Virus chez Capdec
Résolu
Capdec
-
Capdec -
Capdec -
Bonjour,
Voici le rapport de scan de BitDefender. Quelqu'un peut-il m'aider ?
BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Jan 30, 2009 - 17:51:14
Scan Info
Scanned Files : 1089533
Infected Files : 3
Virus Detected :
- Trojan.Spy.Goldun.NDK : 2
- Application.VTesttool.A : 1
Merci.
Voici le rapport de scan de BitDefender. Quelqu'un peut-il m'aider ?
BitDefender Online Scanner - Real Time Virus Report
Generated at: Fri, Jan 30, 2009 - 17:51:14
Scan Info
Scanned Files : 1089533
Infected Files : 3
Virus Detected :
- Trojan.Spy.Goldun.NDK : 2
- Application.VTesttool.A : 1
Merci.
A voir également:
- Virus chez Capdec
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Altruistic virus ✓ - Forum Antivirus
305 réponses
Merci a toi aussi et bon surf.Hasta luego
Utilisateur anonyme
Hasta luego compañero/a (?). Gracias por todo.
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jean-Louis at 2009-02-25 18:24:13
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 13 GB (32%) free of 40 GB
Total RAM: 1278 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24, on 25/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
D:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Seagate\Sync\SeaSyncServices.exe
D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Range-Notes\Range-Notes.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
D:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Clavier+\Clavier.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Babylon\Babylon-Pro\Babylon.exe
D:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Jean-Louis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hideupv.univ-montp3.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Babylon Client] D:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "D:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Range-Notes] C:\Program Files\Range-Notes\Range-Notes.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Clavier+] D:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Babylon.exe.lnk = D:\Program Files\Babylon\Babylon-Pro\Babylon.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Translate with &Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - (no file)
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - D:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Run by Jean-Louis at 2009-02-25 18:24:13
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 13 GB (32%) free of 40 GB
Total RAM: 1278 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24, on 25/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
D:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Seagate\Sync\SeaSyncServices.exe
D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Range-Notes\Range-Notes.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
D:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Clavier+\Clavier.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Babylon\Babylon-Pro\Babylon.exe
D:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Jean-Louis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hideupv.univ-montp3.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Babylon Client] D:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "D:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Range-Notes] C:\Program Files\Range-Notes\Range-Notes.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Clavier+] D:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Clavier+\Clavier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Babylon.exe.lnk = D:\Program Files\Babylon\Babylon-Pro\Babylon.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Translate with &Babylon - res://D:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - (no file)
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - D:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option "1" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option "1" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
Voici comme prévu le rapport 1 ToolBar.
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Ver 1.00PARTTBL;
USER : Jean-Louis ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : PC Tools Firewall Plus 4.0.0 (Activated)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:12 Go)
D:\ (Local Disk) - NTFS - Total:35 Go (Free:26 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB) - FAT - Total:245 Mo (Free:0 Go)
I:\ (USB) - FAT - Total:1960 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 25/02/2009|18:32 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
-----------\\ Extensions
(Jean-Louis) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Jean-Louis) - {b055c535-4a3a-11db-9659-00e08161165f} => mediadicotoolbar
(Jean-Louis) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 25/02/2009|18:34 - Option : [1]
-----------\\ Fin du rapport a 18:34:43,51
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Ver 1.00PARTTBL;
USER : Jean-Louis ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : PC Tools Firewall Plus 4.0.0 (Activated)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:12 Go)
D:\ (Local Disk) - NTFS - Total:35 Go (Free:26 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB) - FAT - Total:245 Mo (Free:0 Go)
I:\ (USB) - FAT - Total:1960 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 25/02/2009|18:32 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
-----------\\ Extensions
(Jean-Louis) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Jean-Louis) - {b055c535-4a3a-11db-9659-00e08161165f} => mediadicotoolbar
(Jean-Louis) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 25/02/2009|18:34 - Option : [1]
-----------\\ Fin du rapport a 18:34:43,51
Je me demande d'où sort cet AskBardis qui est supprimé à chaque fois... et qui revient.
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Ver 1.00PARTTBL;
USER : Jean-Louis ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : PC Tools Firewall Plus 4.0.0 (Activated)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:12 Go)
D:\ (Local Disk) - NTFS - Total:35 Go (Free:26 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB) - FAT - Total:245 Mo (Free:0 Go)
I:\ (USB) - FAT - Total:1960 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 25/02/2009|18:45 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Jean-Louis) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Jean-Louis) - {b055c535-4a3a-11db-9659-00e08161165f} => mediadicotoolbar
(Jean-Louis) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 25/02/2009|18:34 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/02/2009|18:49 - Option : [2]
-----------\\ Fin du rapport a 18:49:19,78
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Ver 1.00PARTTBL;
USER : Jean-Louis ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
Firewall : PC Tools Firewall Plus 4.0.0 (Activated)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:12 Go)
D:\ (Local Disk) - NTFS - Total:35 Go (Free:26 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB) - FAT - Total:245 Mo (Free:0 Go)
I:\ (USB) - FAT - Total:1960 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 25/02/2009|18:45 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Jean-Louis) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Jean-Louis) - {b055c535-4a3a-11db-9659-00e08161165f} => mediadicotoolbar
(Jean-Louis) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 25/02/2009|18:34 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/02/2009|18:49 - Option : [2]
-----------\\ Fin du rapport a 18:49:19,78
As tu telechargé un logiciel denommé windefender?
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
C:\Program Files\AskBardis
C:\Program Files\Freeze.com
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
explorer.exe
:files
C:\Program Files\AskBardis
C:\Program Files\Freeze.com
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\AskBardis not found.
C:\Program Files\Freeze.com\Twinkling Stars moved successfully.
C:\Program Files\Freeze.com moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\etilqs_gyCILXcqWSpV0cdRl0pO scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF2C8F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF802A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DFD2C8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETC82D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_368.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02252009_193119
Files moved on Reboot...
File C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\etilqs_gyCILXcqWSpV0cdRl0pO not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll NOT unregistered.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll moved successfully.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF2C8F.tmp moved successfully.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF802A.tmp moved successfully.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DFD2C8.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\JETC82D.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_368.dat not found!
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\XUL.mfl moved successfully.
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\AskBardis not found.
C:\Program Files\Freeze.com\Twinkling Stars moved successfully.
C:\Program Files\Freeze.com moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\etilqs_gyCILXcqWSpV0cdRl0pO scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF2C8F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF802A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DFD2C8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETC82D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_368.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02252009_193119
Files moved on Reboot...
File C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\etilqs_gyCILXcqWSpV0cdRl0pO not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll NOT unregistered.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\IadHide4.dll moved successfully.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF2C8F.tmp moved successfully.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DF802A.tmp moved successfully.
C:\DOCUME~1\JEAN-L~1\LOCALS~1\Temp\~DFD2C8.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\JETC82D.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_368.dat not found!
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jean-Louis\Local Settings\Application Data\Mozilla\Firefox\Profiles\onxyldj7.default\XUL.mfl moved successfully.
Ben tu dois aller sur un site qui te le refile en cadeau
As tu telechargé un logiciel denommé windefender?
As tu telechargé un logiciel denommé windefender?
Je n'ai pas le souvenir d'avoir téléchargé un logiciel appelé WinDefender. Par contre j'en ai un qui est Windows Defender...
Par ailleurs je ne comprend pas très bien où tu veux en venir en me disant d'aller sur un site qui me le "refile en cadeau". Pourquoi faire ? Cela pourrait-il aider à régler mon problème ?
À bientôt.
Par ailleurs je ne comprend pas très bien où tu veux en venir en me disant d'aller sur un site qui me le "refile en cadeau". Pourquoi faire ? Cela pourrait-il aider à régler mon problème ?
À bientôt.
1/Télécharge ToolsCleaner2 sur ton Bureau.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2/fais un scan en ligne avec BITDEFENDER
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Utilises IE,acceptes l'active x,installes le scanner et scan ton ordinateur (le scan devrait durer
entre 1 et 3 heures) et postes moi le rapport
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2/fais un scan en ligne avec BITDEFENDER
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Utilises IE,acceptes l'active x,installes le scanner et scan ton ordinateur (le scan devrait durer
entre 1 et 3 heures) et postes moi le rapport
Non je disais cela car askbar est une verrolle et cela fait trois fois qu'on la vire.Donc tu dois peut etre aller sur un site "clean" qui te la refile en douce.Y'a un truc qui est pas normal la
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\TB.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: trouvé !
Corbeille vidée!
Fichiers temporaires nettoyés !
Point de restauration crée !
---------------------------------
-->- Suppression:
C:\TB.txt: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
-->- Recherche:
C:\TB.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: trouvé !
Corbeille vidée!
Fichiers temporaires nettoyés !
Point de restauration crée !
---------------------------------
-->- Suppression:
C:\TB.txt: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
======================== SDFIX ========================
• Télécharger sur le bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
• Double-Click sur le fichier SDFix.EXE et se laisser guider pour l'installation
• Le programme s'installe dans le répertoire C:\SDFix
Il est indispensable d'effectuer le nettoyage avec SDFix en mode sans échec.
------
• Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
• Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
• Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
• Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
• Une fois en mode sans échec, cliquer sur le menu Démarrer puis Exécuter et coller la commande suivant : C:\SDFix\RunThis.bat
• Taper Y puis appuyer sur la touche Entrée du clavier, afin de lancer le nettoyage !
• SDFix va procéder au nettoyage, patience...cela peut durer une trentaine de minutes
• Une fenêtre indique que SDFix doit redémarrer l'ordinateur afin de terminer le nettoyage.
-------
• Appuyer sur une touche du clavier pour redémarrer le PC.
• Au redémarrage du PC, SDFix indique que le nettoyage est terminé.
• Appuyer sur une touche du clavier afin d'ouvrir le rapport créé par SDFix.
• Il peut être enregistré si besoin, par exemple si on demande de le poster sur un forum (menu Edition / Enregistrer sous).
• Sans quoi le rapport sera quand même sauvegardé dans le fichier suivant : Report.txt
dans le dossier SDFix (ex : C:\SDFix\Report.txt).
• Télécharger sur le bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
• Double-Click sur le fichier SDFix.EXE et se laisser guider pour l'installation
• Le programme s'installe dans le répertoire C:\SDFix
Il est indispensable d'effectuer le nettoyage avec SDFix en mode sans échec.
------
• Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
• Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
• Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
• Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
• Une fois en mode sans échec, cliquer sur le menu Démarrer puis Exécuter et coller la commande suivant : C:\SDFix\RunThis.bat
• Taper Y puis appuyer sur la touche Entrée du clavier, afin de lancer le nettoyage !
• SDFix va procéder au nettoyage, patience...cela peut durer une trentaine de minutes
• Une fenêtre indique que SDFix doit redémarrer l'ordinateur afin de terminer le nettoyage.
-------
• Appuyer sur une touche du clavier pour redémarrer le PC.
• Au redémarrage du PC, SDFix indique que le nettoyage est terminé.
• Appuyer sur une touche du clavier afin d'ouvrir le rapport créé par SDFix.
• Il peut être enregistré si besoin, par exemple si on demande de le poster sur un forum (menu Edition / Enregistrer sous).
• Sans quoi le rapport sera quand même sauvegardé dans le fichier suivant : Report.txt
dans le dossier SDFix (ex : C:\SDFix\Report.txt).
Voici.
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\TB.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: trouvé !
Corbeille vidée!
Fichiers temporaires nettoyés !
Point de restauration crée !
---------------------------------
-->- Suppression:
C:\TB.txt: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\TB.txt: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: trouvé !
Corbeille vidée!
Fichiers temporaires nettoyés !
Point de restauration crée !
---------------------------------
-->- Suppression:
C:\TB.txt: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Jean-Louis\Bureau\Outils Maintenance\Rsit.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
Je n'en peux plus. Je vais me coucher. Merci pout tout. À demain pour la suite.
Bonne nuit les petits :)
Bonne nuit les petits :)
Bonjour,
Voici (enfin) le rapport rendu par SDFix.
------------------------------------------------------
[b]SDFix: Version 1.240 [/b]
Run by Jean-Louis on 26/02/2009 at 09:11
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 09:31:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:c9b58033
"s2"=dword:a76503f8
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:0f,63,0d,96,74,3d,ab,02,33,68,9c,cb,85,b4,8c,24,dc,b4,63,41,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,2a,b1,33,7b,0b,36,5e,c7,2d,13,81,45,d3,cc,36,c5,72,e8,64,59,..
"p0"="D:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,75,24,6e,3a,e2,d2,36,3e,75,68,cb,e9,53,76,69,2e,0b,..
"khjeh"=hex:dd,91,65,59,0a,21,4b,d8,86,0b,be,9d,60,36,84,e3,76,e7,a5,50,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:23,08,32,a6,5b,e3,70,3b,9f,92,73,d3,ad,14,72,e4,1c,0e,f6,c2,1d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bd,c9,78,23,da,7b,1b,7d,85,33,d6,06,6b,1a,ee,b5,c3,..
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:27,7a,56,50,d0,bf,28,16,39,60,3f,71,db,69,fa,95,b0,14,f6,9c,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:f5,a4,ed,4e,70,fc,f8,52,06,d9,50,18,93,df,c8,81,c4,a7,79,3b,95,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2e,52,c1,04,38,47,4a,5e,c7,58,29,2b,52,1f,ff,73,09,c7,36,28,dd,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,8e,b6,9a,6a,e7,cc,f6,53,7a,9f,28,c7,2e,0a,6f,f2,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:64,8b,fb,8a,45,7a,6f,a4,29,3d,73,aa,56,97,48,e3,ba,15,d2,3d,96,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:0f,63,0d,96,74,3d,ab,02,33,68,9c,cb,85,b4,8c,24,dc,b4,63,41,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="D:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:64,8b,fb,8a,45,7a,6f,a4,29,3d,73,aa,56,97,48,e3,ba,15,d2,3d,96,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:0f,63,0d,96,74,3d,ab,02,33,68,9c,cb,85,b4,8c,24,dc,b4,63,41,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,2a,b1,33,7b,0b,36,5e,c7,2d,13,81,45,d3,cc,36,c5,72,e8,64,59,..
"p0"="D:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,75,24,6e,3a,e2,d2,36,3e,75,68,cb,e9,53,76,69,2e,0b,..
"khjeh"=hex:dd,91,65,59,0a,21,4b,d8,86,0b,be,9d,60,36,84,e3,76,e7,a5,50,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Wed 3 May 2006 163,328 A.SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 A.SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 A.SH. --- "C:\WINDOWS\system32\Smab0.dll"
Wed 14 Jan 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Fri 13 Aug 2004 1,953,792 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
Fri 13 Aug 2004 53,760 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
Fri 13 Aug 2004 94,208 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
Mon 16 Aug 2004 35,328 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
Fri 13 Aug 2004 20,480 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
Tue 1 Apr 2008 77,824 A..H. --- "C:\Program Files\Winferno\PC Confidential\DeleteIndex.exe"
Tue 1 Apr 2008 73,728 A..H. --- "C:\Program Files\Winferno\PC Confidential\PCCBHO.dll"
Sun 28 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
[b]Finished![/b]
Voici (enfin) le rapport rendu par SDFix.
------------------------------------------------------
[b]SDFix: Version 1.240 [/b]
Run by Jean-Louis on 26/02/2009 at 09:11
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 09:31:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:c9b58033
"s2"=dword:a76503f8
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:0f,63,0d,96,74,3d,ab,02,33,68,9c,cb,85,b4,8c,24,dc,b4,63,41,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,2a,b1,33,7b,0b,36,5e,c7,2d,13,81,45,d3,cc,36,c5,72,e8,64,59,..
"p0"="D:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,75,24,6e,3a,e2,d2,36,3e,75,68,cb,e9,53,76,69,2e,0b,..
"khjeh"=hex:dd,91,65,59,0a,21,4b,d8,86,0b,be,9d,60,36,84,e3,76,e7,a5,50,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:23,08,32,a6,5b,e3,70,3b,9f,92,73,d3,ad,14,72,e4,1c,0e,f6,c2,1d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,bd,c9,78,23,da,7b,1b,7d,85,33,d6,06,6b,1a,ee,b5,c3,..
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:27,7a,56,50,d0,bf,28,16,39,60,3f,71,db,69,fa,95,b0,14,f6,9c,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:f5,a4,ed,4e,70,fc,f8,52,06,d9,50,18,93,df,c8,81,c4,a7,79,3b,95,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:2e,52,c1,04,38,47,4a,5e,c7,58,29,2b,52,1f,ff,73,09,c7,36,28,dd,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,8e,b6,9a,6a,e7,cc,f6,53,7a,9f,28,c7,2e,0a,6f,f2,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:db,ee,85,8e,5d,b3,c5,2c,3b,17,e1,a9,50,f5,94,e8,92,1d,49,26,50,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:64,8b,fb,8a,45,7a,6f,a4,29,3d,73,aa,56,97,48,e3,ba,15,d2,3d,96,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:0f,63,0d,96,74,3d,ab,02,33,68,9c,cb,85,b4,8c,24,dc,b4,63,41,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cd,d5,cc,ef,6a,f4,a4,4f,44,52,7f,08,82,7a,5d,ad,d2,8b,8e,1b,05,..
"p0"="D:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:64,8b,fb,8a,45,7a,6f,a4,29,3d,73,aa,56,97,48,e3,ba,15,d2,3d,96,..
"a0"=hex:20,01,00,00,1c,0b,4a,60,6d,20,e7,1d,bc,f1,e2,38,40,c2,85,25,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2d,8b,df,39,01,8b,22,c4,20,bb,31,a0,6e,26,fb,9e,9e,3d,ad,48,7a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:0f,63,0d,96,74,3d,ab,02,33,68,9c,cb,85,b4,8c,24,dc,b4,63,41,e7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:01,2a,b1,33,7b,0b,36,5e,c7,2d,13,81,45,d3,cc,36,c5,72,e8,64,59,..
"p0"="D:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,75,24,6e,3a,e2,d2,36,3e,75,68,cb,e9,53,76,69,2e,0b,..
"khjeh"=hex:dd,91,65,59,0a,21,4b,d8,86,0b,be,9d,60,36,84,e3,76,e7,a5,50,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:48,c2,1a,58,86,9d,37,2a,e5,91,b5,33,7e,a0,4b,d4,d1,aa,7b,d3,0e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\SysmonLog\Log Queries]
"Defaults Installed"=dword:00000000
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Wed 3 May 2006 163,328 A.SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 A.SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 A.SH. --- "C:\WINDOWS\system32\Smab0.dll"
Wed 14 Jan 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Fri 13 Aug 2004 1,953,792 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"
Fri 13 Aug 2004 53,760 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"
Fri 13 Aug 2004 94,208 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"
Mon 16 Aug 2004 35,328 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"
Fri 13 Aug 2004 20,480 A..HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"
Tue 1 Apr 2008 77,824 A..H. --- "C:\Program Files\Winferno\PC Confidential\DeleteIndex.exe"
Tue 1 Apr 2008 73,728 A..H. --- "C:\Program Files\Winferno\PC Confidential\PCCBHO.dll"
Sun 28 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
[b]Finished![/b]
1/
............
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum vous l'a recommandé.
On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :
Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
Dans ton cas, il s'agit d'Avast (fais un clic-droit sur l'icone près de l'horloge et clique sur « Arrêter la protection résidente »)
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...
Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-clique sur C-Fix.exe (= combofix.exe ) .
Appuie sur une touche pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer
Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
2/Supprimes les fichiers temporaires et repares le registre
===================== CCLEANER ========================
Pour le petit coup de polish.
• Appliquer la procédure ci-dessous.
• l'outil pourra être conservé pour faire le ménage de temps en temps en appliquant la même procédure.
• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)
Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées
............
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum vous l'a recommandé.
On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :
Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
Dans ton cas, il s'agit d'Avast (fais un clic-droit sur l'icone près de l'horloge et clique sur « Arrêter la protection résidente »)
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...
Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-clique sur C-Fix.exe (= combofix.exe ) .
Appuie sur une touche pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer
Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
2/Supprimes les fichiers temporaires et repares le registre
===================== CCLEANER ========================
Pour le petit coup de polish.
• Appliquer la procédure ci-dessous.
• l'outil pourra être conservé pour faire le ménage de temps en temps en appliquant la même procédure.
• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)
Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées
