Internet Security 2010

monsieur P -  
 gen-hackman -
Bonjour,
je viens de choper "Internet Security 2010" dans un dossier en piece jointe pourtant analysé via l'antivirus de yahoo. Depuis c'est horrible, comme Malevolant (ou un truc du genre) j'ai toujours des fenetres de securité qui s'ouvrent comme quoi je suis attaqué, qu'il y a un worm, "critical warning" et que j'ai des spyware. Pourtant j'ai AVG qui l'a encore n'a rien vu. j'ai téléchargé skybot et fait les nettoyages en vain, de meme avec Malewarebytes qui m'avait suffit pour virer le grand frere de ce virus pourtant.
Et en fond d'ecran j'ai desormais "your system is infected! system has been stop to malefunction etc..."

Bref, help!!
Configuration: Windows XP
Firefox 3.5.7

8 réponses

  1. gen-hackman
     
    salut

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

    ▶ Télécharge List&Kill'em et enregistre le sur ton bureau

    ▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "creer une icone sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.

    0
  2. monsieur P
     
    voilà :)
    (par contre, pourquoi brancher les clés usb etc? vu qu'ils n'ont pas été en contact avec?)

    List'em by g3n-h@ckm@n 1.2.0.0

    thx to CCM team.....
    User : Eddy (Administrateurs)
    Update on 19/01/2010 by g3n-h@ckm@n ::::: 15:30
    Start at: 07:23:55 | 20/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Celeron(R) CPU 3.06GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]

    C:\ -> Disque fixe local | 90,94 Go (51,13 Go free) [ACER] | FAT32
    D:\ -> Disque fixe local | 91,45 Go (8,33 Go free) [Personnel] | NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\SFR\Kit\WiFi\9wifi.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    D:\Programmes\Photoshop\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\InternetSecurity2010\IS2010.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Eddy\Local Settings\Temp\13C.tmp\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
    swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    Internet Security 2010 REG_SZ C:\Program Files\InternetSecurity2010\IS2010.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    LaunchApp REG_SZ Alaunch
    ntiMUI REG_SZ C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    <NO NAME> REG_SZ
    RemoteControl REG_SZ "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    SiSPower REG_SZ Rundll32.exe SiSPower.dll,ModeAgent
    SoundMan REG_SZ SOUNDMAN.EXE
    eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
    Autoconfigurateur WiFi SFR REG_SZ "C:\Program Files\SFR\Kit\WiFi\9wifi.exe"
    EPSON Stylus Photo RX520 Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
    Acrobat Assistant 8.0 REG_SZ "D:\Programmes\Photoshop\Acrobat 8.0\Acrobat\Acrotray.exe"
    Adobe_ID0EYTHM REG_SZ C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    AVG9_TRAY REG_SZ C:\PROGRA~1\AVG\AVG9\avgtray.exe
    Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    smss32.exe REG_SZ C:\WINDOWS\system32\smss32.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 145 (0x91)
    NoActiveDesktopChanges REG_DWORD 0 (0x0)
    NoSetActiveDesktop REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoActiveDesktopChanges REG_DWORD 0 (0x0)
    NoSetActiveDesktop REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\AVG\AVG8\avgemc.exe REG_SZ C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
    C:\Program Files\AVG\AVG8\avgupd.exe REG_SZ C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
    C:\Program Files\AVG\AVG8\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
    C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe REG_SZ C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
    C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
    C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    C:\Program Files\AVG\AVG9\avgemc.exe REG_SZ C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
    C:\Program Files\AVG\AVG9\avgupd.exe REG_SZ C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe REG_SZ C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

    ===============
    ActivX controls
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2E03C0FD-4C48-43A7-9A54-00240C70FF16}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    SharedAccess : 0x2
    wuauserv : 0x2

    =========
    Atapi.sys
    =========
    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Documents and Settings\Eddy\Local Settings\Temp\13C.tmp
    ## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
    ##
    95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\Drivers\atapi.sys

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    90,94 Go total, 51,13 Go libre (56%), 34% fragment‚ (fragmentation du fichier 68%)

    Vous devriez d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Present !! : C:\Program Files\InternetSecurity2010
    Present !! : C:\WINDOWS\DUMP344e.tmp
    Present !! : C:\WINDOWS\System32\_SiSPInst.dll
    Present !! : C:\WINDOWS\System32\_SiSBase.dll
    Present !! : C:\WINDOWS\System32\_SiSParse.dll
    Present !! : C:\WINDOWS\System32\18467.exe
    Present !! : C:\WINDOWS\System32\26500.exe
    Present !! : C:\WINDOWS\System32\41.exe
    Present !! : C:\WINDOWS\System32\6334.exe
    Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
    Present !! : C:\WINDOWS\System32\dumphive.exe
    Present !! : C:\WINDOWS\System32\Process.exe
    Present !! : C:\WINDOWS\system32\rnaph.dll
    Present !! : C:\WINDOWS\System32\SrchSTS.exe
    Present !! : C:\WINDOWS\System32\tmp.reg
    Present !! : C:\WINDOWS\System32\VCCLSID.exe
    Present !! : C:\WINDOWS\System32\warning.html
    Present !! : C:\WINDOWS\System32\WS2Fix.exe
    Present !! : C:\Documents and Settings\Eddy\Application Data\avdrn.dat
    Present !! : C:\Documents and Settings\Eddy\Application Data\mvhgkr.dat

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\smss32.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    HKCU\SOFTWARE\IS2010

    ================
    Other infections
    ================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-20 07:40:07
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    Fichiers communs
    Windows NT
    MSN
    MSN Gaming Zone
    Messenger
    Windows Media Player
    Online Services
    ComPlus Applications
    Internet Explorer
    Outlook Express
    NetMeeting
    Movie Maker
    Services en ligne
    WindowsUpdate
    microsoft frontpage
    xerox
    sisagp
    InstallShield Installation Information
    Uninstall Information
    Realtek AC97
    Adobe
    NewTech Infosystems
    CyberLink
    SiSLan
    SiS VGA Utilities V3.68
    Java
    SFR
    WLAN
    Google
    Mozilla Firefox
    Windows Live
    Windows Live SkyDrive
    AVG
    epson
    GIMP-2.0
    OpenOffice.org 3
    JRE
    CCleaner
    Bonjour
    QuickTime
    VideoLAN
    eMule
    7-Zip
    Microsoft
    Microsoft SQL Server Compact Edition
    Microsoft Silverlight
    Enigma Software Group
    Trend Micro
    Malwarebytes' Anti-Malware
    Virtualis
    Spybot - Search & Destroy
    InternetSecurity2010
    List_Kill'em

    ============
    Lecteur C:
    ============

    i386
    VALUEADD
    dotnetfx
    FOUND.000
    FOUND.001
    FOUND.002
    FOUND.003
    Guide
    Sysinfo
    drv
    WINDOWS
    Documents and Settings
    Program Files
    Acer
    Bootfont.bin
    ntldr
    NTDETECT.COM
    boot.ini
    CONFIG.SYS
    AUTOEXEC.BAT
    IO.SYS
    MSDOS.SYS
    Preload.aaa
    FOUND.004
    FOUND.005
    FOUND.006
    System Volume Information
    FOUND.007
    FOUND.008
    FOUND.009
    FOUND.010
    FOUND.011
    FOUND.012
    FOUND.013
    FOUND.014
    FOUND.015
    FOUND.016
    FOUND.017
    FOUND.018
    hiberfil.sys
    Club-Internet
    Recycled
    $AVG
    rapport.txt
    pagefile.sys
    Config.Msi
    spoolerlogs
    Kill'em
    List'em.txt

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    C:\Program Files\GIMP-2.0\share\gimp\2.0\gimpressionist\Presets\Patchwork
    C:\Program Files\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
    D:\Programmes\Adobe\Illustrator 10.0.3\Modules\Photoshop Effects - Standard\Patchwork.8bf
    D:\Programmes\Adobe\Photoshop 7.0\Modules externes\Effets\Patchwork.8bf
    D:\Programmes\Photoshop\Adobe Bridge CS3\LMResources\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Bridge CS3\LMResources\ar_AE\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Bridge CS3\LMResources\he_IL\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Contribute CS3\LMResources\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Contribute CS3\LMResources\ar_AE\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Contribute CS3\LMResources\he_IL\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Device Central CS3\LMResources\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Device Central CS3\LMResources\ar_AE\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Device Central CS3\LMResources\he_IL\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Dreamweaver CS3\LMResources\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Dreamweaver CS3\LMResources\ar_AE\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Dreamweaver CS3\LMResources\he_IL\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Fireworks CS3\LMResources\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Fireworks CS3\LMResources\ar_AE\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Fireworks CS3\LMResources\he_IL\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Flash CS3\LMResources\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Flash CS3\LMResources\ar_AE\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Flash CS3\LMResources\he_IL\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Flash CS3 Video Encoder\LMResources\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Flash CS3 Video Encoder\LMResources\ar_AE\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Flash CS3 Video Encoder\LMResources\he_IL\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Illustrator CS3\Support Files\Contents\Windows\LMResources\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Illustrator CS3\Support Files\Contents\Windows\LMResources\ar_AE\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Illustrator CS3\Support Files\Contents\Windows\LMResources\he_IL\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Photoshop CS3\LMResources\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Photoshop CS3\LMResources\ar_ae\SerializationWF.exv
    D:\Programmes\Photoshop\Adobe Photoshop CS3\LMResources\he_il\SerializationWF.exv
    C:\Documents and Settings\Eddy\SmitfraudFix\o4Patch.exe
    C:\Program Files\Mozilla Firefox\SmitfraudFix\o4Patch.exe

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  3. monsieur P
     
    a savoir que depuis ce matin AVG a repéré le cheval de troie Agent2.AFZU sur deux fichiers et les a mis en quarantaine et que Malwarebytes ne repere plus d'anomalie...
    pourtant il est tjs là...
    0
  4. gen-hackman
     
    salut desole pour le retard

    ▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Monsieur P
     
    Ben suite à une suppression de programme (je venais de mettre un second antivirus mais comme apparemment c'est pas bien je l'ai viré), mon ordi ne voulait plus ouvrir de session (il se connactait puis deconnectait direct) donc j'ai tout réinstallé (3eme ou 4 eme fois en 5 ans)

    mais bon du coup je suis débarassé du virus?
    0