HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"
Deleted : "HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Deleted : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : "HKCU\Software\Search Settings"
Deleted : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}"
Deleted : "HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}"
Deleted : "HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar"
Deleted : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}"
Deleted : "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
Deleted : "HKLM\Software\Search Settings"
Deleted : HKCR\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Deleted : HKCR\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCR\GenericAskToolbar.ToolbarWnd
Deleted : HKCR\GenericAskToolbar.ToolbarWnd.1
Deleted : HKCR\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Deleted : HKCU\software\appdatalow\AskToolbarInfo
Deleted : HKCU\software\appdatalow\software\AskToolbar
Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Deleted : HKCU\software\Ask.com
Deleted : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted : HKLM\software\classes\appid\GenericAskToolbar.DLL
Deleted : HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Deleted : HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Deleted : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Deleted : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Deleted : HKLM\Software\Conduit
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted : HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Deleted : HKLM\Software\pdfforge
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
UacDisableNotify REG_DWORD 1 (0x1)
InternetSettingsDisableNotify REG_DWORD 1 (0x1)
AutoUpdateDisableNotify REG_DWORD 1 (0x1)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 15 / 15
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
23 mai 2010 à 22:01
Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit


Tutoriel pour t'aider

https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
0

Discussions similaires

Comment supprimer un compte Facebook sans email ni mot de passe ?
Joris77 -
Mahmoud96 -

23 réponses