Gros Probleme avec rundll32.exe Fermé

Question

Bonjour à tous,
Voila j'ai un gros problème avec mon pc, au faite à chaque fois que je veux exécuter un programme j'ai toujours la fenêtre" ouvrir avec:..." .Donc j'ai fait quelques recherches sur le web mais non fructueuses!! Au fait j'ai voulu accéder au gestionnaire des taches mais la plupart des applications dedans ne s'ouvrent pas et j'ai un message d'erreur qui s'affiche" application introuvable C:\WINDOWS..rundll32.exe ". je désepère car en vérifiant mon dossier System32 j'ai trouvé l'application en question! j'ai donc trouvé sur le net l'application et j'ai essayer de la copier/coller dans System32,sauf que la l'ancienne application persiste et supprime la nouvelle.

J'espère que j'etait claire et avoir des réponses très rapidement..
Merci a l'avance ;)

gamesharked · Answer

fait une analyse antivirus immédiatement!

benurrr · Answer

salut 

a tu tester cette astuce ?

https://www.commentcamarche.net/faq/2577-windows-erreur-de-chargement-rundll-rundll32-exe

Lydia · Answer

Au fait j'ai déja fait un scan avec Spyhunter 3 et il m'a trouvé le malware Rogue.VISTA Antivirus! donc je l'ai supprimer, et la je vient de le restaurer pour voir et bein les programmes exécutables marchent sans probleme!
aidez moi svp je ne sais plus quoi faire :(

benurrr · Answer

télécharge

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Vérifier si tout est coché et clic Supprimer la sélection

S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer

Lydia · Answer

Quand je fais le scan sur le mode normal; l'ordinateur se plante et je fais un redémarrage forcé!
La je suis entrain de le faire sur le mode sans echec, j'espere que cela ne change rien?!
en attente de votre confirmation

benurrr · Answer

c'est bon tu peut continuer en mode sans échec

Lydia · Answer

J'ai supprimé les fichiers en question mais au moment de l'écriture du rapport tout a planté et l'ordinateur a généré un bip continu et donc redémarrage forcé! là je suis entrain de refaire le scan; on verra ce que cela donnera!

Lydia · Answer

voila le rapport; 4 éléments persistent!!! help me pleaaaaaaaaaaaaaaaaaase

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3734
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

14/02/2010 14:28:49
mbam-log-2010-02-14 (14-28-46).txt

Type de recherche: Examen rapide
Eléments examinés: 148270
Temps écoulé: 7 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Lydia · Answer

Cc il y'a quelq'un?
voila une autre catastrophe, maintenant je ne peux plus ouvrir mais programmes exécutables, que dois je faire?
aidez moi svp

Lydia · Answer

Svp aidez moi, ca m'ettone que personne ne réponde, j'ai vraiment besoin de votre aide so pleaaaaaaaaaaaase help me, je commence à désespérer!!
merci pour votre attention

gamesharked · Answer

Ne t'inquiéte pas , ca te met quoi comme erreur ?

benurrr · Answer

voila de retour,esperant que c'est pas du virut (infection qui endommage gravement le system)

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

 Télécharge et installe List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe


 Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "créer une icône sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

 laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

Lydia · Answer

voila le rapport, espérant qu'il n'ya pas de virut!! la nouveauté de mon ordi est que maintenant il se bloque tout seul après chaque démarrage au bout d'un certain temps!! j'ai essayé de voir dans l'observateur des évènements mais rien de spéciale... List'em by g3n-h@ckm@n 1.2.5.0 User : Administrateur (Administrateurs) Update on 08/02/2010 by g3n-h@ckm@n ::::: 15.30 Start at: 10:27:16 | 15/02/2010 Contact : https://forums.commentcamarche.net/forum/virus-securite-7 Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled C:\ -> Disque fixe local | 218,88 Go (158,35 Go free) | NTFS D:\ -> Disque fixe local | 74,5 Go (28,49 Go free) | NTFS E:\ -> Disque CD-ROM | 480,81 Mo (0 Mo free) [GHAMIDY] | CDFS F:\ -> Disque CD-ROM G:\ -> Disque amovible H:\ -> Disque amovible I:\ -> Disque amovible J:\ -> Disque amovible M:\ -> Disque CD-ROM ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\List_Kill'em\List_Kill'em.scr C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Administrateur\Local Settings\Temp\3.tmp\pv.exe ====================== Keys "Run" ====================== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe SigmatelSysTrayApp REG_SZ stsystra.exe IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay DMXLauncher REG_SZ C:\Program Files\Dell\Media Experience\DMXLauncher.exe Install5G REG_SZ E:\Install.exe /SI=100 REGSHAVE REG_SZ C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN DLCCCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 IMEKRMIG6.1 REG_SZ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup ISUSPM REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] ===================== Other Keys ===================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] dontdisplaylastusername REG_DWORD 0 (0x0) legalnoticecaption REG_SZ legalnoticetext REG_SZ shutdownwithoutlogon REG_DWORD 1 (0x1) undockwithoutlogon REG_DWORD 1 (0x1) InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme =============== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] NoDriveTypeAutoRun REG_DWORD 145 (0x91) =============== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] HonorAutoRunSetting REG_DWORD 1 (0x1) =============== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLS REG_SZ =============== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] AutoRestartShell REG_DWORD 1 (0x1) DefaultUserName REG_SZ Administrateur LegalNoticeCaption REG_SZ LegalNoticeText REG_SZ PowerdownAfterShutdown REG_SZ 0 ReportBootOk REG_SZ 1 Shell REG_SZ Explorer.exe ShutdownWithoutLogon REG_SZ 0 System REG_SZ Userinit REG_SZ C:\WINDOWS\system32\userinit.exe, VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl" SfcQuota REG_DWORD -1 (0xffffffff) allocatecdroms REG_SZ 0 allocatedasd REG_SZ 0 allocatefloppies REG_SZ 0 cachedlogonscount REG_SZ 10 forceunlocklogon REG_DWORD 0 (0x0) passwordexpirywarning REG_DWORD 14 (0xe) scremoveoption REG_SZ 0 AllowMultipleTSSessions REG_DWORD 1 (0x1) UIHost REG_EXPAND_SZ logonui.exe LogonType REG_DWORD 1 (0x1) Background REG_SZ 0 0 0 DefaultPassword REG_SZ DebugServerCommand REG_SZ no SFCDisable REG_DWORD 0 (0x0) WinStationsDisabled REG_SZ 0 HibernationPreviouslyEnabled REG_DWORD 1 (0x1) ShowLogonOptions REG_DWORD 0 (0x0) AltDefaultUserName REG_SZ Administrateur AltDefaultDomainName REG_SZ MM DefaultDomainName REG_SZ MM ChangePasswordUseKerberos REG_DWORD 1 (0x1) EnableConcurrentSessions REG_DWORD 1 (0x1) =============== [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\crypt32chain] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cryptnet] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\cscdll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\dimsntfy] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\ScCertProp] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\Schedule] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\sclgntfy] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\SensLogn] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify ermsrv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\WgaLogon] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\wlballoon] =============== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ =============== [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger C:\Program Files\Yahoo!\Messenger\YServer.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger C:\Program Files\Dell Network Assistant\ezi_hnm2.exe REG_SZ C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Disabled:Advanced Networking Application C:\Program Files\Veoh Networks\Veoh\VeohClient.exe REG_SZ C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client C:\Program Files\Microsoft ActiveSync apimgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager C:\Program Files\Microsoft ActiveSync\wcescomm.exe REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe REG_SZ C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe REG_SZ C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe REG_SZ C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Disabled:BlueSoleil C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour C:\Program Files\Logitech\Logitech Vid\Vid.exe REG_SZ C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Disabled:Logitech Vid [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) C:\Program Files\Microsoft ActiveSync apimgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager C:\Program Files\Microsoft ActiveSync\wcescomm.exe REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare =============== ActivX controls =============== HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B} =============== HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{DFB17AA8-042A-429D-987C-26CE244A4189} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393 HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7} HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24} ============== BHO : ====== [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] ================ Internet Explorer : ================ [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Start Page REG_SZ www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=6061102 ======== Services ======== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] Ndisuio : 0x3 ( OK = 3 ) EapHost : 0x3 ( OK = 2 ) SharedAccess : 0x2 ( OK = 2 ) wuauserv : 0x2 ( OK = 2 ) ========= Atapi.sys ========= %%%% HASHDEEP-1.0 %%%% size,md5,sha256,filename ## Invoked from: C:\Documents and Settings\Administrateur\Local Settings\Temp\3.tmp ## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys ## 96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys Sources ======= C:\i386\atapi.sys C:\WINDOWS\$NtServicePackUninstall$\atapi.sys C:\WINDOWS\ServicePackFiles\i386\atapi.sys C:\WINDOWS\system32\drivers\atapi.sys Référence : ========== Win XP_32b : a64013e98426e1877cb653685c5c0009 Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51 Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674 Vista_32b : e03e8c99d15d0381e02743c36afc7c6f Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9 Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4 Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C ======= Drive : ======= D‚fragmenteur de disque Windows Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc. Rapport d'analyse 219 Go total, 158 Go libre (72%), 4% fragment‚ (fragmentation du fichier 8%) Il ne vous est pas n‚cessaire de d‚fragmenter ce volume. ¤¤¤¤¤¤¤¤¤¤ Files/folders : Present !! : C:\WINDOWS\003000_.tmp Present !! : C:\WINDOWS\jestertb.dll Present !! : C:\WINDOWS\kb913800.exe Present !! : C:\WINDOWS\System32\_*.dll Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn Present !! : C:\WINDOWS\System32\drivers\lvuvc.hs" Present !! : C:\WINDOWS\System32\SET*.tmp ¤¤¤¤¤¤¤¤¤¤ Keys : Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383} Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe" Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe" Present !! : "HKLM\Software\Trymedia Systems" Present !! : HKCR\OutlookAddin.Addin Present !! : HKCR\OutlookAddin.Addin.1 Present !! : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2} ============ catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-15 10:34:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:21,ff,65,74,b8,ed,c0,7d,0c,8e,0f,c1,24,6c,d1,a2,1a,b5,68,3a,c0,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,72,da,a2,4d,cb,bc,4b,12,c6,5f,63,41,72,aa,13,11,c4,.. "khjeh"=hex:3c,07,ba,99,b2,ff,d0,b9,91,77,9c,b5,e6,f5,e5,7e,26,cd,dd,77,c3,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:f0,05,cc,3f,61,e7,ea,37,8a,e8,09,69,f9,a1,c9,51,ca,a1,a8,76,c1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:21,ff,65,74,b8,ed,c0,7d,0c,8e,0f,c1,24,6c,d1,a2,1a,b5,68,3a,c0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,72,da,a2,4d,cb,bc,4b,12,c6,5f,63,41,72,aa,13,11,c4,.. "khjeh"=hex:3c,07,ba,99,b2,ff,d0,b9,91,77,9c,b5,e6,f5,e5,7e,26,cd,dd,77,c3,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:f0,05,cc,3f,61,e7,ea,37,8a,e8,09,69,f9,a1,c9,51,ca,a1,a8,76,c1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:21,ff,65,74,b8,ed,c0,7d,0c,8e,0f,c1,24,6c,d1,a2,1a,b5,68,3a,c0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,72,da,a2,4d,cb,bc,4b,12,c6,5f,63,41,72,aa,13,11,c4,.. "khjeh"=hex:3c,07,ba,99,b2,ff,d0,b9,91,77,9c,b5,e6,f5,e5,7e,26,cd,dd,77,c3,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:f0,05,cc,3f,61,e7,ea,37,8a,e8,09,69,f9,a1,c9,51,ca,a1,a8,76,c1,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85F040F0]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\iaStor -> 0x85f040f0 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ========== Programs ========== 7-Zip Abbyy FineReader 6.0 Sprint Adobe Ahead Alwil Software Apple Software Update Atari ATI Technologies BAE BitComet Bonjour ComPlus Applications Corel DAEMON Tools Lite Dell Dell Network Assistant Dell Photo AIO Printer 924 Digital Camera DivX Dl_cats Droppix eMule Enigma Software Group Fichiers communs FinePixViewer FrenchOtto GemMasterFrench Google Hercules illiminable InstallShield Installation Information Intel InterActual Internet Explorer Inventel iPod iTunes IVT Corporation Jasc Software Inc Java List_Kill'em Logitech Malwarebytes' Anti-Malware McAfee Messenger Microsoft Microsoft ActiveSync Microsoft CAPICOM 2.1.0.2 microsoft frontpage Microsoft Office Microsoft Office Outlook Connector Microsoft Picture It! PhotoPub Microsoft Silverlight Microsoft SQL Server Compact Edition Microsoft Sync Framework Microsoft Works Microsoft.NET Mobipocket.com Movie Maker Mozilla Firefox MSBuild MSN MSN Gaming Zone MSN Messenger MSXML 4.0 NetMeeting Nova-Intelligence Online Services Orange Outlook Express PIXELA PowerQuest QuickTime Real RealArcade Reallusion Reference Assemblies Reflex Business ReflexiveArcade REGSHAVE Roxio SAGEM Securitoo Services en ligne Sigmatel Skype Sonic Sun Symantec Tiscali Uninstall Information Veoh Networks Windows Live Windows Live SkyDrive Windows Live Toolbar Windows Media Connect 2 Windows Media Player Windows Mobile Device Handbook Windows NT Windows Plus WindowsUpdate WinZip xerox Yahoo! Zylom Games ============ Drive C: ============ 5813e13d5893f9cb84 AUTOEXEC.BAT bec645826194be7ab6e54feb8f9c08 boot.ini Bootfont.bin Config.Msi CONFIG.SYS dell dell.sdr dlcc.log dlccscan.log Documents and Settings Downloads drivers drvrtmp f6f124d1579f37a55a544c825bec0c found.000 GameHouse Games i386 INFCACHE.1 IO.SYS Kill'em List'em.txt LogiSetup.log MSDOS.SYS MSOCache My Music NTDETECT.COM ntldr P1010834.JPG P1010835.JPG P1010836.JPG P1010837.JPG P1010838.JPG P1010839.JPG P1010840.JPG P1010841.JPG P1010842.JPG P1010844.JPG P1010845.JPG P1010846.JPG P1010847.JPG P1010848.JPG P1010849.JPG P1010887.JPG P1010888.JPG P1010890.JPG P1010891.JPG P1010892.JPG P1010893.JPG P1010894.JPG pagefile.sys partition_magic8.0FR playground.log Program Files RECYCLER Sites sqmdata00.sqm sqmdata01.sqm sqmdata02.sqm sqmdata03.sqm sqmdata04.sqm sqmdata05.sqm sqmdata06.sqm sqmdata07.sqm sqmdata08.sqm sqmdata09.sqm sqmdata10.sqm sqmdata11.sqm sqmdata12.sqm sqmdata13.sqm sqmdata14.sqm sqmdata15.sqm sqmdata16.sqm sqmdata17.sqm sqmdata18.sqm sqmdata19.sqm sqmnoopt00.sqm sqmnoopt01.sqm sqmnoopt02.sqm sqmnoopt03.sqm sqmnoopt04.sqm sqmnoopt05.sqm sqmnoopt06.sqm sqmnoopt07.sqm sqmnoopt08.sqm sqmnoopt09.sqm sqmnoopt10.sqm sqmnoopt11.sqm sqmnoopt12.sqm sqmnoopt13.sqm sqmnoopt14.sqm sqmnoopt15.sqm sqmnoopt16.sqm sqmnoopt17.sqm sqmnoopt18.sqm sqmnoopt19.sqm System Volume Information t Temp Thumbs.db timestmp.tmp WINDOWS YServer.txt ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials C:\Program Files\Dell\Media Experience\IAPCSDK\Install.exe C:\Program Files\Dell Photo AIO Printer 924\Install\exe C:\Program Files\Dell Photo AIO Printer 924\Install\exe\Engine.dll C:\Program Files\Dell Photo AIO Printer 924\Install\exe\Uninst.exe C:\WINDOWS\Temp\McAfeeInstall\Install.exe ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ End of scan : 10:46:01,29

benurrr · Answer

salut

&#9654; Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654; choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

&#9654; colle le contenu dans ta reponse

Lydia · Answer

Execuse moi benurrr, mais est ce que ça sera possible de savoir en quoi consiste le mode suppression, j'ai peur de supprimer certain fichiers importants pour le fonctionnement du pc, est ce que tu pourra m'expliquer un peu,
je veux vraiment regler le probleme, je te remercie pour ton aide

benurrr · Answer

sa va te supprimer des fichier qui sont infecter ou qui se sont incruster a ton system apparement c'est pas du virut il risque pas de te supprimer des fichier légitime de ton system

Lydia · Answer

voila le rapport:
ps:merci pour l'explication


Kill'em by g3n-h@ckm@n 1.2.5.0 
 
User : mazouz (Administrateurs) 
Update on 08/02/2010 by g3n-h@ckm@n ::::: 15.30 
Start at: 13:37:38 | 15/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 CPU          6400  @ 2.13GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886498 [ Enabled | Updated ]

C:\ -> Disque fixe local | 218,88 Go (157,02 Go free) | NTFS
D:\ -> Disque fixe local | 74,5 Go (28,49 Go free) | NTFS
E:\ -> Disque CD-ROM | 480,81 Mo (0 Mo free) [GHAMIDY] | CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
M:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\Logitech Vid\LU\LULnchr.exe
C:\Program Files\Logitech\Logitech Vid\LU\LogitechUpdate.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\mazouz\Local Settings\Temp\32.tmp\ERUNT.EXE
C:\Documents and Settings\mazouz\Local Settings\Temp\32.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\WINDOWS\003000_.tmp 
Quarantined & Deleted !! : C:\WINDOWS\jestertb.dll 
Quarantined & Deleted !! : C:\WINDOWS\kb913800.exe 
 
Quarantined & Deleted !! : C:\WINDOWS\System32\_000006_.tmp.dll 
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn 
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\lvuvc.hs 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET67.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET6D.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET6E.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET8C.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET99.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETA3.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETAF.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETB8.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETB9.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETBA.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETBB.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETBD.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Application Data\wklnhst.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\003.zip 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\68.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\a.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\dw.log 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\Hjv.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\Hjw.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\Hjx.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Install_Messenger.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Install_WLMessenger.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv_9cf01a2a.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\lsnfier.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\lvid_lvid.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\lws_lws.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\SHSetup.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1008.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_10b8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1120.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1268.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1354.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_13c4.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_13f4.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_14a0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1734.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_174c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_4cc.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_50c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_6d0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_6fc.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_718.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_798.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_7b8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_82c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_84c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_8ac.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_95c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_9c0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_a88.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_b4c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_bb8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_c0c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_c38.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_c78.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_c84.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_ca0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_cb0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_cf8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_d24.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_d38.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_d9c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_dc8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_de4.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_e20.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_e6c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_ec0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_f14.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_f28.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_f38.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_f8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\SWFXXLRT.DLL 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\UninstallRC-8876480.dll 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Internet_Antivirus_Pro_Fix.rar 
 
==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
Deleted : "HKLM\Software\Trymedia Systems"  
Deleted : HKCR\OutlookAddin.Addin  
Deleted : HKCR\OutlookAddin.Addin.1  
Deleted : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}  
========
Services
=========

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
============
 
=================
anti-ver blaster : OK !! 
=================

================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Lydia · Answer

voila le rapport:
ps:merci pour l'explication


Kill'em by g3n-h@ckm@n 1.2.5.0 
 
User : mazouz (Administrateurs) 
Update on 08/02/2010 by g3n-h@ckm@n ::::: 15.30 
Start at: 13:37:38 | 15/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 CPU          6400  @ 2.13GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886498 [ Enabled | Updated ]

C:\ -> Disque fixe local | 218,88 Go (157,02 Go free) | NTFS
D:\ -> Disque fixe local | 74,5 Go (28,49 Go free) | NTFS
E:\ -> Disque CD-ROM | 480,81 Mo (0 Mo free) [GHAMIDY] | CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
M:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\Logitech Vid\LU\LULnchr.exe
C:\Program Files\Logitech\Logitech Vid\LU\LogitechUpdate.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\mazouz\Local Settings\Temp\32.tmp\ERUNT.EXE
C:\Documents and Settings\mazouz\Local Settings\Temp\32.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\WINDOWS\003000_.tmp 
Quarantined & Deleted !! : C:\WINDOWS\jestertb.dll 
Quarantined & Deleted !! : C:\WINDOWS\kb913800.exe 
 
Quarantined & Deleted !! : C:\WINDOWS\System32\_000006_.tmp.dll 
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn 
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\lvuvc.hs 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET67.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET6D.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET6E.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET8C.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET99.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETA3.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETAF.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETB8.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETB9.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETBA.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETBB.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETBD.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Application Data\wklnhst.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\003.zip 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\68.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\a.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\dw.log 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\Hjv.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\Hjw.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\Local Settings\Temp\Hjx.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Install_Messenger.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Install_WLMessenger.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv_9cf01a2a.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\lsnfier.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\lvid_lvid.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\lws_lws.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\SHSetup.exe 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1008.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_10b8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1120.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1268.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1354.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_13c4.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_13f4.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_14a0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_1734.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_174c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_4cc.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_50c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_6d0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_6fc.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_718.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_798.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_7b8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_82c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_84c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_8ac.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_95c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_9c0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_a88.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_b4c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_bb8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_c0c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_c38.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_c78.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_c84.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_ca0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_cb0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_cf8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_d24.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_d38.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_d9c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_dc8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_de4.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_e20.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_e6c.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_ec0.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_f14.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_f28.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_f38.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Perflib_Perfdata_f8.dat 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\SWFXXLRT.DLL 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\UninstallRC-8876480.dll 
Quarantined & Deleted !! : C:\Documents and Settings\mazouz\LOCAL Settings\Temp\Internet_Antivirus_Pro_Fix.rar 
 
==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
Deleted : "HKLM\Software\Trymedia Systems"  
Deleted : HKCR\OutlookAddin.Addin  
Deleted : HKCR\OutlookAddin.Addin.1  
Deleted : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}  
========
Services
=========

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
============
 
=================
anti-ver blaster : OK !! 
=================

================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

benurrr · Answer

possibilité de rootkit

Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe
et enregistre le fichier sur le Bureau.


Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe
Un rapport sera généré : mbr.log
En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.

Si c'est le cas, continue comme ça :

Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"

Réactive tes protections
Poste ce rapport et supprimes-le ensuite.

Pour vérifier

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Relance mbr.exe

Réactive tes protections.

Le nouveau mbr.log devrait être celui-ci :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK


Sous Vista, ne pas oublier de lancer mbr.exe par clic droit et Exécuter en tant qu'administrateur.
Note : Si le fichier mbr.exe se trouve dans Téléchargement, cela fonctionne aussi et mbr.log s'y inscrira.

benurrr · Answer

Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f

Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !" 

poste le

benurrr · Answer

Depuis le CD d'install de Windows XP

Insérer votre CD d'installation et démarrer (ou redémarrer) votre PC pour booter dessus.
Une fois le menu d'install de votre Windows à l'écran choisissez l'option "Réparer une installation de Windows" en appuyant sur R.
Ensuite utilisez la méthode de réparation manuelle par la console en appuyant sur C.
Une fois la console à l'écran, choisissez le système Windows d'où vous désirez travailler (par défaut 1) , tapez ensuite votre mot de passe administrateur (si vous n'en avez pas ne tapez rien puis valider par "Entrée") , et pour finir taper :

fixmbr

Tapez "Exit" pour quitter.
Redémarrer votre PC.

benurrr · Answer

salut on a pas fini

télécharge

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Vérifier si tout est coché et clic Supprimer la sélection

S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer

Gros Probleme avec rundll32.exe

22 réponses

Discussions similaires

Newsletters