Sujet Précédent Sujet Suivant

Pc infecté, virus !!! merci de m'aider

Résolu/Fermé
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010 - Modifié par guzi69 le 6/05/2010 à 23:51
 Utilisateur anonyme - 10 mai 2010 à 17:27

j'ai des virus notamment le virus antispyware soft qui traine sur mon pc et qui m'empêche d ouvrir des programmes et de surfer sur le net correctement.
voici un rapport hijackthis pour vous éclairez afin d'arriver a bout de mes virus.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:04, on 06/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Alex\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [nlvfdvec] C:\Users\Alex\AppData\Local\wcmylkqvc\otgxjcdtssd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

End of file - 7675 bytes
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
6 mai 2010 à 23:56
c'est une blague ???
ya pas moyen de supprimer ce virus sans reformater ?
0
Réponse 2 / 23
Utilisateur anonyme
6 mai 2010 à 23:59
bonsoir je supprime le premier poste stupide

à mon avis , ceux qui repondent formate !! devraient apprendre la desinfection ou se taire !!

guiz69 :

n'ecoute personne d'autre sans mon consentement, je vais te sortir de là

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em

List_Kill'em

List_Kill'em

et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

♦ Executer Shortcut
♦ Executer List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
0
Réponse 3 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
7 mai 2010 à 00:20
merci pour ton aide gen hackman.

voici le rapport :

List'em by g3n-h@ckm@n 1.7.3.1

User : Alex (Administrateurs)
Update on 06/05/2010 by g3n-h@ckm@n ::::: 16.15
Start at: 00:07:30 | 07/05/2010

Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 465,75 Go (198,91 Go free) | NTFS
D:\ -> Disque CD-ROM

Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe
C:\Users\Alex\Downloads\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Steam REG_SZ "C:\Program Files\Steam\Steam.exe" -silent
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
nlvfdvec REG_SZ C:\Users\Alex\AppData\Local\wcmylkqvc\otgxjcdtssd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RtHDVCpl REG_SZ C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 5 (0x5)
ConsentPromptBehaviorUser REG_DWORD 3 (0x3)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)

===============

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16}
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile
AutoRestartShell REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
CachedLogonsCount REG_SZ 10
DebugServerCommand REG_SZ no
ForceUnlockLogon REG_DWORD 0 (0x0)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PasswordExpiryWarning REG_DWORD 5 (0x5)
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 43 (0x2b)

===============


===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======

[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6BC3A45F-4B2D-4E28-850D-2CB56171D2CA}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6BC3A45F-4B2D-4E28-850D-2CB56171D2CA}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6BC3A45F-4B2D-4E28-850D-2CB56171D2CA}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\Windows\System32\blank.htm
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Local Page REG_SZ C:\Windows\system32\blank.htm

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x3 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\Windows\System32\drivers\atapi.sys :
MD5 :: [338c86357871c167a96ab976519bf59e]
SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys :
MD5 :: [338c86357871c167a96ab976519bf59e]
SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]

C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys :
MD5 :: [338c86357871c167a96ab976519bf59e]
SHA256 :: [f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6]

C:\Windows.old\Windows\$NtServicePackUninstall$\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\Windows.old\Windows\ServicePackFiles\i386\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\Windows.old\Windows\system32\drivers\atapi.sys :
MD5 :: [9f3a2f5aa6875c72bf062c712cfa2674]
SHA256 :: [b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

C:\Windows.old\Windows\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

C:\Windows.old\Windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys :
MD5 :: [cdfe4411a69c224bd1d11b2da92dac51]
SHA256 :: [0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Microsoft
Copyright (c) 2007 Microsoft Corp.

Invocation de analyse sur (C:)...



L'op'ration a r'ussi.

Post Defragmentation Report:


Informations sur le volumeÿ:
Taille du volume = 465,75 Go
Espace libre = 198,91 Go
Quantit' totale d'espace fragment' = 0%
Taille maximale d'espace libre = 135,16 Go

Remarqueÿ: les fragments de fichier de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.


Il n'est pas n'cessaire de d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\DAEMON Tools Toolbar
Present !! : C:\Windows\System32\drivers\etc\hosts.msn
Present !! : C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17}
Present !! : HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Present !! : HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Present !! : HKCR\interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Present !! : HKCR\interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Present !! : HKCR\interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Present !! : HKCU\SOFTWARE\avsoft
Present !! : HKCU\Software\avsuite
Present !! : HKLM\SOFTWARE\avsoft
Present !! : HKLM\SOFTWARE\avsuite
Present !! : HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Present !! : HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Present !! : HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Present !! : HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Present !! : HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 00:13:48
Windows 6.1.7600 FAT NTAPI

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x84E721F8]<<
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 0:13:49,40
0
Réponse 4 / 23
Utilisateur anonyme
7 mai 2010 à 00:29
▶ Relance List&Kill'em(soit en clic droit "executer en tant que....." pour vista / 7),avec le raccourci sur ton bureau.

mais cette fois-ci :

▶ choisis l'option Remove Key

un document texte va s'ouvrir à l'apparition de : Text Please

▶copie/colle le texte en gras ci-dessous :

"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "nlvfdvec"

ensuite onglet "Fichier" clic sur enregistrer , puis ferme ce bloc notes

Laisse travailler l'outil

à la fin un rapport s'ouvre ,

▶ poste le resultat

ensuite :

▶ Relance List&Kill'em (soit en clic droit "executer en tant que....." pour vista / 7),avec le raccourci sur ton bureau.

mais cette fois-ci :

▶ choisis l'option Manual delete

un document texte va s'ouvrir à l'apparition de : Text Please

▶copie/colle le texte en gras ci-dessous :

"C:\Users\Alex\AppData\Local\wcmylkqvc"

ensuite onglet "Fichier" clic sur enregistrer , puis ferme ce bloc notes

Laisse travailler l'outil

à la fin un rapport s'ouvre ,

▶ poste le resultat

ensuite :

▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
7 mai 2010 à 00:52
concernant les deux premiere etapes, j'ai bien appliquer ce que tu ma dit de faire mais le rapport je les fermer sans faire expret mais j'ai bien vu que ca a marcher.
la deuxieme fois en essayant a nouveau, il me trouve plus rien ca a donc du marcher je suppose.

Kill'em by g3n-h@ckm@n 1.7.3.1

User : Alex (Administrateurs)
Update on 06/05/2010 by g3n-h@ckm@n ::::: 16.15
Start at: 00:40:03 | 07/05/2010

Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Microsoft Windows 7 Édition Intégrale (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 465,75 Go (199,06 Go free) | NTFS
D:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\runonce.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\DAEMON Tools Toolbar

Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\Alex\LOCAL Settings\Temp\catchme.dll
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I0D69WV.r15
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I0IIJLO
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I0XHXST.r06
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I1C5E4R.avi
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I1JMLNO.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I1JW8PC.r22
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I1RQZ0K.r27
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I2GFG3D
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I3B31WK
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I3U0BW8.r34
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I5CV7JJ.r20
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I5J202N
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I5MCXS4.url
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I6TW6J0
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I71I804.r01
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I8MY9C9.r16
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I942CRU.r18
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$I9D21LU
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IABTVFE.r21
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IADFDZ3.r09
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IAGPE02.r05
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IAPTUTP
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IBL5HH4.r29
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IC1IUQ7.r14
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ICAW8MJ.r33
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ICGWFB2.r03
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ID08SMT.r03
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IF41WYJ.r25
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IF9TP2F.r04
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IFSWU6J.r26
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IG8IZEQ.r13
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IGE34ZK.r23
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IGHP0VC.r32
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IHAHKSQ
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IHJTTYJ
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IHRNRPE.r28
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IIG1HU5
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IIJ0B4G.r31
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IIP5BN1
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IJ1G8JB.r24
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IJ8HT85.r11
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IJBBAKL.com
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IKTQVCX.r00
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IL1T6SO
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ILH8MZ6
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ILKOZOT.r04
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ILQ53GM.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IMBFFTF.r17
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IMIN951.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IMPVU0E.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IMR6Z4X.avi
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$INVGI2J
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$INY75LF.rar
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IODNKSF
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IPI5S6Y
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IQDAT8V.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IQDZDEE.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IQOWTDK.r02
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IQQAGWJ.Company2-RELOADED
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IQXNJ3V.r12
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ISCKOMN.r10
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ISL6YXW.r30
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ISNUWAS.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$ITU9N7O
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IUBJB2A
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IVQHB8Q.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IW1U5Y3.r19
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IWE7KL1.r07
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IWO9YR1.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IWSZRF0.r02
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IX2I5AP.r05
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IXATT4W
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IXGMHIY.3(2010)-
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IXHL2WN.r06
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IXHPCXN
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IXNKMVN.r00
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IXZR2W2.r01
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IY3HNA9
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IYEMGTB.r08
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IYKBYRC
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$IZB1KRK.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R0D69WV.r15
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R0XHXST.r06
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R1C5E4R.avi
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R1JMLNO.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R1JW8PC.r22
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R1RQZ0K.r27
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R3U0BW8.r34
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R5CV7JJ.r20
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R5MCXS4.url
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R71I804.r01
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R8MY9C9.r16
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$R942CRU.r18
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RABTVFE.r21
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RADFDZ3.r09
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RAGPE02.r05
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RBL5HH4.r29
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RC1IUQ7.r14
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RCAW8MJ.r33
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RCGWFB2.r03
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RD08SMT.r03
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RF41WYJ.r25
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RF9TP2F.r04
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RFSWU6J.r26
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RG8IZEQ.r13
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RGE34ZK.r23
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RGHP0VC.r32
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RHRNRPE.r28
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RIJ0B4G.r31
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RJ1G8JB.r24
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RJ8HT85.r11
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RJBBAKL.com
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RKTQVCX.r00
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RLKOZOT.r04
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RLQ53GM.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RMBFFTF.r17
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RMIN951.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RMPVU0E.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RMR6Z4X.avi
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RNY75LF.rar
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RQDAT8V.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RQDZDEE.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RQOWTDK.r02
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RQXNJ3V.r12
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RSCKOMN.r10
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RSL6YXW.r30
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RSNUWAS.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RVQHB8Q.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RW1U5Y3.r19
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RWE7KL1.r07
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RWO9YR1.mp3
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RWSZRF0.r02
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RX2I5AP.r05
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RXHL2WN.r06
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RXNKMVN.r00
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RXZR2W2.r01
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RYEMGTB.r08
Deleted !! : C:\$Recycle.bin\S-1-5-21-3035152823-1659918106-1470383910-1001\$RZB1KRK.mp3

=======
Hosts :
=======

127.0.0.1 localhost

========
Registry
========

Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{32099AAC-C132-4136-9E9A-4E364A424E17}
Deleted : HKCR\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Deleted : HKCR\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Deleted : HKCR\interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Deleted : HKCR\interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Deleted : HKCR\interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Deleted : HKCU\SOFTWARE\avsoft
Deleted : HKCU\Software\avsuite
Deleted : HKLM\SOFTWARE\avsoft
Deleted : HKLM\SOFTWARE\avsuite
Deleted : HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Deleted : HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
=================
Internet Explorer
=================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Default_Search_URL REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL REG_SZ https://www.msn.com/fr-fr/?ocid=iehp
Search Page REG_SZ https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.com/?gws_rd=ssl
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

===============
Security Center
===============

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval REG_DWORD 1 (0x1)
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusDisableNotify REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusOverride REG_DWORD 1 (0x1)
FirewallOverride REG_DWORD 1 (0x1)

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 6 / 23
Utilisateur anonyme
7 mai 2010 à 01:09
desactive toutes tes protections , puis :

▶ Télécharge : Gmer (by Przemyslaw Gmerek)


▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

▶ sur les lignes rouge:

▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files
0
Réponse 7 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
9 mai 2010 à 18:12
pas de ligne rouge de vue.
voici le scan :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-09 18:07:21
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

SSDT 90FF5334 ZwCreateThread
SSDT 90FF5320 ZwOpenProcess
SSDT 90FF5325 ZwOpenThread
SSDT 90FF532F ZwTerminateProcess

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830142D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83013898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302C1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C44579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C68F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82C7084C 4 Bytes [34, 53, FF, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82C709E8 4 Bytes [20, 53, FF, 90] {AND [EBX-0x1], DL; NOP }
.text ntkrnlpa.exe!RtlSidHashLookup + 508 82C70A08 4 Bytes [25, 53, FF, 90]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82C70CB8 4 Bytes [2F, 53, FF, 90]
? System32\Drivers\spzx.sys Le chemin d'accès spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 92C30CA0 5 Bytes JMP 8629C1D8
.text ammrjc2d.SYS 92CF8000 12 Bytes [44, 68, 01, 83, EE, 66, 01, ...] {INC ESP; PUSH 0x66ee8301; ADD [EBX-0x7cfeb860], EAX}
.text ammrjc2d.SYS 92CF800D 9 Bytes [47, 01, 83, 48, 6B, 01, 83, ...] {INC EDI; ADD [EBX-0x7cfe94b8], EAX; ADD [EAX], AL}
.text ammrjc2d.SYS 92CF8017 103 Bytes [00, DE, 77, DA, 88, E6, 75, ...]
.text ammrjc2d.SYS 92CF807F 66 Bytes [82, 03, E4, C0, 82, E3, E4, ...]
.text ammrjc2d.SYS 92CF80C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 9C01FC9D 28 Bytes [8F, 1F, 40, 9E, 7C, FA, 51, ...]
.text peauth.sys 9C01FCC1 28 Bytes [8F, 1F, 40, 9E, 7C, FA, 51, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] ADVAPI32.dll!CryptDecrypt 768B2140 5 Bytes JMP 2806BB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] ADVAPI32.dll!CryptDeriveKey 768B2150 5 Bytes JMP 2806BAA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!SetWindowPlacement 75A18169 5 Bytes JMP 2806FB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!CreateDialogParamW 75A19BFF 5 Bytes JMP 2806FC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!SetWindowRgn 75A1B29A 4 Bytes JMP 2806FBD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!SetWindowRgn + 5 75A1B29F 2 Bytes [CC, CC] {INT 3 ; INT 3 }
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!CreateWindowExW 75A20E51 5 Bytes JMP 2806DB70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!LoadIconW 75A21431 5 Bytes JMP 28070460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!LoadImageW 75A22323 5 Bytes JMP 280702E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!GetWindowLongW 75A283A9 7 Bytes JMP 28070590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!PeekMessageW 75A291B5 5 Bytes JMP 2806E590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!TrackPopupMenuEx 75A45F72 5 Bytes JMP 2806EC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] USER32.dll!MessageBoxIndirectW 75A6E9C3 5 Bytes JMP 2806FE80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WS2_32.dll!closesocket 76813BED 5 Bytes JMP 28074BA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WS2_32.dll!recv 768147DF 5 Bytes JMP 28074580 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WS2_32.dll!WSASend 768168A7 5 Bytes JMP 280749D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WS2_32.dll!WSARecv 7681C29F 5 Bytes JMP 280746B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WS2_32.dll!send 7681C4C8 5 Bytes JMP 28074860 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] SHELL32.dll!Shell_NotifyIconW 75BDFBA1 5 Bytes JMP 2806D260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] ole32.dll!CoRegisterClassObject 76F611F5 5 Bytes JMP 2806C9D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] ole32.dll!CoInitializeEx 76F90804 5 Bytes JMP 2806C8D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] ole32.dll!CoCreateInstance 76FA57FC 5 Bytes JMP 2806CC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WININET.dll!InternetCloseHandle 7692C87E 5 Bytes JMP 28073940 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WININET.dll!InternetReadFile 7692E2A4 2 Bytes JMP 28073800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WININET.dll!InternetReadFile + 3 7692E2A7 2 Bytes [74, B1] {JZ 0xffffffffffffffb3}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WININET.dll!HttpOpenRequestA 7693043A 5 Bytes JMP 280736A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] WININET.dll!HttpSendRequestA 769A011C 5 Bytes JMP 280738A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3376] ntdll.dll!LdrLoadDll 7710F585 5 Bytes JMP 012A13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88CAB042] \SystemRoot\System32\Drivers\spzx.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88CAB6D6] \SystemRoot\System32\Drivers\spzx.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88CAB800] \SystemRoot\System32\Drivers\spzx.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88CAB13E] \SystemRoot\System32\Drivers\spzx.sys
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\ammrjc2d.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\a-squared Free\a2service.exe[1996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [004548B0] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1996] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00454AB4] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [004548B0] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00454AB4] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75155D3D] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75155D3D] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75155D3D] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75155D3D] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75155D3D] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75155D3D] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2124] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75155D3D] C:\Windows\system32\apphelp.dll (Fichier DLL du client de compatibilité des applications/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E751F8
Device \Driver\volmgr \Device\VolMgrControl 84E711F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6BC3A45F-4B2D-4E28-850D-2CB56171D2CA} 8614E1F8
Device \Driver\usbuhci \Device\USBPDO-0 862581F8
Device \Driver\sptd \Device\4269720383 spzx.sys
Device \Driver\usbuhci \Device\USBPDO-1 862581F8
Device \Driver\usbuhci \Device\USBPDO-2 862581F8
Device \Driver\PCI_PNP6382 \Device\00000053 spzx.sys
Device \Driver\usbehci \Device\USBPDO-3 8622B500
Device \Driver\usbuhci \Device\USBPDO-4 862581F8
Device \Driver\usbuhci \Device\USBPDO-5 862581F8
Device \Driver\usbuhci \Device\USBPDO-6 862581F8
Device \Driver\volmgr \Device\HarddiskVolume1 84E711F8
0
Réponse 8 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
9 mai 2010 à 18:14
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 8622B500
Device \Driver\cdrom \Device\CdRom0 861661F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84E731F8
Device \Driver\atapi \Device\Ide\IdePort0 84E731F8
Device \Driver\atapi \Device\Ide\IdePort1 84E731F8
Device \Driver\atapi \Device\Ide\IdePort2 84E731F8
Device \Driver\atapi \Device\Ide\IdePort3 84E731F8
Device \Driver\atapi \Device\Ide\IdePort4 84E731F8
Device \Driver\atapi \Device\Ide\IdePort5 84E731F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-a 84E731F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8614E1F8
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 862581F8
Device \Driver\usbuhci \Device\USBFDO-1 862581F8
Device \Driver\usbuhci \Device\USBFDO-2 862581F8
Device \Driver\usbehci \Device\USBFDO-3 8622B500
Device \Driver\usbuhci \Device\USBFDO-4 862581F8
Device \Driver\usbuhci \Device\USBFDO-5 862581F8
Device \Driver\usbuhci \Device\USBFDO-6 862581F8
Device \Driver\usbehci \Device\USBFDO-7 8622B500
Device \Driver\ammrjc2d \Device\Scsi\ammrjc2d1 864A11F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x43 0xE6 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0x61 0xE3 0x26 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7C 0x9A 0xF1 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x43 0xE6 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0x61 0xE3 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7C 0x9A 0xF1 0x83 ...

---- EOF - GMER 1.0.15 ----
0
Réponse 9 / 23
Utilisateur anonyme
Modifié par gen-hackman le 9/05/2010 à 19:52
▶ Télécharge ZHPDiag (de Nicolas Coolman)

ou :ZHPDiag

Enregistre le sur ton Bureau.

Une fois le téléchargement achevé,

▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.

▶ Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.

▶ Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse,

▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.
?G3?-?@¢??@?(TM)©®?
0
Réponse 10 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
9 mai 2010 à 20:03
http://www.cijoint.fr/cjlink.php?file=cj201005/cijUN32Rpk.txt
0
Réponse 11 / 23
Utilisateur anonyme
9 mai 2010 à 20:44
tu n' as pas coché toutes les options
0
Réponse 12 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
9 mai 2010 à 23:48
désolé voici le bon rapport :

http://www.cijoint.fr/cjlink.php?file=cj201005/cijknwAzLQ.txt
0
Réponse 13 / 23
Utilisateur anonyme
10 mai 2010 à 00:07
▶ Relance ZHPDiag ( Clic droit " Executer en tant qu'administrateur " sous vista )

▶ fais un scan puis cette fois-ci cliques sur l'icone en forme d'écusson vert "ZHPFix".

▶ ZHPFix se lancera, clique maintenant sur le "H" bleu ( coller les lignes helper )

▶ copie/colle ce qui se trouve en gras ci dessous:

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM]
O42 - Logiciel: SweetIM Toolbar for Internet Explorer 3.6 - (.SweetIM Technologies Ltd..) [HKLM]
[HKCU\Software\AskSearchAsst]

▶ Clique sur "Ok" , puis "Tous" et enfin "Nettoyer".

▶ Copie/Colle le rapport à l'écran dans ton prochain message
0
Réponse 14 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
10 mai 2010 à 00:13
ca me met ca lorsque je clique sur nettoyer

http://www.cijoint.fr/cjlink.php?file=cj201005/cij65yKHyi.png
0
Réponse 15 / 23
Utilisateur anonyme
10 mai 2010 à 00:20
tu as bien lancé zhpdiag avec le clic droit "executer en tant que...." ??
0
Réponse 16 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
10 mai 2010 à 13:53
oui mais ce message apparait lorsque je fais nettoyer.
0
Réponse 17 / 23
Utilisateur anonyme
10 mai 2010 à 14:23
ok refais le juste avec ceci :

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM]
[HKCU\Software\AskSearchAsst]
0
Réponse 18 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
10 mai 2010 à 14:35
ZHPFix v1.12.3099 by Nicolas Coolman - Rapport de suppression du 10/05/2010 14:33:36
Fichier d'export Registre : C:\ZHPExportRegistry-10-05-2010-14-33-36.txt
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Contact : nicolascoolman@yahoo.fr

Processus mémoire :
(Néant)

Module mémoire :
(Néant)

Clé du Registre :
HKCU\Software\AskSearchAsst => Clé absente

Valeur du Registre :
(Néant)

Elément de données du Registre :
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified => Donnée supprimée avec succès
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: Modified => Donnée supprimée avec succès

Préférences navigateur :
(Néant)

Dossier :
(Néant)

Fichier :
(Néant)

Logiciel :
O42 - Logiciel: DAEMON Tools Toolbar - (.DT Soft Ltd.) [HKLM] => Logiciel absent

Script Registre :
(Néant)

Master Boot Record :
(Néant)

Autre :
(Néant)


Récapitulatif :
Processus mémoire : 0
Module mémoire : 0
Clé du Registre : 1
Valeur du Registre : 0
Elément de données du Registre : 2
Dossier : 0
Fichier : 0
Logiciel : 1
Master Boot Record : 0
Préférences navigateur : 0
Autre : 0


End of the scan
0
Réponse 19 / 23
Utilisateur anonyme
10 mai 2010 à 14:41
▶ Relance List&Kill'em(soit en clic droit pour vista / 7),avec le raccourci sur ton bureau.

mais cette fois-ci :

▶ choisis l'option Command lines

un document texte va s'ouvrir à l'apparition de : Text Please

▶copie/colle le texte en gras ci-dessous :

mbr -t >> a.txt
notepad a.txt
del /F/Q a.txt
del /F/Q mbr.log

ensuite onglet "Fichier" clic sur enregistrer , puis ferme ce bloc notes

Laisse travailler l'outil

à la fin un rapport s'ouvre ,

▶ poste le resultat
0
Réponse 20 / 23
guzi69 Messages postés 20 Date d'inscription mercredi 5 mai 2010 Statut Membre Dernière intervention 15 juillet 2010
10 mai 2010 à 15:14
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0