Infecté par brontok + Cheval de troie
H2SO4
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Après avoir analyser mon PC, à l'aide de NOD32, j'ai eu un rapport me disant que mon ordinateur est infecté par Cheval de troie et Brontok.A. J'ai suivi la démarche avec HijackThis. Voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:01, on 25/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe "C:\Windows\eksplorasi.exe"
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\Windows\ShellNew\sempalong.exe"
O4 - HKLM\..\RunOnce: [Delete USB Error Key] "C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\SPS3_USB_Driver_Setup.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S4FB5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S7DA7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.q2v8wi"
O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Ante Upload Fast.msfqe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Users\kevin\AppData\Local\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SEADA.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SEADA.tmp" /EF "HKCU" (User 'Default user')
O4 - Startup: Empty.pif = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
Après avoir analyser mon PC, à l'aide de NOD32, j'ai eu un rapport me disant que mon ordinateur est infecté par Cheval de troie et Brontok.A. J'ai suivi la démarche avec HijackThis. Voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:01, on 25/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe "C:\Windows\eksplorasi.exe"
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\Windows\ShellNew\sempalong.exe"
O4 - HKLM\..\RunOnce: [Delete USB Error Key] "C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\SPS3_USB_Driver_Setup.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S4FB5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S7DA7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.q2v8wi"
O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Ante Upload Fast.msfqe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Users\kevin\AppData\Local\smss.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SEADA.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SEADA.tmp" /EF "HKCU" (User 'Default user')
O4 - Startup: Empty.pif = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
A voir également:
- Infecté par brontok + Cheval de troie
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Qu'est ce que le cheval au poker - Forum Virus
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Retrouver son cheval skyrim - Forum Jeux PC
21 réponses
bonsoir,
oui tu as divers infections dont des vers sur disques amovible
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.
puis redemarre ton PC
puis
deja telecharge sur ton bureau combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
lance le et ne touche + a rien et poste le rapport
oui tu as divers infections dont des vers sur disques amovible
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.
puis redemarre ton PC
puis
deja telecharge sur ton bureau combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
lance le et ne touche + a rien et poste le rapport
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bon, au moins une bonne petite nouvelle, ma barre des tâches est revenue, ainsi que mon bureau qui n'est plus noir.
Voici le rapport :
ComboFix 09-02-24.02 - kevin 2009-02-25 21:06:03.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2047.1394 [GMT 1:00]
Lancé depuis: G:\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\kevin\AppData\Local\inetinfo.exe
c:\users\kevin\AppData\Local\lsass.exe
c:\users\kevin\AppData\Local\services.exe
c:\users\kevin\AppData\Local\winlogon.exe
c:\windows\dat.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-25 au 2009-02-25 ))))))))))))))))))))))))))))))))))))
.
2009-02-25 20:29 . 2009-02-25 20:29 <REP> d-------- c:\program files\Trend Micro
2009-02-25 19:24 . 2009-02-25 19:24 <REP> d-------- c:\users\All Users\ESET
2009-02-25 19:24 . 2009-02-25 19:24 <REP> d-------- c:\programdata\ESET
2009-02-25 19:24 . 2009-02-25 19:24 <REP> d-------- c:\program files\ESET
2009-02-16 10:26 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 10:26 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 10:26 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 10:26 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 10:26 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 16:20 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 16:20 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 04:20 --------- d-----w c:\programdata\proxy dash
2009-02-26 04:20 --------- d-----w c:\program files\Circle Developement
2009-02-25 20:31 --------- d-----w c:\programdata\does dog two city
2009-02-25 18:15 --------- d-----w c:\program files\Securitoo
2009-02-25 18:13 --------- d-----w c:\programdata\F-Secure
2009-02-24 08:56 --------- d-----w c:\users\kevin\AppData\Roaming\Samsung
2009-02-24 08:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 08:05 --------- d-----w c:\program files\Steam
2009-02-16 09:24 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-15 19:28 --------- d-----w c:\users\kevin\AppData\Roaming\LimeWire
2009-02-11 16:52 --------- d-----w c:\program files\Windows Mail
2009-02-06 15:03 --------- d-----w c:\program files\Common Files\Steam
2009-01-15 10:41 --------- d-----w c:\program files\LimeWire
2009-01-14 20:18 --------- d-----w c:\program files\Apple Software Update
2009-01-12 14:24 --------- d-----w c:\programdata\WindowsSearch
2009-01-09 15:24 1,452 ----a-w c:\users\kevin\AppData\Roaming\wklnhst.dat
2008-12-08 15:58 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-05-24 09:35 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Error mail"="c:\programdata\Upload Bags Bags.q2v8wi" [X]
"two city internet heck"="c:\programdata\Ante Upload Fast.msfqe" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EPSON Stylus DX5000 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"EPSON Stylus DX5000 Series (Copie 1)"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-17 171448]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"PSPVideo9"="c:\program files\pspvideo9\pspVideo9.exe" [2005-10-30 606208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-19 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-19 81920]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX5000 Series (Copie 1)"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
c:\users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Empty.pif [2007-10-07 42624]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-05-06 528384]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{65BF210E-2B2B-4C7F-B72B-245713343010}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E9B37C94-270E-4DA5-883D-17372EE67C19}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2D905BAD-EF30-44F7-A8FE-54AB9A1F99DE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C1EAFF5E-F5D9-4D6D-9AAB-58148520B153}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{14C65DD8-7CFE-42A3-8A1B-F85B477A13A2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{281A9D3B-09A1-4361-963B-AF698DE2FE80}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{2182A38E-00AE-4D92-95B0-B5D91715A4BF}c:\\program files\\steam\\steamapps\\kevinsoihet\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kevinsoihet\day of defeat source\hl2.exe:hl2
"UDP Query User{4B7A6C70-9182-4F71-9E88-994E812E82F3}c:\\program files\\steam\\steamapps\\kevinsoihet\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kevinsoihet\day of defeat source\hl2.exe:hl2
"TCP Query User{79E4A615-512A-4DBF-A994-4D5470E14EB5}c:\\program files\\steam\\steamapps\\kevinsoihet\\source 2007 dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\kevinsoihet\source 2007 dedicated server\srcds.exe:srcds
"UDP Query User{48EDABD6-1488-4252-8831-9B602411BEBC}c:\\program files\\steam\\steamapps\\kevinsoihet\\source 2007 dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\kevinsoihet\source 2007 dedicated server\srcds.exe:srcds
"{5812B56C-5162-48C0-9A0A-80BCE1E7360E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-05-06 266343]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [2007-10-24 449536]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-08-13 28224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ff593a8-fff7-11dd-8db9-00016c0eca4e}]
\shell\AutoRun\command - start.exe
\shell\iledefrance\command - start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35de47ce-7a54-11dd-915f-00016c0eca4e}]
\shell\AutoRun\command - start.exe
\shell\iledefrance\command - start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68b1a5d2-7fb6-11dc-94f7-00016c0eca4e}]
\shell\AutoRun\command - K:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b280503-824b-11dc-a75f-00016c0eca4e}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-26 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 21:07:17
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-25 21:08:40
ComboFix-quarantined-files.txt 2009-02-25 20:08:38
Avant-CF: 17 525 436 416 octets libres
Après-CF: 17,622,265,856 octets libres
179 --- E O F --- 2009-02-20 13:33:44
Merci bien de votre aide.
Voici le rapport :
ComboFix 09-02-24.02 - kevin 2009-02-25 21:06:03.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2047.1394 [GMT 1:00]
Lancé depuis: G:\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\kevin\AppData\Local\inetinfo.exe
c:\users\kevin\AppData\Local\lsass.exe
c:\users\kevin\AppData\Local\services.exe
c:\users\kevin\AppData\Local\winlogon.exe
c:\windows\dat.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-25 au 2009-02-25 ))))))))))))))))))))))))))))))))))))
.
2009-02-25 20:29 . 2009-02-25 20:29 <REP> d-------- c:\program files\Trend Micro
2009-02-25 19:24 . 2009-02-25 19:24 <REP> d-------- c:\users\All Users\ESET
2009-02-25 19:24 . 2009-02-25 19:24 <REP> d-------- c:\programdata\ESET
2009-02-25 19:24 . 2009-02-25 19:24 <REP> d-------- c:\program files\ESET
2009-02-16 10:26 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-16 10:26 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 10:26 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 10:26 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 10:26 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 16:20 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 16:20 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 04:20 --------- d-----w c:\programdata\proxy dash
2009-02-26 04:20 --------- d-----w c:\program files\Circle Developement
2009-02-25 20:31 --------- d-----w c:\programdata\does dog two city
2009-02-25 18:15 --------- d-----w c:\program files\Securitoo
2009-02-25 18:13 --------- d-----w c:\programdata\F-Secure
2009-02-24 08:56 --------- d-----w c:\users\kevin\AppData\Roaming\Samsung
2009-02-24 08:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-24 08:05 --------- d-----w c:\program files\Steam
2009-02-16 09:24 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-15 19:28 --------- d-----w c:\users\kevin\AppData\Roaming\LimeWire
2009-02-11 16:52 --------- d-----w c:\program files\Windows Mail
2009-02-06 15:03 --------- d-----w c:\program files\Common Files\Steam
2009-01-15 10:41 --------- d-----w c:\program files\LimeWire
2009-01-14 20:18 --------- d-----w c:\program files\Apple Software Update
2009-01-12 14:24 --------- d-----w c:\programdata\WindowsSearch
2009-01-09 15:24 1,452 ----a-w c:\users\kevin\AppData\Roaming\wklnhst.dat
2008-12-08 15:58 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-05-24 09:35 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Error mail"="c:\programdata\Upload Bags Bags.q2v8wi" [X]
"two city internet heck"="c:\programdata\Ante Upload Fast.msfqe" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"EPSON Stylus DX5000 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"EPSON Stylus DX5000 Series (Copie 1)"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-17 171448]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-06-28 2512128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"PSPVideo9"="c:\program files\pspvideo9\pspVideo9.exe" [2005-10-30 606208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-19 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-19 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-19 81920]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX5000 Series (Copie 1)"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
c:\users\kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Empty.pif [2007-10-07 42624]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-05-06 528384]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-05-06 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/uOODBS
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3949DEB9-8DD8-42E4-A506-7B9F4A231291}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A033DC2D-F311-40C6-91FC-22337523B865}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F726BF72-BF4E-4B4F-B9FE-4CDF4E903131}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{51674872-C1F2-4F6E-9B9C-A757F38BE2C6}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{00717E99-5B5E-4D82-B899-5B920CE145A9}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{F90A806B-AED4-4244-AC78-EA10F3E4F0E6}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{2EACCE03-44AD-4451-AFA5-833B35CC35B9}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{39E7738E-3D11-43B9-835D-D16D2F3B2B0D}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{59B339AA-E6E9-43D5-A0ED-DAC81D658E12}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{B70C9DFF-8065-445C-8092-F386899335A3}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{9F52794C-B028-4208-88E2-1D78370B9A3B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{65BF210E-2B2B-4C7F-B72B-245713343010}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E9B37C94-270E-4DA5-883D-17372EE67C19}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2D905BAD-EF30-44F7-A8FE-54AB9A1F99DE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C1EAFF5E-F5D9-4D6D-9AAB-58148520B153}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{14C65DD8-7CFE-42A3-8A1B-F85B477A13A2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{281A9D3B-09A1-4361-963B-AF698DE2FE80}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{2182A38E-00AE-4D92-95B0-B5D91715A4BF}c:\\program files\\steam\\steamapps\\kevinsoihet\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\kevinsoihet\day of defeat source\hl2.exe:hl2
"UDP Query User{4B7A6C70-9182-4F71-9E88-994E812E82F3}c:\\program files\\steam\\steamapps\\kevinsoihet\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\kevinsoihet\day of defeat source\hl2.exe:hl2
"TCP Query User{79E4A615-512A-4DBF-A994-4D5470E14EB5}c:\\program files\\steam\\steamapps\\kevinsoihet\\source 2007 dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\kevinsoihet\source 2007 dedicated server\srcds.exe:srcds
"UDP Query User{48EDABD6-1488-4252-8831-9B602411BEBC}c:\\program files\\steam\\steamapps\\kevinsoihet\\source 2007 dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\kevinsoihet\source 2007 dedicated server\srcds.exe:srcds
"{5812B56C-5162-48C0-9A0A-80BCE1E7360E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-07-01 34312]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-05-06 266343]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [2007-10-24 449536]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-08-13 28224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ff593a8-fff7-11dd-8db9-00016c0eca4e}]
\shell\AutoRun\command - start.exe
\shell\iledefrance\command - start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35de47ce-7a54-11dd-915f-00016c0eca4e}]
\shell\AutoRun\command - start.exe
\shell\iledefrance\command - start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68b1a5d2-7fb6-11dc-94f7-00016c0eca4e}]
\shell\AutoRun\command - K:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b280503-824b-11dc-a75f-00016c0eca4e}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-26 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 21:07:17
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-02-25 21:08:40
ComboFix-quarantined-files.txt 2009-02-25 20:08:38
Avant-CF: 17 525 436 416 octets libres
Après-CF: 17,622,265,856 octets libres
179 --- E O F --- 2009-02-20 13:33:44
Merci bien de votre aide.
ok tant mieux
clic ici http://www.cijoint.fr/cjlink.php?file=cj200902/cijMFxTsdj.txt et fait ce qui est dit pour recuperer les instructions et applique ce que je t'ai mitet poste le rapport
et APRES avoir fait sa poste un nouveau hijackthis
clic ici http://www.cijoint.fr/cjlink.php?file=cj200902/cijMFxTsdj.txt et fait ce qui est dit pour recuperer les instructions et applique ce que je t'ai mitet poste le rapport
et APRES avoir fait sa poste un nouveau hijackthis
bon j'ai poster une manip elle n'apparait pas
clic et fait http://www.cijoint.fr/cjlink.php?file=cj200902/cijMFxTsdj.txt
+ apres un hijackthis
clic et fait http://www.cijoint.fr/cjlink.php?file=cj200902/cijMFxTsdj.txt
+ apres un hijackthis
Hum, je suis allé sur le lien, mais je ne comprend pas ce qu'il faut faire ...
Voilà ce que je vois :
Téléchargement du fichier cj200902/cijMFxTsdj.txt
Cliquez droit sur le lien ci-contre pour enregistrer le fichier : otmoveit.txt
Le lien à transmettre est http://www.cijoint.fr/cjlink.php?file=cj200902/cijMFxTsdj.txt
Aperçu non disponible
Cliquez droit sur le lien ci-contre pour enregistrer le fichier : otmoveit.txt
Voilà ce que je vois :
Téléchargement du fichier cj200902/cijMFxTsdj.txt
Cliquez droit sur le lien ci-contre pour enregistrer le fichier : otmoveit.txt
Le lien à transmettre est http://www.cijoint.fr/cjlink.php?file=cj200902/cijMFxTsdj.txt
Aperçu non disponible
Cliquez droit sur le lien ci-contre pour enregistrer le fichier : otmoveit.txt
tu clic droit sur otomveit.txt et choisit enregistré la cible sous le bureau puis tu ouvre ce document et tu as les instrcuctions, ya n bug du site qui fait que l'on en peut pas faire de script ici
poste le rapport ensuite
poste le rapport ensuite
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ff593a8-fff7-11dd-8db9-00016c0eca4e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35de47ce-7a54-11dd-915f-00016c0eca4e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68b1a5d2-7fb6-11dc-94f7-00016c0eca4e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b280503-824b-11dc-a75f-00016c0eca4e}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\kevin\AppData\Local\Temp\etilqs_WjFdWlQL3TxWYG9fZxN3 scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Temp\~DFB1E2.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02252009_213732
Files moved on Reboot...
File C:\Users\kevin\AppData\Local\Temp\etilqs_WjFdWlQL3TxWYG9fZxN3 not found!
C:\Users\kevin\AppData\Local\Temp\~DFB1E2.tmp moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_001_ moved successfully.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_002_ moved successfully.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_003_ moved successfully.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\urlclassifier3.sqlite moved successfully.
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ff593a8-fff7-11dd-8db9-00016c0eca4e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35de47ce-7a54-11dd-915f-00016c0eca4e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68b1a5d2-7fb6-11dc-94f7-00016c0eca4e}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b280503-824b-11dc-a75f-00016c0eca4e}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\kevin\AppData\Local\Temp\etilqs_WjFdWlQL3TxWYG9fZxN3 scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Temp\~DFB1E2.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02252009_213732
Files moved on Reboot...
File C:\Users\kevin\AppData\Local\Temp\etilqs_WjFdWlQL3TxWYG9fZxN3 not found!
C:\Users\kevin\AppData\Local\Temp\~DFB1E2.tmp moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_001_ moved successfully.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_002_ moved successfully.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_003_ moved successfully.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\kevin\AppData\Local\Mozilla\Firefox\Profiles\hb5yoehk.default\urlclassifier3.sqlite moved successfully.
Voilà :p
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:06, on 25/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S4FB5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S7DA7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.q2v8wi"
O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Ante Upload Fast.msfqe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SEADA.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SEADA.tmp" /EF "HKCU" (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:06, on 25/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S4FB5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S7DA7.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.q2v8wi"
O4 - HKCU\..\Run: [two city internet heck] "C:\ProgramData\Ante Upload Fast.msfqe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SEADA.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON Stylus DX5000 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SEADA.tmp" /EF "HKCU" (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
on va essayer un fix qui ma ete proposé mais on a deja fais du menage :
Télécharge CleanX-II de sUBs (merci mOe) ici :
http://download.bleepingcomputer.com/sUBs/CleanX-II.exe
Déconnecte tes accès internet. Coupe tous les accès physiques (débranchement du modem, ...).
Ferme toutes les applications.
Désactive puis réactive ta restauration système à l'aide de ce lien
http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
et redemarre ton PC et réactive la
Double-clique sur CleanX-II.exe pour démarrer la réparation.
Clique OK lorsque tu reçois un message d'avertissement.
A la fin du scan (qui peut prendre plusieurs minutes, patiente le temps qu'il finisse), il va produire un message d'erreur (parce que l'outil ne prend pas en compte la copie pour un Windows français). Pour contourner cette erreur, fais ceci :
Démarrer, exécuter et tape : %temp%\report.txt . Le bloc-note va ouvrir le rapport, copie/colle le dans ton nouveau post.
Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.
Télécharge CleanX-II de sUBs (merci mOe) ici :
http://download.bleepingcomputer.com/sUBs/CleanX-II.exe
Déconnecte tes accès internet. Coupe tous les accès physiques (débranchement du modem, ...).
Ferme toutes les applications.
Désactive puis réactive ta restauration système à l'aide de ce lien
http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
et redemarre ton PC et réactive la
Double-clique sur CleanX-II.exe pour démarrer la réparation.
Clique OK lorsque tu reçois un message d'avertissement.
A la fin du scan (qui peut prendre plusieurs minutes, patiente le temps qu'il finisse), il va produire un message d'erreur (parce que l'outil ne prend pas en compte la copie pour un Windows français). Pour contourner cette erreur, fais ceci :
Démarrer, exécuter et tape : %temp%\report.txt . Le bloc-note va ouvrir le rapport, copie/colle le dans ton nouveau post.
Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.
slt pour avancer et suivre:
pour la restauration:
https://forums.cnetfrance.fr
________________
voilà tu pourra faire ce qui a été proposé je pense comme cela
pour la restauration:
https://forums.cnetfrance.fr
________________
voilà tu pourra faire ce qui a été proposé je pense comme cela
Voilà le rapport :
#######################################################################
Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs
#######################################################################
Current date: 25/02/2009 Current time: 23:06:49,40
=== PRE RUN ANALYSIS ===================================
......................................
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok
...............
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\aaronl@vitelus.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\abi@rth.coi.waw.pl.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\abiryan@ryand.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\adrianp@powertech.no.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\aihana@muc.biglobe.ne.jp.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ak@dkp.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\alberto@unex.es.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\alfredobz@euskalnet.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\AlfredW@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\andy@promethium.chem.ucl.ac.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\arvee_at_work@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\asikop@web.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ayoung@teleport.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\b.mesman@snow.nl.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\babas.lucas@laposte.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\babs@cs.jhu.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bald@online.ee.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bansp@bigfoot.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\BenjaminM@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\besnikbleta@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bhb002@drake.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\birger.langkjer@image.dk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\blb@pobox.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bn@ten53.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bnknuts@gmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bpfowler@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\BruceP@wn.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bryanp@wolfram.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\buddrige@wasp.net.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Caolan.McNamara@ul.ie.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cbiesinger@web.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\charsets@apple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\chema@celorio.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ChrisDigo@aol.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\chrisjp@eudoramail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cinamod@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cococool2@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\contact@lignemobile.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\contact@mhmtuning.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cterboven@gmx.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cuenca@celium.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cuenca@ie2.u-psud.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\d.rose@salford.ac.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\D.Thompson@gmx.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\danglassey@ntlworld.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\david@megginson.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\db003g@mail.rochester.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\deedee05@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\deje_auto@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\dls@globalinitiative.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\dojlid@mova.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\doml@appligent.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\dot0037@iperbole.bologna.it.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\drk@sgi.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\drouizig@drouizig.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\duperron@mail.dotcom.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\dysan_2000@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Edouard.Lafargue@bigfoot.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\elias@techunix.technion.ac.il.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\elixer@erols.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\emiilie77@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\english@powerbox-int.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\erika_6888@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\fabio_abr@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\faught@rstcorp.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\fcella@mahj.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\fjf@alinameridon.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\francais@powerbox-int.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\fret@ozemail.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\frodol@dds.nl.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gabrielg@home.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gecko@benham.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\GeorgesL@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\german@powerbox-int.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\giovanni@skydome.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\glenn@videofringe.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\goran@kirra.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gordonac@ocean.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gorw@gmx.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\GrandPooh@telkom.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Gro.Hansen@student.uib.no.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gusts@mits.lv.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\GuyG@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gwada771@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\harry@bnro.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\henrik@lansen.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\hfiguiere@teaser.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\homie.fr@wanadoo.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\huangj@citiz.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\hvv@hippo.ru.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\igor@mir2.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ismtaol@luukku.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ithamar@dds.nl.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ivica84@ptt.yu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\James@albany.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jamie@montgomerie.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jarmo@dawn.joensuu.fi.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\javier@cibal.es.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jba@pobox.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jbrewer@jera.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jean.brefort@normalesup.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jim@federated.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jimmac@ximian.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jlc6@po.cwru.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jloup@gzip.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jsmith@mcs.drexel.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\justin@ukans.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jyonw@asu.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jzaun@telerama.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\karl@huftis.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\karltk@prosalg.no.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kekeandre972@msn.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kenneth@gnu.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kenny@holyrood.ed.ac.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kevin_77_971@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kmaraas@online.no.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kollar@alltel.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kraai@subdimension.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kstailey@kstailey.tzo.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ktech@wanadoo.es.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kvajk@ricochet.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lacko@host.sk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lalo@webcom.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lamj@stat.cmu.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\larin@science.oregonstate.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lauris@helixcode.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\leonardr@lazerware.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\levan@eagle.eku.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lexa.972@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\liliedu972@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lindsey@alumni.caltech.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\linus@centrumntr.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ljordan@mweb.co.za.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\locales@geez.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lupus@debian.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\macolori@tin.it.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\made@nakula.rvs.uni-bielefeld.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\madler@alumni.caltech.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mailbag@postman.dk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mandelin@cs.wisc.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mantelis@centras.lt.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\marc.fd@libertysurf.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\marick@rstcorp.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\markus.oberhumer@jk.uni-linz.ac.at.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\martin.vermeer@fgi.fi.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\matti@picus.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mbrubeck@hmc.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\menesis@03bar.ktu.lt.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mf@onthanet.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mhatta@gnu.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\michael238@ozemail.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mihs@wm28.csie.ncu.edu.tw.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ml1050@cdata.tvnet.hu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\MPritchett@attglobal.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\msevior@physics.unimelb.edu.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mugurelu@go.ro.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mwh@stampede.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mwm@mired.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\nerant@gmx.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\NicoleC@adventure-works.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\NicoleC@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\nils_barth@post.harvard.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\noreply@packardbell.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\nosinut@WIND.REM.CMU.EDU.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\nshmyrev@yandex.ru.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\onderste@casema.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ot@parcs.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\owen@pdaverticals.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\pazolli@idevgames.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\perry@trabas.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\peter@helixcode.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\petera@intrinsica.co.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\peterh@sapros.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\phearbear@home.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Philippe.Defert@cern.ch.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\phma@webjockey.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\pieceautotechnique@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\plam@mit.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\privacy@amd.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\privacy@amd.comt.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\proski@gnu.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ps@cam.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rainfall@yeah.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\raphael@cs.uky.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rca@xlation.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rhoslyn.prys@ntlworld.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rita_tim@tpg.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rms@1407.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\robert.wilhelm@gmx.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\robozapp@xmission.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rom1_94@msn.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\RosalieM@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ross@grinfinity.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rto@post.tele.dk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ryan@coe.missouri.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sabine_du_77@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sav@buongiorno.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sax@megginson.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\serrador@arrakis.es.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sfritsch@noos.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\shark@blueyonder.co.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sharuzzaman@myrealbox.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sonic9729@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\stdenisg@cedep.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\stepp@mithril.res.cmu.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\steve.meriaux@club-internet.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sviles_abi@iinet.net.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sytobinh@uchicago.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tamas@pressflex.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tamlin@algonet.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tesarik@lupa.cz.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\thomasf@qnx.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\thompson@pdnt.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tigert@gimp.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tismey_d_zil972@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tmgferreira@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Tom.Newton@gtl.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tom@sane.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\trbarry@trbarry.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tucker@algonet.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\typo_pl@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\uwog@uwog.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\vadim@krug.uch.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\viewitem@ebay.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Vince.McIntyre@atnf.CSIRO.AU.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\william.lachance@sympatico.ca.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\wolman@cs.washington.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\woprog@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\wsr23@stanford.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\xmichl03@stud.fee.vutbr.cz.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ysidro@io.com.ini
=== POST RUN ANALYSIS ==================================
NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
23:07:47,54
======================================================
#######################################################################
Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs
#######################################################################
Current date: 25/02/2009 Current time: 23:06:49,40
=== PRE RUN ANALYSIS ===================================
......................................
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok
...............
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\aaronl@vitelus.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\abi@rth.coi.waw.pl.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\abiryan@ryand.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\adrianp@powertech.no.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\aihana@muc.biglobe.ne.jp.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ak@dkp.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\alberto@unex.es.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\alfredobz@euskalnet.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\AlfredW@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\andy@promethium.chem.ucl.ac.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\arvee_at_work@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\asikop@web.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ayoung@teleport.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\b.mesman@snow.nl.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\babas.lucas@laposte.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\babs@cs.jhu.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bald@online.ee.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bansp@bigfoot.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\BenjaminM@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\besnikbleta@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bhb002@drake.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\birger.langkjer@image.dk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\blb@pobox.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bn@ten53.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bnknuts@gmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bpfowler@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\BruceP@wn.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\bryanp@wolfram.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\buddrige@wasp.net.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Caolan.McNamara@ul.ie.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cbiesinger@web.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\charsets@apple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\chema@celorio.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ChrisDigo@aol.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\chrisjp@eudoramail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cinamod@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cococool2@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\contact@lignemobile.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\contact@mhmtuning.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cterboven@gmx.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cuenca@celium.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\cuenca@ie2.u-psud.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\d.rose@salford.ac.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\D.Thompson@gmx.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\danglassey@ntlworld.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\david@megginson.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\db003g@mail.rochester.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\deedee05@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\deje_auto@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\dls@globalinitiative.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\dojlid@mova.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\doml@appligent.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\dot0037@iperbole.bologna.it.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\drk@sgi.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\drouizig@drouizig.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\duperron@mail.dotcom.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\dysan_2000@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Edouard.Lafargue@bigfoot.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\elias@techunix.technion.ac.il.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\elixer@erols.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\emiilie77@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\english@powerbox-int.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\erika_6888@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\fabio_abr@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\faught@rstcorp.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\fcella@mahj.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\fjf@alinameridon.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\francais@powerbox-int.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\fret@ozemail.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\frodol@dds.nl.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gabrielg@home.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gecko@benham.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\GeorgesL@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\german@powerbox-int.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\giovanni@skydome.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\glenn@videofringe.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\goran@kirra.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gordonac@ocean.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gorw@gmx.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\GrandPooh@telkom.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Gro.Hansen@student.uib.no.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gusts@mits.lv.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\GuyG@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\gwada771@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\harry@bnro.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\henrik@lansen.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\hfiguiere@teaser.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\homie.fr@wanadoo.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\huangj@citiz.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\hvv@hippo.ru.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\igor@mir2.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ismtaol@luukku.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ithamar@dds.nl.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ivica84@ptt.yu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\James@albany.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jamie@montgomerie.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jarmo@dawn.joensuu.fi.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\javier@cibal.es.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jba@pobox.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jbrewer@jera.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jean.brefort@normalesup.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jim@federated.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jimmac@ximian.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jlc6@po.cwru.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jloup@gzip.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jsmith@mcs.drexel.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\justin@ukans.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jyonw@asu.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\jzaun@telerama.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\karl@huftis.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\karltk@prosalg.no.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kekeandre972@msn.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kenneth@gnu.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kenny@holyrood.ed.ac.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kevin_77_971@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kmaraas@online.no.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kollar@alltel.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kraai@subdimension.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kstailey@kstailey.tzo.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ktech@wanadoo.es.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\kvajk@ricochet.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lacko@host.sk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lalo@webcom.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lamj@stat.cmu.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\larin@science.oregonstate.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lauris@helixcode.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\leonardr@lazerware.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\levan@eagle.eku.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lexa.972@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\liliedu972@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lindsey@alumni.caltech.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\linus@centrumntr.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ljordan@mweb.co.za.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\locales@geez.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\lupus@debian.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\macolori@tin.it.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\made@nakula.rvs.uni-bielefeld.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\madler@alumni.caltech.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mailbag@postman.dk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mandelin@cs.wisc.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mantelis@centras.lt.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\marc.fd@libertysurf.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\marick@rstcorp.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\markus.oberhumer@jk.uni-linz.ac.at.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\martin.vermeer@fgi.fi.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\matti@picus.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mbrubeck@hmc.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\menesis@03bar.ktu.lt.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mf@onthanet.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mhatta@gnu.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\michael238@ozemail.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mihs@wm28.csie.ncu.edu.tw.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ml1050@cdata.tvnet.hu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\MPritchett@attglobal.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\msevior@physics.unimelb.edu.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mugurelu@go.ro.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mwh@stampede.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\mwm@mired.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\nerant@gmx.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\NicoleC@adventure-works.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\NicoleC@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\nils_barth@post.harvard.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\noreply@packardbell.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\nosinut@WIND.REM.CMU.EDU.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\nshmyrev@yandex.ru.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\onderste@casema.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ot@parcs.de.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\owen@pdaverticals.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\pazolli@idevgames.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\perry@trabas.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\peter@helixcode.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\petera@intrinsica.co.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\peterh@sapros.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\phearbear@home.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Philippe.Defert@cern.ch.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\phma@webjockey.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\pieceautotechnique@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\plam@mit.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\privacy@amd.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\privacy@amd.comt.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\proski@gnu.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ps@cam.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rainfall@yeah.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\raphael@cs.uky.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rca@xlation.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rhoslyn.prys@ntlworld.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rita_tim@tpg.com.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rms@1407.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\robert.wilhelm@gmx.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\robozapp@xmission.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rom1_94@msn.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\RosalieM@exemple.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ross@grinfinity.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\rto@post.tele.dk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ryan@coe.missouri.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sabine_du_77@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sav@buongiorno.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sax@megginson.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\serrador@arrakis.es.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sfritsch@noos.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\shark@blueyonder.co.uk.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sharuzzaman@myrealbox.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sonic9729@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\stdenisg@cedep.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\stepp@mithril.res.cmu.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\steve.meriaux@club-internet.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sviles_abi@iinet.net.au.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\sytobinh@uchicago.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tamas@pressflex.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tamlin@algonet.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tesarik@lupa.cz.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\thomasf@qnx.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\thompson@pdnt.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tigert@gimp.org.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tismey_d_zil972@hotmail.fr.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tmgferreira@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Tom.Newton@gtl.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tom@sane.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\trbarry@trbarry.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\tucker@algonet.se.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\typo_pl@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\uwog@uwog.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\vadim@krug.uch.net.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\viewitem@ebay.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\Vince.McIntyre@atnf.CSIRO.AU.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\william.lachance@sympatico.ca.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\wolman@cs.washington.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\woprog@hotmail.com.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\wsr23@stanford.edu.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\xmichl03@stud.fee.vutbr.cz.ini
C:\Users\kevin\AppData\Local\Loc.Mail.Bron.Tok\ysidro@io.com.ini
=== POST RUN ANALYSIS ==================================
NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
23:07:47,54
======================================================
bonsoir,
meric jlpjlp
ensuite
as tu refait le scan comme dit ici en anglais :
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
et la en francais :
Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.
combien de fois as tu lancé l'outils ? il faut le faire 2fois au moins si c'est pas le cas refait le
meric jlpjlp
ensuite
as tu refait le scan comme dit ici en anglais :
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
et la en francais :
Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.
combien de fois as tu lancé l'outils ? il faut le faire 2fois au moins si c'est pas le cas refait le
