Sujet Précédent Sujet Suivant

Probleme de virus

Fermé
dacouroma Messages postés 14 Date d'inscription vendredi 16 janvier 2009 Statut Membre Dernière intervention 1 décembre 2010 - 8 févr. 2010 à 12:30
 Utilisateur anonyme - 8 févr. 2010 à 14:28
Bonjour,
s'il vous plais j'ai un probleme avec mon pc portable
en effet j'ai un message qui s'affiche "Security Tool" au demarrage et qui bloque tous mes applications
me demandeant de m'abonner par carte bancaire s'il vous plais aidez je vous en prie
merci
A voir également:

8 réponses

Réponse 1 / 8
Utilisateur anonyme
8 févr. 2010 à 12:31
salut

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

0
Réponse 2 / 8
dacouroma Messages postés 14 Date d'inscription vendredi 16 janvier 2009 Statut Membre Dernière intervention 1 décembre 2010
8 févr. 2010 à 13:00
j'ai fait ce que vous m'avez demandez mais le programme e question bloque toutes intallation je ne sais
que faire s'il vous plais aidez moi
merci
0
Réponse 3 / 8
Utilisateur anonyme
8 févr. 2010 à 13:10
fais-le en mode sans echec
0
Réponse 4 / 8
dacouroma Messages postés 14 Date d'inscription vendredi 16 janvier 2009 Statut Membre Dernière intervention 1 décembre 2010
8 févr. 2010 à 13:40
merci mais est ce que vous pouvez m'expliquer la phrase suivante s'il vous plait

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
encore une fois merci pour votre aide
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
Utilisateur anonyme
8 févr. 2010 à 13:44
quand le rapport / document texte s'ouvre , tu copies son contenu entier ici
0
Réponse 6 / 8
dacouroma Messages postés 14 Date d'inscription vendredi 16 janvier 2009 Statut Membre Dernière intervention 1 décembre 2010
8 févr. 2010 à 13:48
ok voila ce que vous m'avez demandé

List'em by g3n-h@ckm@n 1.2.4.0

User : gobiano (Administrateurs)
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40
Start at: 13:26:54 | 08/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 452,97 Go (410,14 Go free) [ACER] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible | 7,49 Go (5,95 Go free) | FAT32

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Users\gobiano\AppData\Local\Temp\3024.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg REG_SZ "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Messenger (Yahoo!) REG_SZ "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Skype REG_SZ "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
msnmsgr REG_SZ "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
DownloadAccelerator REG_SZ "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
21111915 REG_SZ C:\ProgramData\21111915\21111915.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Adobe Reader Speed Launcher REG_SZ "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
BackupManagerTray REG_SZ "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
EgisTecLiveUpdate REG_SZ "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
StartCCC REG_SZ "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
LManager REG_SZ C:\Program Files (x86)\Launch Manager\LManager.exe
ArcadeDeluxeAgent REG_SZ "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
PlayMovie REG_SZ "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mcagent_exe REG_SZ "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
QuickTime Task REG_SZ "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppleSyncNotifier REG_SZ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
TkBellExe REG_SZ "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
WinampAgent REG_SZ "C:\Program Files (x86)\Winamp\winampa.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
21111915 REG_SZ C:\PROGRA~3\21111915\21111915.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 5 (0x5)
ConsentPromptBehaviorUser REG_DWORD 3 (0x3)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)
ForceActiveDesktopOn REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
DefaultDomainName REG_SZ
DefaultUserName REG_SZ
Userinit REG_SZ userinit.exe
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe REG_SZ C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://search.speedbit.com/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\gobiano\AppData\Local\Temp\3024.tmp
## C:\> hashdeep C:\Windows\Sysnative\Drivers\atapi.sys
##
24128,02062c0b390b7729edc9e69c680a6f3c,0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273,C:\Windows\Sysnative\Drivers\atapi.sys


Sources
=======

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\programdata\Partner
Present !! : C:\Windows\SysWow64\XInput9_1_0.dll
Present !! : C:\Windows\Sysnative\XInput9_1_0.dll
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\GoogleChromeInstaller.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\GoogleUpdate.exe13ca50
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\RunWizards.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\svd_dap.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\isconfig.dat
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\BrowserSet.dll
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\cabex.dll
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\goopdate.dll13ca60
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\goopdateres_fr.dll13ca60

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}"
Present !! : HKCR\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKCR\CLSID\{9517fb66-3dcf-44eb-8ce5-1a0f8a058d12}
Present !! : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\kt_bho.KettleBho
Present !! : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Present !! : HKCR\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000}
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook.1
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Present !! : "HKLM\SYSTEM\ControlSet001\Services\partner service"
Present !! : "HKLM\SYSTEM\ControlSet002\Services\partner service"
Present !! : "HKLM\SYSTEM\CurrentControlSet\Services\partner service"

============

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 13:33:11
Windows 6.1.7600 WOW64 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

==========
Programs
==========

Acer
Acer Arcade Deluxe
Acer GameZone
Acer Inc
Adobe
Apple Software Update
ATI Technologies
Bonjour
Common Files
CyberLink
DAP
desktop.ini
DivX
EgisTec
EgisTec Egis Software Update
eSobi
Google
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
Java
Launch Manager
LimeWire
List_Kill'em
McAfee
McAfee.com
Microsoft
Microsoft Office
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
MSBuild
MSXML 4.0
Nero
NewTech Infosystems
OEM
QuickTime
Real
Realtek
Reference Assemblies
Safari
Skype
SpeedBit Video Downloader
Temp
Total Video Converter
TriDef 3D
Uninstall Information
Winamp
Winamp Detect
Winamp Toolbar
Windows Defender
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Viewer
Windows Portable Devices
Windows Sidebar
Yahoo!

============
Drive C:
============

$Recycle.Bin
BOOK
Boot
bootmgr
BOOTSECT.BAK
Config.Msi
Documents and Settings
elements
hiberfil.sys
Intel
Kill'em
List'em.txt
msdia80.dll
MSOCache
OEM
pagefile.sys
Patch.rev
PerfLogs
Preload.rev
Program Files
Program Files (x86)
ProgramData
Recovery
RHDSetup.log
System Volume Information
Users
Windows

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Patch.rev
C:\ProgramData\Yahoo!\yau\Serialization.bin
C:\Users\All Users\Yahoo!\yau\Serialization.bin
C:\Users\gobiano\AppData\Roaming\Microsoft\Windows\Recent\Serial {Microsoft Office 2007 Pro.}.lnk
C:\Users\gobiano\Contacts\Patcheco.contact
C:\Windows\Patch.log
C:\Windows\PatchFul.exe
C:\Program Files (x86)\Microsoft Works\Install.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
encore merci pour votre aide .
0
Réponse 7 / 8
dacouroma Messages postés 14 Date d'inscription vendredi 16 janvier 2009 Statut Membre Dernière intervention 1 décembre 2010
8 févr. 2010 à 14:15
List'em by g3n-h@ckm@n 1.2.4.0

User : gobiano (Administrateurs)
Update on 05/02/2010 by g3n-h@ckm@n ::::: 18.40
Start at: 13:26:54 | 08/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 452,97 Go (410,14 Go free) [ACER] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible | 7,49 Go (5,95 Go free) | FAT32

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Users\gobiano\AppData\Local\Temp\3024.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg REG_SZ "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Messenger (Yahoo!) REG_SZ "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Skype REG_SZ "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
msnmsgr REG_SZ "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
DownloadAccelerator REG_SZ "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
21111915 REG_SZ C:\ProgramData\21111915\21111915.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Adobe Reader Speed Launcher REG_SZ "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
BackupManagerTray REG_SZ "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
EgisTecLiveUpdate REG_SZ "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
StartCCC REG_SZ "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
LManager REG_SZ C:\Program Files (x86)\Launch Manager\LManager.exe
ArcadeDeluxeAgent REG_SZ "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
PlayMovie REG_SZ "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
mcagent_exe REG_SZ "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
QuickTime Task REG_SZ "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppleSyncNotifier REG_SZ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
TkBellExe REG_SZ "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
WinampAgent REG_SZ "C:\Program Files (x86)\Winamp\winampa.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
21111915 REG_SZ C:\PROGRA~3\21111915\21111915.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 5 (0x5)
ConsentPromptBehaviorUser REG_DWORD 3 (0x3)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)
ForceActiveDesktopOn REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
DefaultDomainName REG_SZ
DefaultUserName REG_SZ
Userinit REG_SZ userinit.exe
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe REG_SZ C:\Program Files (x86)\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://fr.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://search.speedbit.com/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\gobiano\AppData\Local\Temp\3024.tmp
## C:\> hashdeep C:\Windows\Sysnative\Drivers\atapi.sys
##
24128,02062c0b390b7729edc9e69c680a6f3c,0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273,C:\Windows\Sysnative\Drivers\atapi.sys


Sources
=======

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\programdata\Partner
Present !! : C:\Windows\SysWow64\XInput9_1_0.dll
Present !! : C:\Windows\Sysnative\XInput9_1_0.dll
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\GoogleChromeInstaller.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\GoogleUpdate.exe13ca50
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\RunWizards.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\svd_dap.exe
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\isconfig.dat
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\BrowserSet.dll
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\cabex.dll
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\goopdate.dll13ca60
Present !! : C:\Users\gobiano\LOCAL Settings\Temp\goopdateres_fr.dll13ca60

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}"
Present !! : HKCR\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKCR\CLSID\{9517fb66-3dcf-44eb-8ce5-1a0f8a058d12}
Present !! : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\kt_bho.KettleBho
Present !! : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Present !! : HKCR\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000}
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook
Present !! : HKCR\urlsearchhook.toolbarurlsearchhook.1
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Present !! : "HKLM\SYSTEM\ControlSet001\Services\partner service"
Present !! : "HKLM\SYSTEM\ControlSet002\Services\partner service"
Present !! : "HKLM\SYSTEM\CurrentControlSet\Services\partner service"

============

driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 13:33:11
Windows 6.1.7600 WOW64 NTFS

detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

==========
Programs
==========

Acer
Acer Arcade Deluxe
Acer GameZone
Acer Inc
Adobe
Apple Software Update
ATI Technologies
Bonjour
Common Files
CyberLink
DAP
desktop.ini
DivX
EgisTec
EgisTec Egis Software Update
eSobi
Google
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
Java
Launch Manager
LimeWire
List_Kill'em
McAfee
McAfee.com
Microsoft
Microsoft Office
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
MSBuild
MSXML 4.0
Nero
NewTech Infosystems
OEM
QuickTime
Real
Realtek
Reference Assemblies
Safari
Skype
SpeedBit Video Downloader
Temp
Total Video Converter
TriDef 3D
Uninstall Information
Winamp
Winamp Detect
Winamp Toolbar
Windows Defender
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Viewer
Windows Portable Devices
Windows Sidebar
Yahoo!

============
Drive C:
============

$Recycle.Bin
BOOK
Boot
bootmgr
BOOTSECT.BAK
Config.Msi
Documents and Settings
elements
hiberfil.sys
Intel
Kill'em
List'em.txt
msdia80.dll
MSOCache
OEM
pagefile.sys
Patch.rev
PerfLogs
Preload.rev
Program Files
Program Files (x86)
ProgramData
Recovery
RHDSetup.log
System Volume Information
Users
Windows

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Patch.rev
C:\ProgramData\Yahoo!\yau\Serialization.bin
C:\Users\All Users\Yahoo!\yau\Serialization.bin
C:\Users\gobiano\AppData\Roaming\Microsoft\Windows\Recent\Serial {Microsoft Office 2007 Pro.}.lnk
C:\Users\gobiano\Contacts\Patcheco.contact
C:\Windows\Patch.log
C:\Windows\PatchFul.exe
C:\Program Files (x86)\Microsoft Works\Install.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 8 / 8
Utilisateur anonyme
8 févr. 2010 à 14:28
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

ensuite :

Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt".
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses