Virus security tool PC lent

Utilisateur anonyme -  
dédétraqué Messages postés 4522 Statut Contributeur sécurité -
Bonjour,

J'ai depuis la semaine dernière attrapèe un virus SECURITY TOOL.
J'ai AVAST en antivirus.
En regardant sur Internet et les diffèrents forum, j'ai suivis quelques conseils et fais "ma sauce"
En résumé, j'ai téléchargé Malwarebytes, ccleaner.
Resultat : je pense m'être débarrasée de SECURITY TOOL
MON PC est SUPER LENT
J'ai fais fonctionné à nouveau AVAST, j'ai dû mettre 2 fichiers en quarantaine
C:\windows\system32\fjhdyfhsn.bat et C:\systemvolumeinformation\restore..............
Desesperèe mais pas question d'abandonner , j'ai installé Combofix et maintenant j'ai un fichier rapport mais j'y comprends rien. SOS S-V-P.
Configuration: Windows XP

13 réponses

  1. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SEVE07

    Poste ton rapport, on va vérifier

    @++ :)
    0
  2. Utilisateur anonyme
     
    Salut et MERCI pour ton aide

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-10 au 2010-03-10 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-10 20:30 . 2010-03-10 20:30 -------- d-----w- c:\windows\LastGood
    2010-03-09 18:39 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-03-09 18:39 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-03-09 18:39 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-03-09 18:39 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-03-09 18:39 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-03-09 18:39 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-03-09 18:39 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-03-09 18:39 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2010-03-09 18:02 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-03-08 17:25 . 2009-08-13 15:20 512000 ------w- c:\windows\system32\dllcache\jscript.dll
    2010-03-07 20:19 . 2010-03-07 20:52 -------- d-----w- c:\windows\BDOSCAN8
    2010-03-07 19:15 . 2010-03-07 19:15 -------- d-----w- c:\windows\system32\fr
    2010-03-07 19:15 . 2010-03-07 19:15 -------- d-----w- c:\windows\l2schemas
    2010-03-07 19:15 . 2010-03-07 19:15 -------- d-----w- c:\windows\system32\bits
    2010-03-07 19:06 . 2010-03-07 19:06 -------- d-----w- c:\windows\EHome
    2010-03-07 18:12 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
    2010-03-07 17:42 . 2010-03-07 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-03-07 13:30 . 2010-03-07 13:30 -------- d-----w- c:\program files\CCleaner
    2010-03-04 20:14 . 2010-03-04 20:14 -------- d--h--w- c:\windows\PIF
    2010-03-03 22:07 . 2010-03-04 18:25 363008 ----a-w- c:\program files\rkill.com
    2010-03-03 19:57 . 2010-03-03 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-03-02 21:49 . 2010-03-02 21:49 -------- d-----w- c:\documents and settings\Invité
    2010-03-02 21:00 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
    2010-03-02 21:00 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
    2010-03-02 20:59 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
    2010-02-20 16:25 . 2010-02-20 16:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-02-20 16:20 . 2010-02-20 16:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-02-20 16:20 . 2010-03-07 17:44 -------- d-----w- c:\program files\Google
    2010-02-20 16:19 . 2010-02-20 16:19 411368 ----a-w- c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-07 19:31 . 2004-01-01 06:39 63614 ----a-w- c:\windows\system32\perfc00C.dat
    2010-03-07 19:31 . 2004-01-01 06:39 445016 ----a-w- c:\windows\system32\perfh00C.dat
    2010-03-07 19:18 . 2004-01-01 05:54 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-03-07 17:42 . 2009-09-10 19:27 -------- d-----w- c:\program files\Alwil Software
    2010-03-07 16:23 . 2006-05-31 16:41 -------- d-----w- c:\program files\epson
    2010-03-07 16:19 . 2007-11-22 20:44 -------- d-----w- c:\program files\OLYMPUS
    2010-03-07 13:40 . 2006-06-10 07:44 -------- d-----w- c:\program files\Fichiers communs\Teleca Shared
    2010-03-07 13:38 . 2006-03-01 11:23 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-05 21:19 . 2009-09-10 19:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-03-05 21:19 . 2009-09-10 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-03-05 21:16 . 2006-03-01 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\OD2
    2010-03-05 21:16 . 2006-03-01 11:24 -------- d-----w- c:\program files\Music Manager
    2010-03-05 21:11 . 2008-03-01 19:59 -------- d-----w- c:\program files\MAGIX
    2010-03-03 22:08 . 2010-03-03 22:08 608448 ----a-w- c:\program files\comctl32.ocx
    2010-03-02 20:54 . 2010-03-02 20:54 16 ----a-w- c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
    2010-02-20 16:19 . 2006-03-01 11:23 -------- d-----w- c:\program files\Java
    2009-12-31 16:50 . 2004-01-01 06:39 353792 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-22 05:09 . 2004-01-01 06:39 671232 ------w- c:\windows\system32\wininet.dll
    2009-12-22 05:08 . 2009-09-17 19:15 81920 ----a-w- c:\windows\system32\ieencode.dll
    2009-12-17 07:41 . 2004-01-01 05:53 347648 ----a-w- c:\windows\system32\mspaint.exe
    2009-12-14 07:09 . 2004-01-01 06:38 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2008-05-23 08:20 . 2008-05-23 08:20 16 ---ha-w- c:\program files\mxfilerelatedcache.mxc2
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-03-10_18.25.20 )))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-20 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"="VTTimer.exe" [2005-11-24 53248]
    "VTTrayp"="VTtrayp.exe" [2005-11-24 147456]
    "SoundMan"="SOUNDMAN.EXE" [2005-11-24 77824]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-01-01 180269]
    "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-20 149280]
    "Anniversaires"="c:\anuman interactive\Le journal de votre naissance\anniv.exe" [2006-09-14 765952]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage d'Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-28 51984]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Apps\\Powercinema\\PowerCinema.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [09/03/2010 19:39 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/03/2010 19:39 20560]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2010 17:20 135664]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [01/03/2008 21:08 1527900]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 16:20]

    2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 16:20]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.sfr.fr/kit/adsl/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://sonyericsson.com/support
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-10 21:52
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'explorer.exe'(1624)
    c:\windows\system32\eappprxy.dll
    .
    Heure de fin: 2010-03-10 21:54:42
    ComboFix-quarantined-files.txt 2010-03-10 20:54
    ComboFix2.txt 2010-03-10 18:27

    Avant-CF: 185 706 274 816 octets libres
    Après-CF: 185 679 400 960 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    Timeout=2
    Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    - - End Of File - - 5402DEA179FFF0C6A37C2ECADF4C2445
    0
  3. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SEVE07

    Poste les prochains rapports au complet, entête comprise.

    Télécharge OTM (de Old_Timer) sur le bureau :

    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

    Double-clique sur OTM.exe sur le bureau

    - Copie le texte qui se trouve en gras ci-dessous et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

    :files
    c:\documents and settings\NetworkService\Application Data\rbuwzv.dat

    :commands
    [purity]
    [emptytemp]
    [reboot]


    - Clique sur MoveIt! pour lancer la suppression.
    - Ferme OTM

    Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

    Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.

    -----

    Désactive ton antivirus le temps de la manipulation ainsi que ton pare feu si présent(car il est détecté a tort comme infection)

    ▶ Télécharge List&Kill'em et enregistre le sur ton bureau
    http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

    ▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "créer une icône sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le, ne le poste pas, mais ne le supprime pas pour l instant, le scan n'est pas fini.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.

    @++ :)
    0
  4. Utilisateur anonyme
     
    Désolé, mais c'est très lent au démarrage

    voici le rapport OTM

    All processes killed
    ========== FILES ==========
    c:\documents and settings\NetworkService\Application Data\rbuwzv.dat moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 147456 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 300 bytes

    User: HERITIER Séverine
    ->Temp folder emptied: 738 bytes
    ->Temporary Internet Files folder emptied: 12989858 bytes
    ->Java cache emptied: 12118713 bytes
    ->Google Chrome cache emptied: 6138516 bytes
    ->Flash cache emptied: 1965895 bytes

    User: Invité
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 300 bytes

    User: LocalService
    ->Temp folder emptied: 65716 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Propriétaire

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19703 bytes
    %systemroot%\System32 .tmp files removed: 2998256 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 81920 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 190582 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 35,00 mb

    OTM by OldTimer - Version 3.1.10.0 log created on 03112010_000503

    Files moved on Reboot...
    C:\Documents and Settings\HERITIER Séverine\Local Settings\Temporary Internet Files\Content.IE5\7271P1N7\affich-16958541-virus-security-tool-pc-lent[1] moved successfully.
    C:\Documents and Settings\HERITIER Séverine\Local Settings\Temporary Internet Files\Content.IE5\7271P1N7\searchbb78fe75[1] moved successfully.
    File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_46c.dat not found!

    Registry entries deleted on Reboot...

    J'ai un souçi avec List kill'em
    j'ai eu le rapport du nom de catchme sur mon bureau, mais rien ne se passe après. Au secours!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SEVE07

    Poste le rapport de catchme

    @++ :)
    0
  7. Utilisateur anonyme
     
    Salut dédétraqué et encore MERCI

    voici le rapport
    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-11 00:30:16
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0
    0
  8. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SEVE07

    Redémarre le PC et essai de nouveau avec List&Kill'em.

    @++ :)
    0
  9. Utilisateur anonyme
     
    Salut Dédétraqué,

    voici le contenu du rapport

    List'em by g3n-h@ckm@n 1.3.2.1

    User : HERITIER Séverine (Administrateurs)
    Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
    Start at: 01:14:46 | 11/03/2010
    Contact : https://forums.commentcamarche.net/forum/virus-securite-7

    AMD Sempron(tm) Processor 3000+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 6.0.2900.5512
    Windows Firewall Status : Enabled
    AV : avast! antivirus 4.8.1368 [VPS 100310-1] 4.8.1368 [ (!) Disabled | Updated ]

    C:\ -> Disque fixe local | 186,31 Go (172,94 Go free) | NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible

    Boot: Normal

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Anuman Interactive\Le journal de votre naissance\anniv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\system32\svchost.exe
    c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\List_Kill'em\FxEx.scr
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\List_Kill'em\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    VTTimer REG_SZ VTTimer.exe
    VTTrayp REG_SZ VTtrayp.exe
    SoundMan REG_SZ SOUNDMAN.EXE
    TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    PCMService REG_SZ "c:\Apps\Powercinema\PCMService.exe"
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
    Anniversaires REG_SZ C:\Anuman Interactive\Le journal de votre naissance\anniv.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)
    DisableRegistryTools REG_DWORD 0 (0x0)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 323 (0x143)
    NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
    NoDrives REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)
    NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
    NoDriveTypeAutoRun REG_DWORD 323 (0x143)
    NoDrives REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell REG_DWORD 1 (0x1)
    DefaultDomainName REG_SZ AD15092005
    DefaultUserName REG_SZ HERITIER Séverine
    LegalNoticeCaption REG_SZ
    LegalNoticeText REG_SZ
    PowerdownAfterShutdown REG_SZ 0
    ReportBootOk REG_SZ 1
    Shell REG_SZ Explorer.exe
    ShutdownWithoutLogon REG_SZ 0
    System REG_SZ
    Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
    VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota REG_DWORD -1 (0xffffffff)
    allocatecdroms REG_SZ 0
    allocatedasd REG_SZ 0
    allocatefloppies REG_SZ 0
    cachedlogonscount REG_SZ 10
    forceunlocklogon REG_DWORD 0 (0x0)
    passwordexpirywarning REG_DWORD 14 (0xe)
    scremoveoption REG_SZ 0
    AllowMultipleTSSessions REG_DWORD 1 (0x1)
    UIHost REG_EXPAND_SZ logonui.exe
    LogonType REG_DWORD 1 (0x1)
    Background REG_SZ 0 0 0
    DebugServerCommand REG_SZ no
    SFCDisable REG_DWORD 0 (0x0)
    WinStationsDisabled REG_SZ 0
    HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
    ShowLogonOptions REG_DWORD 0 (0x0)
    AltDefaultUserName REG_SZ HERITIER Séverine
    AltDefaultDomainName REG_SZ AD15092005
    ChangePasswordUseKerberos REG_DWORD 1 (0x1)

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Apps\Powercinema\PowerCinema.exe REG_SZ C:\Apps\Powercinema\PowerCinema.exe:*:Enabled:PowerCinema
    C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

    ===============
    ActivX controls
    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Base Smart Card Crypto Provider Package]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

    ===
    DNS
    ===

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E7F95ED-E51D-4D1B-A230-22DDD497E82B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3E7F95ED-E51D-4D1B-A230-22DDD497E82B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{3E7F95ED-E51D-4D1B-A230-22DDD497E82B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.sfr.fr/

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3 ( OK = 3 )
    EapHost : 0x3 ( OK = 2 )
    SharedAccess : 0x2 ( OK = 2 )
    wuauserv : 0x2 ( OK = 2 )

    =========
    Atapi.sys
    =========

    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Program Files\List_Kill'em
    ## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    ##
    95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Program Files\List_Kill'em
    ## C:\> hashdeep.exe C:\WINDOWS\ERDNT\cache\atapi.sys
    ##
    96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ERDNT\cache\atapi.sys
    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Program Files\List_Kill'em
    ## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    ##
    96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Program Files\List_Kill'em
    ## C:\> hashdeep.exe C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\atapi.sys
    ##
    96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\atapi.sys
    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Program Files\List_Kill'em
    ## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
    ##
    96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys

    Référence :
    ==========

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

    =======
    Drive :
    =======

    Défragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    186 Go total, 173 Go libre (92%), 15% fragmenté (fragmentation du fichier 30%)

    Vous devriez défragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Present !! : C:\WINDOWS\System32\_*.dll
    Present !! : C:\Documents and Settings\HERITIER Séverine\Application Data\wklnhst.dat
    Present !! : C:\Documents and Settings\HERITIER Séverine\Application Data\wklnhst.dat

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

    ============

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-11 01:23:41
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 60 !

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 1:23:51,42
    0
  10. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SEVE07

    ▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse

    @++ :)
    0
  11. Utilisateur anonyme
     
    MERCI encore pour le temps passé à m'aider

    Kill'em by g3n-h@ckm@n 1.3.2.1

    User : HERITIER Séverine (Administrateurs)
    Update on 10/03/2010 by g3n-h@ckm@n ::::: 17.30
    Start at: 01:49:02 | 11/03/2010
    Contact : https://forums.commentcamarche.net/forum/virus-securite-7

    AMD Sempron(tm) Processor 3000+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 6.0.2900.5512
    Windows Firewall Status : Enabled
    AV : avast! antivirus 4.8.1368 [VPS 100310-1] 4.8.1368 [ Enabled | Updated ]

    C:\ -> Disque fixe local | 186,31 Go (172,94 Go free) | NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque amovible
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Apps\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\List_Kill'em\ERUNT.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\List_Kill'em\pv.exe

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll
    Quarantined & Deleted !! : C:\Documents and Settings\HERITIER S‚verine\Application Data\wklnhst.dat

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========

    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    ========
    Services
    =========

    Ndisuio : Start = 3
    EapHost : Start = 2
    Ip6Fw : Start = 2
    SharedAccess : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ============
    Disk Cleaned
    ============

    =================
    anti-ver blaster : OK !!
    =================

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  12. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SEVE07

    Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :

    https://www.eset.com/int/home/online-scanner/

    (coche toutes les cases à chaque fois, sauf les deux dernières a la fin du scan, sinon le rapport est supprimer)
    A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

    @++ :)
    0
  13. Utilisateur anonyme
     
    Salut dédétraqué

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=09503cb1795c234789d54a5098067cb5
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-03-11 02:05:45
    # local_time=2010-03-11 03:05:45 (+0100, Paris, Madrid)
    # country="France"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=769 16775125 100 98 0 204551526 27227 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=44003
    # found=0
    # cleaned=0
    # scan_time=2778
    0
  14. dédétraqué Messages postés 4522 Statut Contributeur sécurité 286
     
    Salut SEVE07

    Ton rapport est propre, as-tu d'autre souci?

    @++ :)
    0