Sujet Précédent Sujet Suivant

Virus you have a security problem

Fermé
angele2388 - 22 mars 2009 à 12:05
 angele2388 - 25 mars 2009 à 16:22
Bonjour,

j'ai un virus "you have a security problem" j'ai deja fait un nettoyage ac malwarebytes hier soir et voila mon rapport Hjackthis
merci de votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:27, on 22/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
Q:\iTunesHelper.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
N:\Divers Vrac\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\3k560Dh5.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\E_S15B.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PlatriumWeather] "C:\Program Files\Platrium\bin\1.2.103.0\Weather.exe" -auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "Q:\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "N:\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\pchealth" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Oobe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\system32\Inetsrv" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

45 réponses

Précédent
Réponse 21 / 45
angele2388
22 mars 2009 à 19:18
File: 3k560Dh5.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: c1442f82ee60fd6e7b0599c9ba20a0de
Packers detected:
-

A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan.Win32.Agent.bwos
Ikarus
Found nothing
Kaspersky Anti-Virus
Found Trojan.Win32.Agent.bwos
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
0
Réponse 22 / 45
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
22 mars 2009 à 20:13
On va vérifier la légitimité de ce processus (merci lyonnais) : c:\windows\system32\userinit.exe

Passe le sur V.T et colle moi le rapport .
0
Réponse 23 / 45
angele2388
22 mars 2009 à 20:59
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.21 Trojan-Downloader!IK
AhnLab-V3 5.0.0.2 2009.03.21 -
AntiVir 7.9.0.120 2009.03.20 -
Authentium 5.1.2.4 2009.03.21 -
Avast 4.8.1335.0 2009.03.20 -
AVG 8.5.0.283 2009.03.20 -
BitDefender 7.2 2009.03.21 Trojan.Downloader.JLPU
CAT-QuickHeal 10.00 2009.03.21 -
ClamAV 0.94.1 2009.03.21 -
Comodo 1078 2009.03.21 -
DrWeb 4.44.0.09170 2009.03.21 -
eSafe 7.0.17.0 2009.03.19 -
eTrust-Vet 31.6.6409 2009.03.20 -
F-Prot 4.4.4.56 2009.03.20 -
F-Secure 8.0.14470.0 2009.03.21 -
Fortinet 3.117.0.0 2009.03.21 -
GData 19 2009.03.21 Trojan.Downloader.JLPU
Ikarus T3.1.1.48.0 2009.03.21 Trojan-Downloader
K7AntiVirus 7.10.678 2009.03.21 -
Kaspersky 7.0.0.125 2009.03.21 Trojan-Downloader.Win32.Agent.bmza
McAfee 5560 2009.03.21 -
McAfee+Artemis 5560 2009.03.21 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.03.20 Heuristic.Malware
Microsoft 1.4502 2009.03.21 TrojanDownloader:Win32/Renos.BAH
NOD32 3953 2009.03.21 a variant of Win32/TrojanDownloader.Zlob.CZG
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.21 -
Panda 10.0.0.10 2009.03.21 Trj/CI.A
PCTools 4.4.2.0 2009.03.21 -
Prevx1 V2 2009.03.21 Medium Risk Malware
Rising 21.21.52.00 2009.03.21 Trojan.DL.Win32.Nodef.bp
Sophos 4.39.0 2009.03.21 -
Sunbelt 3.2.1858.2 2009.03.20 -
Symantec 1.4.4.12 2009.03.21 Trojan.Fakeavalert
TheHacker 6.3.3.1.287 2009.03.21 -
TrendMicro 8.700.0.1004 2009.03.20 -
VBA32 3.12.10.1 2009.03.20 -
ViRobot 2009.3.20.1658 2009.03.20 -
VirusBuster 4.6.5.0 2009.03.21 -
Information additionnelle
File size: 47616 bytes
MD5...: 2c6f05acf7a8fde4faa83f7f06f21c59
SHA1..: 9ee9af0ef411832277ba0bcb9efd3ca4172113b5
SHA256: afbdf1ade4baf222eb78cfee70cda04ab8b91483b00f2aae2ec24ac3529793f0
SHA512: 6a3affd1090fc12cb6b30ea7ea98b2909d85112e52c5f3a06331615ce16da183
0670eee3fa19207f517f57eebaa442d02a1859eb87fb0d47f1fd5b0a82dd1773
ssdeep: 768:H10sHtJjmd24P4cQJ9bxdarGYmXEM3uvgM3LuB9KLPEB0UjHR4FgFLO16:H1
RHtJj1JJHrXEM3uYM3CB9KwB0QR4cq
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3de4
timedatestamp.....: 0x49c36515 (Fri Mar 20 09:42:45 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2fad 0x3000 6.43 ff6a4820e7ef3c608c7f06e3c01a2959
.rdata 0x4000 0xe24 0x1000 4.87 1db3f1ab4065ae1d0c9378105f360d79
.data 0x5000 0x1ca0 0x1200 5.60 864d8378a74a71a729d2dd438057594f
.rsrc 0x7000 0x6328 0x6400 5.46 23bf78d01535022a37fcaabf75a900c3

( 10 imports )
> KERNEL32.dll: MultiByteToWideChar, lstrlenA, GetModuleFileNameA, lstrcpyA, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, GetCommandLineA, GetSystemDirectoryA, ExitProcess, TerminateProcess, SetProcessPriorityBoost, SetThreadPriority, GetCurrentThread, SetPriorityClass, GetCurrentProcess, GetEnvironmentVariableA, GetShortPathNameA, GetVersionExA, CopyFileW, MoveFileW, lstrcatW, lstrcpyW, GetProcAddress, LoadLibraryA, GetSystemDirectoryW, WaitForSingleObject, CreateMutexA, GetStartupInfoA, GetModuleHandleA, GetModuleFileNameW, GetTempPathA, lstrcatA, IsBadWritePtr, WriteFile, Sleep, GetVolumeInformationA, CreateFileA, DeviceIoControl, CloseHandle, CreateProcessA
> USER32.dll: wsprintfA, LoadIconA, SetWindowPos, MessageBoxA, SetTimer, DispatchMessageA, TranslateMessage, IsWindow, IsDialogMessageA, GetMessageA, ShowWindow, CreateDialogParamA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegEnumKeyA, RegOpenKeyA, RegOpenKeyExA
> SHELL32.dll: ShellExecuteExA, SHGetSpecialFolderPathA, Shell_NotifyIconA, ShellExecuteA, SHChangeNotify
> ole32.dll: CoCreateInstance, CoInitialize
> OLEAUT32.dll: -
> MSVCP60.dll: __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z
> SHLWAPI.dll: PathGetDriveNumberA
> MSVCRT.dll: __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, _initterm, free, _except_handler3, atoi, strstr, strncat, __CxxFrameHandler, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, __dllonexit, strncpy, sprintf, _strdup
> WININET.dll: InternetCloseHandle, InternetReadFile, HttpQueryInfoA, InternetOpenUrlA, InternetOpenA

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=AFDB2E9900A6EA65BAC100A400B2FD000565CD68
ThreatExpert info: https://www.symantec.com?md5=2c6f05acf7a8fde4faa83f7f06f21c59
CWSandbox info: http://research.sunbelt-software.com/...
0
Réponse 24 / 45
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
22 mars 2009 à 21:04
Userinit.exe est bel et bien infecté .

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 45
angele2388
23 mars 2009 à 11:27
voila le dernier rapport !!


[b]SDFix: Version 1.240 [/b]
Run by Administrateur on 23/03/2009 at 11:05

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 11:15:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fc,20,45,1c,9d,39,0d,cf,15,cb,f0,1a,2a,fe,88,bd,fe,d2,f1,76,26,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\CD-R\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:6e,d0,b3,7e,5f,7d,ca,53,69,97,6e,31,6c,db,3a,76,f6,2f,98,b7,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c8,f5,bd,0e,79,ef,55,c3,10,18,d7,16,2c,f6,42,f3,8e,..
"khjeh"=hex:ba,b0,2c,03,78,0e,95,40,18,9c,0e,59,33,47,1f,6e,d6,f8,f4,61,90,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ca,61,4e,ab,82,7a,9c,f6,d8,ad,80,f2,35,29,1c,29,31,94,b0,95,f2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fc,20,45,1c,9d,39,0d,cf,15,cb,f0,1a,2a,fe,88,bd,fe,d2,f1,76,26,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\CD-R\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:6e,d0,b3,7e,5f,7d,ca,53,69,97,6e,31,6c,db,3a,76,f6,2f,98,b7,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c8,f5,bd,0e,79,ef,55,c3,10,18,d7,16,2c,f6,42,f3,8e,..
"khjeh"=hex:ba,b0,2c,03,78,0e,95,40,18,9c,0e,59,33,47,1f,6e,d6,f8,f4,61,90,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b6,af,34,c1,2b,04,c8,25,26,2c,f4,f8,82,51,10,2a,db,62,14,7a,91,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fc,20,45,1c,9d,39,0d,cf,15,cb,f0,1a,2a,fe,88,bd,fe,d2,f1,76,26,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\CD-R\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:6e,d0,b3,7e,5f,7d,ca,53,69,97,6e,31,6c,db,3a,76,f6,2f,98,b7,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c8,f5,bd,0e,79,ef,55,c3,10,18,d7,16,2c,f6,42,f3,8e,..
"khjeh"=hex:ba,b0,2c,03,78,0e,95,40,18,9c,0e,59,33,47,1f,6e,d6,f8,f4,61,90,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,ab,ab,7a,79,73,ab,f5,0e,97,32,ce,82,49,2d,49,e4,14,97,39,9d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fc,20,45,1c,9d,39,0d,cf,15,cb,f0,1a,2a,fe,88,bd,fe,d2,f1,76,26,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\CD-R\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:6e,d0,b3,7e,5f,7d,ca,53,69,97,6e,31,6c,db,3a,76,f6,2f,98,b7,ce,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c8,f5,bd,0e,79,ef,55,c3,10,18,d7,16,2c,f6,42,f3,8e,..
"khjeh"=hex:ba,b0,2c,03,78,0e,95,40,18,9c,0e,59,33,47,1f,6e,d6,f8,f4,61,90,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:4f,2b,ca,b5,ee,09,91,7b,4f,6d,f2,8d,2d,c8,ad,de,6e,b4,91,1e,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:85,24,95,54,c2,73,44,c0,3b,f4,21,0c,6d,9d,7a,bd,f9,70,53,20,8b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:35,6b,7c,91,0b,e9,45,69,d5,02,53,70,41,70,56,55,e4,5d,82,11,7b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:85,24,95,54,c2,73,44,c0,3b,f4,21,0c,6d,9d,7a,bd,f9,70,53,20,8b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:85,24,95,54,c2,73,44,c0,3b,f4,21,0c,6d,9d,7a,bd,f9,70,53,20,8b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:85,24,95,54,c2,73,44,c0,3b,f4,21,0c,6d,9d,7a,bd,f9,70,53,20,8b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:85,24,95,54,c2,73,44,c0,3b,f4,21,0c,6d,9d,7a,bd,f9,70,53,20,8b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:85,24,95,54,c2,73,44,c0,3b,f4,21,0c,6d,9d,7a,bd,f9,70,53,20,8b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:85,24,95,54,c2,73,44,c0,3b,f4,21,0c,6d,9d,7a,bd,f9,70,53,20,8b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:4e0e3de7
"s2"=dword:9f2ff0e6
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:85,24,95,54,c2,73,44,c0,3b,f4,21,0c,6d,9d,7a,bd,f9,70,53,20,8b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:85,24,95,54,c2,73,44,c0,3b,f4,21,0c,6d,9d,7a,bd,f9,70,53,20,8b,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:26,e5,54,bf,52,72,2b,77,9f,62,a7,08,3d,2c,f0,92,e5,56,47,4a,6a,..
"p0"="N:\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,57,d3,a4,72,be,14,4c,0a,fd,50,de,30,59,75,ec,3f,7f,fc,d0,26,..
"a0"=hex:20,01,00,00,28,c8,60,0d,88,e2,71,bf,e8,13,7d,38,cc,bb,33,77,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:03,18,c2,e0,8b,44,59,59,5d,e1,e9,ee,c7,06,53,60,db,10,75,f4,c1,..

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 621 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"Q:\\iTunes.exe"="Q:\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun 31 Aug 2008 48 A.SH. --- "C:\WINDOWS\S2630DCA0.tmp"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe"
Fri 3 Nov 2006 64,000 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
Tue 29 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

[b]Finished![/b]
0
Réponse 26 / 45
jfkpresident Messages postés 13408 Date d'inscription lundi 3 septembre 2007 Statut Contributeur sécurité Dernière intervention 5 janvier 2015 1 175
23 mars 2009 à 12:10
Bon alors je t'explique le topo :

Certains processus vitales a ton pc sont "patchés" (infectés) et si ont les supprimes ,ton pc ne fonctionnera pas correctement voir pas du tout ...:(

De plus tu as une version "non officielle" de Xp ....Ce qui nous arranges pas vraiment .

Tu va passer ces Fichiers sur VirusTotal ,afin que par la suite tu puisses les supprimer et les remplacer par des fichiers sains (il faut encore que je les trouves !) .

c:\windows\system32\drivers\tcpip.sys
c:\windows\explorer.exe
C:\WINDOWS\system32\csrss.exe
0
Réponse 27 / 45
angele2388
23 mars 2009 à 13:34
En gros c'est la cata !! merrci de ton aide

Fichier tcpip.sys reçu le 2008.08.26 19:19:55 (CET)
Situation actuelle: terminé
Résultat: 0/33 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.21.0 2008.08.26 -
AntiVir 7.8.1.23 2008.08.26 -
Authentium 5.1.0.4 2008.08.26 -
Avast 4.8.1195.0 2008.08.26 -
AVG 8.0.0.161 2008.08.26 -
BitDefender 7.2 2008.08.26 -
CAT-QuickHeal 9.50 2008.08.26 -
ClamAV 0.93.1 2008.08.26 -
DrWeb 4.44.0.09170 2008.08.26 -
eSafe 7.0.17.0 2008.08.26 -
eTrust-Vet 31.6.6049 2008.08.26 -
Ewido 4.0 2008.08.26 -
F-Prot 4.4.4.56 2008.08.26 -
Fortinet 3.14.0.0 2008.08.26 -
GData 19 2008.08.26 -
Ikarus T3.1.1.34.0 2008.08.26 -
K7AntiVirus 7.10.428 2008.08.25 -
Kaspersky 7.0.0.125 2008.08.26 -
McAfee 5370 2008.08.26 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3389 2008.08.26 -
Panda 9.0.0.4 2008.08.25 -
PCTools 4.4.2.0 2008.08.26 -
Rising 20.59.11.00 2008.08.26 -
Sophos 4.32.0 2008.08.26 -
Sunbelt 3.1.1582.1 2008.08.26 -
Symantec 10 2008.08.26 -
TheHacker 6.3.0.6.060 2008.08.23 -
TrendMicro 8.700.0.1004 2008.08.26 -
VBA32 3.12.8.4 2008.08.26 -
ViRobot 2008.8.26.1350 2008.08.26 -
VirusBuster 4.5.11.0 2008.08.26 -
Webwasher-Gateway 6.6.2 2008.08.26 -
Information additionnelle
File size: 360576 bytes
MD5...: c7be59b07c6eb74bea6fd67c1b164015
SHA1..: 1ca3b35fa53a8c4461ebc5265ae5e8ce2935647f
SHA256: a6e59ea7c1fa61c11e0f71147b5d5bed01efe05481e529b37e427a1d45eb3292
SHA512: 21d73395d4e3e8f002d0d984989ca1760537043c004c11f97410df2d3246b1ae
947123fa2d38fc6726e9edf055f2dab8b489b5401b431d9fdf81da5d257034b8
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x609a3
timedatestamp.....: 0x44477c19 (Thu Apr 20 12:18:33 2006)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x3ed0a 0x3ed80 6.59 3d39eabb5fe6e226f9971059adc60819
.rdata 0x3f100 0x574 0x580 4.43 8f982ab9274e5527a5bf3aecc0e92194
.data 0x3f680 0xa4a4 0xa500 0.06 7fa9cf89c9b147cbb03d6610d7fbb490
PAGE 0x49b80 0x1f2b 0x1f80 6.39 bbf6119ab3b8fd06c3ebe872f8f04726
PAGELK 0x4bb00 0x6f2 0x700 6.21 231535fad227db18635d563f03da08f0
PAGEIPMc 0x4c200 0x2781 0x2800 6.44 c18bc83144fe165bcde2eed11a40575b
.edata 0x4ea00 0x341 0x380 5.24 61d79737bb2c45af685c3155181fa50f
INIT 0x4ed80 0x5926 0x5980 6.20 a78ee1b4067091d7b822654867d08ce3
.rsrc 0x54700 0x3e0 0x400 3.35 8578c6662bbc74cf560ff8af8948fbdc
.reloc 0x54b00 0x3580 0x3580 6.82 bbc537be0f4cc4ac037f99ea22b61126

( 4 imports )
> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex
> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter
> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile
> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel

( 31 exports )
ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum

Fichier explorer.exe reçu le 2009.03.23 13:32:12 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/39 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 38 et 55 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.23 -
AhnLab-V3 5.0.0.2 2009.03.23 -
AntiVir 7.9.0.120 2009.03.23 -
Authentium 5.1.2.4 2009.03.23 -
Avast 4.8.1335.0 2009.03.23 -
AVG 8.5.0.283 2009.03.23 -
BitDefender 7.2 2009.03.23 -
CAT-QuickHeal 10.00 2009.03.23 -
ClamAV 0.94.1 2009.03.23 -
Comodo 1080 2009.03.22 -
DrWeb 4.44.0.09170 2009.03.23 -
eSafe 7.0.17.0 2009.03.23 -
eTrust-Vet 31.6.6412 2009.03.23 -
F-Prot 4.4.4.56 2009.03.23 -
F-Secure 8.0.14470.0 2009.03.23 -
Fortinet 3.117.0.0 2009.03.23 -
GData 19 2009.03.23 -
Ikarus T3.1.1.48.0 2009.03.23 -
K7AntiVirus 7.10.678 2009.03.21 -
Kaspersky 7.0.0.125 2009.03.23 -
McAfee 5561 2009.03.22 -
McAfee+Artemis 5561 2009.03.22 -
McAfee-GW-Edition 6.7.6 2009.03.23 -
Microsoft 1.4502 2009.03.23 -
NOD32 3953 2009.03.21 -
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.23 -
Panda 10.0.0.10 2009.03.22 -
PCTools 4.4.2.0 2009.03.23 -
Prevx1 V2 2009.03.23 -
Rising 21.22.02.00 2009.03.23 -
Sophos 4.39.0 2009.03.23 -
Sunbelt 3.2.1858.2 2009.03.22 -
Symantec 1.4.4.12 2009.03.23 -
TheHacker 6.3.3.4.287 2009.03.23 -
TrendMicro 8.700.0.1004 2009.03.23 -
VBA32 3.12.10.1 2009.03.23 -
ViRobot 2009.3.23.1660 2009.03.23 -
VirusBuster 4.6.5.0 2009.03.22 -
Information additionnelle
File size: 1227264 bytes
MD5...: e28d16a8d63eca6246921fdf7cbde42a
SHA1..: 73b6962426e5963745d4580e33f82abbb78fe02d
SHA256: 5efbb11355d4b918fd4832fedb73d1c9002dae6ce1fbc93dd908579e7f0134f3
SHA512: 8a53d39fcb9b76c95673a2044e3a443f9c953d50ab4c2319f9562858cceef9a8
ea41a2c3e7bbd06d6120d4f51c9248824c4554104294979012b17d3ff1f6fb10
ssdeep: 24576:gzEuAwj2fNuIFz0BEoX8yeW3xM9yvezn:gzvKfNuIyEoX8PI3e7
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1e24e
timedatestamp.....: 0x41107ece (Wed Aug 04 06:14:38 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44689 0x44800 6.38 e8525a1e82d869aed3a0bff0a4e35056
.data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf
.rsrc 0x48000 0xe1dc0 0xe1e00 6.52 d5c9c94499f5d08408b2be8ea9ce5b91
.reloc 0x12a000 0x36dc 0x3800 6.75 ee49ce3a409d6d28c1d63eabd34499b3

( 13 imports )
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -
> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> BROWSEUI.dll: -, -, -, -
> SHDOCVW.dll: -, -, -
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

( 0 exports )

Fichier csrss.exe reçu le 2009.03.03 01:24:56 (CET)
Situation actuelle: terminé
Résultat: 0/39 (0.00%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.02 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.03.02 -
Authentium 5.1.0.4 2009.03.03 -
Avast 4.8.1335.0 2009.03.02 -
AVG 8.0.0.237 2009.03.01 -
BitDefender 7.2 2009.03.03 -
CAT-QuickHeal 10.00 2009.03.02 -
ClamAV 0.94.1 2009.03.02 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.03.03 -
eSafe 7.0.17.0 2009.03.02 -
eTrust-Vet 31.6.6380 2009.03.02 -
F-Prot 4.4.4.56 2009.03.02 -
F-Secure 8.0.14470.0 2009.03.02 -
Fortinet 3.117.0.0 2009.03.02 -
GData 19 2009.03.02 -
Ikarus T3.1.1.45.0 2009.03.02 -
K7AntiVirus 7.10.654 2009.03.02 -
Kaspersky 7.0.0.125 2009.03.03 -
McAfee 5541 2009.03.02 -
McAfee+Artemis 5541 2009.03.02 -
Microsoft 1.4306 2009.03.02 -
NOD32 3902 2009.03.02 -
Norman 6.00.06 2009.03.02 -
nProtect 2009.1.8.0 2009.03.02 -
Panda 10.0.0.10 2009.03.02 -
PCTools 4.4.2.0 2009.03.02 -
Prevx1 V2 2009.03.03 -
Rising 21.19.02.00 2009.03.02 -
SecureWeb-Gateway 6.7.6 2009.03.02 -
Sophos 4.39.0 2009.03.03 -
Sunbelt 3.2.1858.2 2009.03.02 -
Symantec 10 2009.03.03 -
TheHacker 6.3.2.6.269 2009.03.02 -
TrendMicro 8.700.0.1004 2009.03.02 -
VBA32 3.12.10.1 2009.03.03 -
ViRobot 2009.3.2.1630 2009.03.02 -
VirusBuster 4.5.11.0 2009.03.02 -
Information additionnelle
File size: 6144 bytes
MD5...: 78c1f1278cf2c9b476504c572cb98e5e
SHA1..: 1fe0c5c7731851daf1ea0afdc8414ebbff732172
SHA256: c46d7234f0886aaa56a892d83657e6046f0d8af8c29123d6d5f2f5063474a171
SHA512: a7127909e3de50bf9f29a7e7ddbccb7889eda71d526a3ed5aed05484d888b171
45729bc8d16ebfb84e573cbd2859cae52409b61e39cc425920d30c8e6825e36a
ssdeep: 96:1EGF6AN1CnotgbZm4vU/93SqYs5FEW5B8enWwG:1EGUANooygp/ZSq/5eW5B8
enW
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x11a3
timedatestamp.....: 0x41107c1f (Wed Aug 04 06:03:11 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xaa0 0xc00 5.97 ad9ea4c175a93a8019eb6ef94a84e503
.data 0x2000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250
.rsrc 0x3000 0x400 0x400 3.42 74ab43c9934730c70860fc34e5d3d74e
.reloc 0x4000 0x94 0x200 1.57 a631a49183888ee1140addc408980653

( 2 imports )
> ntdll.dll: NtTerminateProcess, NtRaiseHardError, NtTerminateThread, RtlUnwind, NtQueryVirtualMemory, RtlSetProcessIsCritical, NtSetInformationProcess, DbgBreakPoint, RtlAllocateHeap, RtlUnicodeStringToAnsiString, RtlNormalizeProcessParams
> CSRSRV.dll: CsrServerInitialization

( 0 exports )
ThreatExpert info: https://www.symantec.com?md5=78c1f1278cf2c9b476504c572cb98e5e
0
Réponse 28 / 45
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
24 mars 2009 à 12:37
Bonjour,

exit les ATjob.

Peux tu faire ceci :

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : c:\windows\system32\userinit.exe

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant
0
Réponse 29 / 45
angele2388
24 mars 2009 à 13:00
File size: 47616 bytes
MD5...: 2c6f05acf7a8fde4faa83f7f06f21c59
SHA1..: 9ee9af0ef411832277ba0bcb9efd3ca4172113b5
SHA256: afbdf1ade4baf222eb78cfee70cda04ab8b91483b00f2aae2ec24ac3529793f0
SHA512: 6a3affd1090fc12cb6b30ea7ea98b2909d85112e52c5f3a06331615ce16da183
0670eee3fa19207f517f57eebaa442d02a1859eb87fb0d47f1fd5b0a82dd1773
ssdeep: 768:H10sHtJjmd24P4cQJ9bxdarGYmXEM3uvgM3LuB9KLPEB0UjHR4FgFLO16:H1
RHtJj1JJHrXEM3uYM3CB9KwB0QR4cq
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3de4
timedatestamp.....: 0x49c36515 (Fri Mar 20 09:42:45 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2fad 0x3000 6.43 ff6a4820e7ef3c608c7f06e3c01a2959
.rdata 0x4000 0xe24 0x1000 4.87 1db3f1ab4065ae1d0c9378105f360d79
.data 0x5000 0x1ca0 0x1200 5.60 864d8378a74a71a729d2dd438057594f
.rsrc 0x7000 0x6328 0x6400 5.46 23bf78d01535022a37fcaabf75a900c3

( 10 imports )
> KERNEL32.dll: MultiByteToWideChar, lstrlenA, GetModuleFileNameA, lstrcpyA, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, GetCommandLineA, GetSystemDirectoryA, ExitProcess, TerminateProcess, SetProcessPriorityBoost, SetThreadPriority, GetCurrentThread, SetPriorityClass, GetCurrentProcess, GetEnvironmentVariableA, GetShortPathNameA, GetVersionExA, CopyFileW, MoveFileW, lstrcatW, lstrcpyW, GetProcAddress, LoadLibraryA, GetSystemDirectoryW, WaitForSingleObject, CreateMutexA, GetStartupInfoA, GetModuleHandleA, GetModuleFileNameW, GetTempPathA, lstrcatA, IsBadWritePtr, WriteFile, Sleep, GetVolumeInformationA, CreateFileA, DeviceIoControl, CloseHandle, CreateProcessA
> USER32.dll: wsprintfA, LoadIconA, SetWindowPos, MessageBoxA, SetTimer, DispatchMessageA, TranslateMessage, IsWindow, IsDialogMessageA, GetMessageA, ShowWindow, CreateDialogParamA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegEnumKeyA, RegOpenKeyA, RegOpenKeyExA
> SHELL32.dll: ShellExecuteExA, SHGetSpecialFolderPathA, Shell_NotifyIconA, ShellExecuteA, SHChangeNotify
> ole32.dll: CoCreateInstance, CoInitialize
> OLEAUT32.dll: -
> MSVCP60.dll: __Grow@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAE_NI_N@Z, __Eos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEXI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z
> SHLWAPI.dll: PathGetDriveNumberA
> MSVCRT.dll: __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, _initterm, free, _except_handler3, atoi, strstr, strncat, __CxxFrameHandler, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, __dllonexit, strncpy, sprintf, _strdup
> WININET.dll: InternetCloseHandle, InternetReadFile, HttpQueryInfoA, InternetOpenUrlA, InternetOpenA

( 0 exports )
0
Réponse 30 / 45
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
24 mars 2009 à 16:23
Bonjour,

bon, ça n'a pas fonctionné.

Mais je ne vois pas non plus la copie de c:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe que je t'avais demandé de faire.

Tu peux vérifier que cette copie existe ?
0
angele2388
24 mars 2009 à 17:35
oui elle existe
0
Réponse 31 / 45
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
25 mars 2009 à 10:21
Bonjour,

et en mode sans échec ?
0
Réponse 32 / 45
angele2388
25 mars 2009 à 10:33
pareille
0
Réponse 33 / 45
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
25 mars 2009 à 11:17
Re,

visiblement tu as un autre ordi pour comminiquer.

Tu as le CD de Windows de l'ordi malade ?
0
Réponse 34 / 45
angele2388
25 mars 2009 à 11:21
j'ai un autre ordi mais c'est pas le mien

je dois avoir le CD oui
0
Réponse 35 / 45
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
25 mars 2009 à 11:54
Re,

tu le trouves et tu répares Windows :

http://www.informatruc.com/reparer-windows-xp/

L'important, c'est d'abord de répondre Installer (pas naturel) puis Réparer (ne pas se tromper à ce moment).

Il faut que tu ais la clé de 25 caractères, on va te la demander.

Mets à jour Windows et Internet explorer (si ça ne se fait pas automatiquement).

vérifie ton antivirus;

reposte un rapport RSIT.
0
Réponse 36 / 45
angele2388
25 mars 2009 à 11:59
on se trouve la clé de 25 caractère ?
0
Réponse 37 / 45
angele2388
25 mars 2009 à 12:22
pour precision c le CD de mon ordinateur que j'ai puisque windows xp etait installer avec le cd de l'ordi je sais pas si sa change quelque chose !!
0
Réponse 38 / 45
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
25 mars 2009 à 12:29
Re,

la clé se trouve sur l'ordi (dessousbsi c'est un portable).

C'est un CD windows Xp ou un Cd de restauration (état usine) ?

/|\ Attention, ça change beaucoup de choses !!!
0
Réponse 39 / 45
angele2388
25 mars 2009 à 12:34
CD de restauration j'ai jms eu de CD windows XP
0
Réponse 40 / 45
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
25 mars 2009 à 14:04
Re,

est ce que tu as une sauvegarde de tous tes fichiers personnels (sur un DD externe par exemple) ?
0

Discussions similaires

Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses