TROJAN Fake Alert [Résolu/Fermé]

Signaler
Messages postés
72
Date d'inscription
mercredi 8 octobre 2008
Statut
Membre
Dernière intervention
25 novembre 2011
-
 Utilisateur anonyme -
Bonjour , mon Pc a 13 infections du Trojan FakeAlert selon Spyware Doctor et un Selon Malware.
Aider moi s'il vous plait , je ne veux pas rester avec sa dans le pc.
Merci d'avance

Voila le Rapport :
Malwarebytes' Anti-Malware] 1.41
Version de la base de données: 2775
Windows 6.0.6001 Service Pack 1

13/12/2009 13:53:29
mbam-log-2009-12-13 (13-53-29).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 393505
Temps écoulé: 2 hour(s), 27 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

20 réponses


bonjour
Je me permet d'intervenir, car c'est pas comme cela qu'on utilise OTM, le script a été très mal fait, et je vois pas mal d'infections dans le rapport
1
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 65492 internautes nous ont dit merci ce mois-ci

Messages postés
1920
Date d'inscription
samedi 19 juin 2004
Statut
Membre
Dernière intervention
19 juin 2014
225
salut,
l'analyse te l'as mis en quarantaine et supprimé.
refais une analyse ,il n'y aura plus rien.

Bonjour,
Télécharge Random's System Information Tool (RSIT) : http://images.malwareremoval.com/random/RSIT.exe par random/random et sauvegarde-le sur ton Bureau.

Important (Sous Vista)

tu dois exécuter RSIT avec les droits d'administrateur, pour cela Clic droit sur RSIT et "Lances en tant qu'administrateur"

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l'écran Disclaimer.
==> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

==> Poste le contenu des deux rapports ==> log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit
Messages postés
72
Date d'inscription
mercredi 8 octobre 2008
Statut
Membre
Dernière intervention
25 novembre 2011
8
Voici le Log.txt



Logfile of random's system information tool 1.06 (written by random/random)
Run by khaotik at 2009-12-13 15:29:11
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 44 GB (19%) free of 231 GB
Total RAM: 3070 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:24, on 13/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Adobe\dynamiclink\processcoordinationserver.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Users\khaotik\AppData\Local\Temp\c.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\khaotik\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\khaotik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ZagrebLand] C:\Users\khaotik\AppData\Local\Temp\c.exe
O4 - HKCU\..\Run: [vegas] rundll32.exe C:\Users\khaotik\AppData\Local\Temp\sshnas.dll,DllWork
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1c9bc86f8a307e7) (gupdate1c9bc86f8a307e7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Users\khaotik\AppData\Local\Temp\{D081AD01-F917-41E2-B6A6-F82E6A7E1173}\NMSAccessU.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

Bon, suis les instructions !

1. Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Désactive tes protections (anti-virus, anti-spyware, firewall ect.....)
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

C'est tout pour le moment !
Messages postés
72
Date d'inscription
mercredi 8 octobre 2008
Statut
Membre
Dernière intervention
25 novembre 2011
8
Voila le rapport :




-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Phenom(tm) 8400 Triple-Core Processor )
BIOS : Default System BIOS
USER : khaotik ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:225 Go (Free:42 Go)
D:\ (Local Disk) - NTFS - Total:225 Go (Free:199 Go)
E:\ (CD or DVD) - UDF - Total:6 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 13/12/2009|15:39 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\uninst.exe
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dot_disabled.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\dot_enabled.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\dot_on_over.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dtt16.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dtt32.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\favicon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameS.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameSA.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hide.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ImageS.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ImageSA.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rbcheck.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rbtxt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RssA.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RssA1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RssRefresh.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\s2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\show.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_mute_check.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\WebS.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\WebSa.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi14.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections


C:\Users\khaotik\AppData\Local\awkgmic.bat
C:\Users\khaotik\AppData\Local\awkgmic.dat.vir
C:\Users\khaotik\AppData\Local\awkgmic_nav.dat.vir
C:\Users\khaotik\AppData\Local\awkgmic_navps.dat.vir
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\khaotik\Desktop\Logiciel\SONY Vegas Pro 9.0c Build 896 (x64) + Keygen
C:\Users\khaotik\Desktop\Logiciel\SONY Vegas Pro 9.0c Build 896 (x64) + Keygen\Keygen.exe
C:\Users\khaotik\Documents\Xilisoft Corporation\DPG Converter\crack.js


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 13/12/2009|15:40 - Option : [1]

-----------\\ Fin du rapport a 15:40:33,00

1. Lance ToolbarSD option 2 et montre le rapport.

2. Ensuite, on va supprimer tes cracks !

Télécharge OTMoveIt https://www.luanagames.com/index.fr.html (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Users\khaotik\Desktop\Logiciel\SONY Vegas Pro 9.0c Build 896 (x64) + Keygen
C:\Users\khaotik\Desktop\Logiciel\SONY Vegas Pro 9.0c Build 896 (x64) + Keygen\Keygen.exe
C:\Users\khaotik\Documents\Xilisoft Corporation\DPG Converter\crack.js


Et fait MoveIt!
Montre le rapport qui s'affiche ensuite.

3.
Clique sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Clique sur navilog1.exe pour télécharger navilog1
Choisis Enregistrer

et enregistre-le sur ton bureau.

/ !\ Déconnecte-toi et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement. /!\

Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valide.

Patiente jusqu'au message :
*** Analyse Terminée le ..... ***
Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le bloc note.
Le rapport est en outre sauvegardé à la racine du disque (C:\fixnavi.txt)
poste le rapport obtenu

Fais tout dans l'ordre et montre les trois rapports !
1er rapport :

Echec ! - C:\Program Files\AskBarDis\bar
Echec ! - C:\Program Files\AskBarDis\bar\bin
Echec ! - C:\Program Files\AskBarDis
Echec ! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search

Page"="http://www.microsoft.com/isapi/redir.dll?

prd=ie&ar=iesearch"
"Start Page"="https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet

Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"


"Default_Page_URL"="http://go.microsoft.com/fwlink/?

LinkId=69157"


"Default_Search_URL"="http://go.microsoft.com/fwlink/?

LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?

LinkId=54896"


--------------------\\ Recherche d'autres

infections


C:\Users\khaotik\AppData\Local\awkgmic.bat
C:\Users\khaotik\AppData\Local\awkgmic.dat.vir
C:\Users\khaotik\AppData\Local\awkgmic_nav.dat.vir
C:\Users\khaotik\AppData\Local\awkgmic_navps.dat.vir
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\khaotik\Desktop\Logiciel\SONY Vegas Pro

9.0c Build 896 (x64) + Keygen
C:\Users\khaotik\Desktop\Logiciel\SONY Vegas Pro

9.0c Build 896 (x64) + Keygen\Keygen.exe
C:\Users\khaotik\Documents\Xilisoft Corporation\DPG

Converter\crack.js


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 13/12/2009|15:40 -

Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 13/12/2009|15:52 -

Option : [2]

-----------\\ Fin du rapport a 15:52:02,10






2e rapport :


C:\Users\khaotik\Desktop\Logiciel\SONY Vegas Pro 9.0c

Build 896 (x64) + Keygen moved successfully.
File/Folder C:\Users\khaotik\Desktop\Logiciel\SONY

Vegas Pro 9.0c Build 896 (x64) + Keygen\Keygen.exe not

found.
C:\Users\khaotik\Documents\Xilisoft Corporation\DPG

Converter\crack.js moved successfully.

Created on 12/13/2009 15:59:19




3e rapport :


Fix Navipromo version 4.0.5 commencé le 13/12/2009

16:01:17,26

!!! Attention,ce rapport peut indiquer des

fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire

analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium (

v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Phenom(tm)

8400 Triple-Core Processor )
BIOS : Default System BIOS
USER : khaotik ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:225 Go (Free:42 Go)
D:\ (Local Disk) - NTFS - Total:225 Go (Free:199 Go)
E:\ (CD or DVD) - UDF - Total:6 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\Users\khaotik\AppData\Local\awkgmic.dat.vir supprimé

!
C:\Users\khaotik\AppData\Local\awkgmic_nav.dat.vir

supprimé !
C:\Users\khaotik\AppData\Local\awkgmic_navps.dat.vir

supprimé !
C:\Users\khaotik\AppData\Local\awkgmic.bat supprimé !


Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\khaotik\AppData\Local\Temp

effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 13/12/2009 16:06:12,64 ***

Relance OTMoveIt
double-clique sur OTMoveIt.exe pour le lancer
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Program Files\AskBarDis
C:\Program Files\DAEMON Tools Toolbar


Et fait MoveIt!
Montre le rapport qui s'affiche ensuite.

Ensuite, refait un RSIT
Voila ce que m'affiche OtMoveIt

Folder move failed. C:\Program Files\AskBarDis\bar\bin scheduled to be moved on reboot.
Folder cleanup failed. C:\Program Files\AskBarDis\bar scheduled to be deleted on reboot.
Folder cleanup failed. C:\Program Files\AskBarDis scheduled to be deleted on reboot.
Folder move failed. C:\Program Files\DAEMON Tools Toolbar scheduled to be moved on reboot.

Created on 12/13/2009 16:17:15



Et l'autre :


Logfile of random's system information tool 1.06 (written by random/random)
Run by khaotik at 2009-12-13 16:18:14
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 44 GB (19%) free of 231 GB
Total RAM: 3070 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:24, on 13/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\khaotik\AppData\Local\Temp\c.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\ctfmon.exe
C:\Users\khaotik\Desktop\RSIT.exe
C:\Program Files\trend micro\khaotik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ZagrebLand] C:\Users\khaotik\AppData\Local\Temp\c.exe
O4 - HKCU\..\Run: [vegas] rundll32.exe C:\Users\khaotik\AppData\Local\Temp\sshnas.dll,DllWork
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate1c9bc86f8a307e7) (gupdate1c9bc86f8a307e7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Users\khaotik\AppData\Local\Temp\{D081AD01-F917-41E2-B6A6-F82E6A7E1173}\NMSAccessU.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

Bon,
désactive l'uac de Vista : https://forum.malekal.com/viewtopic.php?t=6517&start=

Ensuite,
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

▶ double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

un rapport du nom de catchme apparait sur ton bureau , ignore-le , mais ne le supprime pas pour l instant

▶ Poste le contenu du rapport qui s'ouvre
Vous me faites peur ^^

Que dois-je faire ?

Ce que je t'ai dit au dessus !

Pourquoi tu as peur ? Je désinfecte ton PC comme demander ! Il n'y a aucun risque si tu m'écoute, alors, d'abord, fais ce qui est dit au dessus message 11^^
Utilisateur anonyme
bonjour Loicdem
Fait attention avec OTM, car tu l'as mal utilisé
Messages postés
25704
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
2 151
"Il n'y a aucun risque si tu m'écoute"

Euhhh....

https://forums.commentcamarche.net/forum/affich-15592421-trojan-fake-alert#8

Bonjour nathandre,
je te suis reconnaissent et pour la peine, je n'utiliserais plus OTM !

Bonjour toptitbal,
Je me suis tromper mais le pc de Khaotik n'est en aucun cas en danger !
Le Scan est en cours , je dois bouger , je vous poste le rapport , des que je reviens.

Oki
Désolé pour l'attente , le centre commercial le dimanche , quelle galére ^^





List'em by g3n-h@ckm@n 1.1.5.1

Thx to Chiquitine29.....& CCM team

User : khaotik (Administrateurs) # PC-DE-KHAOTIK
Update on 11/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 17:02:41 | 13/12/2009
Contact : g3n-h@ckm@n sur CCM

AMD Phenom(tm) 8400 Triple-Core Processor
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 225,53 Go (42,67 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 225,58 Go (199,98 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 6,58 Go (0 Mo free) [COD4MW] | UDF
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe 484
C:\Windows\system32\csrss.exe 552
C:\Windows\system32\wininit.exe 636
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\services.exe 684
C:\Windows\system32\lsass.exe 696
C:\Windows\system32\lsm.exe 704
C:\Windows\system32\winlogon.exe 744
C:\Windows\system32\svchost.exe 908
C:\Windows\system32\svchost.exe 1008
C:\Windows\System32\svchost.exe 1052
C:\Windows\system32\atiesrxx.exe 1132
C:\Windows\System32\svchost.exe 1200
C:\Windows\System32\svchost.exe 1232
C:\Windows\system32\svchost.exe 1264
C:\Windows\system32\SLsvc.exe 1392
C:\Windows\system32\atieclxx.exe 1448
C:\Windows\system32\svchost.exe 1528
C:\Windows\system32\svchost.exe 1640
C:\Windows\System32\spoolsv.exe 1860
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1884
C:\Windows\system32\svchost.exe 1896
C:\Windows\system32\taskeng.exe 1112
C:\Windows\system32\Dwm.exe 1312
C:\Windows\system32\taskeng.exe 320
C:\Windows\Explorer.EXE 1364
C:\Windows\RtHDVCpl.exe 2164
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe 2220
C:\Program Files\Java\jre6\bin\jusched.exe 2268
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2324
C:\Program Files\Windows Sidebar\sidebar.exe 2356
C:\Windows\ehome\ehtray.exe 2372
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2384
C:\Program Files\Windows Media Player\wmpnscfg.exe 2404
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 2452
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2720
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe 2780
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 2932
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3100
C:\Windows\system32\PnkBstrA.exe 3188
C:\Windows\ehome\ehmsas.exe 3216
C:\Windows\system32\svchost.exe 3300
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 3344
C:\Windows\system32\svchost.exe 3392
C:\Windows\System32\svchost.exe 3460
C:\Windows\system32\SearchIndexer.exe 3512
C:\Windows\system32\WUDFHost.exe 3696
C:\Program Files\Windows Media Player\wmpnetwk.exe 4068
C:\Program Files\Mozilla Firefox\firefox.exe 2176
C:\Windows\system32\wbem\unsecapp.exe 992
C:\Windows\system32\wbem\wmiprvse.exe 3480
C:\Windows\system32\conime.exe 724
C:\Windows\system32\wuauclt.exe 4084
C:\Users\khaotik\AppData\Local\Temp\c.exe 1524
C:\Windows\system32\ctfmon.exe 2740
C:\Users\khaotik\Desktop\List_Kill'em.scr 1500
C:\Windows\system32\cmd.exe 2396
C:\Windows\system32\wbem\wmiprvse.exe 1348
C:\Users\khaotik\AppData\Local\Temp\C89C.tmp\pv.exe 3212

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
PlayNC Launcher REG_SZ
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
ZagrebLand REG_SZ C:\Users\khaotik\AppData\Local\Temp\c.exe
vegas REG_SZ rundll32.exe C:\Users\khaotik\AppData\Local\Temp\sshnas.dll,DllWork
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RtHDVCpl REG_SZ RtHDVCpl.exe
Acer Empowering Technology Monitor REG_SZ C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
EmpoweringTechnology REG_SZ C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
eDataSecurity Loader REG_SZ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
PCMMediaSharing REG_SZ C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
AdobeCS4ServiceManager REG_SZ "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
DT HPW REG_SZ C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)
HideLegacyLogonScripts REG_DWORD 0 (0x0)
HideLogoffScripts REG_DWORD 0 (0x0)
RunLogonScriptSync REG_DWORD 1 (0x1)
RunStartupScriptSync REG_DWORD 0 (0x0)
HideStartupScripts REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 227 (0xe3)
NoDrives REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x3
SharedAccess : 0x2
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2

=========


D:\Autorun.inf :
----------------
[autorun]
open=Autorun.exe
Icon=fifapc.ico
Name=FIFA 10 - Demo

[Special]
Disc=1
ProductGuiID={9CD9CD94-76CC-4524-8617-DEB9C2D7C389}



E:\Autorun.inf :
----------------
[autorun]
open=setup\rsrc\Autorun.exe
icon=Setup\rsrc\CoD4.ico

shell\dinstall\command=Directx\dxsetup.exe
shell\dinstall=DirectX(R)...
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: ACER

Taille du volume = 226 Go
Espace libre = 42.68 Go
tendue d'espace libre la plus grande = 3.91 Go
Pourcentage de fragmentation des fichiers = 3 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n‚cessaire de d‚fragmenter ce volume.

==========
Programs
==========

Acer
Acer Arcade Live
Acer GameZone
Acer Inc
Activation Assistant for the 2007 Microsoft Office suites
Activision
Adobe
AGEIA Technologies
Aimersoft
Alwil Software
AoA Audio Extractor
Apple Software Update
Ascaron Entertainment
AskBarDis
Atari
ATI
ATI Technologies
Avira
AviSynth 2.5
B2B Games
BitComet
CCleaner
City of Heroes
Common Files
CyberLink
DAEMON Tools Lite
DAEMON Tools Toolbar
Deep Silver
desktop.ini
DIFX
DivX
EA Sports
EoRezo
eRightSoft
Fake Voice
Fichiers communs
Focus home Interactive
GIMP-2.0
Glitchy's Model Editing Suite
Google
Grisoft
id Software
Ilusion Software
InstallShield Installation Information
Internet Explorer
Java
K-Lite Codec Pack
ma-config.com
Malwarebytes' Anti-Malware
Mega Bloc Notes
Messenger Plus! Live
Microsoft
Microsoft Games
Microsoft Games for Windows - LIVE
Microsoft Office
Microsoft SQL Server Compact Edition
Microsoft Works
Microsoft.NET
Movie Maker
Movie Maker 2.6
Mozilla Firefox
mp3DirectCut
MSBuild
MSXML 4.0
Mumble
Navilog1
NCSoft
NewTech Infosystems
Paint.NET
Paltalk Messenger
Portrait Displays
PremiumSoft
Project64 1.6
QuickTime
Realtek
Reference Assemblies
Rockstar Games
Skype
Sony
Sony Setup
SprayR
Spyware Doctor
SQLyog Community
Steam
Synthesia
Teamspeak2_RC2
Trapcode
Trend Micro
Ubisoft
UltraStar Deluxe
uninst-Lux.exe
uninst-Particular.exe
uninst-Starglow.exe
Uninstall Information
Unreal Tournament 3
VideoLAN
VideoMach-5.0.1
Vstplugins
Warcraft III
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Sidebar
WinRAR
Wondershare
World of Warcraft
Xfire
Xilisoft
XnView
YUAN
ZaraSoft

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Program Files\AskBarDis
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\EoRezo
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\Windows\System32\404Fix.exe
C:\Windows\System32\dumphive.exe
C:\Windows\System32\IEDFix.exe
C:\Windows\System32\SrchSTS.exe
C:\Windows\System32\sshnas.dll
C:\Windows\System32\tmp.reg
C:\Windows\System32\VACFix.exe
C:\Windows\System32\VCCLSID.exe
C:\Users\khaotik\LOCAL Settings\Temp\c.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKCU\Software\AppDataLow\AskBarDis
HKCU\SOFTWARE\Microsoft\Handle
HKCU\SOFTWARE\XML
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 17:15:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:25,07,ba,a6,95,4a,0b,0a,99,14,02,30,a3,15,2b,66,99,d7,b6,0d,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,4f,96,ec,d7,b2,04,89,f8,eb,e6,89,7e,b1,f5,31,76,91,..
"hdf12"=hex:cb,65,b6,3d,2d,1f,68,56,fa,e8,de,4c,44,41,fc,65,d3,59,9d,82,b9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:fd,d3,1b,28,4f,b2,4e,d8,de,84,22,54,e0,13,f9,f2,e1,8c,3f,16,a8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:af,f9,eb,b7,46,85,d0,17,18,fa,52,b6,24,83,46,10,e7,ef,e7,1e,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,01,6b,3d,a7,0e,90,c4,c3,e9,27,e6,ac,5f,17,de,d8,47,..
"khjeh"=hex:ba,3a,4c,75,a1,3a,35,62,56,7a,39,9a,5e,c4,34,49,3a,63,b3,a6,42,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3e,de,8c,46,98,64,f3,a7,37,af,35,31,d7,81,8f,99,ce,83,cd,3d,b8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ae,21,59,18,ea,a3,3d,e1,f9,53,de,e1,0f,ce,55,80,d6,0a,da,fb,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:25,07,ba,a6,95,4a,0b,0a,99,14,02,30,a3,15,2b,66,99,d7,b6,0d,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,4f,96,ec,d7,b2,04,89,f8,eb,e6,89,7e,b1,f5,31,76,91,..
"hdf12"=hex:cb,65,b6,3d,2d,1f,68,56,fa,e8,de,4c,44,41,fc,65,d3,59,9d,82,b9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:fd,d3,1b,28,4f,b2,4e,d8,de,84,22,54,e0,13,f9,f2,e1,8c,3f,16,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:af,f9,eb,b7,46,85,d0,17,18,fa,52,b6,24,83,46,10,e7,ef,e7,1e,8b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,01,6b,3d,a7,0e,90,c4,c3,e9,27,e6,ac,5f,17,de,d8,47,..
"khjeh"=hex:ba,3a,4c,75,a1,3a,35,62,56,7a,39,9a,5e,c4,34,49,3a,63,b3,a6,42,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3e,de,8c,46,98,64,f3,a7,37,af,35,31,d7,81,8f,99,ce,83,cd,3d,b8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ae,21,59,18,ea,a3,3d,e1,f9,53,de,e1,0f,ce,55,80,d6,0a,da,fb,a3,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Utilisateur anonyme
▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

Fais ce que dit nathandre !