Antivir : sshnas.dll trojan Fermé

Question

Bonjour,

J'ai sans cesse Antivir qui s'ouvre en me disant qu'il detecte un Trojan dans le fichier System32/sshnas.dll

Je poste un Hijack.

D'avance merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:39, on 25/12/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\VM_STI.EXE
C:\Windows\System32undll32.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Windows\vsnpstd3.exe
C:\Windows\System32undll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\fuji\Documents\antivirus\hijackthis-2.0.2.75917.exe
C:\Users\fuji\AppData\Local\Temp\hijackthis-2.0.2.75917.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware.pro/misc/search.htm/fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware.pro/misc/search.htm/fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PURE VGA] "C:\ProgramData\Delete Dupe Dupe.3sx2npz"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SIMBAR={8135E66E-2990-4EF9-8A78-71F70A21141D}; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; SPOFRB/1.0; .NET CLR 1.1.4322; .NET CLR 3.5.21022; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.king.com/opengame_play.jsp?language=fr&game=couronne_king"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV4\maxtv.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcappcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

gen-hackman · Answer

salut :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

&#9654 Télécharge et installe List&Kill'em et enregistre le sur ton bureau 

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

&#9654 laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

&#9654 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

laurene64 · Answer

Merci beaucoup. Voici le rapport

List'em by g3n-h@ckm@n 1.1.6.1 

Thx to Chiquitine29.....& CCM team 

User : fuji (Administrateurs) # PC-DE-FUJI
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30 
Start at: 22:11:25 | 25/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) Dual  CPU  E2140  @ 1.60GHz
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6000 32-bit) # 
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 301,39 Go (95,21 Go free) [SYSTEM] | NTFS
D:\ -> Disque fixe local | 11,72 Go (11,63 Go free) [WinRE] | NTFS
E:\ -> Disque fixe local | 150,69 Go (150,6 Go free) [DATA] | NTFS
F:\ -> Disque CD-ROM | 2,32 Go (0 Mo free) [FM2010] | UDF
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
L:\ -> Disque CD-ROM
M:\ -> Disque amovible
N:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\Windows\System32\smss.exe 432
C:\Windows\system32\csrss.exe 568
C:\Windows\SYSTEM32\wininit.exe 624
C:\Windows\system32\csrss.exe 632
C:\Windows\system32\services.exe 668
C:\Windows\system32\lsass.exe 684
C:\Windows\system32\lsm.exe 692
C:\Windows\SYSTEM32\winlogon.exe 848
C:\Windows\system32\svchost.exe 868
C:\Windows\system32\svchost.exe 928
C:\Windows\System32\svchost.exe 980
C:\Windows\System32\svchost.exe 1012
C:\Windows\System32\svchost.exe 1096
C:\Windows\system32\svchost.exe 1112
C:\Windows\system32\svchost.exe 1264
C:\Windows\system32\SLsvc.exe 1280
C:\Windows\system32\svchost.exe 1360
C:\Windows\system32\svchost.exe 1524
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1632
C:\Windows\System32\spoolsv.exe 1804
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 1828
C:\Windows\system32\svchost.exe 1840
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 280
C:\Program Files\Bonjour\mDNSResponder.exe 440
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 276
C:\Windows\system32\PnkBstrA.exe 1204
C:\Windows\system32\svchost.exe 804
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1676
C:\Windows\system32\svchost.exe 1956
C:\Windows\System32\svchost.exe 1576
C:\Windows\system32\SearchIndexer.exe 1736
C:\Windows\system32\WUDFHost.exe 2324
C:\Windows\SYSTEM32	askeng.exe 2724
C:\Windows\system32\Dwm.exe 2828
C:\Windows\SYSTEM32	askeng.exe 2868
C:\Windows\Explorer.EXE 2888
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 3180
C:\Windows\VM_STI.EXE 3188
C:\Windows\System32undll32.exe 3212
C:\Windows\vsnpstd3.exe 3228
C:\Windows\System32undll32.exe 3236
C:\Program Files\SweetIM\Messenger\SweetIM.exe 3244
C:\Windows\system32\wbem\wmiprvse.exe 3328
C:\Windows\ehome\ehtray.exe 3440
C:\Windows\ehome\ehmsas.exe 3496
C:\Program Files\DAEMON Tools Lite\DTLite.exe 3504
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3576
C:\Program Files\Internet Explorer\iexplore.exe 3596
C:\Windows\system32\wbem\unsecapp.exe 3868
C:\Program Files\Windows Live\Contacts\wlcomm.exe 2808
C:\Program Files\Internet Explorer\iexplore.exe 3024
C:\Program Files\Internet Explorer\iexplore.exe 2272
C:\Program Files\Windows Live\Toolbar\wltuser.exe 1180
C:\Users\fuji\Documents\antivirus\hijackthis-2.0.2.75917.exe 4492
C:\Windows\system32\SearchProtocolHost.exe 5416
C:\Program Files\List_Kill'em\List_Kill'em.exe 1328
C:\Windows\system32\conime.exe 2252
C:\Windows\system32\cmd.exe 2512
C:\Windows\system32\wbem\wmiprvse.exe 2092
C:\Users\fuji\AppData\Local\Temp\F34A.tmp\pv.exe 3152

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray.exe	REG_SZ         	C:\Windows\ehome\ehTray.exe
MsnMsgr	REG_SZ         	~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
BitComet	REG_SZ         	C:\Program Files\BitComet\BitComet.exe /tray
EA Core	REG_SZ         	"C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
RocketDock	REG_SZ         	"C:\Program Files\RocketDock\RocketDock.exe"
eyeBeam SIP Client	REG_SZ         	
DAEMON Tools Lite	REG_SZ         	"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
PURE VGA	REG_SZ         	"C:\ProgramData\Delete Dupe Dupe.3sx2npz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
<NO NAME>	REG_SZ         	 
VirtualDrive	REG_SZ         	"C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore 
avgnt	REG_SZ         	"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min 
BigDogPath	REG_SZ         	C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera 
NvSvc	REG_SZ         	RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart 
NvCplDaemon	REG_SZ         	RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup 
NvMediaCenter	REG_SZ         	RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit 
Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
WinampAgent	REG_SZ         	"C:\Program Files\Winamp\winampa.exe" 
snpstd3	REG_SZ         	C:\Windows\vsnpstd3.exe 
SweetIM	REG_SZ         	C:\Program Files\SweetIM\Messenger\SweetIM.exe 
Malwarebytes Anti-Malware (reboot)	REG_SZ         	"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
ConsentPromptBehaviorAdmin	REG_DWORD      	2 (0x2) 
ConsentPromptBehaviorUser	REG_DWORD      	1 (0x1) 
EnableInstallerDetection	REG_DWORD      	1 (0x1) 
EnableLUA	REG_DWORD      	1 (0x1) 
EnableSecureUIAPaths	REG_DWORD      	1 (0x1) 
EnableVirtualization	REG_DWORD      	1 (0x1) 
PromptOnSecureDesktop	REG_DWORD      	1 (0x1) 
ValidateAdminCodeSignatures	REG_DWORD      	0 (0x0) 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
scforceoption	REG_DWORD      	0 (0x0) 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
FilterAdministratorToken	REG_DWORD      	1 (0x1) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\BitTorrent\bittorrent.exe	REG_SZ         	C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

=============== 
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
Wlansvc : 0x3 
SharedAccess : 0x4 
windefend : 0x2 
wuauserv : 0x2 
wscsvc : 0x2 

=========
 

F:\Autorun.inf :
----------------
[autorun]
OPEN=autorun.exe
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: SYSTEM

    Taille du volume                	= 301 Go
    Espace libre                    	= 95.22 Go
    tendue d'espace libre la plus grande 	= 59.23 Go
    Pourcentage de fragmentation des fichiers 	= 0 %

    Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

    Il n'est pas n‚cessaire de d‚fragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\ProgramData\Desktop  
C:\ProgramData\Documents  
C:\Program Files\AskBarDis  
C:\Program Files\DAEMON Tools Toolbar  
C:\Program Files\EoRezo  
C:\Program Files\Live-Player  
C:\Program Files\Mozilla FireFox\Components\AskSearch.js  
C:\Program Files\Search Settings  
C:\Program Files\WinPCap  
C:\Windows\System32\autorun.dat  
C:\Windows\System32\AutoRun.exe  
C:\Windows\System32\autorun.inf  
C:\Windows\System32\drivers
pf.sys  
C:\Windows\System32\Packet.dll  
C:\Windows\System32\pthreadVC.dll  
C:\Windows\System32\wpcap.dll  
C:\Users\fuji\LOCAL Settings\Temp\AskInstallChecker.exe  
C:\Users\fuji\LOCAL Settings\Temp\DTLite4355-0068.exe  
C:\Users\fuji\LOCAL Settings\Temp\gtb.exe  
C:\Users\fuji\LOCAL Settings\Temp\hijackthis-2.0.2.75917.exe  
C:\Users\fuji\LOCAL Settings\Temp\igraal.exe  
C:\Users\fuji\LOCAL Settings\Temp\KeyGen.exe  
C:\Users\fuji\LOCAL Settings\Temp\MsgPlusUninstall.exe  
C:\Users\fuji\LOCAL Settings\Temp\MSN.exe  
C:\Users\fuji\LOCAL Settings\Temp\SecuExp.exe  
C:\Users\fuji\LOCAL Settings\Temp\staDF51.exe  
C:\Users\fuji\LOCAL Settings\Temp\steampwd.exe  
C:\Users\fuji\LOCAL Settings\Temp\stpv.exe  
C:\Users\fuji\LOCAL Settings\Temp\unwise.exe  
C:\Users\fuji\LOCAL Settings\Temp\Update_aa8e.exe  
C:\Users\fuji\LOCAL Settings\Temp\utt7A30.tmp.exe  
C:\Users\fuji\LOCAL Settings\Temp\uttF3A2.tmp.exe  
C:\Users\fuji\LOCAL Settings\Temp\vmdpmouch.exe  
C:\Users\fuji\LOCAL Settings\Temp\_unps.exe  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"  
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{EEE6C35B-6118-11DC-9C72-001320C79847}"  
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"  
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{D4027C7F-154A-4066-A1AD-4243D8127440}"  
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}"  
"HKCU\Software\Grand Virtual"  
"HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"  
"HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"  
"HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"  
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"  
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"  
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe"  
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"  
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"  
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"  
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}  
HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}  
HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}  
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}  
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}  
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}  
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}  
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}  
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}  
HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632  
HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0  
HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}  
HKCR\interface\{EEE6C358-6118-11DC-9C72-001320C79847}  
HKCR\interface\{EEE6C359-6118-11DC-9C72-001320C79847}  
HKCR\interface\{EEE6C35A-6118-11DC-9C72-001320C79847}  
HKCR\MediaPlayer.GraphicsUtils  
HKCR\MediaPlayer.GraphicsUtils.1  
HKCR\MgMediaPlayer.GifAnimator  
HKCR\MgMediaPlayer.GifAnimator.1  
HKCR\SearchSettings.BHO  
HKCR\SearchSettings.BHO.1  
HKCR\SWEETIE.IEToolbar  
HKCR\SWEETIE.IEToolbar.1  
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook  
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1  
HKCR\Toolbar3.SWEETIE  
HKCR\Toolbar3.SWEETIE.1  
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}  
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}  
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}  
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}  
HKCU\Software\AppDataLow\AskBarDis  
HKCU\SOFTWARE\EoRezo  
HKCU\SOFTWARE\ItsLabel  
HKCU\software\Live-Player  
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}  
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}  
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}  
HKCU\Software\SweetIM  
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}  
HKLM\Software\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}  
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}  
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}  
HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}  
HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}  
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}  
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}  
HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}  
HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}  
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}  
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}  
HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}  
HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}  
HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}  
HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}  
HKLM\Software\Classes\MediaPlayer.GraphicsUtils  
HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1  
HKLM\Software\Classes\MgMediaPlayer.GifAnimator  
HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1  
HKLM\Software\Classes\SearchSettings.BHO  
HKLM\Software\Classes\SearchSettings.BHO.1  
HKLM\Software\Classes\SWEETIE.IEToolbar  
HKLM\Software\Classes\SWEETIE.IEToolbar.1  
HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook  
HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1  
HKLM\Software\Classes\Toolbar3.SWEETIE  
HKLM\Software\Classes\Toolbar3.SWEETIE.1  
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}  
HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}  
HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}  
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}  
HKLM\Software\Classes\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}  
HKLM\Software\Classes\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}  
HKLM\software\Live-Player  
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0  
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0  
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9  
HKLM\SOFTWARE\SweetIM  
HKLM\SYSTEM\ControlSet001\Services
pf  
HKLM\SYSTEM\ControlSet003\Services
pf  
HKLM\SYSTEM\CurrentControlSet\Services
pf  

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 22:16:40
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:83,01,6b,e2,e9,31,78,32,5a,c1,e4,86,09,7c,58,ce,f1,71,21,98,41,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:50,91,0e,fe,b9,e1,04,89,b2,f3,1d,dd,f8,11,43,86,4c,b3,7c,2c,fa,..
"a0"=hex:20,01,00,00,ef,ff,0e,a1,92,7d,c0,66,4b,71,c7,88,91,ab,cc,86,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ee,6d,47,21,2a,c1,92,1a,77,6a,fd,21,9c,b6,85,fb,f1,2e,8e,f6,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:83,01,6b,e2,e9,31,78,32,5a,c1,e4,86,09,7c,58,ce,f1,71,21,98,41,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"hdf12"=hex:50,91,0e,fe,b9,e1,04,89,b2,f3,1d,dd,f8,11,43,86,4c,b3,7c,2c,fa,..
"a0"=hex:20,01,00,00,ef,ff,0e,a1,92,7d,c0,66,4b,71,c7,88,91,ab,cc,86,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:ee,6d,47,21,2a,c1,92,1a,77,6a,fd,21,9c,b6,85,fb,f1,2e,8e,f6,e5,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

7-Zip
Activision
Adobe
AGEIA Technologies
Anuman Interactive
Apple Software Update
Ask & Record Toolbar
AskBarDis
AskTBar
Astonsoft
Avira
AviSynth 2.5
AVS4YOU
BitComet
BitTorrent
Bonjour
BoontyGames
Capture By George!
CCleaner
CDBurnerXP
Circle Developemnt
Common Files
CounterPath
Crcle Developement
Cyanide
DAEMON Tools Lite
DAEMON Tools Toolbar
DAMN NFO Viewer
danny_kay1710
desktop.ini
DivX
DMV
DNA
Electronic Arts
EoRezo
FarStone
Fichiers communs
Free Easy Burner
Garena
Google
InstallShield Installation Information
Internet Explorer
Java
Lavasoft
Left 4 Dead
LimeWire
List_Kill'em
Live-Player
MAGIX
Malwarebytes' Anti-Malware
Maxis
Messenger Plus! Live
Micro Application
Microsoft
Microsoft Games
Microsoft Office
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Toolbar
MSXML 4.0
Navilog1
NCH Swift Sound
Nero
PodSpider
PokerStars
pspvc
QuickTime
Rdr settings
Real
Red Kawa
Reference Assemblies
RocketDock
Samsung
Search Settings
Sports Interactive
Steam
SweetIM
TechSmith
Uninstall Information
V-Gear BEE
VideoLAN
Winamp
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live Safety Center
Windows Live Toolbar
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Sidebar
WinPcap
WinRAR
Wondershare
Wyzo
YesMessenger
Zero G Registry

============
Lecteur C:
============

$RECYCLE.BIN
Boot
bootmgr
BOOTSECT.BAK
cleannavi.txt
config.sys
conv
Documents and Settings
DRIVER
FileAssistant
FileAssistant%
fixnavi.txt
fsc-scr-set
help
img2-001.raw
IO.SYS
ISP
Kill'em
List'em.txt
Lop SD
lopR.txt
MANUAL
MicroGaming
MSDOS.SYS
Msoaa
MSOCache
nis-vista
Off2007HStTrial
orange.bmp
pagefile.sys
Poker
Prodlog.txt
Program Files
ProgramData
RecInfo
Sierra
sort-d.txt
sqmdata00.sqm
sqmdata01.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
System Volume Information
TB.txt
ToolBar SD
user-run
Users
vtype.cmd
Windows
Works
x86
zz_enablesr
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\help\windows\Help\OEM\Serial.exe 
C:
is-vista\Support\NCO\Browser\APP\Patch25d.dll 
C:\Users\fuji\AppData\Roaming\Microsoft\Windows\Recent\Serial AVATAR.lnk 
C:\help\windows\Help\OEM\Serial.exe 
C:\Program Files\Microsoft Works\Install.exe 
C:\Works\MSWorks\Install.exe 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

&#9654 Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654 choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre 

&#9654 colle le contenu dans ta reponse

laurene64 · Answer

Voici le rapport.

Kill'em by g3n-h@ckm@n 1.1.6.1 
 
User : fuji (Administrateurs) # PC-DE-FUJI
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30 
Start at: 22:41:11 | 25/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) Dual  CPU  E2140  @ 1.60GHz
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6000 32-bit) # 
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 301,39 Go (95,21 Go free) [SYSTEM] | NTFS
D:\ -> Disque fixe local | 11,72 Go (11,63 Go free) [WinRE] | NTFS
E:\ -> Disque fixe local | 150,69 Go (150,6 Go free) [DATA] | NTFS
F:\ -> Disque CD-ROM | 2,32 Go (0 Mo free) [FM2010] | UDF
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
L:\ -> Disque CD-ROM
M:\ -> Disque amovible
N:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\Windows\System32\smss.exe 432
C:\Windows\system32\csrss.exe 568
C:\Windows\SYSTEM32\wininit.exe 624
C:\Windows\system32\csrss.exe 632
C:\Windows\system32\services.exe 668
C:\Windows\system32\lsass.exe 684
C:\Windows\system32\lsm.exe 692
C:\Windows\SYSTEM32\winlogon.exe 848
C:\Windows\system32\svchost.exe 868
C:\Windows\system32\svchost.exe 928
C:\Windows\System32\svchost.exe 980
C:\Windows\System32\svchost.exe 1012
C:\Windows\System32\svchost.exe 1096
C:\Windows\system32\svchost.exe 1112
C:\Windows\system32\svchost.exe 1264
C:\Windows\system32\SLsvc.exe 1280
C:\Windows\system32\svchost.exe 1360
C:\Windows\system32\svchost.exe 1524
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1632
C:\Windows\System32\spoolsv.exe 1804
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 1828
C:\Windows\system32\svchost.exe 1840
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 280
C:\Program Files\Bonjour\mDNSResponder.exe 440
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 276
C:\Windows\system32\PnkBstrA.exe 1204
C:\Windows\system32\svchost.exe 804
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1676
C:\Windows\system32\svchost.exe 1956
C:\Windows\System32\svchost.exe 1576
C:\Windows\system32\SearchIndexer.exe 1736
C:\Windows\system32\WUDFHost.exe 2324
C:\Windows\SYSTEM32	askeng.exe 2724
C:\Windows\system32\Dwm.exe 2828
C:\Windows\SYSTEM32	askeng.exe 2868
C:\Windows\Explorer.EXE 2888
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 3180
C:\Windows\VM_STI.EXE 3188
C:\Windows\System32undll32.exe 3212
C:\Windows\vsnpstd3.exe 3228
C:\Windows\System32undll32.exe 3236
C:\Program Files\SweetIM\Messenger\SweetIM.exe 3244
C:\Windows\system32\wbem\wmiprvse.exe 3328
C:\Windows\ehome\ehtray.exe 3440
C:\Windows\ehome\ehmsas.exe 3496
C:\Program Files\DAEMON Tools Lite\DTLite.exe 3504
C:\Windows\system32\wbem\unsecapp.exe 3868
C:\Program Files\Windows Live\Toolbar\wltuser.exe 1180
C:\Windows\system32\conime.exe 2252
C:\Program Files\List_Kill'em\List_Kill'em.exe 5716
C:\Windows\system32\cmd.exe 4884
C:\Windows\system32\SearchProtocolHost.exe 4920
C:\Windows\system32\SearchFilterHost.exe 6016
C:\Windows\system32\wbem\wmiprvse.exe 4912
C:\Users\fuji\AppData\Local\Temp\8508.tmp\pv.exe 5216
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

"C:\ProgramData\Desktop"  
"C:\ProgramData\Documents"  
"C:\Program Files\AskBarDis"  
"C:\Program Files\DAEMON Tools Toolbar"  
"C:\Program Files\EoRezo"  
"C:\Program Files\Live-Player"  
"C:\Program Files\Mozilla FireFox\Components\AskSearch.js"  
"C:\Program Files\Search Settings"  
"C:\Program Files\WinPCap"  
C:\Windows\System32\autorun.dat  
C:\Windows\System32\AutoRun.exe  
C:\Windows\System32\autorun.inf  
"C:\Windows\system32\drivers
pf.sys"  
"C:\Windows\system32\Packet.dll"  
"C:\Windows\system32\pthreadVC.dll"  
"C:\Windows\system32\wpcap.dll"  
C:\Users\fuji\LOCAL Settings\Temp\AskInstallChecker.exe  
C:\Users\fuji\LOCAL Settings\Temp\DTLite4355-0068.exe  
C:\Users\fuji\LOCAL Settings\Temp\gtb.exe  
C:\Users\fuji\LOCAL Settings\Temp\hijackthis-2.0.2.75917.exe  
C:\Users\fuji\LOCAL Settings\Temp\igraal.exe  
C:\Users\fuji\LOCAL Settings\Temp\KeyGen.exe  
C:\Users\fuji\LOCAL Settings\Temp\MsgPlusUninstall.exe  
C:\Users\fuji\LOCAL Settings\Temp\MSN.exe  
C:\Users\fuji\LOCAL Settings\Temp\SecuExp.exe  
C:\Users\fuji\LOCAL Settings\Temp\staDF51.exe  
C:\Users\fuji\LOCAL Settings\Temp\steampwd.exe  
C:\Users\fuji\LOCAL Settings\Temp\stpv.exe  
C:\Users\fuji\LOCAL Settings\Temp\unwise.exe  
C:\Users\fuji\LOCAL Settings\Temp\Update_aa8e.exe  
C:\Users\fuji\LOCAL Settings\Temp\utt7A30.tmp.exe  
C:\Users\fuji\LOCAL Settings\Temp\uttF3A2.tmp.exe  
C:\Users\fuji\LOCAL Settings\Temp\vmdpmouch.exe  
C:\Users\fuji\LOCAL Settings\Temp\_unps.exe  
 
 
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted : 
  
Quarantine : 

AskBarDis.Kill'em
AskInstallChecker.exe.Kill'em
AskSearch.js.Kill'em
autorun.dat.Kill'em
AutoRun.exe.Kill'em
autorun.inf.Kill'em
DAEMON Tools Toolbar.Kill'em
DTLite4355-0068.exe.Kill'em
EoRezo.Kill'em
gtb.exe.Kill'em
hijackthis-2.0.2.75917.exe.Kill'em
igraal.exe.Kill'em
KeyGen.exe.Kill'em
Live-Player.Kill'em
MsgPlusUninstall.exe.Kill'em
MSN.exe.Kill'em
npf.sys.Kill'em
Packet.dll.Kill'em
pthreadVC.dll.Kill'em
Search Settings.Kill'em
SecuExp.exe.Kill'em
staDF51.exe.Kill'em
steampwd.exe.Kill'em
stpv.exe.Kill'em
unwise.exe.Kill'em
Update_aa8e.exe.Kill'em
utt7A30.tmp.exe.Kill'em
uttF3A2.tmp.exe.Kill'em
vmdpmouch.exe.Kill'em
WinPcap.Kill'em
wpcap.dll.Kill'em
_unps.exe.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}  
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3041d03e-fd4b-44e0-b742-2d9b88305f98}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}  
Deleted : HKCU\Software\Grand Virtual  
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings  
Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}  
Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}  
Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}  
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}  
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe  
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}  
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}  
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}  
Deleted : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}  
Deleted : HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}  
Deleted : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}  
Deleted : HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}  
Deleted : HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}  
Deleted : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}  
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
Deleted : HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}  
Deleted : HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}  
Deleted : HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}  
Deleted : HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632  
Deleted : HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0  
Deleted : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}  
Deleted : HKCR\interface\{EEE6C358-6118-11DC-9C72-001320C79847}  
Deleted : HKCR\interface\{EEE6C359-6118-11DC-9C72-001320C79847}  
Deleted : HKCR\interface\{EEE6C35A-6118-11DC-9C72-001320C79847}  
Deleted : HKCR\MediaPlayer.GraphicsUtils  
Deleted : HKCR\MediaPlayer.GraphicsUtils.1  
Deleted : HKCR\MgMediaPlayer.GifAnimator  
Deleted : HKCR\MgMediaPlayer.GifAnimator.1  
Deleted : HKCR\SearchSettings.BHO  
Deleted : HKCR\SearchSettings.BHO.1  
Deleted : HKCR\SWEETIE.IEToolbar  
Deleted : HKCR\SWEETIE.IEToolbar.1  
Deleted : HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook  
Deleted : HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1  
Deleted : HKCR\Toolbar3.SWEETIE  
Deleted : HKCR\Toolbar3.SWEETIE.1  
Deleted : HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}  
Deleted : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}  
Deleted : HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}  
Deleted : HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}  
Deleted : HKCU\Software\AppDataLow\AskBarDis  
Deleted : HKCU\SOFTWARE\EoRezo  
Deleted : HKCU\SOFTWARE\ItsLabel  
Deleted : HKCU\software\Live-Player  
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}  
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}  
Deleted : HKCU\Software\SweetIM  
Deleted : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}  
Deleted : HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}  
Deleted : HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}  
Deleted : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}  
Deleted : HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}  
Deleted : HKLM\software\Live-Player  
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0  
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9  
Deleted : HKLM\SOFTWARE\SweetIM  
Deleted : HKLM\SYSTEM\ControlSet001\Services
pf  
Deleted : HKLM\SYSTEM\ControlSet003\Services
pf  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

gen-hackman · Answer

desinstalle List_Kill'em

Télécharge OTL de OLDTimer

&#9654 enregistre le sur ton Bureau.

&#9654 Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant scan all users

&#9654 règle-le sur "60 Days"

&#9654 dans la colonne de gauche , mets tout sur all

ne modifie pas ceci : 

"files created whithin" et "files modified whithin" 

&#9654Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

&#9654&#9654 Tu feras la meme chose avec le "Extra.txt".

laurene64 · Answer

Voici les 2 liens. Merci d'avance.

http://www.cijoint.fr/cjlink.php?file=cj200912/cijWdTnnVW.txt
http://www.cijoint.fr/cjlink.php?file=cj200912/cijoQ7GyJs.txt

gen-hackman · Answer

&#9654 Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil: 

&#9654 Allez dans "Démarrer" puis Panneau de configuration. 
&#9654 Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".  
&#9654 Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur. 
&#9654 Validez par OK et redémarrez .

ensuite

&#9654 Télécharge Ad-remover ( de C_XX ) sur ton bureau : 


&#9654 Déconnecte toi et ferme toutes applications en cours ! 

&#9654 clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9654 clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis l'option "L" et tape sur [entrée] .

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

&#9654 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.   


ensuite :

desinstalle AD-Remover

ensuite :

&#9654 Telecharge et install UsbFix par Chiquitine29

 (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


&#9654 Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

&#9654 Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

&#9654 Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée] 

&#9654 Laisse travailler l outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 


Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

ensuite :

&#9654 Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir


&#9654 Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .

&#9654 choisi l option 2 ( Suppression )

&#9654 Ton bureau disparaitra et le pc redémarrera .

&#9654 Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

&#9654 Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

######### | Désinstallation | #########


&#9654 Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur .

&#9654 Choisi l option  Désinstaller ....

gen-hackman · Answer

Y a pas plus long comme manip pour supprimer un trojan????????????????????????? 

malheureusement il n'y a pas que ca dans ce pc ;)

gen-hackman · Answer

pas tout le monde peut se le permettre

Laurene la suite ici :

https://forums.commentcamarche.net/forum/affich-15830803-antivir-sshnas-dll-trojan#8

Antivir : sshnas.dll trojan

9 réponses

Discussions similaires