Rapport kill'em

Bonjour,



voila mon rapport kill'em, j'aimerais savoir comment ca sva se passer maintenant:

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.6 ¤¤¤¤¤¤¤¤¤¤

User : admin1 (Administrateurs)
Update on 20/03/2011 by g3n-h@ckm@n ::::: 19.40
Start at: 00:04:06 | 22/05/2011

Intel(R) Pentium(R) 4 CPU 2.66GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1229 [VPS 110520-0] 4.8.1229 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 18,64 Go (1,89 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque fixe local | 29,28 Go (7,99 Go free) | FAT32
F:\ -> Disque fixe local | 123,36 Go (53,47 Go free) | NTFS
G:\ -> Disque CD-ROM

Boot: Safeboot
Killed : PID 1684 'explorer.exe'
Killed : PID 1684 'explorer.exe'
Killed : PID 1508 'service.exe'

¤¤¤¤¤¤¤¤¤¤ Fichiers | Dossiers

Mis en quarantaine : C:\Documents and Settings\admin1\Application Data\B59F19BD7B72778A1971F76F9BBD9788\enemies-names.txt
Mis en quarantaine : C:\Documents and Settings\admin1\ModSles\O42525Z\service.exe
Mis en quarantaine : C:\Documents and settings\admin1\Application Data\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
Mis en quarantaine : \AUTOEXEC.BAT
Mis en quarantaine : C:\Documents and Settings\All Users\Application Data\defender.exe
Mis en quarantaine : C:\Documents and Settings\All Users\Application Data\Installer.log
Mis en quarantaine : C:\Documents and Settings\All Users\Application Data\w525I1.dat
Mis en quarantaine : C:\Program Files\Burn4Free Toolbar
Mis en quarantaine : C:\Program Files\Burn4Free
Mis en quarantaine : C:\WINDOWS\002793_.tmp
Mis en quarantaine : C:\WINDOWS\SET3.tmp
Mis en quarantaine : C:\WINDOWS\SET4.tmp
Mis en quarantaine : C:\WINDOWS\SET8.tmp
Mis en quarantaine : C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_8390.exe
Mis en quarantaine : C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_8578.exe
Mis en quarantaine : C:\WINDOWS\System32\b4fm.dll
Mis en quarantaine : C:\WINDOWS\System32\sshnas21.dll
Mis en quarantaine : C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
Mis en quarantaine : C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤ Registre ¤¤¤¤¤¤¤¤¤¤

Suppression : HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.exe
Suppression : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools
Suppression : HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Suppression : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMService
Suppression : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_AMService
Suppression : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS
Suppression : HKLM\SYSTEM\CurrentControlSet\Services\SSHNAS
Suppression : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SSHNAS
Suppression : HKLM\SYSTEM\ControlSet003\Services\SSHNAS

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Centre de securite ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

Ndisuio -> Start = 3
EapHost -> Start = 2
Ip6Fw -> Start = 2
SharedAccess -> Start = 0
wuauserv -> Start = 2
wscsvc -> Start = 2

¤¤¤¤¤¤¤¤¤¤ Winlogon

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
Shell = explorer.exe, C:\Documents and Settings\admin1\Modèles\O42525Z\TuxO42525Z.exe
Userinit = C:\WINDOWS\system32\userinit.exe , C:\WINDOWS\M24617\Ja745618bLay.com
VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
System =
PowerdownAfterShutdown = 1

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

TDSS | svchost | Internet Explorer:
====================================

Suppression : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST320011A rev.3.10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x860CB439]<<
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x863A7AB8]
3 CLASSPNP[0xF7620FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005e[0x8634A3B8]
5 ACPI[0xF7596620] -> nt!IofCallDriver[0x804E37D5] -> [0x862CA940]
\Driver\atapi[0x861C6730] -> IRP_MJ_CREATE -> 0x860CB439
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskST320011A_______________________________3.10____#483331544c535a35202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x860CB27F
user != kernel MBR !!!
sectors 39102334 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

Fin du Nettoyage : 0:05:23

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤