Virus chez Capdec

Résolu
Capdec -  
 Capdec -
Bonjour,

Voici le rapport de scan de BitDefender. Quelqu'un peut-il m'aider ?

BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Jan 30, 2009 - 17:51:14

Scan Info
Scanned Files : 1089533
Infected Files : 3
Virus Detected :
- Trojan.Spy.Goldun.NDK : 2
- Application.VTesttool.A : 1

Merci.
A voir également:

305 réponses

Précédent
Réponse 221 / 305
Capdec
 
Je suis vraiment désolé et en colère (contre moi-même), mais je suis coincé...

J'ai désinstallé le programme en question. Faut-il que je recommence Ad-remover ?
0
Réponse 222 / 305
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Non à priori c'est bon Ad remover a bien travaillé.On va faire sdfix voir si tu n'as pas d'atres verroles

Télécharge SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://download.bleepingcomputer.com/andymanchesta/SDFix.exe­
ou ici http://sdfix.net/SDFix.exe

--> Double-clique sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...


Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse
0
Réponse 223 / 305
Capdec
 
Por favor...

------- LOGFILE OF AD-REMOVER 1.1.1.5 | ONLY XP/VISTA -------

Updated by C_XX on 25/02/2009 at 20:30

Start at: 17:04:14 | Dim 01/03/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: HP-BARREAU
Current User: Jean-Louis - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- I:\ (File System: FAT)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 72

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

.

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Other Adwares Found:

.
.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: onxyldj7.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Ask"
Prefs.js: Browser.Search.SelectedEngine: "DAEMON Search"
.
.
Invalidprefs.js: Browser.Search.DefaultEngineName: "Ask"
Invalidprefs.js: Browser.Search.SelectedEngine: "DAEMON Search"
.
(Invalidprefs.js) FOUND: user_pref("browser.startup.homepage", "http://y.lo.st");
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.google.fr/

+-[HKEY_USERS\S-1-5-21-1957994488-1532298954-682003330-1004\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.google.fr/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~2464 Bytes] - C:\Ad-Report-Clean-01.03.2009.log
[~2417 Bytes] - C:\Ad-Report-Scan-01.03.2009.log

- C:\Program Files\Ad-remover\TOOLS\BACKUP
- C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 17:07:05 | 01/03/2009
.
+-----------------| E.O.F - 61 Lines
.
0
Réponse 224 / 305
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
C'est bon ,tu peux faire Sdfix
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 225 / 305
Capdec
 
[b]SDFix: Version 1.240 [/b]
Run by Jean-Louis on 01/03/2009 at 17:26

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 17:45:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:c9b58033
"s2"=dword:a76503f8
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:0f,63,0d,96,74,3d,ab,02,33,68,9c,cb,85,b4,8c,24,dc,b4,63,41,e7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,2a,b1,33,7b,0b,36,5e,c7,2d,13,81,45,d3,cc,36,c5,72,e8,64,59,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,75,24,6e,3a,e2,d2,36,3e,75,68,cb,e9,53,76,69,2e,0b,..
"khjeh"=hex:dd,91,65,59,0a,21,4b,d8,86,0b,be,9d,60,36,84,e3,76,e7,a5,50,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:23,08,32,a6,5b,e3,70,3b,9f,92,73,d3,ad,14,72,e4,1c,0e,f6,c2,1d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bd,c9,78,23,da,7b,1b,7d,85,33,d6,06,6b,1a,ee,b5,c3,..
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:27,7a,56,50,d0,bf,28,16,39,60,3f,71,db,69,fa,95,b0,14,f6,9c,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:f5,a4,ed,4e,70,fc,f8,52,06,d9,50,18,93,df,c8,81,c4,a7,79,3b,95,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2e,52,c1,04,38,47,4a,5e,c7,58,29,2b,52,1f,ff,73,09,c7,36,28,dd,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,8e,b6,9a,6a,e7,cc,f6,53,7a,9f,28,c7,2e,0a,6f,f2,e0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:64,8b,fb,8a,45,7a,6f,a4,29,3d,73,aa,56,97,48,e3,ba,15,d2,3d,96,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:0f,63,0d,96,74,3d,ab,02,33,68,9c,cb,85,b4,8c,24,dc,b4,63,41,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="D:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:64,8b,fb,8a,45,7a,6f,a4,29,3d,73,aa,56,97,48,e3,ba,15,d2,3d,96,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:0f,63,0d,96,74,3d,ab,02,33,68,9c,cb,85,b4,8c,24,dc,b4,63,41,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,2a,b1,33,7b,0b,36,5e,c7,2d,13,81,45,d3,cc,36,c5,72,e8,64,59,..
"p0"="D:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,75,24,6e,3a,e2,d2,36,3e,75,68,cb,e9,53,76,69,2e,0b,..
"khjeh"=hex:dd,91,65,59,0a,21,4b,d8,86,0b,be,9d,60,36,84,e3,76,e7,a5,50,dd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 3 May 2006 163,328 A.SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 A.SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 A.SH. --- "C:\WINDOWS\system32\Smab0.dll"
Wed 14 Jan 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Fri 13 Aug 2004 1,953,792 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
Fri 13 Aug 2004 53,760 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
Fri 13 Aug 2004 94,208 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
Mon 16 Aug 2004 35,328 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
Fri 13 Aug 2004 20,480 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
Sun 28 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 1 Apr 2008 77,824 A..H. --- "C:\_OTMoveIt\MovedFiles\02282009_152330\Program Files\Winferno\PC Confidential\DeleteIndex.exe"
Tue 1 Apr 2008 73,728 A..H. --- "C:\_OTMoveIt\MovedFiles\02282009_152330\Program Files\Winferno\PC Confidential\PCCBHO.dll"

[b]Finished![/b]
0
Réponse 226 / 305
Capdec
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:01, on 01/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
D:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
D:\Program Files\Seagate\Sync\SeaSyncServices.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Range-Notes\Range-Notes.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Clavier+\Clavier.exe
D:\Program Files\Babylon\Babylon-Pro\Babylon.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jean-Louis\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hideupv.univ-montp3.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Babylon Client] D:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "D:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Range-Notes] C:\Program Files\Range-Notes\Range-Notes.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Clavier+] D:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Babylon.exe.lnk = D:\Program Files\Babylon\Babylon-Pro\Babylon.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Translate with &Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - D:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 227 / 305
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
c:\windows\system32\smab0.dll


:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 228 / 305
Capdec
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\Smab0.dll
c:\windows\system32\Smab0.dll NOT unregistered.
c:\windows\system32\Smab0.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\etilqs_FU0Q62Fv3LjQU01gW9gB scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF39C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF43C8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF54BD.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET4503.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03012009_180416

Files moved on Reboot...
File C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\etilqs_FU0Q62Fv3LjQU01gW9gB not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll NOT unregistered.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll moved successfully.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF39C3.tmp moved successfully.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF43C8.tmp moved successfully.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF54BD.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\JET4503.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat not found!
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\XUL.mfl moved successfully.
0
Réponse 229 / 305
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
_________________________________________________

Ensuite mets a jour superantispyware et fais un scan complet et postes moi le rapport
0
Réponse 230 / 305
Capdec
 
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\SdFix.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !


Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !
---------------------------------
-->- Suppression:
C:\Documents and Settings\Jean-Louis\Bureau\HijackThis.exe: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\SdFix.exe: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\ToolBarSD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: ERREUR DE SUPPRESSION !!
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
0
Réponse 231 / 305
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
C:\_OtMoveIt: ERREUR DE SUPPRESSION !!

Supprimes à la main Ot moveit
0
Réponse 232 / 305
Capdec
 
Je n'arrive pas à supprimer C:\OtMoveIt ainsi que son contenu. Que dois-je faire d'autre ?
0
Réponse 233 / 305
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Bon,tu le supprimeras en mode sans echec.Fais le scan superantispyware apres mise a jour et postes moi le rapport
0
Réponse 234 / 305
Capdec
 
En attendant le résultat du scan de SUPERAntiSpyware (encourageant pour le moment), j'ai une autre petite question par rapport à Firefox : avant mes derniers ennuis ma page d'accueil était

https://www.google.fr/?gws_rd=ssl

mais depuis que j'ai viré (mometanément ?) Foxmarks celle-ci est devenue

https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:official&gws_rd=ssl

et pas moyen de la changer (Outils > Options > Général > Page d'accueil). As-tu un truc pour revenir à la situation antérieure (qui était simplement plus pratique pour moi) ? Merci.
0
Réponse 235 / 305
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Ben si tu saisi l'adresse google dans la page d'acceuil et que tu valides ,cela doit marcher,non?
0
Réponse 236 / 305
Capdec
 
Eh non, ce serait là aussi trop facile... C'est toujours

https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:official&gws_rd=ssl

qui revient à la charge.
0
Réponse 237 / 305
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
C'est a dire que tu demarres par la page par defaut de firefox ou il te demande de saisir une recherche?
0
Réponse 238 / 305
Capdec
 
Je démarre toujours par la page par défaut (https://www.google.fr/?gws_rd=ssl jusqu'il y peu...

Je retourne voir où en est le scan. A+
0
Réponse 239 / 305
Capdec
 
Le scan SUPERAntiSpyware est terminé. Aucun élément nuisible n'a été détecté.

¿Algo más?
0
Réponse 240 / 305
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Hahaha,no mas,voy a ver una pelicula.

J'arrette pour ce soir car je suis hs.Fais tool cleaner pour supprimer les logiciels de desinfection (gardes malwarebytes et superantispware bien sur).On la peut etre deja fait!!

Bonne fin de soirée
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses