TROJAN HELP!!!

sam -  
 gen-hackman -
Bonjour, un virus trojan est sur mon ordi impossible de le supprimer et j'ai firewall comme antivir please help
Configuration: Windows Vista Internet Explorer 7.0

18 réponses

  1. gen-hackman
     
    salut :

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    ▶- Vas dans "Démarrer" puis Panneau de configuration.

    ▶- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.

    ▶- Clique sur Continuer.

    ▶- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.

    ▶- Valide par OK et redémarre.

    Tuto

    ensuite :

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

    ▶ Télécharge List&Kill'em et enregistre-le sur ton bureau

    Il ne necessite pas d'installation

    ▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶laisse travailler l'outil

    le rapport va s'afficher , une fois le scan fini

    ▶▶▶▶▶▶▶ ATTENTION : Efface ton adresse IP stp !!!!

    ici :

    [121]: KB973815 - Update
    [122]: KB973869 - Update
    [123]: XpsEPSC
    Carte(s) r‚seau: 4 carte(s) r‚seau install‚e(s).
    [01]: Bluetooth PAN Network Adapter
    Nom de la connexion : Connexion au r‚seau local 2
    tat : Support d‚connect‚
    [02]: Intel(R) PRO/1000 CT Network Connection
    Nom de la connexion : Connexion au r‚seau local
    DHCP activ‚ : Non
    Adresse(s) IP
    [01] : 192.168.0.11
    [03]: VirtualBox Host-Only Ethernet Adapter
    Nom de la connexion : VirtualBox Host-Only Network
    DHCP activ‚ : Non
    Adresse(s) IP
    [01] : 192.168.56.1
    [04]: VirtualBox Host-Only Ethernet Adapter
    Nom de la connexion : VirtualBox Host-Only Network #2
    DHCP activ‚ : Non
    Adresse(s) IP
    [01] : 192.168.217.1

    Nom de l'image PIDÿ Nom de la sessio Num‚ro d Utilisation
    ========================= ====== ================ ======== ============
    System Idle Process 0 Console 0 16 Ko
    System 4 Console 0 244 Ko
    smss.exe 916 Console 0 400 Ko
    csrss.exe 972 Console 0 4ÿ456 Ko
    winlogon.exe 996 Console 0 3ÿ536 Ko

    ▶colle le contenu dans ta prochaine réponse
    1
  2. gen-hackman
     
    n'ecoute pas les conseils bidon surtout

    1
  3. sam
     
    List'em by g3n-h@ckm@n 1.0.2.8

    updated on 22.08.2009 ::::: 11.40

    Microsoft Windows [version 6.0.6001]

    22/08/2009 12:06:37,69

    Nom de l'h“te: PC-DE-CLMENT
    Nom du systŠme d'exploitation: Microsoft© Windows VistaT dition Familiale Premium
    Version du systŠme: 6.0.6001 Service Pack 1 version 6001
    Fabricant du systŠme d'exploitation: Microsoft Corporation
    Configuration du systŠme d'exploitation: Station de travail autonome
    Type de version du systŠme d'exploitation: Multiprocessor Free
    Propri‚taire enregistr‚: Cl‚ment
    Organisation enregistr‚e:
    Identificateur de produit: 89578-OEM-7332157-00078
    Date d'installation originale: 10/09/2008, 17:14:50
    Heure de d‚marrage du systŠme: 22/08/2009, 12:00:20
    Fabricant du systŠme: FUJITSU SIEMENS
    ModŠle du systŠme: MS-7379VP
    Type du systŠme: X86-based PC
    Processeur(s): 1 processeur(s) install‚(s).
    [01]ÿ: x64 Family 6 Model 23 Stepping 6 GenuineIntel ~1603 MHz
    Version du BIOS: American Megatrends Inc. V9.0Q, 15/05/2008
    R‚pertoire Windows: C:\Windows
    R‚pertoire systŠme: C:\Windows\system32
    P‚riph‚rique d'amor‡age: \Device\HarddiskVolume2
    Option r‚gionale du systŠme: fr;Fran‡ais (France)
    ParamŠtres r‚gionaux d'entr‚e: fr;Fran‡ais (France)
    Fuseau horaire: (GMT+01:00) Bruxelles, Copenhague, Madrid, Paris
    M‚moire physique totale: 3ÿ327 Mo
    M‚moire physique disponible: 2ÿ203 Mo
    Fichier d'‚changeÿ: taille maximale: 6ÿ844 Mo
    Fichier d'‚changeÿ: disponible: 5ÿ685 Mo
    Fichier d'‚changeÿ: en cours d'utilisation: 1ÿ159 Mo
    Emplacements des fichiers d'‚change: C:\pagefile.sys
    Domaine: WORKGROUP
    Serveur d'ouverture de session: \\PC-DE-CLMENT
    Correctif(s): 86 Corrections install‚es.
    [01]: {AC76BA86-7AD7-0000-2550-7A8C40000814} -
    [02]: {5D96A7C7-7CDB-434D-B9AA-E77BE2F11BFB}
    [03]: KB944036
    [04]: 944036
    [05]: KB905866
    [06]: KB935509
    [07]: KB937287
    [08]: KB938371
    [09]: KB938464
    [10]: KB941693
    [11]: KB942288
    [12]: KB947562
    [13]: KB948590
    [14]: KB948609
    [15]: KB948610
    [16]: KB949246
    [17]: KB949247
    [18]: KB950124
    [19]: KB950125
    [20]: KB950126
    [21]: KB950186
    [22]: KB950759
    [23]: KB950760
    [24]: KB950762
    [25]: KB950974
    [26]: KB951066
    [27]: KB951126
    [28]: KB951376
    [29]: KB951685
    [30]: KB951698
    [31]: KB951978
    [32]: KB952004
    [33]: KB952069
    [34]: KB952287
    [35]: KB952709
    [36]: KB952714
    [37]: KB953155
    [38]: KB953733
    [39]: KB954154
    [40]: KB954459
    [41]: KB954708
    [42]: KB955020
    [43]: KB955069
    [44]: KB955302
    [45]: KB955430
    [46]: KB955839
    [47]: KB956572
    [48]: KB956744
    [49]: KB956802
    [50]: KB957097
    [51]: KB957200
    [52]: KB957321
    [53]: KB957388
    [54]: KB958481
    [55]: KB958483
    [56]: KB958623
    [57]: KB958624
    [58]: KB958644
    [59]: KB958687
    [60]: KB958690
    [61]: KB959108
    [62]: KB959130
    [63]: KB959426
    [64]: KB959772
    [65]: KB960225
    [66]: KB960544
    [67]: KB960715
    [68]: KB960803
    [69]: KB961371
    [70]: KB961501
    [71]: KB963027
    [72]: KB967632
    [73]: KB968537
    [74]: KB969897
    [75]: KB969897
    [76]: KB969898
    [77]: KB970238
    [78]: KB971557
    [79]: KB971657
    [80]: KB971930
    [81]: KB972260
    [82]: KB972636
    [83]: KB973346
    [84]: KB973507
    [85]: KB973540
    [86]: 940157
    Carte(s) r‚seau: 1 carte(s) r‚seau install‚e(s).
    [01]: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
    Nom de la connexionÿ: Connexion au r‚seau local
    DHCP activ‚ÿ: Oui
    Serveur DHCPÿ: 192.168.1.1
    Adresse(s) IP
    [01]: 192.168.1.10
    [02]: fe80::7cd7:65a:df8a:e2cc

    Nom de l'image PID Nom de la sessio Num‚ro de s Utilisation
    ========================= ======== ================ =========== ============
    System Idle Process 0 Services 0 12 Ko
    System 4 Services 0 11ÿ120 Ko
    smss.exe 440 Services 0 724 Ko
    csrss.exe 508 Services 0 6ÿ076 Ko
    wininit.exe 568 Services 0 4ÿ364 Ko
    csrss.exe 580 Console 1 9ÿ392 Ko
    services.exe 616 Services 0 7ÿ416 Ko
    lsass.exe 628 Services 0 8ÿ792 Ko
    lsm.exe 636 Services 0 4ÿ460 Ko
    winlogon.exe 760 Console 1 5ÿ664 Ko
    svchost.exe 832 Services 0 6ÿ392 Ko
    svchost.exe 892 Services 0 7ÿ240 Ko
    svchost.exe 932 Services 0 40ÿ028 Ko
    Ati2evxx.exe 1016 Services 0 4ÿ588 Ko
    svchost.exe 1040 Services 0 13ÿ156 Ko
    svchost.exe 1076 Services 0 94ÿ636 Ko
    svchost.exe 1088 Services 0 33ÿ824 Ko
    audiodg.exe 1152 Services 0 18ÿ052 Ko
    svchost.exe 1172 Services 0 4ÿ896 Ko
    SLsvc.exe 1188 Services 0 10ÿ092 Ko
    svchost.exe 1240 Services 0 12ÿ540 Ko
    svchost.exe 1360 Services 0 15ÿ744 Ko
    Ati2evxx.exe 1616 Console 1 6ÿ888 Ko
    spoolsv.exe 1716 Services 0 9ÿ996 Ko
    svchost.exe 1740 Services 0 16ÿ816 Ko
    taskeng.exe 200 Services 0 5ÿ864 Ko
    dwm.exe 204 Console 1 39ÿ952 Ko
    explorer.exe 376 Console 1 49ÿ480 Ko
    taskeng.exe 608 Console 1 10ÿ048 Ko
    SearchSettings.exe 1932 Console 1 10ÿ252 Ko
    realsched.exe 1204 Console 1 220 Ko
    RtHDVCpl.exe 2060 Console 1 9ÿ288 Ko
    MOM.exe 2068 Console 1 18ÿ308 Ko
    qttask.exe 2096 Console 1 3ÿ800 Ko
    FSM32.EXE 2188 Console 1 7ÿ752 Ko
    E_FATIBGE.EXE 2204 Console 1 4ÿ376 Ko
    fsgk32st.exe 2320 Services 0 780 Ko
    FSMA32.EXE 2340 Services 0 1ÿ620 Ko
    fsgk32.exe 2348 Services 0 10ÿ760 Ko
    FTRTSVC.exe 2364 Services 0 3ÿ936 Ko
    FSMB32.EXE 2472 Services 0 1ÿ960 Ko
    jusched.exe 2668 Console 1 11ÿ228 Ko
    NBService.exe 2696 Services 0 7ÿ492 Ko
    FCH32.EXE 2728 Services 0 2ÿ836 Ko
    fsqh.exe 2796 Services 0 624 Ko
    Launcher.exe 2812 Console 1 31ÿ508 Ko
    AlertModule.exe 2828 Console 1 6ÿ888 Ko
    svchost.exe 2896 Services 0 4ÿ920 Ko
    svchost.exe 2956 Services 0 6ÿ736 Ko
    TestHandler.exe 2976 Services 0 5ÿ052 Ko
    svchost.exe 2996 Services 0 4ÿ036 Ko
    SearchIndexer.exe 3028 Services 0 16ÿ080 Ko
    ehtray.exe 3144 Console 1 1ÿ972 Ko
    amgqg.exe 3216 Console 1 32ÿ256 Ko
    WUDFHost.exe 3268 Services 0 6ÿ268 Ko
    ehmsas.exe 3280 Console 1 4ÿ712 Ko
    msnmsgr.exe 3312 Console 1 8ÿ692 Ko
    FAMEH32.EXE 3368 Services 0 1ÿ304 Ko
    lsnfier.exe 3868 Console 1 4ÿ420 Ko
    YahooWidgets.exe 3876 Console 1 8ÿ540 Ko
    YahooWidgets.exe 3908 Console 1 5ÿ844 Ko
    YahooWidgets.exe 3940 Console 1 13ÿ008 Ko
    SystrayApp.exe 4024 Console 1 8ÿ384 Ko
    ConnectivityManager.exe 4044 Console 1 10ÿ092 Ko
    CoreCom.exe 4056 Console 1 14ÿ992 Ko
    fsaua.exe 1648 Services 0 9ÿ068 Ko
    fssm32.exe 840 Services 0 628 Ko
    fsorsp.exe 3696 Services 0 1ÿ492 Ko
    fsus.exe 300 Services 0 5ÿ268 Ko
    fsdfwd.exe 1212 Services 0 9ÿ956 Ko
    fsguidll.exe 3612 Console 1 13ÿ976 Ko
    OraConfigRecover.exe 584 Console 1 4ÿ148 Ko
    FTCOMModule.exe 3152 Console 1 5ÿ272 Ko
    WmiPrvSE.exe 988 Services 0 6ÿ152 Ko
    wlcomm.exe 5776 Console 1 24ÿ344 Ko
    iexplore.exe 4928 Console 1 23ÿ692 Ko
    iexplore.exe 4984 Console 1 59ÿ220 Ko
    wuauclt.exe 4112 Console 1 5ÿ800 Ko
    fsav32.exe 3848 Services 0 6ÿ368 Ko
    WMIADAP.exe 5116 Services 0 4ÿ676 Ko
    List_Killem.exe 4364 Console 1 6ÿ520 Ko
    cmd.exe 5732 Console 1 2ÿ400 Ko
    WmiPrvSE.exe 4632 Services 0 11ÿ204 Ko
    WmiPrvSE.exe 3460 Services 0 5ÿ512 Ko
    TrustedInstaller.exe 4216 Services 0 26ÿ556 Ko
    tasklist.exe 2128 Console 1 4ÿ804 Ko

    Infections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\Program Files\Search Settings"
    C:\Windows\System32\SET167.tmp
    C:\Windows\System32\SET5BB7.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\73BAB2C7-2256-478C-A2F3-CEC110A1884C.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\aae.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\agtX040C.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\AutoRun.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\eauninstall.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\FlashPlayerUpdate.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\GoogleUpdate.exe1924de
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\i4jdel0.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\Installation Silverlight.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\LHTTSFRF.EXE
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\MERLIN.EXE
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\MSagent.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\preconfig.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\SearchWithGoogleUpdate.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\Setup.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\SPCHAPI.EXE
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\unwise.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp25D8.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp47C9.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp6C4A.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp78D8.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp91E3.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpAFBF.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpBA4.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpD5E5.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpFDA0.tmp

    ¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

    HKCR\SearchSettings.BHO
    HKCR\SearchSettings.BHO.1
    HKCU\SOFTWARE\{NSINAME}
    HKLM\Software\Dealio
    "HKLM\Software\Search Settings"

    ¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

    AgAppLaunch.db
    AgCx_S1_S-1-5-21-1112744411-462950783-2531563881-1000.snp.db
    AgCx_S2_S-1-5-21-1112744411-462950783-2531563881-1001.snp.db
    AgCx_S2_S-1-5-21-1112744411-462950783-2531563881-1002.snp.db
    AgCx_SC1.db
    AgCx_SC1.db.trx
    AgCx_SC3_2ACEBDFB.db
    AgCx_SC3_D2591257.db
    AgCx_SC3_EDEF7DFB.db
    AgGlFaultHistory.db
    AgGlFgAppHistory.db
    AgGlGlobalHistory.db
    AgGlUAD_P_S-1-5-21-1112744411-462950783-2531563881-1000.db
    AgGlUAD_P_S-1-5-21-1112744411-462950783-2531563881-1001.db
    AgGlUAD_S-1-5-21-1112744411-462950783-2531563881-1000.db
    AgGlUAD_S-1-5-21-1112744411-462950783-2531563881-1001.db
    AgRobust.db
    ATI2EVXX.EXE-0327F1E7.pf
    BCDEDIT.EXE-10FC5AAB.pf
    BOOTREC.EXE-7AC5B606.pf
    CCC.EXE-AE792174.pf
    CMD.EXE-4A81B364.pf
    CONTROL.EXE-817F8F1D.pf
    CPUFIX.EXE-57F1A24C.pf
    DISKPART.EXE-9046403A.pf
    DLLHOST.EXE-766398D2.pf
    DRVINST.EXE-4CB4314A.pf
    DWM.EXE-6FFD3DA8.pf
    ELOGSVC.EXE-A45A35B0.pf
    EXPLORER.EXE-A80E4F97.pf
    FSC03_NORMANSECURITYSUITE.EXE-5464F205.pf
    FSCREG.EXE-9363A923.pf
    GINSTALL.EXE-641A4D80.pf
    GINSTALL.EXE-70DAA8AF.pf
    GINSTALL.EXE-A57531A1.pf
    GINSTALL.EXE-BB1A4993.pf
    GINSTALL.EXE-CF38998B.pf
    GINSTALL.EXE-F8FC0175.pf
    GOOGLEDESKTOP.EXE-8E6E6E23.pf
    GOOGLEDESKTOP.EXE-C9B032BF.pf
    GOOGLEDESKTOPSETUPHELPER.EXE-422CA9F8.pf
    GOOGLEDESKTOPSETUP_FR_RELEASE-2E61D77A.pf
    GOOGLETOOLBARINSTALLER_FR_SIG-CAEC2D92.pf
    GOOGLETOOLBARNOTIFIER.EXE-107AC021.pf
    GOOGLEUPDATERSERVICE.EXE-09540BCD.pf
    GOOGLEUPDATERSERVICE.EXE-977F693C.pf
    GUSA939.TMP-93C46FDC.pf
    HDD0.EXE-73097DA9.pf
    HELPPANE.EXE-FEDC965B.pf
    IE4UINIT.EXE-3A7E0C67.pf
    Layout.ini
    LOGONUI.EXE-09140401.pf
    MICROSOFT OFFICE ACTIVATION A-2C2D17E3.pf
    MICROSOFT OFFICE ACTIVATION A-E348CAEE.pf
    MMLOADDRV.EXE-5475B7CC.pf
    MOBSYNC.EXE-C5E2284F.pf
    MOUNTVOL.EXE-26CEA504.pf
    MOVIEMK.EXE-0E4D00C6.pf
    MSIA78F.TMP-39365DA2.pf
    MSIEXEC.EXE-A2D55CB6.pf
    MSWORKS.EXE-494EE618.pf
    NBSERVICE.EXE-3E48CE8E.pf
    NEROSTARTSMART.EXE-D08CB5C0.pf
    NIP.EXE-3476E900.pf
    NIU.EXE-F8E8E65D.pf
    NJEEVES.EXE-1EA53BC9.pf
    NMBGMONITOR.EXE-625F6DC5.pf
    NMINDEXINGSERVICE.EXE-BAABA37B.pf
    NMINDEXSTORESVR.EXE-D98D8FC0.pf
    NPCSVC32.EXE-CEE01079.pf
    NPC_TRAY.EXE-47D0D60F.pf
    NQTN.EXE-CAB9FF1E.pf
    NSE.EXE-826E7C3E.pf
    NTOSBOOT-B00DFAAD.pf
    NUAA.EXE-EF013470.pf
    NVCCF.EXE-B49941B1.pf
    NVCOA.EXE-465CFB70.pf
    NVCOAS.EXE-65650E8F.pf
    NVCOD.EXE-805E2AFF.pf
    NVCSCHED.EXE-1747912F.pf
    NVOY.EXE-D3EE5955.pf
    PfSvPerfStats.bin
    PICASA2.EXE-4A5CD693.pf
    PICASAMEDIADETECTOR.EXE-4D35D73C.pf
    PICASAUPDATE_1FE2.EXE-DFDCABD9.pf
    PICASAUPDATE_2026.EXE-6663B245.pf
    POWERCFG.EXE-668FA411.pf
    PXHPINST.EXE-1507DB3E.pf
    PXSETUP.EXE-B89BE493.pf
    ReadyBoot
    RECINFO.EXE-697D13BF.pf
    REG.EXE-E7E8BD26.pf
    REGEDIT.EXE-90FEEA06.pf
    REGSVR32.EXE-8461DBEE.pf
    RESETALL.EXE-9BBAB28D.pf
    RSDRIVE.EXE-15739C53.pf
    RUNDLL32.EXE-1CABF2F5.pf
    RUNDLL32.EXE-5E2B1285.pf
    RUNDLL32.EXE-60A87A47.pf
    RUNDLL32.EXE-6CBCEA65.pf
    RUNDLL32.EXE-6D2968F1.pf
    RUNDLL32.EXE-70FA13F0.pf
    RUNDLL32.EXE-7438E4D5.pf
    RUNDLL32.EXE-757B1569.pf
    RUNDLL32.EXE-8C2300F7.pf
    RUNDLL32.EXE-B9DCC00E.pf
    RUNDLL32.EXE-BB3D774B.pf
    RUNDLL32.EXE-BBA27625.pf
    RUNDLL32.EXE-C211633D.pf
    RUNDLL32.EXE-EBAF107C.pf
    RUNDLL32.EXE-ECD444D4.pf
    RUNDLL32.EXE-FB318F5D.pf
    RUNNER.EXE-08ABFFBA.pf
    RUNONCE.EXE-D0649312.pf
    SEARCHFILTERHOST.EXE-77482212.pf
    SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
    SETUP_WM.EXE-C5E4DFB3.pf
    SINSTALLER.EXE-7891F145.pf
    SLSVC.EXE-53F2276F.pf
    SPOOLSV.EXE-D1F6B8B6.pf
    SUCHRE.EXE-E715B1C2.pf
    SVCHOST.EXE-05F624AB.pf
    SVCHOST.EXE-17944F30.pf
    SVCHOST.EXE-63699C7D.pf
    SVCHOST.EXE-7CFEDEA3.pf
    SVCHOST.EXE-FEDB32D0.pf
    SWGAED5.TMP-277312CB.pf
    SYSTEMDIAGNOSTICS.EXE-7DB26974.pf
    SYSTEMDIAGNOSTICS_SETUP_2_00.-B09A0EC5.pf
    TASKENG.EXE-48D4E289.pf
    TDSONUP.EXE-64284274.pf
    TESTHANDLER.EXE-3F177D5A.pf
    TIMEOUT.EXE-902DED03.pf
    UNREGMP2.EXE-2294B148.pf
    USERINIT.EXE-2257A3E7.pf
    VDS.EXE-6E7946F9.pf
    VDSLDR.EXE-6B089E8B.pf
    VERCLSID.EXE-7C52E31C.pf
    VSSVC.EXE-B8AFC319.pf
    WERMGR.EXE-0F2AC88C.pf
    WINMAIL.EXE-1092D371.pf
    WKDSTORE.EXE-C735F326.pf
    WKSCAL.EXE-0C981AF0.pf
    WMIPRVSE.EXE-1628051C.pf
    WMIUTIL.EXE-8C68AD67.pf
    WMPLAYER.EXE-BAD6BD53.pf
    WUDFHOST.EXE-AFFEF87C.pf
    ZANDA.EXE-C1C45D67.pf
    ZLH.EXE-39E077CF.pf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  4. gen-hackman
     
    Ferme toutes tes fenetres(y compris internet et windows live messenger) , puis :

    ▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Destruction

    laisse travailler l'outil

    apres les verifications , un rapport va s'ouvrir.

    ▶ ferme-le.

    un deuxieme rapport va s'ouvrir ,

    ▶ colle son contenu dans ta reponse
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sam
     
    Kill'em by g3n-h@ckm@n 1.0.2.8

    updated on 22.08.2009 ::::: 11.40

    Microsoft Windows [version 6.0.6001]

    22/08/2009 13:56:24,63

    Fichiers analysés :
    =================

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\Program Files\Search Settings"
    C:\Windows\System32\SET167.tmp
    C:\Windows\System32\SET5BB7.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\73BAB2C7-2256-478C-A2F3-CEC110A1884C.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\aae.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\agtX040C.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\AutoRun.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\eauninstall.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\FlashPlayerUpdate.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\GoogleUpdate.exe1924de
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\i4jdel0.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\Installation Silverlight.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\LHTTSFRF.EXE
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\MERLIN.EXE
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\MSagent.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\preconfig.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\SearchWithGoogleUpdate.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\Setup.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\SPCHAPI.EXE
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\unwise.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp25D8.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp47C9.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp6C4A.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp78D8.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp91E3.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpAFBF.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpBA4.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpD5E5.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpFDA0.tmp
    0
  7. gen-hackman
     
    je peux avoir le rapport entier ?
    0
  8. sam
     
    Infections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"

    ¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

    HKCR\SearchSettings.BHO
    HKCR\SearchSettings.BHO.1
    HKCU\SOFTWARE\{NSINAME}
    HKLM\Software\Dealio
    "HKLM\Software\Search Settings"

    ¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

    AgAppLaunch.db
    AgCx_S1_S-1-5-21-1112744411-462950783-2531563881-1000.snp.db
    AgCx_S2_S-1-5-21-1112744411-462950783-2531563881-1001.snp.db
    AgCx_S2_S-1-5-21-1112744411-462950783-2531563881-1002.snp.db
    AgCx_SC1.db
    AgCx_SC1.db.trx
    AgCx_SC3_2ACEBDFB.db
    AgCx_SC3_D2591257.db
    AgCx_SC3_EDEF7DFB.db
    AgGlFaultHistory.db
    AgGlFgAppHistory.db
    AgGlGlobalHistory.db
    AgGlUAD_P_S-1-5-21-1112744411-462950783-2531563881-1000.db
    AgGlUAD_P_S-1-5-21-1112744411-462950783-2531563881-1001.db
    AgGlUAD_S-1-5-21-1112744411-462950783-2531563881-1000.db
    AgGlUAD_S-1-5-21-1112744411-462950783-2531563881-1001.db
    AgRobust.db
    GOOGLEDESKTOPSETUP_FR_RELEASE-2E61D77A.pf
    GOOGLETOOLBARINSTALLER_FR_SIG-CAEC2D92.pf
    Layout.ini
    MICROSOFT OFFICE ACTIVATION A-2C2D17E3.pf
    MICROSOFT OFFICE ACTIVATION A-E348CAEE.pf
    NTOSBOOT-B00DFAAD.pf
    PfSvPerfStats.bin
    ReadyBoot

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    Kill'em by g3n-h@ckm@n 1.0.2.8

    updated on 22.08.2009 ::::: 11.40

    Microsoft Windows [version 6.0.6001]

    22/08/2009 13:56:24,63

    Fichiers analysés :
    =================

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\Program Files\Search Settings"
    C:\Windows\System32\SET167.tmp
    C:\Windows\System32\SET5BB7.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\73BAB2C7-2256-478C-A2F3-CEC110A1884C.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\aae.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\agtX040C.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\AutoRun.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\eauninstall.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\FlashPlayerUpdate.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\GoogleUpdate.exe1924de
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\i4jdel0.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\Installation Silverlight.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\LHTTSFRF.EXE
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\MERLIN.EXE
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\MSagent.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\preconfig.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\SearchWithGoogleUpdate.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\Setup.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\SPCHAPI.EXE
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\unwise.exe
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp25D8.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp47C9.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp6C4A.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp78D8.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmp91E3.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpAFBF.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpBA4.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpD5E5.tmp
    C:\Users\Cl‚ment.PC-de-Cl‚ment\LOCAL Settings\Temp\tmpFDA0.tmp
    0
  9. gen-hackman
     
    tu as desactivé ton antivirus et ton parefeu si present ? tu as fermé toutes les fenetres ?
    0
  10. za3imza3im
     
    désinstalle ton antivirus ensuite téléchargée avast 4.8 édition familiale
    c très efficace...
    0
  11. gen-hackman
     
    les conseils de cette personne :

    za3imza3im
    0
  12. sam
     
    bien sur de toute façon j'allai pas le faire : on paye pour firewall
    0
  13. sam
     
    Oui, aucun pare feu l'ordi marque inactif pareille pour firewall quui dit protection internet:tout le trafic est autorisé
    0
  14. gen-hackman
     
    refais l'option 2 en mode sans echec
    0