Sujet Précédent Sujet Suivant

Virus droit d'auteur

Résolu/Fermé
waerbenn - 2 mai 2010 à 21:14
 Utilisateur anonyme - 7 mai 2010 à 19:03
bonsoir,

j'ai un virus qui m'empeche d'avoir accès à mon bureau, avec une page "violation de droits d'auteurs...", j'ai réussi à avoir de nouveau accès au bureau, mais dès que j'allume mon ordinateur, le virus revient.
De plus j'ai appliqué comme mentionné dans un topic list kill'em option 1 puis 2 mais il reste toujours au demarage
que dois je faire pour l'enlever totalement?

merci de votre aide.

96 réponses

Réponse 1 / 96
Utilisateur anonyme
3 mai 2010 à 15:02

__________________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

TDL::
C:\Windows\System32\Drivers\atapi.sys

MBR::

SkipFix::
------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt


3
Réponse 2 / 96
Utilisateur anonyme
3 mai 2010 à 16:27
cd erdnt\subs

puis entrée

batch erdnt.con

puis entrée
1
Réponse 3 / 96
Utilisateur anonyme
7 mai 2010 à 14:00
voila toutes les anciennes version de java sont supprimées :)
1
Réponse 4 / 96
Utilisateur anonyme
2 mai 2010 à 21:23
bonjour fait ceci

http://www.commentcamarche.net/faq/27876-icpp-online-violation-de-droits-d-auteur

est poste les rapports demandé
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 96
jalobservateur Messages postés 7372 Date d'inscription lundi 16 juillet 2007 Statut Contributeur sécurité Dernière intervention 10 mai 2012 930
2 mai 2010 à 21:24
Salut :)
http://www.commentcamarche.net/faq/27876-icpp-online-violation-de-droits-d-auteur
0
Utilisateur anonyme
2 mai 2010 à 21:25
prems
0
Réponse 6 / 96
jalobservateur Messages postés 7372 Date d'inscription lundi 16 juillet 2007 Statut Contributeur sécurité Dernière intervention 10 mai 2012 930
2 mai 2010 à 21:24
Hihi ouais il a la réponse ;)
0
Réponse 7 / 96
waerbenn
2 mai 2010 à 21:35
Kill'em by g3n-h@ckm@n 1.3.2.1

User : HOUSE (Administrateurs)
Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
Start at: 19:01:56 | 02/05/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Pentium(R) 4 CPU 3.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G Data AntiVirus 2010 18.0 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (3,8 Go free) | NTFS
D:\ -> Disque fixe local | 19,53 Go (19,46 Go free) [??????] | NTFS
E:\ -> Disque fixe local | 48,83 Go (34,2 Go free) [Logiciel] | NTFS
F:\ -> Disque fixe local | 121,55 Go (79,14 Go free) [Download] | NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque fixe local | 249,25 Go (149,81 Go free) [Video] | NTFS
J:\ -> Disque fixe local | 8,02 Go (1,84 Go free) [Divers] | NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
N:\ -> Disque fixe local | 232,83 Go (113,65 Go free) [My Book] | FAT32


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ASUSKBService.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :


Quarantined & Deleted !! : C:\WINDOWS\System32\lowsec
Quarantined & Deleted !! : C:\WINDOWS\System32\sdra64.exe

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7}
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
waerbenn
2 mai 2010 à 22:43
le premier rapport ne passe pas
0
Réponse 8 / 96
waerbenn
2 mai 2010 à 22:46
List'em by g3n-h@ckm@n 1.3.2.1

User : HOUSE (Administrateurs)
Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
Start at: 09:09:39 | 02/05/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Pentium(R) 4 CPU 3.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G Data AntiVirus 2010 18.0 [ Enabled | (!) Outdated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (3,73 Go free) | NTFS
D:\ -> Disque fixe local | 19,53 Go (19,46 Go free) [??????] | NTFS
E:\ -> Disque fixe local | 48,83 Go (34,23 Go free) [Logiciel] | NTFS
F:\ -> Disque fixe local | 121,55 Go (81,2 Go free) [Download] | NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque fixe local | 249,25 Go (149,81 Go free) [Video] | NTFS
J:\ -> Disque fixe local | 8,02 Go (1,84 Go free) [Divers] | NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
N:\ -> Disque fixe local | 232,83 Go (113,65 Go free) [My Book] | FAT32

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
E:\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\ASUSKBService.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
E:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
C:\WINDOWS\System32\svchost.exe
E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\FxEx.scr
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAudPropShortcut.exe
Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd
REGSHAVE REG_SZ C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
NWEReboot REG_SZ
<NO NAME> REG_SZ
AOLSAV REG_SZ C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
G DATA AntiVirus Trayapplication REG_SZ C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
Adobe Version Cue CS2 REG_SZ E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ EVANN
DefaultUserName REG_SZ HOUSE
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\HOUSE\Application Data\sdra64.exe,C:\WINDOWS\system32\sdra64.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ HOUSE
AltDefaultDomainName REG_SZ EVANN
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
EnableConcurrentSessions REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
C:\Program Files\ASUS\AsusUpdate\Update.exe REG_SZ C:\Program Files\ASUS\AsusUpdate\Update.exe:*:Enabled:ASUS Update
E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe REG_SZ E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2
C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe REG_SZ C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:MSI starter
E:\FlashGet\flashget.exe REG_SZ E:\FlashGet\flashget.exe:*:Enabled:Flashget
C:\Program Files\Fichiers communs\AOL\1173378459\ee\aolsoftware.exe REG_SZ C:\Program Files\Fichiers communs\AOL\1173378459\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
C:\Program Files\Fichiers communs\AOL\aoltpspd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\aoltpspd.exe:*:Enabled:aoltpspd.exe
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
E:\lphant\Lphant.exe REG_SZ E:\lphant\Lphant.exe:*:Enabled:Lphant
E:\world pker\WPTFreePlay.exe REG_SZ E:\world pker\WPTFreePlay.exe:*:Enabled:World Poker Tour Free Play
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger
C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupXu.exe REG_SZ C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupXu.exe:*:Disabled:Nero ProductSetup
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
E:\SopCast\SopCast.exe REG_SZ E:\SopCast\SopCast.exe:*:Disabled:SopCast Main Application
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
E:\lphant\eLePhantClient.exe REG_SZ E:\lphant\eLePhantClient.exe:*:Enabled:Lphant

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{420C1A52-99E2-9FA5-A6C9-AED8093D601E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{597E0F39-A1FE-1EBB-9BAD-48D6080876AD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8631D7E1-A7DD-615E-2191-97434E8B81FB}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
0
Réponse 9 / 96
waerbenn
2 mai 2010 à 22:47
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E8D91296-A4DB-4479-9261-C8265FACC511}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFF6E9DB-629C-430A-A446-1403F78840AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CFF6E9DB-629C-430A-A446-1403F78840AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E8D91296-A4DB-4479-9261-C8265FACC511}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
48,83 Go total, 3,69 Go libre (7%), 14% fragment' (fragmentation du fichier 23%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\espionServerData
Present !! : C:\WINDOWS\003019_.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\install.exe
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\lowsec
Present !! : C:\WINDOWS\System32\sdra64.exe"
Present !! : C:\WINDOWS\System32\SET*.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp100917406.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp105148885.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp118866600.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp119783177.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp155343375.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp167623515.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp179074591.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp3351269.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp61367015.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp94067469.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\2C7.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\2C8.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\is4.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\isA.tmp
Present !! : C:\Documents and Settings\HOUSE\Local Settings\Temp\~1D.tmp
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\dotNet35setup_web.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\dotnetfx35_sp1_Web.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Install.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\khvcol.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\nbmrh.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\nerodeltmp.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\ose00000.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\ose00001.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Setup_PrintPratic.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\setup_wm.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\stp1b838.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\stp5e464.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\SystemRequirementsLabx.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\vcredist_x86_2005.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\vcredist_x86_2008.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\_is10D.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\_is1BD.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\_is1CA.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\_isF1.exe
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Acs20Upsell.data
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Acs20Upgrade.data
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\DETemp384Gd78Sjke78Jks75.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\DETemp384Gd78Sjke78Jks76.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_de0.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_f8.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\AcsInstall.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\drm_dyndata_7270014.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\gtapi.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\IadHide4.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\insmac2k.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\QTInstallerHelper.dll
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\uninst.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 10:23:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x86FD3EB0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x86fd3eb0
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> 0x861ad5c0
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !


¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

F:\logiciel\Virtuosa.Gold.Phoenix.Edition.v5.0.Multilanguage.Cracked.WinAll.for.www.torrent-base.elite.to\Virtuosa.Gold.Phoenix.Edition.v5.0.Multilanguage.Cracked.WinAll-HS\hs-vgp5a\hs-vpg50\Patch.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 10:28:22,90
0
waerbenn
2 mai 2010 à 23:17
Les rapports sont bons ?
0
Réponse 10 / 96
Utilisateur anonyme
2 mai 2010 à 23:23
bonsoir c'est quoi cette version ?
0
Réponse 11 / 96
waerbenn
2 mai 2010 à 23:29
Je ne sais pas je l'ai trouvé sur le net.....
0
waerbenn
2 mai 2010 à 23:37
1.3.2.1 ?
0
Réponse 12 / 96
waerbenn
2 mai 2010 à 23:50
Pk ça pose probleme ?
0
Réponse 13 / 96
Utilisateur anonyme
2 mai 2010 à 23:51
tu peux me donner le lien ou tu l'as trouvé stp ?

vire cette version obsolete et :

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

♦ Executer Shortcut
♦ Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
0
Réponse 14 / 96
waerbenn
3 mai 2010 à 00:09
je vais essayer mais j'ai l'ordi qui fait que planter (page bleu probleme materiel)
0
Réponse 15 / 96
Utilisateur anonyme
3 mai 2010 à 00:11
s'il faut redemarre en mode sans echec avec prise en charge reseau
0
Réponse 16 / 96
waerbenn
3 mai 2010 à 00:58
List'em by g3n-h@ckm@n 1.7.2.6

User : HOUSE (Administrateurs)
Update on 02/05/2010 by g3n-h@ckm@n ::::: 14.30
Start at: 00:42:13 | 03/05/2010

Intel(R) Pentium(R) 4 CPU 3.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : G Data AntiVirus 2010 18.0 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 48,83 Go (3,77 Go free) | NTFS
D:\ -> Disque fixe local | 19,53 Go (19,46 Go free) [??????] | NTFS
E:\ -> Disque fixe local | 48,83 Go (34,19 Go free) [Logiciel] | NTFS
F:\ -> Disque fixe local | 121,55 Go (79,14 Go free) [Download] | NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque fixe local | 249,25 Go (149,81 Go free) [Video] | NTFS
J:\ -> Disque fixe local | 8,02 Go (1,84 Go free) [Divers] | NTFS
K:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque amovible | 982,72 Mo (290,03 Mo free) | FAT
N:\ -> Disque fixe local | 232,83 Go (113,65 Go free) [My Book] | FAT32

Boot: Safeboot

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Raccourci vers la page des propriétés de High Definition Audio REG_SZ HDAudPropShortcut.exe
Cmaudio REG_SZ RunDll32 cmicnfg.cpl,CMICtrlWnd
REGSHAVE REG_SZ C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
NWEReboot REG_SZ
<NO NAME> REG_SZ
AOLSAV REG_SZ C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
G DATA AntiVirus Trayapplication REG_SZ C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
Adobe Version Cue CS2 REG_SZ E:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ EVANN
DefaultUserName REG_SZ HOUSE
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ HOUSE
AltDefaultDomainName REG_SZ EVANN
ChangePasswordUseKerberos REG_DWORD 1 (0x1)
EnableConcurrentSessions REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
C:\Program Files\ASUS\AsusUpdate\Update.exe REG_SZ C:\Program Files\ASUS\AsusUpdate\Update.exe:*:Enabled:ASUS Update
E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe REG_SZ E:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2
C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe REG_SZ C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:MSI starter
E:\FlashGet\flashget.exe REG_SZ E:\FlashGet\flashget.exe:*:Enabled:Flashget
C:\Program Files\Fichiers communs\AOL\1173378459\ee\aolsoftware.exe REG_SZ C:\Program Files\Fichiers communs\AOL\1173378459\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
C:\Program Files\Fichiers communs\AOL\aoltpspd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\aoltpspd.exe:*:Enabled:aoltpspd.exe
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
E:\lphant\Lphant.exe REG_SZ E:\lphant\Lphant.exe:*:Enabled:Lphant
E:\world pker\WPTFreePlay.exe REG_SZ E:\world pker\WPTFreePlay.exe:*:Enabled:World Poker Tour Free Play
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger
C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupXu.exe REG_SZ C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupXu.exe:*:Disabled:Nero ProductSetup
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
E:\SopCast\SopCast.exe REG_SZ E:\SopCast\SopCast.exe:*:Disabled:SopCast Main Application
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
E:\lphant\eLePhantClient.exe REG_SZ E:\lphant\eLePhantClient.exe:*:Enabled:Lphant

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DEB21AD3-FDA4-42F6-B57D-EE696A675EE8}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{420C1A52-99E2-9FA5-A6C9-AED8093D601E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{597E0F39-A1FE-1EBB-9BAD-48D6080876AD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8631D7E1-A7DD-615E-2191-97434E8B81FB}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{F156768E-81EF-470C-9057-481BA8380DBA}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E8D91296-A4DB-4479-9261-C8265FACC511}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CFF6E9DB-629C-430A-A446-1403F78840AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CFF6E9DB-629C-430A-A446-1403F78840AA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E8D91296-A4DB-4479-9261-C8265FACC511}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x2 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
48,83 Go total, 3,74 Go libre (7%), 14% fragment' (fragmentation du fichier 23%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\WINDOWS\System32\lowsec
Present !! : C:\WINDOWS\System32\sdra64.exe"
Present !! : C:\WINDOWS\Temp\1b421ff073c71ca0df67652c.tmp
Present !! : C:\WINDOWS\Temp\1b458c6a8356e59095c8c0f0.tmp
Present !! : C:\WINDOWS\Temp\1e71af8e4d0ed4ab56adba2.tmp
Present !! : C:\WINDOWS\Temp\1f486b8faf3f84e5fb444a13.tmp
Present !! : C:\WINDOWS\Temp\1fa93606d9dd6247979d677b.tmp
Present !! : C:\WINDOWS\Temp\223845fd654195ac29e949d7.tmp
Present !! : C:\WINDOWS\Temp\2872541d16aac408f7fb16b8.tmp
Present !! : C:\WINDOWS\Temp\30f6c5c55db44fdb160ef90a.tmp
Present !! : C:\WINDOWS\Temp\3d7cde167bc349dca320868f.tmp
Present !! : C:\WINDOWS\Temp\3fe58a54cce201706442afaf.tmp
Present !! : C:\WINDOWS\Temp\51498ca19bd2887c4f9d4443.tmp
Present !! : C:\WINDOWS\Temp\60d0991555060b1282ae439f.tmp
Present !! : C:\WINDOWS\Temp\63c2f2f01c088fc8290f4e5b.tmp
Present !! : C:\WINDOWS\Temp\65daa6f54acc77508dfbba6b.tmp
Present !! : C:\WINDOWS\Temp\6b2a3377b427eb59a73ef843.tmp
Present !! : C:\WINDOWS\Temp\73444c1659f6db1df1f0fc5.tmp
Present !! : C:\WINDOWS\Temp\831d335fa7952c3b9ba279f7.tmp
Present !! : C:\WINDOWS\Temp\8790c4cc297b103c83003e6d.tmp
Present !! : C:\WINDOWS\Temp\890156096790f52674079919.tmp
Present !! : C:\WINDOWS\Temp\8e03167d76df269bc5f557c.tmp
Present !! : C:\WINDOWS\Temp\97acda90e508bd067b000524.tmp
Present !! : C:\WINDOWS\Temp\a27d4ee51b68024931a83084.tmp
Present !! : C:\WINDOWS\Temp\a2f7dc06afc9badbbaf16b0a.tmp
Present !! : C:\WINDOWS\Temp\a3cd8e8a9eda23e87e83e3bf.tmp
Present !! : C:\WINDOWS\Temp\a3d240ce72dc6c3af127cb8d.tmp
Present !! : C:\WINDOWS\Temp\a74bd5b78aed0bf61b8f52c7.tmp
Present !! : C:\WINDOWS\Temp\a96470d6e98d574684fad2bf.tmp
Present !! : C:\WINDOWS\Temp\ae1d8862a7da3d79223b184f.tmp
Present !! : C:\WINDOWS\Temp\ae961390983bc440e1bae649.tmp
Present !! : C:\WINDOWS\Temp\avk10.tmp
Present !! : C:\WINDOWS\Temp\avk11.tmp
Present !! : C:\WINDOWS\Temp\avk12.tmp
Present !! : C:\WINDOWS\Temp\avk13.tmp
Present !! : C:\WINDOWS\Temp\avk14.tmp
Present !! : C:\WINDOWS\Temp\avk16.tmp
Present !! : C:\WINDOWS\Temp\avk17.tmp
Present !! : C:\WINDOWS\Temp\avk18.tmp
Present !! : C:\WINDOWS\Temp\avk19.tmp
Present !! : C:\WINDOWS\Temp\avk1A.tmp
Present !! : C:\WINDOWS\Temp\avk1B.tmp
Present !! : C:\WINDOWS\Temp\avk32.tmp
Present !! : C:\WINDOWS\Temp\avk33.tmp
Present !! : C:\WINDOWS\Temp\avk34.tmp
Present !! : C:\WINDOWS\Temp\avk4.tmp
Present !! : C:\WINDOWS\Temp\avk5.tmp
Present !! : C:\WINDOWS\Temp\avk6.tmp
Present !! : C:\WINDOWS\Temp\avk7.tmp
Present !! : C:\WINDOWS\Temp\avk8.tmp
Present !! : C:\WINDOWS\Temp\avk9.tmp
Present !! : C:\WINDOWS\Temp\avkA.tmp
Present !! : C:\WINDOWS\Temp\avkB.tmp
Present !! : C:\WINDOWS\Temp\avkC.tmp
Present !! : C:\WINDOWS\Temp\avkD.tmp
Present !! : C:\WINDOWS\Temp\avkE.tmp
Present !! : C:\WINDOWS\Temp\avkF.tmp
Present !! : C:\WINDOWS\Temp\b983eca129c772521cd1f287.tmp
Present !! : C:\WINDOWS\Temp\bc7f6091622a983f610eb1b0.tmp
Present !! : C:\WINDOWS\Temp\bff0670a506e7f41ad1f5f93.tmp
Present !! : C:\WINDOWS\Temp\c1095a5ba57e03fe691a2e72.tmp
Present !! : C:\WINDOWS\Temp\c46bd803bc51c9aab98f6f45.tmp
Present !! : C:\WINDOWS\Temp\ca91227644871479c714e647.tmp
Present !! : C:\WINDOWS\Temp\cc40fb17eb1f27d61e006238.tmp
Present !! : C:\WINDOWS\Temp\cc4f9b6ef901051b39a3dba.tmp
Present !! : C:\WINDOWS\Temp\ce4b0cf9f5b8b7a4d439178.tmp
Present !! : C:\WINDOWS\Temp\d06e99bbca66143dbfe74334.tmp
Present !! : C:\WINDOWS\Temp\d1c0aef773952b9b950c8f94.tmp
Present !! : C:\WINDOWS\Temp\ddbf77031dfc01a5be21b2f5.tmp
Present !! : C:\WINDOWS\Temp\e8417093b74c0cff99cd71c6.tmp
Present !! : C:\WINDOWS\Temp\edf65f5ed2b8eb5bbf9d64e.tmp
Present !! : C:\WINDOWS\Temp\f9ef47693d46783481fb7dbe.tmp
Present !! : C:\WINDOWS\Temp\GUR2.tmp
Present !! : C:\WINDOWS\Temp\GUR3.tmp
Present !! : C:\WINDOWS\Temp\hkc10.tmp
Present !! : C:\WINDOWS\Temp\hkc11.tmp
Present !! : C:\WINDOWS\Temp\hkc12.tmp
Present !! : C:\WINDOWS\Temp\hkc13.tmp
Present !! : C:\WINDOWS\Temp\hkc14.tmp
Present !! : C:\WINDOWS\Temp\hkc15.tmp
Present !! : C:\WINDOWS\Temp\hkc16.tmp
Present !! : C:\WINDOWS\Temp\hkc17.tmp
Present !! : C:\WINDOWS\Temp\hkc18.tmp
Present !! : C:\WINDOWS\Temp\hkc19.tmp
Present !! : C:\WINDOWS\Temp\hkc1A.tmp
Present !! : C:\WINDOWS\Temp\hkc1B.tmp
Present !! : C:\WINDOWS\Temp\hkc1C.tmp
Present !! : C:\WINDOWS\Temp\hkc1D.tmp
Present !! : C:\WINDOWS\Temp\hkc1E.tmp
Present !! : C:\WINDOWS\Temp\hkc1F.tmp
Present !! : C:\WINDOWS\Temp\hkc20.tmp
Present !! : C:\WINDOWS\Temp\hkc21.tmp
Present !! : C:\WINDOWS\Temp\hkc22.tmp
Present !! : C:\WINDOWS\Temp\hkc23.tmp
Present !! : C:\WINDOWS\Temp\hkc24.tmp
Present !! : C:\WINDOWS\Temp\hkc25.tmp
Present !! : C:\WINDOWS\Temp\hkc4.tmp
Present !! : C:\WINDOWS\Temp\hkc5.tmp
Present !! : C:\WINDOWS\Temp\hkc6.tmp
Present !! : C:\WINDOWS\Temp\hkc7.tmp
Present !! : C:\WINDOWS\Temp\hkc8.tmp
Present !! : C:\WINDOWS\Temp\hkc9.tmp
Present !! : C:\WINDOWS\Temp\hkcA.tmp
Present !! : C:\WINDOWS\Temp\hkcB.tmp
Present !! : C:\WINDOWS\Temp\hkcC.tmp
Present !! : C:\WINDOWS\Temp\hkcD.tmp
Present !! : C:\WINDOWS\Temp\hkcE.tmp
Present !! : C:\WINDOWS\Temp\hkcF.tmp
Present !! : C:\WINDOWS\Temp\is269.tmp
Present !! : C:\WINDOWS\Temp\is26B.tmp
Present !! : C:\Documents and Settings\HOUSE\Application data\sdra64.exe
Present !! : C:\Documents and Settings\HOUSE\Bureau\ARManager.lnk
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_12c.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_178.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_928.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_950.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_9ec.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_dc8.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_e54.dat
Present !! : C:\Documents and Settings\HOUSE\LOCAL Settings\Temp\Perflib_Perfdata_ec8.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\armanager
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
Present !! : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6}
Present !! : HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 00:56:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x86FD24D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x86fd24d0
\Driver\atapi -> 0x864a9218
NDIS: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> 0x865ba5c0
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x025429800
malicious code @ sector 0x025429803 !
PE file found in sector at 0x025429819 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 0:56:18,00
0
waerbenn
3 mai 2010 à 01:00
voila, j"espere que cette fois ci ça ira ......
0
Réponse 17 / 96
Utilisateur anonyme
3 mai 2010 à 01:05
oui tu peux le relancer et faire l'option safemode clean

en fin de scan la fenetre se ferme et tu as un rapport du nom de kill'em sur le bureau , poste son contenu
0
Réponse 18 / 96
waerbenn
3 mai 2010 à 01:42
je n'ai pas de fichier txt, il a inscris chemin introuvable o fichier copié !
0
Réponse 19 / 96
Utilisateur anonyme
3 mai 2010 à 01:48
?????????????????

tu trouves ceci :

C:\Kill'em.txt ?
0
Réponse 20 / 96
waerbenn
3 mai 2010 à 01:48
non justement il n'y a rien sur le bureau
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Barre verticale droite sur clavier
k_lou -
Leuide -

41 réponses
Écouteur JBL TWS 225 ne se connecte pas
Alexandre41 -
JohnnyBTronik -

51 réponses
le signe " | " dans excel
zed -
Utilisateur anonyme -

4 réponses
le droit de copier son propre dvd
Air Force Zero -
alex -

7 réponses