Problème d'antivirus
Résolu
puce57
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
mon antivirus est arrivé au bout et je ne l'ai pas changé tout de suite... je voudrais installé avg mais chaque fois que je tente l'installation, elle s'arrête au milieu pour faute de place. Je sais que j'ai des virus et j'aimerai savoir quel antivirus je pourrais installer pour remettre un peu en santé mon ordi et pouvoir mettre avg par la suite... Auriez vous des conseils?
mon antivirus est arrivé au bout et je ne l'ai pas changé tout de suite... je voudrais installé avg mais chaque fois que je tente l'installation, elle s'arrête au milieu pour faute de place. Je sais que j'ai des virus et j'aimerai savoir quel antivirus je pourrais installer pour remettre un peu en santé mon ordi et pouvoir mettre avg par la suite... Auriez vous des conseils?
A voir également:
- Problème d'antivirus
- Comodo antivirus - Télécharger - Sécurité
- Norton antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Bitdefender antivirus free - Télécharger - Antivirus & Antimalwares
- Avg free antivirus - Télécharger - Antivirus & Antimalwares
46 réponses
Merci je ferai ça en fin d' après midi la je peux pas... Merci bcp pour ton aide est ce que tu penses qu y a encore bcp de chose à faire?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
il a fini l'analyse ensuite il a mit qu'y supprimait quelque chose puis il a redémarré. Au démarrage, combofix s'est rouvert et là il est en train de préparer le compte-rendu
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
File::
c:\documents and settings\All Users\Application Data\7RcBlT.dat
RenV::
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper .exe
c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmctxth .exe
c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
c:\program files\Hewlett-Packard\Default Settings\cpqset .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\Intel\AMT\atchk .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre1.6.0\bin\jusched .exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp .exe
c:\program files\Logitech\QuickCam\Quickcam .exe
c:\program files\PDF Complete\pdfsty .exe
c:\program files\Pure Networks\Network Magic\nmapp .exe
c:\program files\ScanSoft\PaperPort\IndexSearch .exe
c:\program files\ScanSoft\PaperPort\pptd40nt .exe
c:\program files\ScanSoft\PaperPort\Ereg\Ereg .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\windows\CREATOR\Remind_XP .exe
c:\windows\SMINST\Recguard .exe
c:\windows\SMINST\Scheduler .exe
c:\program files\QuickTime\qttask .exe
Fcopy::
c:\windows\ServicePackFiles\i386\user32.dll|c:\windows\system32\user32.dll
c:\windows\ServicePackFiles\i386\ws2help.dll|c:\windows\system32\ws2help.dll
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
ensuite :
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.2.3 ¤¤¤¤¤¤¤¤¤¤
User : Administrateur (Administrateurs)
Update on 05/08/2010 by g3n-h@ckm@n ::::: 17.50
Start at: 12:01:03 | 08.08.2010
Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Kaspersky Internet Security 11.0.0.232 [ Enabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]11.0.0.232
C:\ -> Disque fixe local | 135.99 Go (113.39 Go free) | NTFS
D:\ -> Disque CD-ROM | 247.39 Mo (0 Mo free) [5 août 2010] | UDF
E:\ -> Disque fixe local | 13.06 Go (6.56 Go free) [HP_RECOVERY] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\002676_.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\log.txt
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET540.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET541.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET542.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET543.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET546.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET547.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET548.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET549.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET550.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET551.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET552.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET553.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET554.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET555.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET556.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET557.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET558.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET559.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET560.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET561.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET562.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET563.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET564.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET565.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET567.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET568.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET569.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET570.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\kls2CD5.tmp
Quarantined & Deleted !! : File
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna60703.dll
=======
Hosts :
=======
========
Registry
========
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : avgsys
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Deleted : HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 1 (0x1)
FirewallOverride = 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
FEATURE_BROWSER_EMULATION | svchost :
====================================
Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Administrateur (Administrateurs)
Update on 05/08/2010 by g3n-h@ckm@n ::::: 17.50
Start at: 12:01:03 | 08.08.2010
Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : Kaspersky Internet Security 11.0.0.232 [ Enabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]11.0.0.232
C:\ -> Disque fixe local | 135.99 Go (113.39 Go free) | NTFS
D:\ -> Disque CD-ROM | 247.39 Mo (0 Mo free) [5 août 2010] | UDF
E:\ -> Disque fixe local | 13.06 Go (6.56 Go free) [HP_RECOVERY] | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\WINDOWS\002676_.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\log.txt
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET53F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET540.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET541.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET542.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET543.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET546.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET547.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET548.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET549.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET54F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET550.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET551.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET552.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET553.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET554.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET555.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET556.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET557.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET558.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET559.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET560.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET561.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET562.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET563.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET564.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET565.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET567.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET568.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET569.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56B.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET570.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\kls2CD5.tmp
Quarantined & Deleted !! : File
Quarantined & Deleted !! : C:\Documents and Settings\Administrateur\LOCAL Settings\Temp\jna60703.dll
=======
Hosts :
=======
========
Registry
========
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : avgsys
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Deleted : HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 1 (0x1)
FirewallOverride = 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
FEATURE_BROWSER_EMULATION | svchost :
====================================
Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
recupere le CFScript dans cette archive et fais-le glisser sur combofix
http://www.cijoint.fr/cjlink.php?file=cj201008/cijoCjJDYl.zip
?G3?-?@¢??@?(TM)©®?
http://www.cijoint.fr/cjlink.php?file=cj201008/cijoCjJDYl.zip
?G3?-?@¢??@?(TM)©®?
