Sujet Précédent Sujet Suivant

Virus W32.tdss.reg

Fermé
Docinfo - 7 nov. 2009 à 07:47
 docinfo - 7 nov. 2009 à 20:53
Bonjour,

Je suis infecté par le virus W32.tdss.reg.
Les antivirus ne détectent rien mais quand je passe Spybot ce dernier affiche le virus et ensuite "ecran bleu".
Pouvez vous analyser le rapport suivant SVP et me dire ce que je dois faire.


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-07 07:42:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jeanmi\LOCALS~1\Temp\awdirpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xA2879A00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xA2879730]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xA28798A0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xA287A340]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xA2879F90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xA287AC60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xA2879B60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xA2877F80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xA2879520]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xA287A170]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xA287A910]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xA287AC10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xA287AF90]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xA287B560]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xA2876C40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xA287ABC0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xA28782F0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xA287A760]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xA2879A20]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xA2875D40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xA2875D50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xA2875D60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xA2875D80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xA2875DA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xA2875DD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xA2875DE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xA2875E00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xA2875E10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xA2875ED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xA2875FA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xA2875FE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xA2876020]

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP A287B980 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP A287BE80 \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3160] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [015B2F30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [015B2CA0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [015B2D00] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [015B2CD0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01D92F30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01D92CA0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01D92D00] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01D92CD0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\WINZIP\winzip32.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\WINZIP\winzip32.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\WINZIP\winzip32.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\WINZIP\winzip32.exe[4268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jeanmi\Local Settings\Temp\gmer.exe[5848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jeanmi\Local Settings\Temp\gmer.exe[5848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jeanmi\Local Settings\Temp\gmer.exe[5848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Jeanmi\Local Settings\Temp\gmer.exe[5848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[5868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[5868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[5868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe[5868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\gxvxcdomkkyrulrdyiykjoenboboxjidmkubh.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcdomkkyrulrdyiykjoenboboxjidmkubh.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcdomkkyrulrdyiykjoenboboxjidmkubh.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system

---- EOF - GMER 1.0.15 ----

Merci


JMS
A voir également:

3 réponses

Réponse 1 / 3
Utilisateur anonyme
7 nov. 2009 à 07:49
salut :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶colle le contenu dans ta prochaine réponse
1
Réponse 2 / 3
Utilisateur anonyme
7 nov. 2009 à 08:17
ok au revoir !!!

Docinfo j'attends ton rapport.
1
docinfo
7 nov. 2009 à 09:47
List'em by g3n-h@ckm@n 1.0.5.0

Thx to Chiquitine29.....

User : Jeanmi (Administrateurs) # PC-FIXE-1
Update on 05/11/2009 by g3n-h@ckm@n ::::: 19.00
Start at: 08:48:40 | 07/11/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 114,33 Go (88,32 Go free) [ACER] | FAT32
D:\ -> Disque fixe local | 115,56 Go (105,08 Go free) [DD2] | FAT32
E:\ -> Disque CD-ROM | 249 Mo (0 Mo free) [7_Kingdoms] | CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

C:\WINDOWS\System32\smss.exe 808
C:\WINDOWS\system32\csrss.exe 888
C:\WINDOWS\system32\winlogon.exe 916
C:\WINDOWS\system32\services.exe 960
C:\WINDOWS\system32\lsass.exe 972
C:\WINDOWS\system32\Ati2evxx.exe 1128
C:\WINDOWS\system32\svchost.exe 1156
C:\WINDOWS\system32\svchost.exe 1208
C:\WINDOWS\System32\svchost.exe 1252
C:\WINDOWS\system32\svchost.exe 1440
C:\WINDOWS\system32\svchost.exe 1464
C:\Program Files\AVG\AVG9\avgchsvx.exe 1652
C:\Program Files\AVG\AVG9\avgrsx.exe 1660
C:\WINDOWS\system32\spoolsv.exe 1708
C:\Program Files\AVG\AVG9\avgcsrvx.exe 1780
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1836
C:\WINDOWS\system32\svchost.exe 112
C:\WINDOWS\system32\agrsmsvc.exe 1392
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1408
C:\Program Files\AVG\AVG9\avgwdsvc.exe 1500
C:\Program Files\Bonjour\mDNSResponder.exe 1512
C:\WINDOWS\system32\Ati2evxx.exe 1576
C:\WINDOWS\eHome\ehSched.exe 308
C:\Program Files\Java\jre6\bin\jqs.exe 532
C:\WINDOWS\Explorer.EXE 540
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 1080
C:\Program Files\AVG\AVG9\avgnsx.exe 844
C:\Program Files\SPAMfighter\sfus.exe 1024
C:\WINDOWS\system32\svchost.exe 2164
C:\WINDOWS\system32\svchost.exe 2260
C:\Program Files\Acer\eRecovery\Monitor.exe 2396
C:\Program Files\Logitech\QuickCam\Quickcam.exe 2412
C:\Program Files\SPAMfighter\SFAgent.exe 2500
C:\Program Files\Java\jre6\bin\jusched.exe 2524
C:\Program Files\iTunes\iTunesHelper.exe 2540
C:\WINDOWS\AGRSMMSG.exe 2548
C:\WINDOWS\ehome\ehtray.exe 2584
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE 2752
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 2812
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe 2848
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe 2860
C:\WINDOWS\eHome\ehmsas.exe 2880
C:\WINDOWS\RTHDCPL.EXE 2968
C:\WINDOWS\system32\ctfmon.exe 2980
C:\Program Files\Microsoft ActiveSync\wcescomm.exe 3040
C:\WINDOWS\system32\SearchIndexer.exe 3116
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe 3172
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 3200
C:\PROGRA~1\MI3AA1~1\rapimgr.exe 3256
C:\WINDOWS\ehome\mcrdsvc.exe 3516
C:\WINDOWS\system32\wuauclt.exe 3536
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe 3968
C:\WINDOWS\system32\dllhost.exe 184
C:\WINDOWS\system32\wbem\wmiprvse.exe 2284
C:\WINDOWS\system32\msiexec.exe 2616
C:\Program Files\iPod\bin\iPodService.exe 3444
C:\WINDOWS\System32\alg.exe 3308
C:\WINDOWS\system32\wbem\wmiprvse.exe 3792
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe 1740
C:\WINDOWS\eHome\ehRecvr.exe 4796
D:\JMS\Importation internet\Logiciels importes\List_Killem.exe 4640
C:\WINDOWS\system32\cmd.exe 376
C:\Documents and Settings\Jeanmi\Local Settings\Temp\3.tmp\pv.exe 5080

======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_1_0"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe\" /hide"
"AppleSyncNotifier"="C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"Alcmtr"="ALCMTR.EXE"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"LaunchApp"="Alaunch"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Fichiers communs\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"ntiMUI"="c:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"UserFaultCheck"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,64,00,75,00,6d,00,70,00,72,00,65,00,70,00,20,00,30,00,20,00,2d,00,75,00,\
00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\
00,53,00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,\
54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,\
00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,00,6d,00,73,00,73,00,74,00,\
79,00,6c,00,65,00,73,00,00,00
"InstallTheme"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,54,00,\
68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,\
00,74,00,68,00,65,00,6d,00,65,00,00,00

===============
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000000

===============
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

===============
======
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
@="WormRadar.com IESiteBlocker.NavFilter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001

==========================

contenu des autoruns presents
-----------------------------

E:\Autorun.inf :
----------------
[autorun]
open = auto.exe
icon = 7k.exe,0
header= Seven Kingdoms Installation
comedir = \Coming

shell\setup=Install Seven Kingdoms
shell\setup\command=setup.exe

shell\dxsetup=(Un)Install DirectX
shell\dxsetup\command=directx\dxsetup.exe


===============
Path : C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\aucfg.ini
C:\WINDOWS\kb913800.exe
C:\WINDOWS\patch.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\System32\SET64.tmp
C:\WINDOWS\System32\SET67.tmp
C:\WINDOWS\System32\SET6A.tmp
C:\WINDOWS\System32\SET6D.tmp
C:\WINDOWS\System32\SET70.tmp
C:\WINDOWS\System32\SET75.tmp
C:\WINDOWS\System32\SET7E.tmp
C:\WINDOWS\System32\SET87.tmp
C:\WINDOWS\System32\SET8A.tmp
C:\WINDOWS\System32\SET8D.tmp
C:\WINDOWS\System32\SET90.tmp
C:\WINDOWS\System32\SET93.tmp
C:\WINDOWS\System32\SET96.tmp
C:\WINDOWS\system32\sqlite3.dll
C:\WINDOWS\System32\twain_32
C:\Documents and Settings\Jeanmi\LOCAL Settings\Temp\gmer.exe

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_gxvxcserv.sys
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_gxvxcserv.sys
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_gxvxcserv.sys

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

NTOSBOOT-B00DFAAD.pf
AVGCMGR.EXE-0F7C47CE.pf
JAVAW.EXE-392A4E93.pf
DRWTSN32.EXE-01DDCF15.pf
JAVAWS.EXE-078C20EA.pf
EHRECVR.EXE-20A109D9.pf
LOGONUI.EXE-312BE1BF.pf
WMIAPSRV.EXE-02740A4B.pf
AVGSRMAX.EXE-018DAD75.pf
CCLEANER.EXE-09CFC2BC.pf
SEARCHPROTOCOLHOST.EXE-1460F5CC.pf
SEARCHFILTERHOST.EXE-1FEC9DD2.pf
WMIPRVSE.EXE-0D449B4F.pf
QTTASK.EXE-1876A1A1.pf
DUMPREP.EXE-0AF2BF67.pf
APPLESYNCNOTIFIER.EXE-11B5BF6E.pf
WCESCOMM.EXE-2D7B0821.pf
DLLHOST.EXE-474D72E6.pf
ALG.EXE-275708CF.pf
AGRSMMSG.EXE-071EDC2A.pf
MONITOR.EXE-2231B72E.pf
SFAGENT.EXE-0BE9D286.pf
LVCOMSER.EXE-05B8741E.pf
WUAUCLT.EXE-1360D60A.pf
AVGTRAY.EXE-0C16766B.pf
MBRWRWIN.EXE-116CF276.pf
ZDWLAN.EXE-0ADC9F83.pf
JUSCHED.EXE-04A13915.pf
COMMUNICATIONS_HELPER.EXE-081C76F0.pf
IPODSERVICE.EXE-37043579.pf
SEARCHINDEXER.EXE-00DB35DB.pf
ITUNESHELPER.EXE-0A1B0F2C.pf
FXSSVC.EXE-140862E7.pf
NBJ.EXE-22992FAB.pf
WLIDSVCM.EXE-00BE526F.pf
DWWIN.EXE-2C373FB7.pf
AVGUI.EXE-3B05CF59.pf
AVGUPD.EXE-093D8534.pf
CTFMON.EXE-05E57A5E.pf
JAVA.EXE-32FD225F.pf
FIXCFG.EXE-060F2A25.pf
RAPIMGR.EXE-389C630D.pf
WINDOWSSEARCH.EXE-297AD9CA.pf
LOGITECHUPDATE.EXE-208A3BEE.pf
LULNCHR.EXE-37A90730.pf
AVGCSRVX.EXE-349E9D61.pf
MSIEXEC.EXE-330626DC.pf
Layout.ini
AVGSCANX.EXE-171FA429.pf
MCRDSVC.EXE-05390B47.pf
ALCMTR.EXE-01A7139B.pf
IMJPMIG.EXE-32ABEE9A.pf
NEROCHECK.EXE-30941580.pf
HDASHCUT.EXE-2D2D5319.pf
ALAUNCH.EXE-145B15F4.pf
NTIMUI.EXE-2D0A7662.pf
RTHDCPL.EXE-005A6E31.pf
PDVDSERV.EXE-04AF0E9D.pf
QUICKCAM.EXE-16F5A26B.pf
ADOBEUPDATEMANAGER.EXE-0075C43E.pf
COCIMANAGER.EXE-1E454E23.pf
REGSVR32.EXE-396DEA2C.pf
MSIMN.EXE-183B59AF.pf
ITUNES.EXE-14FD3AEE.pf
WIAACMGR.EXE-335C1EE8.pf
SYNCSERVER.EXE-0BD50E56.pf
APPLEMOBILEDEVICEHELPER.EXE-02E8D0F0.pf
WINDOWSMAILSYNC.EXE-04AFDA42.pf
DISTNOTED.EXE-1912EC34.pf
SAFARI.EXE-3616B950.pf
USERINIT.EXE-0743FDA9.pf
READER_SL.EXE-2FCCA463.pf
MDCRASHREPORTTOOL.EXE-008539CF.pf
APPLEMOBILEBACKUP.EXE-0F8C5D43.pf
ITUNESPHOTOPROCESSOR.EXE-1FFAF76D.pf
ATI2EVXX.EXE-07A42849.pf
SVCHOST.EXE-2D5FBD18.pf
SPYBOTSD162.EXE-2CB7BD56.pf
EXPLORER.EXE-02121B1A.pf
SPYBOTSD162.TMP-2126CA46.pf
SPYBOTSD_INCLUDES.EXE-0E2ED40A.pf
SPYBOTSD.EXE-1702AD5F.pf
SDUPDATE.EXE-2A88E3BA.pf
ADVCHECK164.TMP-18CE531A.pf
ADVCHECK164.EXE-1F8976AC.pf
UPDATE.EXE-0BDC03E6.pf
TEATIMER166.TMP-282CC574.pf
TEATIMER166.EXE-055C05E2.pf
CSRSS.EXE-22452D1B.pf
IMAPI.EXE-201490BB.pf
WINLOGON.EXE-0957F9B2.pf
SERVICES.EXE-3019B50A.pf
SAVEDUMP.EXE-286A4982.pf
LSASS.EXE-306A65C3.pf
LVPRCSRV.EXE-0371ED38.pf
AGRSMSVC.EXE-364FD28E.pf
APPLEMOBILEDEVICESERVICE.EXE-061C7F51.pf
AVGWDSVC.EXE-363CBDB2.pf
MDNSRESPONDER.EXE-1E0EA707.pf
AVGNSX.EXE-0707387C.pf
EHSCHED.EXE-1E7EF345.pf
SFUS.EXE-16692FA7.pf
WLIDSVC.EXE-101DAF6B.pf
RUNDLL32.EXE-6DF739B2.pf
UNINS000.EXE-38762295.pf
_IU14D2N.TMP-2509B678.pf
LOGON.SCR-24ADF392.pf
REGALYZ-1.6.2.16[1].EXE-1E47DF9B.pf
REGALYZ-1.6.2.16[1].TMP-28BB7DBC.pf
REGALYZER.EXE-120575E2.pf
REGEDIT.EXE-2AE3423E.pf
EHTRAY.EXE-337AC592.pf
WUPDMGR.EXE-08F70643.pf
SPYWAREBLASTERSETUP42[1].EXE-08A59BE3.pf
SPYWAREBLASTERSETUP42[1].TMP-04607948.pf
SPYWAREBLASTER.EXE-12DBC93E.pf
WINZIP32.EXE-12D769E6.pf
GMER.EXE-1B750D08.pf
NOTEPAD.EXE-2F2D61E1.pf
RUNDLL32.EXE-753F1DF3.pf
RUNDLL32.EXE-3D479208.pf
HELPCTR.EXE-0BD5B31B.pf
HELPSVC.EXE-1C192440.pf
RUNDLL32.EXE-419F288A.pf
WSCNTFY.EXE-0B14C27D.pf
CONTROL.EXE-24FBF8B3.pf
EHMSAS.EXE-1E4CE886.pf
MODE.COM-318FFE37.pf
LIST_KILLEM.EXE-2786777C.pf
IEXPLORE.EXE-2D97EBE6.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 3 / 3
Utilisateur anonyme
7 nov. 2009 à 10:16
REDEMARRE EN MODE SANS ECHEC , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse apres avoir redemarré en mode normal
0
docinfo
7 nov. 2009 à 20:53
Salut,
Voici le rapport 2
Path : C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :


¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_gxvxcserv.sys
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_gxvxcserv.sys
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_gxvxcserv.sys

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

NTOSBOOT-B00DFAAD.pf
REGEDIT.EXE-2AE3423E.pf
REG.EXE-07FA5B3F.pf
Layout.ini




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
W32 L32: correspondance entre taille US et taille française
efg -
sibel -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses