Pb Rootkit

Résolu
Ber56 -  
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   - 23 févr. 2010 à 16:10
Bonjour,
Je suis vraiment perdue...
Il semble que mon PC soit infecté par un rootkit (Win:32Rootkit-gen).
Avast! le détecte, mais j´ai bien essayer 6 ou 7 différents logiciels pour l´enlever (malwarebytes anti malware, safetycheck, AVG anti rootkit free...) mais ils ne trouvent rien. Je sais cependant qu il y a un problème car quand je me connecte, mon ordi envoie pleins de mails, je ne sais comment....
Voici un log de HijackThis, bien que je ne sache pas exactement à quoi cela sert...
Désolée si ce n`est pas la bon forum pour poster ceci...

Si quelqu'un pouvait m´aider j´en serai ravie, j´ai une réunion important cet après-midi et je crois que.... ca va être dur!!

Merci d´avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:03, on 18/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Documents and Settings\Bérengère\Mes documents\Téléchargements\HiJackThis.exe
C:\Documents and Settings\Bérengère\Application Data\U3\0000183D877071DB\LaunchPad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] "C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Informax\Vector NTI Suite 9\Ncbi.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A voir également:

39 réponses

Précédent
  • 1
  • 2
Réponse 21 / 39
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
relance gmer et clic sur l'onglet rootkit et fait scan avec le bouton a droite

poste le rapport ou une capture d'écran mieux car en y voit les ligne en rouge il faut faire attention car certain processus sont légitime

tuto pour la capture d'ecran et la poster

https://www.commentcamarche.net/informatique/windows/149-faire-des-captures-d-ecran-avec-windows-10/
0
Tigzy Messages postés 7498 Date d'inscription   Statut Contributeur sécurité Dernière intervention   582
 
Merci Benurr de venir à la rescousse ;)
0
Réponse 22 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
Oui merci beaucoup pour votre aide...
Je crois que je ne vais pas m'en sortir de suite.... Mais en tout cas je vous remercie!
Voici le lien:
https://imageshack.com/
0
Réponse 23 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
En plus vous povez voir l'icone en bas à droite qui indique que j'envoie beaucoup de mails... Icone que je n'avais jamais vu avant.
0
Réponse 24 / 39
Tigzy Messages postés 7498 Date d'inscription   Statut Contributeur sécurité Dernière intervention   582
 
Benurr , tu connait la démarche pour supprimer les rootkits avec Gmer?
Avast est clairement infecté.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
du coup, comme tu es toujour sur le forum, je voudrais te poser une question.
Vu que ça fait 2 jours que je lutte avec ça, je me demande si je ne vais pas craquer et remettre mon ordi "à zero"... sauf que j'ai oublié mes disques de sauvegardes, et oui ça aurait été trop simple!!
Donc ma question: quand on dit restauration d'usine, ça veut dire quoi? Sans windows ni les drivers? Ou je peux le faire et remets tous mes logiciels personnels toute seule?
0
Réponse 26 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
Tant que tu es là, je voudrai te poser une question. Comme ça fait deux jours que je galere je crois que je vais craquer et remettre mon ordi à zero. Mais j'ai pas mes DVD de restauraion avec moi (trop simple sinon!). Donc restauration d'usine ça veut dire quoi? sans windows ni drivers ou je me debrouille pour remettre mes logiciels perso? Merci
0
Réponse 27 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
Grosse mauvaise manip ;)
0
Réponse 28 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
https://imageshack.com/
https://imageshack.com/

miu vaut prendre celles là
0
Réponse 29 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
Il faut que j'aille à ma réunion, à ce soir j'espère!
Merci vraiment de votre aide
0
Réponse 30 / 39
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
non attend ne supprime rien pour l'instant
0
Réponse 31 / 39
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
fait vérifier ces fichier sur virus total

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ces fichiers par contre tu peut verifier les fichier que un par un:

c:\windows\system32\drivers\Flpydisk.s­ys
c:\windows\system32\config\systemprofile\Application Data\sgcpom.dat
c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\windows\system32\87.tmp --> c:\windows\system32\87.tmp
c:\docume~1\ADMINI~1\LOCALS~1\Temp\BKAOLAIXBDX.exe
c:\docume~1\BRENGR~2\LOCALS~1\Temp\WMFXE.exe [?]

Clique sur envoyer le fichier.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

par moment il y'a déjà un rapport de prêt toi tu fera réanalyser le fichier maintenant
0
Réponse 32 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
0 bytes size received / Se ha recibido un archivo vacio
c:\windows\system32\config\systemprofile\Application Data\sgcpom.dat
Fichier sgcpom.dat reçu le 2010.02.10 22:20:15 (UTC)
Situation actuelle: terminé
Résultat: 0/41 (0.00%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.10 -
AhnLab-V3 5.0.0.2 2010.02.10 -
AntiVir 7.9.1.160 2010.02.10 -
Antiy-AVL 2.0.3.7 2010.02.09 -
Authentium 5.2.0.5 2010.02.10 -
Avast 4.8.1351.0 2010.02.10 -
AVG 9.0.0.730 2010.02.10 -
BitDefender 7.2 2010.02.10 -
CAT-QuickHeal 10.00 2010.02.10 -
ClamAV 0.96.0.0-git 2010.02.10 -
Comodo 3890 2010.02.10 -
DrWeb 5.0.1.12222 2010.02.10 -
eSafe 7.0.17.0 2010.02.10 -
eTrust-Vet 35.2.7295 2010.02.10 -
F-Prot 4.5.1.85 2010.02.10 -
F-Secure 9.0.15370.0 2010.02.10 -
Fortinet 4.0.14.0 2010.02.10 -
GData 19 2010.02.10 -
Ikarus T3.1.1.80.0 2010.02.10 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.970 2010.02.10 -
Kaspersky 7.0.0.125 2010.02.10 -
McAfee 5888 2010.02.10 -
McAfee+Artemis 5888 2010.02.10 -
McAfee-GW-Edition 6.8.5 2010.02.10 -
Microsoft 1.5406 2010.02.10 -
NOD32 4855 2010.02.10 -
Norman 6.04.03 2010.02.10 -
nProtect 2009.1.8.0 2010.02.10 -
Panda 10.0.2.2 2010.02.10 -
PCTools 7.0.3.5 2010.02.10 -
Prevx 3.0 2010.02.10 -
Rising 22.34.01.02 2010.02.10 -
Sophos 4.50.0 2010.02.10 -
Sunbelt 3.2.1858.2 2010.02.10 -
Symantec 20091.2.0.41 2010.02.10 -
TheHacker 6.5.1.1.187 2010.02.10 -
TrendMicro 9.120.0.1004 2010.02.10 -
VBA32 3.12.12.2 2010.02.10 -
ViRobot 2010.2.10.2180 2010.02.10 -
VirusBuster 5.0.21.0 2010.02.10 -
Information additionnelle
File size: 12 bytes
MD5 : bd053092ff53f6c1934293bcc0346377
SHA1 : de737d5a70b29c317736038d6884233cec649088
SHA256: 3ae2971a7bf837dadddad90dac13f77524f375eb9c69460dc612249a53c3d0e0
TrID : File type identification
Unknown!
ssdeep: 3:Iu5u:Iuw
PEiD : -
RDS : NSRL Reference Data Set
c:\program files\Windows Live\Messenger\msnmsgr.exe
Fichier msnmsgr.exe reçu le 2010.02.17 17:56:37 (UTC)
Situation actuelle: terminé
Résultat: 0/41 (0.00%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.02.17 -
AhnLab-V3 5.0.0.2 2010.02.17 -
AntiVir 8.2.1.170 2010.02.17 -
Antiy-AVL 2.0.3.7 2010.02.17 -
Authentium 5.2.0.5 2010.02.17 -
Avast 4.8.1351.0 2010.02.17 -
AVG 9.0.0.730 2010.02.17 -
BitDefender 7.2 2010.02.17 -
CAT-QuickHeal 10.00 2010.02.17 -
ClamAV 0.96.0.0-git 2010.02.17 -
Comodo 3969 2010.02.17 -
DrWeb 5.0.1.12222 2010.02.17 -
eSafe 7.0.17.0 2010.02.17 -
eTrust-Vet 35.2.7308 2010.02.17 -
F-Prot 4.5.1.85 2010.02.16 -
F-Secure 9.0.15370.0 2010.02.17 -
Fortinet 4.0.14.0 2010.02.15 -
GData 19 2010.02.17 -
Ikarus T3.1.1.80.0 2010.02.17 -
Jiangmin 13.0.900 2010.02.17 -
K7AntiVirus 7.10.974 2010.02.15 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5894 2010.02.16 -
McAfee+Artemis 5894 2010.02.16 -
McAfee-GW-Edition 6.8.5 2010.02.17 -
Microsoft 1.5406 2010.02.17 -
NOD32 4874 2010.02.17 -
Norman 6.04.08 2010.02.17 -
nProtect 2009.1.8.0 2010.02.17 -
Panda 10.0.2.2 2010.02.17 -
PCTools 7.0.3.5 2010.02.17 -
Prevx 3.0 2010.02.17 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.17 -
Sunbelt 5682 2010.02.17 -
Symantec 20091.2.0.41 2010.02.17 -
TheHacker 6.5.1.4.197 2010.02.17 -
TrendMicro 9.120.0.1004 2010.02.17 -
VBA32 3.12.12.2 2010.02.16 -
ViRobot 2010.2.17.2190 2010.02.17 -
VirusBuster 5.0.21.0 2010.02.17 -
Information additionnelle
File size: 3883856 bytes
MD5 : 18b4b12358efcf68d76812058a26181f
SHA1 : 6272037a70532b05b6dd2e76ceaa7389fb80fc40
SHA256: 797420d66faa4c804cda8d4a1ed95169da04565cee76e98517940fb1dfe7fa6b
TrID : File type identification
Win64 Executable Generic (63.0%)
Win32 Executable MS Visual C++ (generic) (27.7%)
Win32 Executable Generic (6.2%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
ssdeep: 49152:g/JhbVj+dzZ1iyF2rweErlRJrTk3ceBuVCnTK81i6OyuS3pwVgg:absv0ygbk83ceBqA1i6O+wmg
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Windows Live Messenger
description..: Windows Live Messenger
original name: msnmsgr.exe
internal name: msnmsgr.exe
file version.: 14.0.8089.0726
comments.....: n/a
signers......: Microsoft Corporation
Microsoft Code Signing PCA
Microsoft Root Authority
signing date.: 12:45 AM 7/27/2009
verified.....: -
PEiD : -
RDS : NSRL Reference Data Set
c:\windows\system32\87.tmp --> c:\windows\system32\87.tmp
PAS TROUVER!!

c:\docume~1\ADMINI~1\LOCALS~1\Temp\BKAOLAIXBDX.exe
Fichier I.exe reçu le 2009.09.24 22:42:52 (UTC)
Situation actuelle: terminé
Résultat: 2/41 (4.88%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.09.24 Win32.Parite.A!IK
AhnLab-V3 5.0.0.2 2009.09.24 -
AntiVir 7.9.1.25 2009.09.24 -
Antiy-AVL 2.0.3.7 2009.09.24 -
Authentium 5.1.2.4 2009.09.24 -
Avast 4.8.1351.0 2009.09.24 -
AVG 8.5.0.412 2009.09.24 -
BitDefender 7.2 2009.09.25 -
CAT-QuickHeal 10.00 2009.09.24 -
ClamAV 0.94.1 2009.09.24 -
Comodo 2426 2009.09.24 -
DrWeb 5.0.0.12182 2009.09.24 -
eSafe 7.0.17.0 2009.09.24 -
eTrust-Vet 31.6.6759 2009.09.24 -
F-Prot 4.5.1.85 2009.09.24 -
F-Secure 8.0.14470.0 2009.09.24 -
Fortinet 3.120.0.0 2009.09.24 -
GData 19 2009.09.24 -
Ikarus T3.1.1.72.0 2009.09.24 Win32.Parite.A
Jiangmin 11.0.800 2009.09.24 -
K7AntiVirus 7.10.853 2009.09.24 -
Kaspersky 7.0.0.125 2009.09.25 -
McAfee 5751 2009.09.24 -
McAfee+Artemis 5751 2009.09.24 -
McAfee-GW-Edition 6.8.5 2009.09.24 -
Microsoft 1.5005 2009.09.23 -
NOD32 4455 2009.09.24 -
Norman 6.01.09 2009.09.24 -
nProtect 2009.1.8.0 2009.09.24 -
Panda 10.0.2.2 2009.09.24 -
PCTools 4.4.2.0 2009.09.24 -
Prevx 3.0 2009.09.25 -
Rising 21.48.34.00 2009.09.24 -
Sophos 4.45.0 2009.09.25 -
Sunbelt 3.2.1858.2 2009.09.24 -
Symantec 1.4.4.12 2009.09.24 -
TheHacker 6.5.0.2.017 2009.09.24 -
TrendMicro 8.950.0.1094 2009.09.24 -
VBA32 3.12.10.11 2009.09.24 -
ViRobot 2009.9.24.1952 2009.09.24 -
VirusBuster 4.6.5.0 2009.09.24 -
Information additionnelle
File size: 299091 bytes
MD5 : 29a6d502e38cd60e9ba5de7637380748
SHA1 : 20325ed5dd54c05738572f79aa50215dcd59217b
SHA256: c400095d4f57c3eddee431d4b1301e60b7b577b8d04a4288123b32fe609a7048
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x25EF3
timedatestamp.....: 0x43E13DF6 (Thu Feb 2 00:02:14 2006)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x10000 0x24AB5 0x25000 6.58 407789cd3302f0ed4c4ca2813ba79183
.rdata 0x35000 0x3C5A 0x4000 5.17 d486f14e8c9014de4ea2c74433f4d7bc
.data 0x39000 0xAE10 0x6000 2.50 51ae942db050c4b965b7620b4af5fd8d
.rsrc 0x44000 0x69D0 0x7000 4.66 f2fb9e50e8e061396eecb9b2e9f25700
.reloc 0x4B000 0x2444 0x3000 5.55 2a0b93df92e700daa933b9a03e467a8d

( 12 imports )

> advapi32.dll: QueryServiceStatus, CloseServiceHandle, IsValidSecurityDescriptor, RegGetKeySecurity, RegQueryValueExW, RegQueryInfoKeyW, RegEnumValueW, GetSecurityDescriptorLength, MakeAbsoluteSD, MakeSelfRelativeSD, RegOpenKeyExW, RegQueryValueW, RegConnectRegistryW, RegEnumKeyExW, RegCreateKeyExW, RegCreateKeyW, RegSetValueExW, RegCloseKey, RegDeleteKeyW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegQueryValueExA, RegOpenKeyExA, ControlService, OpenServiceW, OpenSCManagerW, StartServiceW, CreateServiceW, SetServiceStatus, RegEnumKeyW, RegDeleteValueW, FreeSid, EqualSid, GetTokenInformation, AllocateAndInitializeSid, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, DeleteService
> comctl32.dll: ImageList_Create, ImageList_ReplaceIcon, PropertySheetW, -
> comdlg32.dll: GetSaveFileNameW
> gdi32.dll: SetBkMode, CreateFontIndirectW, GetObjectW, SelectObject, SetTextColor, GetStockObject
> kernel32.dll: GetDateFormatW, FileTimeToSystemTime, FileTimeToLocalFileTime, CompareFileTime, FindClose, FindNextFileW, FindFirstFileW, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, TerminateProcess, CreateProcessW, GetDriveTypeW, GetLogicalDrives, CreateThread, ResetEvent, OpenEventW, SetEvent, LoadLibraryW, CreateEventW, InitializeCriticalSection, GetFullPathNameW, GetSystemDirectoryW, WaitForMultipleObjects, GetTempPathW, GetCommandLineW, GetModuleFileNameW, FlushFileBuffers, CompareStringW, CompareStringA, SetConsoleCtrlHandler, SetEndOfFile, IsBadCodePtr, SetUnhandledExceptionFilter, SetStdHandle, GetStringTypeW, GetStringTypeA, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, MapViewOfFile, GetCPInfo, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, GetCommandLineA, GetEnvironmentStrings, GetTimeFormatW, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapSize, GetCurrentThread, TlsGetValue, TlsFree, TlsAlloc, TlsSetValue, GetCurrentThreadId, HeapCreate, HeapDestroy, GetVersionExA, GetEnvironmentVariableA, GetModuleFileNameA, IsBadWritePtr, VirtualAlloc, VirtualFree, LCMapStringW, LCMapStringA, FatalAppExitA, DeleteCriticalSection, ExitProcess, GetVersion, GetStartupInfoW, GetModuleHandleA, WideCharToMultiByte, RtlUnwind, HeapFree, HeapAlloc, HeapReAlloc, LoadLibraryA, GetLocaleInfoW, GlobalAlloc, GlobalLock, GlobalUnlock, GetFileAttributesW, lstrlenA, InterlockedExchange, GetFileSize, UnmapViewOfFile, GetTickCount, lstrlenW, VirtualProtect, IsBadReadPtr, GetCurrentDirectoryW, DeviceIoControl, OpenProcess, ReadProcessMemory, SetFileAttributesW, DeleteFileW, CopyFileW, InterlockedIncrement, InterlockedDecrement, WaitForSingleObject, LocalFree, FormatMessageW, Sleep, DebugBreak, ReadFile, GetEnvironmentStringsW, CreateFileMappingW, EnterCriticalSection, LeaveCriticalSection, WriteFile, MultiByteToWideChar, DosDateTimeToFileTime, LocalFileTimeToFileTime, GetModuleHandleW, GetProcAddress, SetLastError, CreateFileW, FindResourceW, LoadResource, SizeofResource, LockResource, GetCurrentProcess, CloseHandle, GetVersionExW, CreateFileA, SetFilePointer, GetLastError, GetACP, GetOEMCP, SetEnvironmentVariableA, IsValidLocale, RaiseException
> mpr.dll: WNetEnumResourceW, WNetOpenEnumW, WNetCloseEnum
> ole32.dll: CreateBindCtx
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -
> psapi.dll: GetModuleBaseNameW, EnumProcessModules, EnumProcesses
> shell32.dll: ExtractIconExW, CommandLineToArgvW, ShellExecuteW
> user32.dll: OffsetRect, GetClientRect, EndDeferWindowPos, EnumChildWindows, BeginDeferWindowPos, UnionRect, BeginPaint, EndPaint, DrawFrameControl, CreateDialogParamW, SetWindowPlacement, DeferWindowPos, GetClassNameW, ScreenToClient, DrawTextW, CallWindowProcW, PtInRect, IsZoomed, GetPropW, UpdateWindow, LoadAcceleratorsW, GetMessageW, TranslateAcceleratorW, IsDialogMessageW, TranslateMessage, GetWindowTextW, SetPropW, GetWindowLongW, SetWindowLongW, SetFocus, GetMenu, CheckMenuItem, GetWindowPlacement, GetDlgItemTextW, SetTimer, EnableWindow, DialogBoxParamW, KillTimer, DefWindowProcW, MsgWaitForMultipleObjects, LoadIconW, SetWindowTextW, DestroyIcon, PostQuitMessage, SetDlgItemTextW, IsWindowEnabled, CheckDlgButton, IsDlgButtonChecked, RegisterClassExW, ShowWindow, MapWindowPoints, CreateWindowExW, SetCapture, ReleaseCapture, EndDialog, GetParent, GetWindowRect, MoveWindow, GetDlgItem, LoadCursorW, GetSysColorBrush, GetSysColor, ChildWindowFromPoint, InvalidateRect, SetCursor, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, LoadStringW, SendMessageW, PostMessageW, MessageBoxW, wsprintfW, DispatchMessageW, GetSystemMetrics
> version.dll: GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: https://www.symantec.com?md5=29a6d502e38cd60e9ba5de7637380748
ssdeep: 3072:BG01y2VQC0HHERa2E34FDACWYKPk9UjRXDZR/eROySsIIopzqtT1XBLFRRvKZ5:BRkHHEi34FnWk9Uj5DDaOBz27Y5
PEiD : -
RDS : NSRL Reference Data Set
-

c:\docume~1\BRENGR~2\LOCALS~1\Temp\WMFXE.exe [?]
je ne le trouve pas non plus….
0
Réponse 33 / 39
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est détecte a tort comme infection)

Télécharge et installe List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe


Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "créer une icône sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
0
Réponse 34 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
List'em by g3n-h@ckm@n 1.2.5.2

User : Bérengère (Administrateurs)
Update on 16/02/2010 by g3n-h@ckm@n ::::: 13.30
Start at: 20:37:07 | 18/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Genuine Intel(R) CPU T2050 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100218-1] 4.8.1368 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 84,88 Go (17,53 Go free) | NTFS
D:\ -> Disque fixe local | 7,25 Go (1,16 Go free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM | 6,67 Mo (0 Mo free) [U3 System] | CDFS
H:\ -> Disque amovible | 3,81 Go (1,87 Go free) | FAT32
I:\ -> Disque fixe local | 232,83 Go (54,2 Go free) [SEA_DISC] | FAT32

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Bérengère\Local Settings\Temp\128.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
High Definition Audio Property Page Shortcut REG_SZ CHDAudPropShortcut.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
Cpqset REG_SZ C:\Program Files\HPQ\Default Settings\cpqset.exe
RecGuard REG_SZ C:\Windows\SMINST\RecGuard.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
HP Software Update REG_SZ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
CloneCDTray REG_SZ "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 255 (0xff)
NoDriveTypeAutoRun REG_DWORD 255 (0xff)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ PCBER
DefaultUserName REG_SZ Bérengère
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
DefaultPassword REG_SZ
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Bérengère
AltDefaultDomainName REG_SZ PCBER

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Hp\HP Software Update\HPWUCli.exe REG_SZ C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client
C:\e-Seqv3\Jre\1.3\bin\java.exe REG_SZ C:\e-Seqv3\Jre\1.3\bin\java.exe:*:Enabled:java
C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
C:\Program Files\Informax\Vector NTI Suite 9\Vector NTI 9.exe REG_SZ C:\Program Files\Informax\Vector NTI Suite 9\Vector NTI 9.exe:*:Enabled:Vector NTI 9.0.0
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0000000A-0000-0010-8000-00AA00389B71}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{33564D57-0000-0010-8000-00AA00389B71}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Bérengère\Local Settings\Temp\128.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\Drivers\atapi.sys

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Bérengère\Local Settings\Temp\128.tmp
## C:\> hashdeep C:\WINDOWS\System32\DllCache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\DllCache\atapi.sys

Sources
=======

C:\WINDOWS\ERDNT\cache\atapi.sys
C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
C:\WINDOWS\system32\dllcache\atapi.sys
C:\WINDOWS\system32\drivers\atapi.sys
C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C


F:\Autorun.inf :
----------------
[AutoRun]
open=LaunchU3.exe -a
icon=LaunchU3.exe,0
action=Run U3 Launchpad

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG


[Comment]
brand=PelicanBFG
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
84,88 Go total, 17,54 Go libre (20%), 20% fragment‚ (fragmentation du fichier 41%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\.zreglib
Present !! : C:\Program Files\DAEMON Tools Toolbar
Present !! : C:\WINDOWS\mbr.exe
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\SET*.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp106709120.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp117904050.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp206925188.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp217580172.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp264144811.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp34859344.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp35407945.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp35802504.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp73913919.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp81084372.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp93945792.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp96312212.tmp
Present !! : C:\WINDOWS\Temp\_avast4_\unp96387543.tmp
Present !! : C:\Documents and Settings\B‚rengŠre\Application Data\pcouffin.inf
Present !! : C:\Documents and Settings\B‚rengŠre\Application Data\inst.exe
Present !! : C:\Documents and Settings\B‚rengŠre\Application Data\Microsoft\Clip Organizer\mstore10.mgc
Present !! : C:\Documents and Settings\B‚rengŠre\Application Data\Microsoft\Clip Organizer\Offic10.MGC
Present !! : C:\Documents and Settings\B‚rengŠre\Local Settings\Temp\log.txt
Present !! : C:\Documents and Settings\B‚rengŠre\LOCAL Settings\Temp\catchme.dll

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Present !! : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Present !! : HKCR\ImageOle.GifAnimator
Present !! : HKCR\ImageOle.GifAnimator.1
Present !! : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Present !! : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
Present !! : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Present !! : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_MEMSWEEP2
Present !! : HKLM\SYSTEM\ControlSet002\Services\MEMSWEEP2
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_MEMSWEEP2
Present !! : HKLM\SYSTEM\CurrentControlSet\Services\MEMSWEEP2

============

disk not found C:\

please note that you need administrator rights to perform deep scan

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

7-Zip
ABBYY FineReader 6.0 Sprint
Adobe
Alwil Software
Bonjour
CCleaner
Chimera
ComPlus Applications
CONEXANT
Corel
DAEMON Tools Lite
DAEMON Tools Toolbar
DivX
DNASTAR
eMule
epson
Fichiers communs
GOA
Google
GRISOFT
Harrap's Multim‚dia
Hewlett-Packard
Hp
hp deskjet 960c series
HPQ
IKEA HomePlanner
Informax
Informax Installations
InstallShield Installation Information
Intel
Internet Explorer
Java
K-Lite Codec Pack
Lavasoft
List_Kill'em
Logitech
ma-config.com
MagicISO
Malwarebytes' Anti-Malware
Messenger
microsiris
Microsoft
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft.NET
Movie Maker
Mozilla Firefox
MP3 Audio CD Burner
MSBuild
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
MSXML 6.0
Nero
NetMeeting
NetWaiting
Online Services
Orange
Outlook Express
PartyGaming
PDFCreator
PDFCreator Toolbar
PopCap Games
QuickTime
Real
Reference Assemblies
Services en ligne
Skype
SlySoft
Sonic
Sophos
Spybot - Search & Destroy
Symantec
Synaptics
TreeView
Uninstall Information
uTorrent
VSO
Warsow 0.5
Windows Live
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
XP Codec Pack
Zylom Games

============
Drive C:
============

9a2126af3e608bab7121f9
aaw7boot.log
ab4aacbea136c237a39ce71a
article.txt
autorun.inf
bc4453fc9f9f791a6ba5cf1a99
boot.ini
Bootfont.bin
CLUSTAL
ComboFix
ComboFix.txt
DNASIS
Documents and Settings
DVDVideoSoft
e-Seqv3
GENEDOC
hiberfil.sys
hp
hpqp.ini
I386
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
ntdetect.com
ntldr
pagefile.sys
Program Files
Qoobox
RECYCLER
SWSETUP
System Volume Information
system.sav
temp
updatedatfix.log
UsbFix.txt
UsbFix_Upload_Me_PCBER.zip
VNTI Database
W
WINDOWS
XP_TV.ini

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\SWSETUP\MSWorks\FR\Install.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 20:47:24,79
0
Réponse 35 / 39
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 

c:\windows\system32\drivers\Flpydisk.s­ys tu ne la pas vérifier sur virus total

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

ensuite :

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 6 = Restore MBR

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse
0
Réponse 36 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
Bonjour!!

si j l'ai scanné c'est la première ligne : 0 bytes size received / Se ha recibido un archivo vacio

Alors rapport apres le "2" (j'en ai fait deux car jamais oublié de branché mon disque dur externe)

Le premier:
Kill'em by g3n-h@ckm@n 1.2.5.2

User : Bérengère (Administrateurs)
Update on 16/02/2010 by g3n-h@ckm@n ::::: 13.30
Start at: 07:43:31 | 19/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Genuine Intel(R) CPU T2050 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100218-1] 4.8.1368 [ Enabled | Updated ]

C:\ -> Disque fixe local | 84,88 Go (16,8 Go free) | NTFS
D:\ -> Disque fixe local | 7,25 Go (1,16 Go free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Bérengère\Local Settings\Temp\28.tmp\ERUNT.EXE
C:\Documents and Settings\Bérengère\Local Settings\Temp\28.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\.zreglib
Quarantined & Deleted !! : C:\Program Files\DAEMON Tools Toolbar
Quarantined & Deleted !! : C:\WINDOWS\mbr.exe

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET23.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp106709120.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp117904050.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp206925188.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp217580172.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp264144811.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp34859344.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp35407945.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp35802504.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp73913919.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp81084372.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp93945792.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp96312212.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp96387543.tmp
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Application Data\pcouffin.inf
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Application Data\inst.exe
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Application Data\Microsoft\Clip Organizer\mstore10.mgc
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Application Data\Microsoft\Clip Organizer\Offic10.MGC
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Local Settings\Temp\log.txt
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\LOCAL Settings\Temp\catchme.dll

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Deleted : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Deleted : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Deleted : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Deleted : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
Deleted : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
Deleted : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_MEMSWEEP2
Deleted : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_MEMSWEEP2
Deleted : HKLM\SYSTEM\ControlSet002\Services\MEMSWEEP2
========
Services
=========

Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


LE DEUXIEME:

Kill'em by g3n-h@ckm@n 1.2.5.2

User : Bérengère (Administrateurs)
Update on 16/02/2010 by g3n-h@ckm@n ::::: 13.30
Start at: 07:43:31 | 19/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Genuine Intel(R) CPU T2050 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100218-1] 4.8.1368 [ Enabled | Updated ]

C:\ -> Disque fixe local | 84,88 Go (16,8 Go free) | NTFS
D:\ -> Disque fixe local | 7,25 Go (1,16 Go free) [HP_RECOVERY] | FAT32
E:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Bérengère\Local Settings\Temp\28.tmp\ERUNT.EXE
C:\Documents and Settings\Bérengère\Local Settings\Temp\28.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\.zreglib
Quarantined & Deleted !! : C:\Program Files\DAEMON Tools Toolbar
Quarantined & Deleted !! : C:\WINDOWS\mbr.exe

Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET23.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp106709120.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp117904050.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp206925188.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp217580172.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp264144811.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp34859344.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp35407945.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp35802504.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp73913919.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp81084372.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp93945792.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp96312212.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\_avast4_\unp96387543.tmp
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Application Data\pcouffin.inf
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Application Data\inst.exe
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Application Data\Microsoft\Clip Organizer\mstore10.mgc
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Application Data\Microsoft\Clip Organizer\Offic10.MGC
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\Local Settings\Temp\log.txt
Quarantined & Deleted !! : C:\Documents and Settings\B‚rengŠre\LOCAL Settings\Temp\catchme.dll

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCR\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Deleted : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Deleted : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Deleted : HKCR\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d}
Deleted : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
Deleted : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
Deleted : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_MEMSWEEP2
Deleted : HKLM\SYSTEM\ControlSet001\Services\MEMSWEEP2
Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\Legacy_MEMSWEEP2
Deleted : HKLM\SYSTEM\ControlSet002\Services\MEMSWEEP2
========
Services
=========

Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


Puis le rapprt avec l'option "6":

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Malheureusement, je crois que tout n'est pas "parti" car je vois avast qui check encore plein de mails sortant...

En tout cas je te remercie de ton aide, et je dois dire que tu te lèves très tôt!!
0
Réponse 37 / 39
benurrr Messages postés 9643 Date d'inscription   Statut Contributeur sécurité Dernière intervention   107
 
salut

yes sa m'arrive de me lever tot lol

tu peut refaire ceci

https://forums.commentcamarche.net/forum/affich-16649697-pb-rootkit#1
0
Réponse 38 / 39
Ber56 Messages postés 22 Date d'inscription   Statut Membre Dernière intervention  
 
Bonsoir,
je te remercie énormément de m avoir aidée mais je pense qu il n y a plus d espoir, de plus je suis presque contente de restaurer mon ordi!!
Encore merci de m avoir consacrer de ton temps bon week wend!!
0
Réponse 39 / 39
plopus Messages postés 5962 Date d'inscription   Statut Contributeur sécurité Dernière intervention   293
 
salut

Ber56 as tu reussi a faire une restauration ou qu'oi que ce soit ?

si non fait sa stp

clic ici http://upload.malekal.com/

clic sur parcourir en milieu de page , dans la nouvelle fentre copie colle cette ligne.

c:\windows\system32\drivers\Flpydisk.s­ys

puis clic sur ouvrir et envoyer


une fois fait fait le nous savoir, et nous tacherons de regler le problemes cela serait peut etre + simple si tu as le CD de windows (ou recovery DVD)

est ce le cas, as tu les CD ?
quel est ta version exactde winodows ?
0

Discussions similaires

help rootkit
celine746 -
celine746 -

21 réponses
Rootkit sur pc windows 10
mic42 -
bazfile -

1 réponse
Rootkit : chacun son tour !!! HELP ! Help !
Reciff -
verni29 -

23 réponses