Sujet Précédent Sujet Suivant

Probleme de rootkit ou autre?

Fermé
bsp91 Messages postés 173 Date d'inscription dimanche 12 avril 2009 Statut Membre Dernière intervention 23 janvier 2017 - 18 déc. 2012 à 13:57
bsp91 Messages postés 173 Date d'inscription dimanche 12 avril 2009 Statut Membre Dernière intervention 23 janvier 2017 - 18 déc. 2012 à 18:20
Bonjour,

j'ai un soucis avec mon pc et explorer.exe il plante quand j'essaye de vider la corbeille avec clique droit.

Et au démarrage j'ai l'écran tout noir il faut que je fasse ctrl+alt+suppr ouvrir le gestionnaire de tâches et terminer explorer.exe et le relancer, et là, j'ai mon fond d'écran qui arrive et mes icônes... Mais le tout reste instable !

là j'ai fait plusieur analyses mais rien de mieux

j'ai un rapport "ZHPdiag"

Rapport de ZHPDiag v1.32.25 par Nicolas Coolman, Update du 16/12/2012
Run by mouths91 at 18/12/2012 13:38:32
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
State : Version à jour.
UAC :

Boot mode: Normal (Normal boot)
Logged in as Administrator


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 15.0.1 v15.0.1 (Defaut)
GCIE: Google Chrome v23.0.1271.97

---\\ Processus lancés
[MD5.7DE7C0D83661C574F72D59B6B153BAF9] - (.NVIDIA - NVIDIA nTune Command.) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [133736] [PID.2740]
[MD5.D610CDEDF1F702EB0A86B0FBD9BB49E5] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820520] [PID.3784]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3672]
[MD5.0C968E011268429C1D218169233C06F7] - (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe [108544] [PID.1512]
[MD5.0721E04731625BD80221DDB4CFDE7885] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3788288] [PID.7664]
[MD5.9C376F42BDE37F18D0A39AF7415D9BE6] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917984] [PID.7420]
[MD5.7F6EC840E0954055D58CD57B6ACA9D92] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16864] [PID.6496]
[MD5.EB5A13F9139F20AD71ADF4BF79C3AA29] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.9.) -- C:\Windows\system32\nvvsvc.exe [645992] [PID.]
[MD5.F0359F7CE712D69ACEF0886BDB4792ED] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382824] [PID.]
[MD5.E077FCA2A7E79FB9BF67D3E30B5CE593] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [20472] [PID.]
[MD5.995D0B52870C7A5CAF3EA165FD674A35] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [109344] [PID.]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.]
[MD5.C71F2B4D0151CFEDE5D405C5D60B6FCE] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [864616] [PID.]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.]
[MD5.55FED228FE147ECB9C47A1C55388896E] - (.Seagate Technology LLC - Sync Windows Services.) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [124280] [PID.]
[MD5.11A220EB53F1D42B8AF0AD1210B8241D] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [354840] [PID.]
[MD5.6E5DAC168D1FF9843E84A59D51D31107] - (.Hewlett-Packard Company - Pas de description.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [PID.]
[MD5.167633C51E1119CA49047A484E365DFA] - (.NVIDIA - NVIDIA Performance Service.) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [191080] [PID.]
[MD5.47C0CC7E9466A1D1897D83CFACA0A507] - (.NVIDIA - NVIDIA Update Center Service.) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [195176] [PID.]
[MD5.F41B4726BE452724737ECFE1FB17E4E7] - (...) -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe [61440] [PID.]
[MD5.0629259E3AF6BB0534FCECA208973404] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1258856] [PID.]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\mouths91\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\mouths91\AppData\Roaming\Mozilla\Firefox\Profiles\a301q9i1.default\prefs.js
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M3 - MFPP: Plugins - [mouths91] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo.xml
M0 - MFSP: prefs.js [mouths91 - a301q9i1.default] https://www.google.fr/?gws_rd=ssl
M2 - MFEP: prefs.js [mouths91 - a301q9i1.default\jid1-yZwVFzbsyfMrqQ@jetpack] [] Lavasoft Search Plugin v0.6 (.Lavasoft.)
M2 - MFEP: prefs.js [mouths91 - a301q9i1.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [mouths91 - a301q9i1.default\{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v7.1.20110512W (.Google Inc..)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll
P2 - FPN:Firefox Plugin Navigator . (.RealPlayer - RealPlayer Download Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpplugin.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX, LLC - DivX Plus Web Player version 2.2.0.52.) -- C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (.DivX, LLC. - DivX VOD Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3\npPicasa3.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.7.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.9.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.9.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10329.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8117.0416] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
P2 - FPN: [HKLM] [@pack.google.com/Google Updater;version=14] - (.Google - Google Updater plugin<br><a href="http://pack.google.com/">http://pack.) -- C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
P2 - FPN: [HKLM] [@playstation.com/PsndlCheck,version=1.00] - (.Sony Computer Entertainment Inc. - PlayStation(R)Network Downloader Check Plug-in.) -- C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=15.0.4.53] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- c:\program files\real\realplayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=15.0.4.53] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- c:\program files\real\realplayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=15.0.4.53] - (.RealNetworks, Inc. - RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrec
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=15.0.4.53] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpplugin;version=15.0.4.53] - (.RealPlayer - RealPlayer Download Plugin.) -- c:\program files\real\realplayer\Netscape6\nprpplugin.dll
P2 - FPN: [HKLM] [@RIM.com/WebSLLauncher,version=1.0] - (...) -- C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.0] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.3] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/?gws_rd=ssl
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.4.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Clé orpheline
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\WINDOWS\RtHDVCpl.exe
O4 - HKLM\..\Run: [basicsmssmenu] . (.Maxtor Corporation - Maxtor Status Icon.) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
O4 - HKLM\..\Run: [FightMouse Advanced] . (...) -- C:\Program Files\Revoltec\FightMouse\Panel.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] . (.Google Inc. - Gmail Notifier.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\Update\realsched.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\RunOnce: [Launcher] . (.soft thinks - Launcher.) -- C:\WINDOWS\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [List_Kill'em] . (...) -- C:\Program Files\List_Kill'em\del_reg.bat
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3088393738-1579665052-972719567-1006-3088393738-1579665052-972719567-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\adsl TV.lnk . (.adsl TV / FM.) -- C:\Program Files\adslTV\adsltv.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Centre de solutions HP.lnk . (.Hewlett-Packard Company.) -- C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Counter-Strike Global Offensive.url . (...) -- C:\Users\mouths91\Desktop\Counter-Strike Global Offensive.url
O4 - Global Startup: C:\Users\mouths91\Desktop\Counter-Strike Source.lnk . (.Valve Corporation.) -- C:\Program Files\Steam\Steam.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Defraggler.lnk . (.Piriform Ltd.) -- C:\Program Files\Defraggler\Defraggler.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\DivX Movies.lnk . (...) -- C:\Users\mouths91\Videos\DivX Movies
O4 - Global Startup: C:\Users\mouths91\Desktop\film - Raccourci.lnk . (...) -- F:\mouths91\film
O4 - Global Startup: C:\Users\mouths91\Desktop\Free FLV Converter.lnk . (.Koyote Soft.) -- C:\Program Files\Free FLV Converter\FreeFLVConverter.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Free Video Converter.lnk . (.Koyote Soft.) -- C:\Program Files\Free Video Converter\FreeVideoConverter.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\gta-vc - Raccourci.lnk . (...) -- C:\Program Files\Rockstar Games\Grand Theft Auto Vice City\gta-vc.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\gta3 - Raccourci.lnk . (...) -- C:\Program Files\Rockstar Games\GTAIII\gta3.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\gta_sa.lnk . (...) -- C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\List_Kill'em.lnk . (...) -- C:\Program Files\List_Kill'em\List_Kill'em.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Metro 2033.url . (...) -- C:\Users\mouths91\Desktop\Metro 2033.url
O4 - Global Startup: C:\Users\mouths91\Desktop\mIRC.lnk . (.mIRC Co. Ltd..) -- C:\Program Files\mIRC\mirc.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\NCR - Raccourci.lnk . (.Macromedia, Inc..) -- C:\Users\mouths91\Documents\code de la route\code de la route\NCR.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Notepad++.lnk . (.Don HO don.h@free.fr.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Rap Contenders.lnk . (...) -- C:\Users\mouths91\Music\rap contenders
O4 - Global Startup: C:\Users\mouths91\Desktop\SixaxisDriver .lnk . (...) -- C:\Program Files\SixaxisDriver\DriverLoader.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\sony ericsson x10 - Raccourci.lnk . (...) -- C:\Users\mouths91\sony ericsson x10.vbs
O4 - Global Startup: C:\Users\mouths91\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Temp - Raccourci.lnk . (...) -- C:\Users\mouths91\AppData\Local\Temp
O4 - Global Startup: C:\Users\mouths91\Desktop\Undelete 360.lnk . (.File Recovery Ltd..) -- C:\Program Files\File Recovery\undelete360\undelete-360.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Update Service Pro.lnk . (...) -- C:\Program Files\Sony Ericsson\Update Service Pro\USP.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Update Service.lnk . (...) -- C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\mouths91\Desktop\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\MOVIEMK.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk . (.Google Inc..) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk . (.inkscape.org.) -- C:\Program Files\Inkscape\inkscape.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Skype.lnk . (...) -- C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk . (.Safer Networking Limited.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - Global Startup: C:\Users\mouths91\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\IUSR_NMPR\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\IUSR_NMPR\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\IUSR_NMPR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..) -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Badoo Desktop.lnk . (.Badoo.) -- C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Amy\Desktop\Continue FoxTab Video Converter Installation.lnk . (...) -- C:\Users\mouths91\AppData\Local\Temp\ICReinstall_VideoConverterSetup.exe (.not file.)
O4 - Global Startup: C:\Users\Amy\Desktop\FoxTab Video Converter.lnk . (...) -- C:\Program Files\FoxTabVideoConverter\VideoConverter.exe (.not file.)
O4 - Global Startup: C:\Users\Amy\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\Amy\Desktop\Microsoft Works.LNK . (.Microsoft® Corporation.) -- C:\Program Files\Microsoft Works\MSWorks.exe
O4 - Global Startup: C:\Users\Amy\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: C:\Users\Amy\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Musique - Raccourci.lnk . (...) -- C:\Users\mouths91\Music
O4 - Global Startup: C:\Users\Amy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player (2).lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Adji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\Adji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\Adji\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\Adji\Desktop\SpeedFan.lnk . (.Almico Software (www.almico.com).) -- C:\Program Files\SpeedFan\speedfan.exe
~ Scan Global Startup in 03mn 58s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
~ Scan Winsock in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B00034F-16C0-47E7-B62E-167EDEF18B20}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{6B00034F-16C0-47E7-B62E-167EDEF18B20}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{6B00034F-16C0-47E7-B62E-167EDEF18B20}: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\WINDOWS\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\System32\itss.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll
~ Scan SSODL in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (.not file.)
~ Scan STS/SSO in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Basics Service (Basics Service) . (.Seagate Technology LLC - Sync Windows Services.) - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) . (.Google - gusvc.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) . (.Intel(R) Corporation - Intel(R) Factory Mode Service.) - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: LightScribeService Direct Disc Labeling (LightScribeService) . (.Hewlett-Packard Company - Pas de description.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) . (.Logitech Inc. - Logitech LVPrcSrv Module..) - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher (LVSrvLauncher) . (.Logitech Inc. - LogitechService Launcher.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Performance Service (nTuneService) . (.NVIDIA - NVIDIA Performance Service.) - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.9.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) . (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) . (.NVIDIA - NVIDIA Update Center Service.) - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: WpsSupplicant (WpsSupplicant) . (...) - C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



End of the scan (316 lines in 04mn 05s)(0)

A voir également:

5 réponses

Réponse 1 / 5
Utilisateur anonyme
Modifié par lordenoy le 18/12/2012 à 14:19
Bonjour,
Il semble que vous avez choppé un "Rogue"
Voyez cet outil
0
Réponse 2 / 5
bsp91 Messages postés 173 Date d'inscription dimanche 12 avril 2009 Statut Membre Dernière intervention 23 janvier 2017 19
18 déc. 2012 à 15:15
ok merci je vous tiens au courant ;)
0
Réponse 3 / 5
bsp91 Messages postés 173 Date d'inscription dimanche 12 avril 2009 Statut Membre Dernière intervention 23 janvier 2017 19
18 déc. 2012 à 16:12
voilà ce que ça donne :

RogueKiller V8.4.0 [Dec 15 2012] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : mouths91 [Droits d'admin]
Mode : Recherche -- Date : 18/12/2012 15:36:52

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\iastor.sys -> HOOKED ([MAJOR] Unknown @ 0x862231F8)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SP2504C +++++
--- User ---
[MBR] 66edd87ac8bcbf80d433b97a54e29838
[BSP] d9ffb2b1eafa1bca486e894476c70d64 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 233065 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 477319168 | Size: 5407 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate FreeAgentDesktop USB Device +++++
--- User ---
[MBR] efaae474bf56cd39e5d0462ccb81c6e6
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1]_S_18122012_153652.txt >>
RKreport[1]_S_18122012_153652.txt
0
Réponse 4 / 5
bsp91 Messages postés 173 Date d'inscription dimanche 12 avril 2009 Statut Membre Dernière intervention 23 janvier 2017 19
18 déc. 2012 à 16:14
et pour kill' em

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.0.4 ¤¤¤¤¤¤¤¤¤¤

User : mouths91 (Administrateurs)
Update on 23/05/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 14:20:19 | 18/12/2012

Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 9.0.8112.16421
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 227,6 Go (52,37 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 5,28 Go (897,08 Mo free) [RECOVERY] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque CD-ROM
L:\ -> Disque amovible


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WpsSupplicant.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\ProgramData\hpzinstall.log

Quarantined & Deleted !! : C:\Windows\System32\avs.dll
Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Windows\System32\mmfinfo.dll
Quarantined & Deleted !! : C:\Windows\system32\MSWINSCK.OCX
Quarantined & Deleted !! : C:\Users\mouths91\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\mouths91\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\mouths91\LOCAL Settings\Temp\54ca8b5f-d80f-4a85-b3e0-cb4e2cccdcf0.exe
Quarantined & Deleted !! : C:\Users\mouths91\LOCAL Settings\Temp\676342f2-0d1b-48b1-987a-e09000c63f6f.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I2LRBEW.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I3KDZ2Z.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I96ANGI
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$I9C07VK.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IE509HU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IGAH7LK.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IIOI45A.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IKIZXEV.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$ILSN9DJ.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$IQWTL33.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$ISUZMZB.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$R2LRBEW.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$R3KDZ2Z.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$R9C07VK.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RE509HU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RGAH7LK.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RIOI45A.txt
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RKIZXEV.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RLSN9DJ.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RQWTL33.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3088393738-1579665052-972719567-1001\$RSUZMZB.exe

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\Software\Conduit
Deleted : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Deleted : HKLM\Software\Conduit
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spnm.sys hal.dll >>UNKNOWN [0x861D8938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x862231f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
bsp91 Messages postés 173 Date d'inscription dimanche 12 avril 2009 Statut Membre Dernière intervention 23 janvier 2017 19
18 déc. 2012 à 17:04
toujours rien malgré les scans et tout toujours ce problème que faire svp ? merci
0
Utilisateur anonyme
18 déc. 2012 à 17:52
Patientez, quelqu'un devait venir en renfort...
0
bsp91 Messages postés 173 Date d'inscription dimanche 12 avril 2009 Statut Membre Dernière intervention 23 janvier 2017 19
18 déc. 2012 à 18:20
ok merci.
Pour info j'ai lancer tellement de petit programme anti rootkit ou autre malware que j'ai pas beaucoup d'espoir...
0

Discussions similaires

help rootkit
celine746 -
celine746 -

21 réponses
Avast détecte un rootkit
Marie12345 -
Marie12345 -

2 réponses
win32 Rootkit
Mary -
plopus -

8 réponses
Rootkit détecté par AVG mais ne fait rien?
Hakayami -
hellodu95 -

11 réponses