Sujet Précédent Sujet Suivant

Security Essentials 2010

Résolu/Fermé
RastaRaquette - 22 mai 2010 à 00:02
 Utilisateur anonyme - 26 mai 2010 à 21:51
Bonjour,

Comme beaucoup, je viens de choper une variante avec la fameuse croix rouge qui nous indique être attaqué par un virus et demandant d'installer un Security Essentials 2010 et de désactiver l'antivirus résident.

J'ai cru comprendre qu'il y a une procédure mais dans le doute, je préfererai être guidé pour l'appliquer.
Merci pour votre aide.


A voir également:

61 réponses

Réponse 1 / 61
Utilisateur anonyme
Modifié par gen-hackman le 22/05/2010 à 00:05
salut :

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em

et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

♦ Executer Shortcut
♦ Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
?G3?-?@¢??@?(TM)©®?
0
Réponse 2 / 61
RastaRaquette
22 mai 2010 à 00:15
Merci pour ton aide.

Impossible de lancer l'option Search car "Application cannot be executed"...
0
Réponse 3 / 61
Utilisateur anonyme
22 mai 2010 à 00:24
* Télécharge OTH (de OldTimer) sur ton Bureau

http://oldtimer.geekstogo.com/OTH.scr
http://oldtimer.geekstogo.com/OTH.com

* Lance OTH et clique sur "Kill All Processes" (tout devrait disparaitre de ton écran à part OTH)
* Ensuite, clique sur "Start Misc Program" et lance List_Kill'em comme inqué au dessus
0
Réponse 4 / 61
RastaRaquette
22 mai 2010 à 08:37
Bonjour gene-hackman. Voici le rapport en deux posts :



¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : Compaq_Propriétaire (Administrateurs)
Update on 20/05/2010 by g3n-h@ckm@n ::::: 19.00
Start at: 00:27:20 | 22/05/2010

Intel(R) Pentium(R) 4 CPU 2.93GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100521-1] 4.8.1368 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 86,89 Go (9,68 Go free) [Windows Programs] | NTFS
D:\ -> Disque fixe local | 5,99 Go (2,34 Go free) [SYSTÈME] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 139,99 Go (28,68 Go free) [DONNEES] | NTFS
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque CD-ROM

Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\OTH.scr
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
DrvMon.exe REG_SZ C:\WINDOWS\system32\DrvMon.exe
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
BitTorrent REG_SZ "C:\Program Files\BitTorrent\bittorrent.exe"
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMONTools\DTLite.exe" -autorun
smss32.exe REG_SZ C:\WINDOWS\system32\smss32.exe
Security essentials 2010 REG_SZ C:\Program Files\Securityessentials2010\SE2010.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
RTHDCPL REG_SZ RTHDCPL.EXE
Reminder REG_SZ "C:\Windows\Creator\Remind_XP.exe"
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
PS2 REG_SZ C:\WINDOWS\system32\ps2.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
Camera Detector REG_SZ C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
Alcmtr REG_SZ ALCMTR.EXE
WinampAgent REG_SZ "C:\Program Files\Winamp\Winampa.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Monitor REG_SZ C:\WINDOWS\Philips\SPC220NC\Monitor.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
BJCFD REG_SZ C:\Program Files\BroadJump\Client Foundation\CFD.exe
Motive SmartBridge REG_SZ C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
smss32.exe REG_SZ C:\WINDOWS\system32\smss32.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoDrives REG_DWORD 0 (0x0)
NoViewOnDrive REG_DWORD 0 (0x0)
NoSetActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoCDBurning REG_DWORD 0 (0x0)
NoSetActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ VERO-NICO
DefaultUserName REG_SZ Compaq_Propriétaire
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\winlogon32.exe
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
DefaultPassword REG_SZ
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Compaq_Propriétaire
AltDefaultDomainName REG_SZ VERO-NICO
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAQJAT]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{166BCB27-FCFD-4588-9BDB-44FC6A02EF35} REG_SZ

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\DNA\btdna.exe REG_SZ C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\PPMate\ppmate.exe REG_SZ C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
C:\Program Files\PPMate\ppmnet.exe REG_SZ C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate
C:\Program Files\PPMate\ppamnet.exe REG_SZ C:\Program Files\PPMate\ppamnet.exe:*:Enabled:PPMate
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL France
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
C:\Program Files\TerraTec\TerraTec Home Cinema\InstTool.exe REG_SZ C:\Program Files\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup)
C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe REG_SZ C:\Program Files\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup)
C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe REG_SZ C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic
C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe REG_SZ C:\Program Files\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 61
RastaRaquette
22 mai 2010 à 08:38
===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6F750203-1362-4815-A476-88533DE61D0C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{78ABDC59-D8E7-44D3-9A76-9A0918C52B4A}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C36112BF-2FA3-4694-8603-3B510EA3B465}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E008A543-CEFB-4559-912F-C27C2B89F13B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E87F6C8E-16C0-11D3-BEF7-009027438003}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{EDFCB7CB-942C-4822-AF14-F0B687409848}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3EA915E5-75D7-4F6A-65F2-2596D5DAE5EB}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{166BCB27-FCFD-4588-9BDB-44FC6A02EF35}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCCC2066-BE36-4E2B-9B89-928F3A3C6C42}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCCC2066-BE36-4E2B-9B89-928F3A3C6C42}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FCCC2066-BE36-4E2B-9B89-928F3A3C6C42}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCCC2066-BE36-4E2B-9B89-928F3A3C6C42}: DhcpNameServer=194.117.200.10 194.117.200.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.117.200.10 194.117.200.15

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ https://www.google.com/?gws_rd=ssl

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\WINDOWS\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
86,89 Go total, 9,68 Go libre (11%), 30% fragment' (fragmentation du fichier 60%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\Advantage
Present !! : C:\Program Files\Securityessentials2010
Present !! : C:\Program Files\WindowsUpdate
Present !! : C:\WINDOWS\003043_.tmp
Present !! : C:\WINDOWS\System32\helpers32.dll
Present !! : C:\WINDOWS\System32\ps2.bat
Present !! : C:\WINDOWS\System32\SET20.tmp
Present !! : C:\WINDOWS\System32\SET40.tmp
Present !! : C:\WINDOWS\System32\SET4C.tmp
Present !! : C:\WINDOWS\System32\SET55.tmp
Present !! : C:\WINDOWS\System32\SET56.tmp
Present !! : C:\WINDOWS\System32\SET57.tmp
Present !! : C:\WINDOWS\System32\SET5A.tmp
Present !! : C:\WINDOWS\System32\smss32.exe
Present !! : C:\WINDOWS\System32\warnings.html
Present !! : C:\WINDOWS\System32\winlogon32.exe
Present !! : C:\WINDOWS\Temp\8.tmp
Present !! : C:\WINDOWS\Temp\85.tmp
Present !! : C:\WINDOWS\Temp\86.tmp
Present !! : C:\WINDOWS\Temp\88.tmp
Present !! : C:\WINDOWS\Temp\89.tmp
Present !! : C:\WINDOWS\Temp\8A.tmp
Present !! : C:\WINDOWS\Temp\9.tmp
Present !! : C:\WINDOWS\Temp\91.tmp
Present !! : C:\WINDOWS\Temp\92.tmp
Present !! : C:\WINDOWS\Temp\is11.tmp
Present !! : C:\WINDOWS\Temp\is1AF.tmp
Present !! : C:\WINDOWS\Temp\is1B1.tmp
Present !! : C:\WINDOWS\Temp\isE.tmp
Present !! : C:\WINDOWS\Temp\~TM15.tmp
Present !! : C:\WINDOWS\Temp\~TM83.tmp
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\avdrn.dat
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\EurosportPersonalization.data
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\qvjsge.dat
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\avdrn.dat
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\EurosportPersonalization.data
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\qvjsge.dat
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Local Settings\Temp\6.tmp
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Local Settings\Temp\83.tmp
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Local Settings\Temp\8F.tmp
Present !! : C:\Documents and Settings\Compaq_Propri'taire\LOCAL Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
Present !! : C:\Documents and Settings\Compaq_Propri'taire\LOCAL Settings\Temp\dwa7res_fr.dll
Present !! : C:\Documents and Settings\Compaq_Propri'taire\Local Settings\Temporary Internet Files\SuggestedSites.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : Security essentials 2010
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : smss32.exe
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : smss32.exe
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoViewOnDrive
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableTaskMgr
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCU\SOFTWARE\SE2010
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_mchInjDrv
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_mchInjDrv
Present !! : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_mchInjDrv

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 01:54:11
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85F48D01]<<
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 1 (0x1)
FirewallDisableNotify REG_DWORD 1 (0x1)
UpdatesDisableNotify REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 1:54:13,03
0
Réponse 6 / 61
Utilisateur anonyme
22 mai 2010 à 09:57
hello

▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse
0
Réponse 7 / 61
RastaRaquette
22 mai 2010 à 10:27
Rapport après le Clean :


¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : Compaq_Propriétaire (Administrateurs)
Update on 20/05/2010 by g3n-h@ckm@n ::::: 19.00
Start at: 10:17:20 | 22/05/2010

Intel(R) Pentium(R) 4 CPU 2.93GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100522-0] 4.8.1368 [ Enabled | Updated ]

C:\ -> Disque fixe local | 86,89 Go (9,68 Go free) [Windows Programs] | NTFS
D:\ -> Disque fixe local | 5,99 Go (2,34 Go free) [SYSTÈME] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 139,99 Go (28,68 Go free) [DONNEES] | NTFS
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon32.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Lite\DKService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :
0
Réponse 8 / 61
Utilisateur anonyme
22 mai 2010 à 10:27
manque un bout ^^
0
Réponse 9 / 61
RastaRaquette
22 mai 2010 à 11:06
Ben non, c'est tout ce que j'ai dans le .txt !
Je dois relancer une manip ?
0
Réponse 10 / 61
Utilisateur anonyme
22 mai 2010 à 11:10
oui refais OTH avant au pire des cas et fais l'option safemode clean
0
Réponse 11 / 61
RastaRaquette
22 mai 2010 à 15:00
Resultat :
Et je n'arrive plus à me connecter à Internet (là je passe par un autre PC) : "Prévention de l'éxecution des données" m'en empeche et impossible de désactiver cette fonction...


¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : Compaq_Propriétaire (Administrateurs)
Update on 20/05/2010 by g3n-h@ckm@n ::::: 19.00
Start at: 11:25:31 | 22/05/2010

Intel(R) Pentium(R) 4 CPU 2.93GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100522-0] 4.8.1368 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 86,89 Go (10,5 Go free) [Windows Programs] | NTFS
D:\ -> Disque fixe local | 5,99 Go (2,34 Go free) [SYSTÈME] | FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 139,99 Go (28,68 Go free) [DONNEES] | NTFS
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\OTH.scr
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\Advantage
Quarantined & Deleted !! : C:\Program Files\Securityessentials2010
Quarantined & Deleted !! : C:\Program Files\WindowsUpdate
Quarantined & Deleted !! : C:\WINDOWS\003043_.tmp

Quarantined & Deleted !! : C:\WINDOWS\System32\19169.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\26500.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\6334.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\helpers32.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\ps2.bat
Quarantined & Deleted !! : C:\WINDOWS\System32\SET20.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET40.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET4C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET55.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET56.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET57.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5A.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\smss32.exe
Quarantined & Deleted !! : C:\WINDOWS\System32\warnings.html
Quarantined & Deleted !! : C:\WINDOWS\System32\winlogon32.exe
Quarantined & Deleted !! : C:\WINDOWS\Temp\1D.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\1E.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\8.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\88.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\89.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\8A.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\9.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\is11.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\is1AF.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\is1B1.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\isE.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\~TM15.tmp
Quarantined & Deleted !! : C:\WINDOWS\Temp\~TM83.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\avdrn.dat
Quarantined & Deleted !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\EurosportPersonalization.data
Quarantined & Deleted !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\qvjsge.dat
Quarantined & Deleted !! : C:\Documents and Settings\Compaq_Propri'taire\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\Compaq_Propri'taire\Local Settings\Temp\1B.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Compaq_Propri'taire\Local Settings\Temp\7.tmp
Quarantined & Deleted !! : C:\Documents and Settings\Compaq_Propri'taire\LOCAL Settings\Temp\jre-6u20-windows-i586-iftw-rv.exe
Quarantined & Deleted !! : C:\Documents and Settings\Compaq_Propri'taire\LOCAL Settings\Temp\dwa7res_fr.dll
Quarantined & Deleted !! : C:\Documents and Settings\Compaq_Propri'taire\Local Settings\Temporary Internet Files\SuggestedSites.dat

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : Security essentials 2010
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : smss32.exe
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : smss32.exe
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoViewOnDrive
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableTaskMgr
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCU\SOFTWARE\SE2010
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_mchInjDrv
Deleted : HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_mchInjDrv
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85D83D01]<<
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 12 / 61
Utilisateur anonyme
22 mai 2010 à 15:30
▶ Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau

Desactive toutes tes protections le temps du scan de gMer

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."

▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

▶ sur les lignes rouge:

▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files
0
Réponse 13 / 61
RastaRaquette
22 mai 2010 à 15:43
J'attends que tu aies lu le rapport avant les clicks droit (service, process et Adl) ou j'enchaine après le scan ?
0
Réponse 14 / 61
Utilisateur anonyme
22 mai 2010 à 15:49
enchaine apres avoir collé le rapport ici
0
Réponse 15 / 61
RastaRaquette
22 mai 2010 à 18:21
Une ligne rouge en Service
9 lignes rouges en SSDT

Rapport à venir.
0
Réponse 16 / 61
Utilisateur anonyme
22 mai 2010 à 18:28
youpi du gros !! ^^
0
Réponse 17 / 61
RastaRaquette
22 mai 2010 à 18:42
Rapport 1/3

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-22 18:14:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\pxtorpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEC3FE6B8] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEC3FEA52] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEC3FE14C] <-- ROOTKIT !!!
SSDT spdz.sys ZwEnumerateKey [0xF73E1DA4] <-- ROOTKIT !!!
SSDT spdz.sys ZwEnumerateValueKey [0xF73E2132] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEC3FE64E] <-- ROOTKIT !!!
SSDT spdz.sys ZwQueryKey [0xF73E220A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEC3FE76E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEC3FE72E] <-- ROOTKIT !!!

INT 0x73 ? 861D8BF8
INT 0x82 ? 861D8BF8
INT 0x83 ? 861D8BF8
INT 0x83 ? 861D8BF8
INT 0xB4 ? 85F28F00
INT 0xB4 ? 85F28F00
INT 0xB4 ? 85F28F00
INT 0xB4 ? 85F28F00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CD4 80504570 4 Bytes JMP 924AEC3F
? spdz.sys Le fichier spécifié est introuvable. !
.pak2 C:\WINDOWS\system32\drivers\chjry.sys entry point in ".pak2" section [0xF729F1B3]
? C:\WINDOWS\system32\drivers\chjry.sys Un périphérique attaché au système ne fonctionne pas correctement.
.text USBPORT.SYS!DllUnload F64928AC 5 Bytes JMP 85F284E0
.text ae0md5dc.SYS F63CF386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ae0md5dc.SYS F63CF3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ae0md5dc.SYS F63CF3C4 3 Bytes [00, 80, 02]
.text ae0md5dc.SYS F63CF3C9 1 Byte [30]
.text ae0md5dc.SYS F63CF3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\svchost.exe[608] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: imagehlp.dll
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[1128] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 0232000A
.text C:\WINDOWS\Explorer.EXE[1688] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1688] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1688] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00B6000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00EB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00E9000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D85505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40E59A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 40E4D101 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 40DC466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F546DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F545A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F547A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F54606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 40E5DB20 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2156] ole32.dll!OleLoadFromStream 774E9C85 5 Bytes JMP 40F54AA7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00EB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00E9000C
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 40D85505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 40E5DAC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 40F5473F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 40F54671 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 40F546DC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 40F54542 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40F545A4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40F547A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2588] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40F54606 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
? C:\WINDOWS\System32\svchost.exe[3964] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73CA042] spdz.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73CA13E] spdz.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73CA0C0] spdz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73CA800] spdz.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73CA6D6] spdz.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73D9B90] spdz.sys
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ae0md5dc.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
0
Réponse 18 / 61
RastaRaquette
22 mai 2010 à 18:45
Rapport 2/3


---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 81EC8B55
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 000814EC
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 6A575300
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] FF335B04
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 6A575757
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 7D895701
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] F045C7F8
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00004E20
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] FFFC5D89
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 40208015
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] F4458900
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 840FC73B
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 00000132
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 94358B56
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 458D53D6
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 066A50F0
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] FFF475FF
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 458D53D6
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 056A50F0
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] FFF475FF
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 0C5D8BD6
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] EC858D00
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 68FFFFF7
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] 00000800
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] AC15FF50
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 83004020
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 07EB10C4
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] F7EC85C6
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 5700FFFF
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 0C320068
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 8DFF6A8C
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] FFF7EC85
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 75FF50FF
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] F475FF08
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 209015FF
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] F08B0040
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 3BF87589
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] A9840FF7
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 39000000
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 1F75087B
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] FC458D57
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] EC458D50
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 00056850
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] FF562000
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 40208C15
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] EC458B06
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 8D084389
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 6850FC45
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 00000800
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] F7EC858D
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 5650FFFF
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 208815FF
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 4EEB0040
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 74FC7D39
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 04438B5E
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8BFC4503
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] FF565033
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 4020A815
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 89595900
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 74C73B03
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 047B8B37
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 03FC4D8B
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] ECB58DF8
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] F3FFFFF7
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] FC458BA4
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 6850FC45
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 00000800
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] F7EC858D
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] FF50FFFF
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 15FFF875
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [00402088] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C085FF33
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0FEBAE75
IAT C:\WINDOWS\System32\svchost.exe[608] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 0874F73B
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2156] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00ED1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 51EC8B55
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 1845DB51
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] F855DD56
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] E8084DDC
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 000004D2
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] FF184589
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [40516015] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] F845DD00
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 8B104DDC
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 1865DAF0
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 0004B9E8
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8BC88B00
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] F74199C6
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] C28B5EF9
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 2B08244C
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 9904244C
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 8BF9F741
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 244403C2
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] FF56C304
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [40516015] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 244C8B00
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 244403C1
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 15FFC308
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [00405160] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 04244C8B
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] F9F74199
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] FFC3C28B
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [40516015] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 646A9900
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 33F9F759
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 24543BC0
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] C09C0F04
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 0204EC81
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 68560000
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 00000100
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 515815FF
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 8B590040
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 00FFB8F0
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 8D500000
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] FFFEFC8D
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] C93351FF
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 558D5151
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 8D5052FC
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FFFDFC85
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [40504415] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 56216A00
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] FFFC75FF
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [40515C15] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 0CC48300
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] C01BD8F7
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] C95EC623
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] EC8B55C3
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 458B5151
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 33565308
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 57C88BF6
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 33FC7589
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 01518DFF
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 8441198A
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 2BF975DB
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 802974CA
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7420063C
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 75FF850A
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 45FF470C
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8506EBFC
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 46C88BFF
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 8A01518D
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] DB844119
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] CA2BF975
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] D772F13B
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 5FFC458B
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] C3C95B5E
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 83EC8B55
IAT C:\WINDOWS\System32\svchost.exe[3964] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 56530CEC
0
Réponse 19 / 61
RastaRaquette
22 mai 2010 à 18:49
Rapport 3/3



---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 861D4798

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 85CCE500
Device \Driver\sptd \Device\4251334232 spdz.sys

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbohci \Device\USBPDO-0 85EC21F8
Device \Driver\usbohci \Device\USBPDO-1 85EC21F8
Device \Driver\usbehci \Device\USBPDO-2 85EA91F8
Device \Driver\PCI_PNP4232 \Device\00000046 spdz.sys
Device \Driver\PCI_PNP4232 \Device\00000046 spdz.sys

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\USBSTOR \Device\00000070 85CC2500
Device \Driver\Ftdisk \Device\HarddiskVolume1 861681F8
Device \Driver\USBSTOR \Device\00000071 85CC2500
Device \Driver\Ftdisk \Device\HarddiskVolume2 861681F8
Device \Driver\Cdrom \Device\CdRom0 85E921F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 861681F8
Device \Driver\Cdrom \Device\CdRom1 85E921F8
Device \Driver\atapi \Device\Ide\IdePort0 [F71FEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F71FEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F71FEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F71FEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [F71FEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [F71FEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-14 [F71FEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\USBSTOR \Device\00000074 85CC2500
Device \Driver\NetBT \Device\NetBt_Wins_Export 856541F8
Device \Driver\NetBT \Device\NetbiosSmb 856541F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{FCCC2066-BE36-4E2B-9B89-928F3A3C6C42} 856541F8
Device \Driver\USBSTOR \Device\0000006b 85CC2500
Device \Driver\usbohci \Device\USBFDO-0 85EC21F8
Device \Driver\USBSTOR \Device\0000006d 85CC2500
Device \Driver\usbohci \Device\USBFDO-1 85EC21F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 856A81F8
Device \Driver\USBSTOR \Device\0000006e 85CC2500
Device \Driver\usbehci \Device\USBFDO-2 85EA91F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 856A81F8
Device \Driver\USBSTOR \Device\0000006f 85CC2500
Device \Driver\Ftdisk \Device\FtControl 861681F8
Device \Driver\ae0md5dc \Device\Scsi\ae0md5dc1Port6Path0Target0Lun0 85DA0500
Device \Driver\ae0md5dc \Device\Scsi\ae0md5dc1 85DA0500
Device \FileSystem\Fastfat \Fat 85CCE500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 85BDF500

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] chjry <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\chjry@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\chjry@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\chjry@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\chjry@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMONTools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x28 0x15 0xA0 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x72 0x06 0x25 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0x4D 0x17 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\chjry@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\chjry@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\chjry@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\chjry@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMONTools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x28 0x15 0xA0 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x72 0x06 0x25 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD1 0x4D 0x17 0xA2 ...

---- EOF - GMER 1.0.15 ----
0
Réponse 20 / 61
Utilisateur anonyme
22 mai 2010 à 18:50
tiens on a attrappé avast en rootkit !! ^^
0

Discussions similaires

Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
SecurityHealth est a désactiver ou pas au démarrage de W10 Pro 64 ?
Walti55 -
Walti55 -

2 réponses