Antivir : sshnas.dll trojan

laurene64 Messages postés 53 Statut Membre -  
 gen-hackman -
Bonjour,

J'ai sans cesse Antivir qui s'ouvre en me disant qu'il detecte un Trojan dans le fichier System32/sshnas.dll

Je poste un Hijack.

D'avance merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:39, on 25/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\VM_STI.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\vsnpstd3.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\fuji\Documents\antivirus\hijackthis-2.0.2.75917.exe
C:\Users\fuji\AppData\Local\Temp\hijackthis-2.0.2.75917.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware.pro/misc/search.htm/fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware.pro/misc/search.htm/fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PURE VGA] "C:\ProgramData\Delete Dupe Dupe.3sx2npz"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SIMBAR={8135E66E-2990-4EF9-8A78-71F70A21141D}; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; SPOFRB/1.0; .NET CLR 1.1.4322; .NET CLR 3.5.21022; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.king.com/opengame_play.jsp?language=fr&game=couronne_king"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV4\maxtv.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9923 bytes
Configuration: Windows Vista Internet Explorer 7.0

9 réponses

  1. gen-hackman
     
    salut :

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

    ▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "creer une icone sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.

    1
  2. laurene64 Messages postés 53 Statut Membre
     
    Merci beaucoup. Voici le rapport

    List'em by g3n-h@ckm@n 1.1.6.1

    Thx to Chiquitine29.....& CCM team

    User : fuji (Administrateurs) # PC-DE-FUJI
    Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30
    Start at: 22:11:25 | 25/12/2009
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
    Internet Explorer 8.0.6001.18865
    Windows Firewall Status : Enabled
    AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | Updated ]

    C:\ -> Disque fixe local | 301,39 Go (95,21 Go free) [SYSTEM] | NTFS
    D:\ -> Disque fixe local | 11,72 Go (11,63 Go free) [WinRE] | NTFS
    E:\ -> Disque fixe local | 150,69 Go (150,6 Go free) [DATA] | NTFS
    F:\ -> Disque CD-ROM | 2,32 Go (0 Mo free) [FM2010] | UDF
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque amovible
    K:\ -> Disque amovible
    L:\ -> Disque CD-ROM
    M:\ -> Disque amovible
    N:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\Windows\System32\smss.exe 432
    C:\Windows\system32\csrss.exe 568
    C:\Windows\SYSTEM32\wininit.exe 624
    C:\Windows\system32\csrss.exe 632
    C:\Windows\system32\services.exe 668
    C:\Windows\system32\lsass.exe 684
    C:\Windows\system32\lsm.exe 692
    C:\Windows\SYSTEM32\winlogon.exe 848
    C:\Windows\system32\svchost.exe 868
    C:\Windows\system32\svchost.exe 928
    C:\Windows\System32\svchost.exe 980
    C:\Windows\System32\svchost.exe 1012
    C:\Windows\System32\svchost.exe 1096
    C:\Windows\system32\svchost.exe 1112
    C:\Windows\system32\svchost.exe 1264
    C:\Windows\system32\SLsvc.exe 1280
    C:\Windows\system32\svchost.exe 1360
    C:\Windows\system32\svchost.exe 1524
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1632
    C:\Windows\System32\spoolsv.exe 1804
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 1828
    C:\Windows\system32\svchost.exe 1840
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 280
    C:\Program Files\Bonjour\mDNSResponder.exe 440
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 276
    C:\Windows\system32\PnkBstrA.exe 1204
    C:\Windows\system32\svchost.exe 804
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1676
    C:\Windows\system32\svchost.exe 1956
    C:\Windows\System32\svchost.exe 1576
    C:\Windows\system32\SearchIndexer.exe 1736
    C:\Windows\system32\WUDFHost.exe 2324
    C:\Windows\SYSTEM32\taskeng.exe 2724
    C:\Windows\system32\Dwm.exe 2828
    C:\Windows\SYSTEM32\taskeng.exe 2868
    C:\Windows\Explorer.EXE 2888
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 3180
    C:\Windows\VM_STI.EXE 3188
    C:\Windows\System32\rundll32.exe 3212
    C:\Windows\vsnpstd3.exe 3228
    C:\Windows\System32\rundll32.exe 3236
    C:\Program Files\SweetIM\Messenger\SweetIM.exe 3244
    C:\Windows\system32\wbem\wmiprvse.exe 3328
    C:\Windows\ehome\ehtray.exe 3440
    C:\Windows\ehome\ehmsas.exe 3496
    C:\Program Files\DAEMON Tools Lite\DTLite.exe 3504
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3576
    C:\Program Files\Internet Explorer\iexplore.exe 3596
    C:\Windows\system32\wbem\unsecapp.exe 3868
    C:\Program Files\Windows Live\Contacts\wlcomm.exe 2808
    C:\Program Files\Internet Explorer\iexplore.exe 3024
    C:\Program Files\Internet Explorer\iexplore.exe 2272
    C:\Program Files\Windows Live\Toolbar\wltuser.exe 1180
    C:\Users\fuji\Documents\antivirus\hijackthis-2.0.2.75917.exe 4492
    C:\Windows\system32\SearchProtocolHost.exe 5416
    C:\Program Files\List_Kill'em\List_Kill'em.exe 1328
    C:\Windows\system32\conime.exe 2252
    C:\Windows\system32\cmd.exe 2512
    C:\Windows\system32\wbem\wmiprvse.exe 2092
    C:\Users\fuji\AppData\Local\Temp\F34A.tmp\pv.exe 3152

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
    MsnMsgr REG_SZ ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    BitComet REG_SZ C:\Program Files\BitComet\BitComet.exe /tray
    EA Core REG_SZ "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
    eyeBeam SIP Client REG_SZ
    DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    PURE VGA REG_SZ "C:\ProgramData\Delete Dupe Dupe.3sx2npz"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NO NAME> REG_SZ
    VirtualDrive REG_SZ "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    BigDogPath REG_SZ C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
    NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    WinampAgent REG_SZ "C:\Program Files\Winamp\winampa.exe"
    snpstd3 REG_SZ C:\Windows\vsnpstd3.exe
    SweetIM REG_SZ C:\Program Files\SweetIM\Messenger\SweetIM.exe
    Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
    ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
    EnableInstallerDetection REG_DWORD 1 (0x1)
    EnableLUA REG_DWORD 1 (0x1)
    EnableSecureUIAPaths REG_DWORD 1 (0x1)
    EnableVirtualization REG_DWORD 1 (0x1)
    PromptOnSecureDesktop REG_DWORD 1 (0x1)
    ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    scforceoption REG_DWORD 0 (0x0)
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)
    FilterAdministratorToken REG_DWORD 1 (0x1)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ===============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    Wlansvc : 0x3
    SharedAccess : 0x4
    windefend : 0x2
    wuauserv : 0x2
    wscsvc : 0x2

    =========

    F:\Autorun.inf :
    ----------------
    [autorun]
    OPEN=autorun.exe
    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2006 Microsoft Corp.

    Rapport d'analyse pour le volume C: SYSTEM

    Taille du volume = 301 Go
    Espace libre = 95.22 Go
    tendue d'espace libre la plus grande = 59.23 Go
    Pourcentage de fragmentation des fichiers = 0 %

    Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

    Il n'est pas n‚cessaire de d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\ProgramData\Desktop
    C:\ProgramData\Documents
    C:\Program Files\AskBarDis
    C:\Program Files\DAEMON Tools Toolbar
    C:\Program Files\EoRezo
    C:\Program Files\Live-Player
    C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    C:\Program Files\Search Settings
    C:\Program Files\WinPCap
    C:\Windows\System32\autorun.dat
    C:\Windows\System32\AutoRun.exe
    C:\Windows\System32\autorun.inf
    C:\Windows\System32\drivers\npf.sys
    C:\Windows\System32\Packet.dll
    C:\Windows\System32\pthreadVC.dll
    C:\Windows\System32\wpcap.dll
    C:\Users\fuji\LOCAL Settings\Temp\AskInstallChecker.exe
    C:\Users\fuji\LOCAL Settings\Temp\DTLite4355-0068.exe
    C:\Users\fuji\LOCAL Settings\Temp\gtb.exe
    C:\Users\fuji\LOCAL Settings\Temp\hijackthis-2.0.2.75917.exe
    C:\Users\fuji\LOCAL Settings\Temp\igraal.exe
    C:\Users\fuji\LOCAL Settings\Temp\KeyGen.exe
    C:\Users\fuji\LOCAL Settings\Temp\MsgPlusUninstall.exe
    C:\Users\fuji\LOCAL Settings\Temp\MSN.exe
    C:\Users\fuji\LOCAL Settings\Temp\SecuExp.exe
    C:\Users\fuji\LOCAL Settings\Temp\staDF51.exe
    C:\Users\fuji\LOCAL Settings\Temp\steampwd.exe
    C:\Users\fuji\LOCAL Settings\Temp\stpv.exe
    C:\Users\fuji\LOCAL Settings\Temp\unwise.exe
    C:\Users\fuji\LOCAL Settings\Temp\Update_aa8e.exe
    C:\Users\fuji\LOCAL Settings\Temp\utt7A30.tmp.exe
    C:\Users\fuji\LOCAL Settings\Temp\uttF3A2.tmp.exe
    C:\Users\fuji\LOCAL Settings\Temp\vmdpmouch.exe
    C:\Users\fuji\LOCAL Settings\Temp\_unps.exe

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{EEE6C35B-6118-11DC-9C72-001320C79847}"
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{D4027C7F-154A-4066-A1AD-4243D8127440}"
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"
    "HKCU\Software\Grand Virtual"
    "HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
    "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
    "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
    HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
    HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
    HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKCR\interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    HKCR\interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    HKCR\interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    HKCR\MediaPlayer.GraphicsUtils
    HKCR\MediaPlayer.GraphicsUtils.1
    HKCR\MgMediaPlayer.GifAnimator
    HKCR\MgMediaPlayer.GifAnimator.1
    HKCR\SearchSettings.BHO
    HKCR\SearchSettings.BHO.1
    HKCR\SWEETIE.IEToolbar
    HKCR\SWEETIE.IEToolbar.1
    HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
    HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
    HKCR\Toolbar3.SWEETIE
    HKCR\Toolbar3.SWEETIE.1
    HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    HKCU\Software\AppDataLow\AskBarDis
    HKCU\SOFTWARE\EoRezo
    HKCU\SOFTWARE\ItsLabel
    HKCU\software\Live-Player
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKCU\Software\SweetIM
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    HKLM\Software\Classes\MediaPlayer.GraphicsUtils
    HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1
    HKLM\Software\Classes\MgMediaPlayer.GifAnimator
    HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1
    HKLM\Software\Classes\SearchSettings.BHO
    HKLM\Software\Classes\SearchSettings.BHO.1
    HKLM\Software\Classes\SWEETIE.IEToolbar
    HKLM\Software\Classes\SWEETIE.IEToolbar.1
    HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
    HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
    HKLM\Software\Classes\Toolbar3.SWEETIE
    HKLM\Software\Classes\Toolbar3.SWEETIE.1
    HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
    HKLM\Software\Classes\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    HKLM\Software\Classes\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    HKLM\software\Live-Player
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    HKLM\SOFTWARE\SweetIM
    HKLM\SYSTEM\ControlSet001\Services\npf
    HKLM\SYSTEM\ControlSet003\Services\npf
    HKLM\SYSTEM\CurrentControlSet\Services\npf

    ================
    Other infections
    ================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-25 22:16:40
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "h0"=dword:00000000
    "hdf12"=hex:83,01,6b,e2,e9,31,78,32,5a,c1,e4,86,09,7c,58,ce,f1,71,21,98,41,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "hdf12"=hex:50,91,0e,fe,b9,e1,04,89,b2,f3,1d,dd,f8,11,43,86,4c,b3,7c,2c,fa,..
    "a0"=hex:20,01,00,00,ef,ff,0e,a1,92,7d,c0,66,4b,71,c7,88,91,ab,cc,86,71,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:ee,6d,47,21,2a,c1,92,1a,77,6a,fd,21,9c,b6,85,fb,f1,2e,8e,f6,e5,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "h0"=dword:00000000
    "hdf12"=hex:83,01,6b,e2,e9,31,78,32,5a,c1,e4,86,09,7c,58,ce,f1,71,21,98,41,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "hdf12"=hex:50,91,0e,fe,b9,e1,04,89,b2,f3,1d,dd,f8,11,43,86,4c,b3,7c,2c,fa,..
    "a0"=hex:20,01,00,00,ef,ff,0e,a1,92,7d,c0,66,4b,71,c7,88,91,ab,cc,86,71,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:ee,6d,47,21,2a,c1,92,1a,77,6a,fd,21,9c,b6,85,fb,f1,2e,8e,f6,e5,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    7-Zip
    Activision
    Adobe
    AGEIA Technologies
    Anuman Interactive
    Apple Software Update
    Ask & Record Toolbar
    AskBarDis
    AskTBar
    Astonsoft
    Avira
    AviSynth 2.5
    AVS4YOU
    BitComet
    BitTorrent
    Bonjour
    BoontyGames
    Capture By George!
    CCleaner
    CDBurnerXP
    Circle Developemnt
    Common Files
    CounterPath
    Crcle Developement
    Cyanide
    DAEMON Tools Lite
    DAEMON Tools Toolbar
    DAMN NFO Viewer
    danny_kay1710
    desktop.ini
    DivX
    DMV
    DNA
    Electronic Arts
    EoRezo
    FarStone
    Fichiers communs
    Free Easy Burner
    Garena
    Google
    InstallShield Installation Information
    Internet Explorer
    Java
    Lavasoft
    Left 4 Dead
    LimeWire
    List_Kill'em
    Live-Player
    MAGIX
    Malwarebytes' Anti-Malware
    Maxis
    Messenger Plus! Live
    Micro Application
    Microsoft
    Microsoft Games
    Microsoft Office
    Microsoft SQL Server Compact Edition
    Microsoft Sync Framework
    Microsoft Works
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    MSBuild
    MSN
    MSN Toolbar
    MSXML 4.0
    Navilog1
    NCH Swift Sound
    Nero
    PodSpider
    PokerStars
    pspvc
    QuickTime
    Rdr settings
    Real
    Red Kawa
    Reference Assemblies
    RocketDock
    Samsung
    Search Settings
    Sports Interactive
    Steam
    SweetIM
    TechSmith
    Uninstall Information
    V-Gear BEE
    VideoLAN
    Winamp
    Windows Calendar
    Windows Collaboration
    Windows Defender
    Windows Journal
    Windows Live
    Windows Live Safety Center
    Windows Live Toolbar
    Windows Mail
    Windows Media Player
    Windows NT
    Windows Photo Gallery
    Windows Sidebar
    WinPcap
    WinRAR
    Wondershare
    Wyzo
    YesMessenger
    Zero G Registry

    ============
    Lecteur C:
    ============

    $RECYCLE.BIN
    Boot
    bootmgr
    BOOTSECT.BAK
    cleannavi.txt
    config.sys
    conv
    Documents and Settings
    DRIVER
    FileAssistant
    FileAssistant%
    fixnavi.txt
    fsc-scr-set
    help
    img2-001.raw
    IO.SYS
    ISP
    Kill'em
    List'em.txt
    Lop SD
    lopR.txt
    MANUAL
    MicroGaming
    MSDOS.SYS
    Msoaa
    MSOCache
    nis-vista
    Off2007HStTrial
    orange.bmp
    pagefile.sys
    Poker
    Prodlog.txt
    Program Files
    ProgramData
    RecInfo
    Sierra
    sort-d.txt
    sqmdata00.sqm
    sqmdata01.sqm
    sqmnoopt00.sqm
    sqmnoopt01.sqm
    System Volume Information
    TB.txt
    ToolBar SD
    user-run
    Users
    vtype.cmd
    Windows
    Works
    x86
    zz_enablesr

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    C:\help\windows\Help\OEM\Serial.exe
    C:\nis-vista\Support\NCO\Browser\APP\Patch25d.dll
    C:\Users\fuji\AppData\Roaming\Microsoft\Windows\Recent\Serial AVATAR.lnk
    C:\help\windows\Help\OEM\Serial.exe
    C:\Program Files\Microsoft Works\Install.exe
    C:\Works\MSWorks\Install.exe

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  3. gen-hackman
     
    ▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse
    0
  4. laurene64 Messages postés 53 Statut Membre
     
    Voici le rapport.

    Kill'em by g3n-h@ckm@n 1.1.6.1

    User : fuji (Administrateurs) # PC-DE-FUJI
    Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30
    Start at: 22:41:11 | 25/12/2009
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
    Internet Explorer 8.0.6001.18865
    Windows Firewall Status : Enabled
    AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | Updated ]

    C:\ -> Disque fixe local | 301,39 Go (95,21 Go free) [SYSTEM] | NTFS
    D:\ -> Disque fixe local | 11,72 Go (11,63 Go free) [WinRE] | NTFS
    E:\ -> Disque fixe local | 150,69 Go (150,6 Go free) [DATA] | NTFS
    F:\ -> Disque CD-ROM | 2,32 Go (0 Mo free) [FM2010] | UDF
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque amovible
    K:\ -> Disque amovible
    L:\ -> Disque CD-ROM
    M:\ -> Disque amovible
    N:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\Windows\System32\smss.exe 432
    C:\Windows\system32\csrss.exe 568
    C:\Windows\SYSTEM32\wininit.exe 624
    C:\Windows\system32\csrss.exe 632
    C:\Windows\system32\services.exe 668
    C:\Windows\system32\lsass.exe 684
    C:\Windows\system32\lsm.exe 692
    C:\Windows\SYSTEM32\winlogon.exe 848
    C:\Windows\system32\svchost.exe 868
    C:\Windows\system32\svchost.exe 928
    C:\Windows\System32\svchost.exe 980
    C:\Windows\System32\svchost.exe 1012
    C:\Windows\System32\svchost.exe 1096
    C:\Windows\system32\svchost.exe 1112
    C:\Windows\system32\svchost.exe 1264
    C:\Windows\system32\SLsvc.exe 1280
    C:\Windows\system32\svchost.exe 1360
    C:\Windows\system32\svchost.exe 1524
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1632
    C:\Windows\System32\spoolsv.exe 1804
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 1828
    C:\Windows\system32\svchost.exe 1840
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 280
    C:\Program Files\Bonjour\mDNSResponder.exe 440
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 276
    C:\Windows\system32\PnkBstrA.exe 1204
    C:\Windows\system32\svchost.exe 804
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1676
    C:\Windows\system32\svchost.exe 1956
    C:\Windows\System32\svchost.exe 1576
    C:\Windows\system32\SearchIndexer.exe 1736
    C:\Windows\system32\WUDFHost.exe 2324
    C:\Windows\SYSTEM32\taskeng.exe 2724
    C:\Windows\system32\Dwm.exe 2828
    C:\Windows\SYSTEM32\taskeng.exe 2868
    C:\Windows\Explorer.EXE 2888
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 3180
    C:\Windows\VM_STI.EXE 3188
    C:\Windows\System32\rundll32.exe 3212
    C:\Windows\vsnpstd3.exe 3228
    C:\Windows\System32\rundll32.exe 3236
    C:\Program Files\SweetIM\Messenger\SweetIM.exe 3244
    C:\Windows\system32\wbem\wmiprvse.exe 3328
    C:\Windows\ehome\ehtray.exe 3440
    C:\Windows\ehome\ehmsas.exe 3496
    C:\Program Files\DAEMON Tools Lite\DTLite.exe 3504
    C:\Windows\system32\wbem\unsecapp.exe 3868
    C:\Program Files\Windows Live\Toolbar\wltuser.exe 1180
    C:\Windows\system32\conime.exe 2252
    C:\Program Files\List_Kill'em\List_Kill'em.exe 5716
    C:\Windows\system32\cmd.exe 4884
    C:\Windows\system32\SearchProtocolHost.exe 4920
    C:\Windows\system32\SearchFilterHost.exe 6016
    C:\Windows\system32\wbem\wmiprvse.exe 4912
    C:\Users\fuji\AppData\Local\Temp\8508.tmp\pv.exe 5216

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    "C:\ProgramData\Desktop"
    "C:\ProgramData\Documents"
    "C:\Program Files\AskBarDis"
    "C:\Program Files\DAEMON Tools Toolbar"
    "C:\Program Files\EoRezo"
    "C:\Program Files\Live-Player"
    "C:\Program Files\Mozilla FireFox\Components\AskSearch.js"
    "C:\Program Files\Search Settings"
    "C:\Program Files\WinPCap"
    C:\Windows\System32\autorun.dat
    C:\Windows\System32\AutoRun.exe
    C:\Windows\System32\autorun.inf
    "C:\Windows\system32\drivers\npf.sys"
    "C:\Windows\system32\Packet.dll"
    "C:\Windows\system32\pthreadVC.dll"
    "C:\Windows\system32\wpcap.dll"
    C:\Users\fuji\LOCAL Settings\Temp\AskInstallChecker.exe
    C:\Users\fuji\LOCAL Settings\Temp\DTLite4355-0068.exe
    C:\Users\fuji\LOCAL Settings\Temp\gtb.exe
    C:\Users\fuji\LOCAL Settings\Temp\hijackthis-2.0.2.75917.exe
    C:\Users\fuji\LOCAL Settings\Temp\igraal.exe
    C:\Users\fuji\LOCAL Settings\Temp\KeyGen.exe
    C:\Users\fuji\LOCAL Settings\Temp\MsgPlusUninstall.exe
    C:\Users\fuji\LOCAL Settings\Temp\MSN.exe
    C:\Users\fuji\LOCAL Settings\Temp\SecuExp.exe
    C:\Users\fuji\LOCAL Settings\Temp\staDF51.exe
    C:\Users\fuji\LOCAL Settings\Temp\steampwd.exe
    C:\Users\fuji\LOCAL Settings\Temp\stpv.exe
    C:\Users\fuji\LOCAL Settings\Temp\unwise.exe
    C:\Users\fuji\LOCAL Settings\Temp\Update_aa8e.exe
    C:\Users\fuji\LOCAL Settings\Temp\utt7A30.tmp.exe
    C:\Users\fuji\LOCAL Settings\Temp\uttF3A2.tmp.exe
    C:\Users\fuji\LOCAL Settings\Temp\vmdpmouch.exe
    C:\Users\fuji\LOCAL Settings\Temp\_unps.exe

    ¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

    Quarantine :

    AskBarDis.Kill'em
    AskInstallChecker.exe.Kill'em
    AskSearch.js.Kill'em
    autorun.dat.Kill'em
    AutoRun.exe.Kill'em
    autorun.inf.Kill'em
    DAEMON Tools Toolbar.Kill'em
    DTLite4355-0068.exe.Kill'em
    EoRezo.Kill'em
    gtb.exe.Kill'em
    hijackthis-2.0.2.75917.exe.Kill'em
    igraal.exe.Kill'em
    KeyGen.exe.Kill'em
    Live-Player.Kill'em
    MsgPlusUninstall.exe.Kill'em
    MSN.exe.Kill'em
    npf.sys.Kill'em
    Packet.dll.Kill'em
    pthreadVC.dll.Kill'em
    Search Settings.Kill'em
    SecuExp.exe.Kill'em
    staDF51.exe.Kill'em
    steampwd.exe.Kill'em
    stpv.exe.Kill'em
    unwise.exe.Kill'em
    Update_aa8e.exe.Kill'em
    utt7A30.tmp.exe.Kill'em
    uttF3A2.tmp.exe.Kill'em
    vmdpmouch.exe.Kill'em
    WinPcap.Kill'em
    wpcap.dll.Kill'em
    _unps.exe.Kill'em

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    Deleted : HKCU\Software\Grand Virtual
    Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Deleted : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    Deleted : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
    Deleted : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    Deleted : HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Deleted : HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Deleted : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Deleted : HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Deleted : HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Deleted : HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Deleted : HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
    Deleted : HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
    Deleted : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    Deleted : HKCR\interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Deleted : HKCR\interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Deleted : HKCR\interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Deleted : HKCR\MediaPlayer.GraphicsUtils
    Deleted : HKCR\MediaPlayer.GraphicsUtils.1
    Deleted : HKCR\MgMediaPlayer.GifAnimator
    Deleted : HKCR\MgMediaPlayer.GifAnimator.1
    Deleted : HKCR\SearchSettings.BHO
    Deleted : HKCR\SearchSettings.BHO.1
    Deleted : HKCR\SWEETIE.IEToolbar
    Deleted : HKCR\SWEETIE.IEToolbar.1
    Deleted : HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
    Deleted : HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
    Deleted : HKCR\Toolbar3.SWEETIE
    Deleted : HKCR\Toolbar3.SWEETIE.1
    Deleted : HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Deleted : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    Deleted : HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Deleted : HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Deleted : HKCU\Software\AppDataLow\AskBarDis
    Deleted : HKCU\SOFTWARE\EoRezo
    Deleted : HKCU\SOFTWARE\ItsLabel
    Deleted : HKCU\software\Live-Player
    Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Deleted : HKCU\Software\SweetIM
    Deleted : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    Deleted : HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Deleted : HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Deleted : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
    Deleted : HKLM\software\Live-Player
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    Deleted : HKLM\SOFTWARE\SweetIM
    Deleted : HKLM\SYSTEM\ControlSet001\Services\npf
    Deleted : HKLM\SYSTEM\ControlSet003\Services\npf

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    desinstalle List_Kill'em

    Télécharge OTL de OLDTimer

    enregistre le sur ton Bureau.

    ▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant scan all users

    ▶ règle-le sur "60 Days"

    ▶ dans la colonne de gauche , mets tout sur all

    ne modifie pas ceci :

    "files created whithin" et "files modified whithin"


    ▶Clic sur Run Scan.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶▶ Tu feras la meme chose avec le "Extra.txt".
    0
  7. laurene64 Messages postés 53 Statut Membre
     
    Voici les 2 liens. Merci d'avance.

    http://www.cijoint.fr/cjlink.php?file=cj200912/cijWdTnnVW.txt
    http://www.cijoint.fr/cjlink.php?file=cj200912/cijoQ7GyJs.txt
    0
  8. gen-hackman
     
    ▶ Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:

    ▶ Allez dans "Démarrer" puis Panneau de configuration.
    ▶ Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
    ▶ Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
    ▶ Validez par OK et redémarrez .

    ensuite

    ▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    ▶ clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


    ensuite :


    desinstalle AD-Remover

    ensuite :


    ▶ Telecharge et install UsbFix par Chiquitine29

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    ▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

    ▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    ▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    ▶ Laisse travailler l outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

    Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    ensuite :


    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

    ▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .

    ▶ choisi l option 2 ( Suppression )

    ▶ Ton bureau disparaitra et le pc redémarrera .

    ▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    ▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    ######### | Désinstallation | #########

    ▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .

    ▶ Choisi l option Désinstaller ....
    0
    1. az4879
       
      y a pas plus long comme manip pour supprimer un trojan?????????????????????????

      j'ai eu le même virus, nod32 me l'a repéré assez vite. Il l'a mis en quarantaine. Et depuis je n'ai rien d'autre à déclarer. Je me demande si il faut l'effacer de la quarantaine. Ce fichier est il un fichier système ou un fichier qui s'est créé par le virus?
      0
  9. gen-hackman
     
    Y a pas plus long comme manip pour supprimer un trojan?????????????????????????

    malheureusement il n'y a pas que ca dans ce pc ;)
    0
    1. az4879
       
      mais si c'était que ce foutu trojan, on est pas obligé de faire tant de manip j'espère? sinon moi je formate mon pc une 2e fois en 1semaine ! ça ira plus vite
      0