Sujet Précédent Sujet Suivant

Defense center virus

joegambite Messages postés 48 Statut Membre -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
J'ai un petit problème de virus defense center j'aurais besoin d'aide pour l'enlever de mon ordinateur ce virus.
J'ai lancé Malware et voila le rapport
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3775
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/06/2010 15:04:16
mbam-log-2010-06-16 (15-04-16).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 175252
Temps écoulé: 24 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
D:\Documents and Settings\joel\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Delete on reboot.

Si une personne veut bien me donner un coup de main merci d'avance.
A voir également:

35 réponses

Précédent
  • 1
  • 2
Réponse 21 / 35
joegambite Messages postés 48 Statut Membre
 
bien vue

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.1.1 ¤¤¤¤¤¤¤¤¤¤

User : Administrateur (Administrateurs)
Update on 17/06/2010 by g3n-h@ckm@n ::::: 09.40
Start at: 11:45:13 | 17/06/2010

Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Symantec AntiVirus Corporate Edition 10.1.0.394 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 19,77 Go (6,26 Go free) | NTFS
D:\ -> Disque fixe local | 54,76 Go (13,2 Go free) | NTFS
E:\ -> Disque CD-ROM

Boot: Normal

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)

C:\WINDOWS\System32\smss.exe----428 Ko
C:\WINDOWS\system32\csrss.exe----2200 Ko
C:\WINDOWS\system32\winlogon.exe----3092 Ko
C:\WINDOWS\system32\services.exe----3612 Ko
C:\WINDOWS\system32\lsass.exe----1872 Ko
C:\WINDOWS\system32\svchost.exe----5324 Ko
C:\WINDOWS\system32\svchost.exe----4532 Ko
C:\WINDOWS\System32\svchost.exe----26664 Ko
C:\WINDOWS\system32\svchost.exe----4244 Ko
C:\WINDOWS\system32\svchost.exe----3932 Ko
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe----4244 Ko
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe----3760 Ko
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe----4332 Ko
C:\WINDOWS\system32\spoolsv.exe----8228 Ko
C:\WINDOWS\system32\svchost.exe----3788 Ko
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe----2444 Ko
C:\Program Files\Bonjour\mDNSResponder.exe----3704 Ko
C:\Program Files\Symantec AntiVirus\DefWatch.exe----4492 Ko
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe----4640 Ko
C:\Program Files\Java\jre6\bin\jqs.exe----1384 Ko
C:\WINDOWS\System32\svchost.exe----2984 Ko
C:\Program Files\OCS Inventory Agent\ocsservice.exe----2016 Ko
C:\WINDOWS\System32\svchost.exe----2952 Ko
C:\Program Files\CyberLink\Shared Files\RichVideo.exe----3132 Ko
c:\program files\idt\intelxpv_v52\wdm\STacSV.exe----4240 Ko
C:\WINDOWS\system32\svchost.exe----4320 Ko
C:\Program Files\Symantec AntiVirus\Rtvscan.exe----147956 Ko
C:\WINDOWS\system32\wdfmgr.exe----1836 Ko
C:\WINDOWS\system32\wbem\wmiapsrv.exe----4572 Ko
C:\WINDOWS\System32\alg.exe----3628 Ko
C:\WINDOWS\system32\wscntfy.exe----2180 Ko
C:\WINDOWS\Explorer.EXE----15356 Ko
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe----7544 Ko
C:\PROGRA~1\SYMANT~1\VPTray.exe----8240 Ko
C:\WINDOWS\system32\ctfmon.exe----4096 Ko
C:\WINDOWS\system32\rundll32.exe----3264 Ko
C:\Program Files\OpenOffice.org 3\program\soffice.exe----2228 Ko
C:\Program Files\OpenOffice.org 3\program\soffice.bin----21648 Ko
C:\Program Files\Mozilla Firefox\firefox.exe----70524 Ko
C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe----15460 Ko
C:\Program Files\List_Kill'em\List_Kill'em.exe----4628 Ko
C:\WINDOWS\system32\cmd.exe----2860 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe----6840 Ko
C:\Program Files\List_Kill'em\pv.exe----2776 Ko

============
Keys "Run"
============

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Scan Buttons REG_SZ C:\Program Files\NewSoft\Presto! PageManager 8 Standard\PMSB.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
vptray REG_SZ C:\PROGRA~1\SYMANT~1\VPTray.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=============
Other Keys
=============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
DisableTaskMgr REG_DWORD 0 (0x0)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 149 (0x95)
NoActiveDesktopChanges REG_DWORD 0 (0x0)
NoSetActiveDesktop REG_DWORD 0 (0x0)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 0 (0x0)
NoSetActiveDesktop REG_DWORD 0 (0x0)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultUserName REG_SZ joel
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 0 (0x0)
DefaultPassword REG_SZ
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 1 (0x1)
AltDefaultUserName REG_SZ joel
AltDefaultDomainName REG_SZ EQUIPEMENT01
DefaultDomainName REG_SZ EQUIPEMENT01
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe REG_SZ C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EF289A85-8E57-408d-BE47-73B55609861A}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
0
Réponse 22 / 35
joegambite Messages postés 48 Statut Membre
 
BHO :
=====

[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E11FCC7-8A62-4189-99DE-67FFF642A6BB}: DhcpNameServer=194.254.61.141 194.254.61.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E11FCC7-8A62-4189-99DE-67FFF642A6BB}: DhcpNameServer=194.254.61.141 194.254.61.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E11FCC7-8A62-4189-99DE-67FFF642A6BB}: DhcpNameServer=194.254.61.141 194.254.61.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.254.61.141 194.254.61.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.254.61.141 194.254.61.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.254.61.141 194.254.61.138

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://search.conduit.com?SearchSource=10&ctid=CT2542115
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\Windows\$NtServicePackUninstall$\atapi.sys :
[MD5.cdfe4411a69c224bd1d11b2da92dac51]
[SHA256.0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\Windows\ServicePackFiles\i386\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\Windows\system32\drivers\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Utilisation :
defrag <volume> [-a] [-f] [-v] [-?]
lettre du lecteur du volume ou du point de montage (d: ou d:\vol\mountpoint)
-a Analyse uniquement
-f Force la d'fragmentation m^me si l'espace libre est bas
-v Sortie d'taill'e
-? Affiche ce texte d'aide.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : D:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Program Files\WindowsUpdate
Present !! : C:\WINDOWS\003038_.tmp
Present !! : C:\WINDOWS\~DF3794.tmp
Present !! : C:\WINDOWS\Bbt97.INI
Present !! : C:\WINDOWS\System32\26500.exe
Present !! : C:\WINDOWS\System32\6334.exe
Present !! : C:\WINDOWS\System32\pmsbfn32.dll
Present !! : C:\WINDOWS\System32\setb0.tmp
Present !! : C:\WINDOWS\System32\setb1.tmp
Present !! : C:\WINDOWS\System32\x64
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\Softonic_France.exe
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\GLF3B.tmp.tbSoft.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\GLF47.tmp.tbSoft.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\GLF54.tmp.tbSoft.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\GLF60.tmp.tbSoft.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\GLF6C.tmp.tbSoft.dll
Present !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\GLF78.tmp.tbSoft.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_USERS\S-1-5-21-2427849813-457385292-3005070685-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_USERS\S-1-5-21-2427849813-457385292-3005070685-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_USERS\S-1-5-21-2427849813-457385292-3005070685-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_USERS\S-1-5-21-2427849813-457385292-3005070685-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\Software\Conduit
Present !! : HKLM\Software\Conduit

FEATURE_BROWSER_EMULATION | svchost :
====================================

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 11:50:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 11:50:17,28
0
Réponse 23 / 35
Utilisateur anonyme
 
non c'est le rapport de recherche ca ^^
0
Réponse 24 / 35
joegambite Messages postés 48 Statut Membre
 
bonjour
je l'ai pris pourtant dans c?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 35
Utilisateur anonyme
 
il n'y a pas Kill'em.txt dans C:\ ?
0
Réponse 26 / 35
joegambite Messages postés 48 Statut Membre
 
il y a un dossier killem dans c mais il y a rien à l'intérieur
0
Réponse 27 / 35
Utilisateur anonyme
 
tu as eu un scan apres le relancement de l'ordi ?
0
Réponse 28 / 35
joegambite Messages postés 48 Statut Membre
 
non
0
Réponse 29 / 35
Utilisateur anonyme
 
http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/debug.bat

execuute ceci avec le clic droit "executer en tant que......' apres l'avoir enregistré sur ton bureau
0
Réponse 30 / 35
joegambite Messages postés 48 Statut Membre
 
le scan c'est lancé et à nettoyer mon pc.
0
Réponse 31 / 35
joegambite Messages postés 48 Statut Membre
 
mon ordi à lancé mon auto-protec et à trouvé Backdoor.trojan, trojan.fakerAv,
malgré que j'ai désactivée mon antivirus.
Que faire?
0
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Essaye en mode sans échec.

Relance kill'em mais utilise cette fois l'option où il fait inscrit "(MSE)"

A+
0
Réponse 32 / 35
Utilisateur anonyme
 
tu as un "kill'em.txt" sur ton bureau ?
0
Réponse 33 / 35
joegambite Messages postés 48 Statut Membre
 
non je n'ai rien eu sur mon bureau.
Merci de ta patience
0
Réponse 34 / 35
Utilisateur anonyme
 
salut

mode sans echec option "safemode clean"
0
Réponse 35 / 35
joegambite Messages postés 48 Statut Membre
 
toujours sur ma session?
0
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Oui

En mode sans échec.

Tu choisis "safemode clean"

A++
0

Discussions similaires

A quoi sert ETDctrl ? Peut-on le supprimer ?
Siempre2407 -
Siempre2407 -

2 réponses
ETD Control Helper dans System32 - Dois-je le supprimer ?
Miaou -
MisteryBean -

10 réponses
MSI Center ne veut pas se lancer
Ilyass_894 -
Lio-66 -

12 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
A quoi sert ATI Catalyst Control Center ?
Ryder-SCS -
lepinojp -

16 réponses