Besoin d'aide pour un scan virus
Résolu
rage28
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
j'aurais besoin que quelqu'un me guide pour un scan virus complet de mon ordi car il commence a ramer
merci d'avance
j'aurais besoin que quelqu'un me guide pour un scan virus complet de mon ordi car il commence a ramer
merci d'avance
A voir également:
- Besoin d'aide pour un scan virus
- Scan qr code pc - Guide
- Virus mcafee - Accueil - Piratage
- Scan now - Guide
- Scan spotify - Guide
- Scan bd ✓ - Forum Loisirs / Divertissements
48 réponses
flo un grand merci a toi!!!!!
c'est dingue le temps que toi et d'autre passés a nous aider et a chaque fois c'est trop gentil de votre part
merci encore
c'est dingue le temps que toi et d'autre passés a nous aider et a chaque fois c'est trop gentil de votre part
merci encore
re bonjour flo
je reviens car j'ai toujours un petit souci
quand mon ordi ramais j'ai mon ecran d'ordi qui c'est mit a afficher les restangles des icones , il ne sont plus translucides...? et quand je ferme mes pages elle parte en saccader...? connais tu le probleme?
je reviens car j'ai toujours un petit souci
quand mon ordi ramais j'ai mon ecran d'ordi qui c'est mit a afficher les restangles des icones , il ne sont plus translucides...? et quand je ferme mes pages elle parte en saccader...? connais tu le probleme?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Tu va me faire ceci :
Télécharges Zhpdiag ici : https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Une fois le téléchargement achevé, dézippes le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme.
Clique sur Tous pour cocher toutes les cases des options.
Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse, clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Ouvre le fichier sauvegardé (ZHPDiag.txt)avec le Bloc-Notes et copie son contenu dans ta réponse.
Rends toi sur http://www.cijoint.fr clic sur Parcourir, choisis le rapport sur ton bureau et clic sur Créer le lien,
Un lien te sera généré, postes le dans ta prochaine réponse .
Télécharges Zhpdiag ici : https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Une fois le téléchargement achevé, dézippes le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme.
Clique sur Tous pour cocher toutes les cases des options.
Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse, clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Ouvre le fichier sauvegardé (ZHPDiag.txt)avec le Bloc-Notes et copie son contenu dans ta réponse.
Rends toi sur http://www.cijoint.fr clic sur Parcourir, choisis le rapport sur ton bureau et clic sur Créer le lien,
Un lien te sera généré, postes le dans ta prochaine réponse .
List'em by g3n-h@ckm@n 1.1.2.0
Thx to Chiquitine29.....
User : Hamon (Administrateurs) # UTILISAT-AA7485
Update on 04/12/2009 by g3n-h@ckm@n ::::: 11:30
Start at: 12:16:19 | 06/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (170,97 Go free) | NTFS
D:\ -> Disque CD-ROM | 4,31 Go (0 Mo free) [1984] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\windows\System32\smss.exe 588
C:\windows\system32\csrss.exe 648
C:\windows\system32\winlogon.exe 672
C:\windows\system32\services.exe 716
C:\windows\system32\lsass.exe 728
C:\windows\system32\svchost.exe 916
C:\windows\system32\svchost.exe 964
C:\windows\System32\svchost.exe 1060
C:\windows\system32\svchost.exe 1180
C:\windows\system32\svchost.exe 1256
C:\windows\system32\spoolsv.exe 1360
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1456
C:\windows\system32\svchost.exe 1696
C:\windows\Explorer.EXE 1764
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1940
C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe 1984
C:\windows\system32\ctfmon.exe 2028
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe 2044
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 152
C:\Program Files\Micro Application\LauncherMA.exe 272
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 488
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 492
C:\Program Files\Bonjour\mDNSResponder.exe 528
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe 560
C:\Program Files\Java\jre6\bin\jqs.exe 1140
C:\windows\system32\nvsvc32.exe 1240
C:\windows\system32\svchost.exe 1216
C:\windows\System32\svchost.exe 3024
C:\windows\System32\alg.exe 3280
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3200
C:\Program Files\Outlook Express\msimn.exe 3416
C:\Program Files\Messenger\msmsgs.exe 608
C:\Program Files\Internet Explorer\IEXPLORE.EXE 1204
C:\Program Files\Internet Explorer\IEXPLORE.EXE 1436
C:\windows\system32\wscntfy.exe 1612
C:\Documents and Settings\Hamon\Bureau\List_Kill'em.exe 3888
C:\windows\system32\cmd.exe 3452
C:\WINDOWS\system32\wbem\wmiprvse.exe 2864
C:\Documents and Settings\Hamon\Local Settings\Temp\E.tmp\pv.exe 2616
======================
Keys "Run"
======================
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\windows\system32\ctfmon.exe
ISUSPM REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
NvCplDaemon REG_SZ RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
BlackBerryAutoUpdate REG_SZ C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
<SANS NOM> REG_SZ
RoxWatchTray REG_SZ "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
Google Quick Search Box REG_SZ "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
Other Keys
=====================
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
===============
===============
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
===============
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001
================
Internet Explorer :
================
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://www.msn.com/fr-fr
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[autorun]
OPEN=AUTORUN.EXE
ICON=Micro.ico
=========================
Environnement variables :
=========================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Hamon\Application Data
choix=1
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=UTILISAT-AA7485
ComSpec=C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Hamon
LOGONSERVER=\\UTILISAT-AA7485
NewEnvironment1=C:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared\
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\windows
TEMP=C:\DOCUME~1\Hamon\LOCALS~1\Temp
TMP=C:\DOCUME~1\Hamon\LOCALS~1\Temp
USERDOMAIN=UTILISAT-AA7485
USERNAME=Hamon
USERPROFILE=C:\Documents and Settings\Hamon
windir=C:\windows
==========
Programs
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\~0
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\windows\system32\404Fix.exe
C:\windows\System32\drivers\etc\hosts.msn
C:\windows\system32\dumphive.exe
C:\windows\system32\IEDFix.exe
C:\windows\system32\SrchSTS.exe
C:\windows\system32\tmp.reg
C:\windows\system32\VACFix.exe
C:\windows\system32\VCCLSID.exe
C:\windows\system32\WS2Fix.exe
C:\Documents and Settings\Hamon\LOCAL Settings\Temp\DivXInstaller.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\CLSID\{27ff1ee8-8ccc-49e1-b801-f212e3744e80}
HKCR\interface\{edb1a56e-2224-4c79-a4bd-42a39c6e4608}
HKCR\TypeLib\{22c12739-c111-44c6-9bb7-f335c2a9be2a}
=========
Rootkits
=========
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 12:17:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
Thx to Chiquitine29.....
User : Hamon (Administrateurs) # UTILISAT-AA7485
Update on 04/12/2009 by g3n-h@ckm@n ::::: 11:30
Start at: 12:16:19 | 06/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (170,97 Go free) | NTFS
D:\ -> Disque CD-ROM | 4,31 Go (0 Mo free) [1984] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\windows\System32\smss.exe 588
C:\windows\system32\csrss.exe 648
C:\windows\system32\winlogon.exe 672
C:\windows\system32\services.exe 716
C:\windows\system32\lsass.exe 728
C:\windows\system32\svchost.exe 916
C:\windows\system32\svchost.exe 964
C:\windows\System32\svchost.exe 1060
C:\windows\system32\svchost.exe 1180
C:\windows\system32\svchost.exe 1256
C:\windows\system32\spoolsv.exe 1360
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1456
C:\windows\system32\svchost.exe 1696
C:\windows\Explorer.EXE 1764
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1940
C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe 1984
C:\windows\system32\ctfmon.exe 2028
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe 2044
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 152
C:\Program Files\Micro Application\LauncherMA.exe 272
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 488
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 492
C:\Program Files\Bonjour\mDNSResponder.exe 528
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe 560
C:\Program Files\Java\jre6\bin\jqs.exe 1140
C:\windows\system32\nvsvc32.exe 1240
C:\windows\system32\svchost.exe 1216
C:\windows\System32\svchost.exe 3024
C:\windows\System32\alg.exe 3280
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3200
C:\Program Files\Outlook Express\msimn.exe 3416
C:\Program Files\Messenger\msmsgs.exe 608
C:\Program Files\Internet Explorer\IEXPLORE.EXE 1204
C:\Program Files\Internet Explorer\IEXPLORE.EXE 1436
C:\windows\system32\wscntfy.exe 1612
C:\Documents and Settings\Hamon\Bureau\List_Kill'em.exe 3888
C:\windows\system32\cmd.exe 3452
C:\WINDOWS\system32\wbem\wmiprvse.exe 2864
C:\Documents and Settings\Hamon\Local Settings\Temp\E.tmp\pv.exe 2616
======================
Keys "Run"
======================
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\windows\system32\ctfmon.exe
ISUSPM REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
NvCplDaemon REG_SZ RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
BlackBerryAutoUpdate REG_SZ C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
<SANS NOM> REG_SZ
RoxWatchTray REG_SZ "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
Google Quick Search Box REG_SZ "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
Other Keys
=====================
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
===============
===============
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
===============
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001
================
Internet Explorer :
================
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://www.msn.com/fr-fr
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
D:\Autorun.inf :
----------------
[autorun]
OPEN=AUTORUN.EXE
ICON=Micro.ico
=========================
Environnement variables :
=========================
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Hamon\Application Data
choix=1
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=UTILISAT-AA7485
ComSpec=C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Hamon
LOGONSERVER=\\UTILISAT-AA7485
NewEnvironment1=C:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared\
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\windows
TEMP=C:\DOCUME~1\Hamon\LOCALS~1\Temp
TMP=C:\DOCUME~1\Hamon\LOCALS~1\Temp
USERDOMAIN=UTILISAT-AA7485
USERNAME=Hamon
USERPROFILE=C:\Documents and Settings\Hamon
windir=C:\windows
==========
Programs
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Documents and Settings\All Users\Application Data\~0
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\windows\system32\404Fix.exe
C:\windows\System32\drivers\etc\hosts.msn
C:\windows\system32\dumphive.exe
C:\windows\system32\IEDFix.exe
C:\windows\system32\SrchSTS.exe
C:\windows\system32\tmp.reg
C:\windows\system32\VACFix.exe
C:\windows\system32\VCCLSID.exe
C:\windows\system32\WS2Fix.exe
C:\Documents and Settings\Hamon\LOCAL Settings\Temp\DivXInstaller.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\CLSID\{27ff1ee8-8ccc-49e1-b801-f212e3744e80}
HKCR\interface\{edb1a56e-2224-4c79-a4bd-42a39c6e4608}
HKCR\TypeLib\{22c12739-c111-44c6-9bb7-f335c2a9be2a}
=========
Rootkits
=========
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 12:17:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'option 2 = Mode Destruction
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
Kill'em by g3n-h@ckm@n 1.1.3.2
User : Hamon (Administrateurs) # UTILISAT-AA7485
Update on 09/12/2009 by g3n-h@ckm@n ::::: 08:15
Start at: 08:48:41 | 09/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (174,23 Go free) | NTFS
D:\ -> Disque CD-ROM | 4,31 Go (0 Mo free) [1984] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\windows\System32\smss.exe 588
C:\windows\system32\csrss.exe 648
C:\windows\system32\winlogon.exe 672
C:\windows\system32\services.exe 716
C:\windows\system32\lsass.exe 728
C:\windows\system32\svchost.exe 916
C:\windows\system32\svchost.exe 964
C:\windows\System32\svchost.exe 1060
C:\windows\system32\svchost.exe 1180
C:\windows\system32\svchost.exe 1256
C:\windows\system32\spoolsv.exe 1340
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1500
C:\windows\system32\svchost.exe 1704
C:\windows\Explorer.EXE 1780
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1900
C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe 1956
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe 240
C:\windows\system32\ctfmon.exe 248
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 376
C:\Program Files\Micro Application\LauncherMA.exe 424
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 520
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 256
C:\Program Files\Bonjour\mDNSResponder.exe 572
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe 620
C:\Program Files\Java\jre6\bin\jqs.exe 1172
C:\windows\system32\nvsvc32.exe 1468
C:\windows\system32\svchost.exe 1392
C:\windows\System32\svchost.exe 3032
C:\windows\System32\alg.exe 3332
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3828
C:\Program Files\Outlook Express\msimn.exe 1048
C:\Program Files\Messenger\msmsgs.exe 936
C:\Program Files\Internet Explorer\IEXPLORE.EXE 2864
C:\Program Files\Internet Explorer\IEXPLORE.EXE 820
C:\Program Files\Internet Explorer\IEXPLORE.EXE 1604
C:\Program Files\WinRAR\WinRAR.exe 1044
C:\Documents and Settings\Hamon\Bureau\List_Kill'em.exe 1084
C:\windows\system32\cmd.exe 3464
C:\WINDOWS\system32\wbem\wmiprvse.exe 3476
C:\Documents and Settings\Hamon\Local Settings\temp\1D.tmp\pv.exe 2708
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
"C:\Documents and Settings\All Users\Application Data\~0"
"C:\Program Files\Mozilla FireFox\Components\AskSearch.js"
"C:\windows\System32\drivers\etc\hosts.msn"
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
AskSearch.js.Kill'em
hosts.msn.Kill'em
~0.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCR\interface\{edb1a56e-2224-4c79-a4bd-42a39c6e4608}
Deleted : HKCR\TypeLib\{22c12739-c111-44c6-9bb7-f335c2a9be2a}
============
Disk Cleaned
============
================
Prefetch cleaned :
================
ASTDEMARRAGE.EXE-30691D0C.pf
Layout.ini
NTOSBOOT-B00DFAAD.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Hamon (Administrateurs) # UTILISAT-AA7485
Update on 09/12/2009 by g3n-h@ckm@n ::::: 08:15
Start at: 08:48:41 | 09/12/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (174,23 Go free) | NTFS
D:\ -> Disque CD-ROM | 4,31 Go (0 Mo free) [1984] | CDFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\windows\System32\smss.exe 588
C:\windows\system32\csrss.exe 648
C:\windows\system32\winlogon.exe 672
C:\windows\system32\services.exe 716
C:\windows\system32\lsass.exe 728
C:\windows\system32\svchost.exe 916
C:\windows\system32\svchost.exe 964
C:\windows\System32\svchost.exe 1060
C:\windows\system32\svchost.exe 1180
C:\windows\system32\svchost.exe 1256
C:\windows\system32\spoolsv.exe 1340
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1500
C:\windows\system32\svchost.exe 1704
C:\windows\Explorer.EXE 1780
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1900
C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe 1956
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe 240
C:\windows\system32\ctfmon.exe 248
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 376
C:\Program Files\Micro Application\LauncherMA.exe 424
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 520
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 256
C:\Program Files\Bonjour\mDNSResponder.exe 572
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe 620
C:\Program Files\Java\jre6\bin\jqs.exe 1172
C:\windows\system32\nvsvc32.exe 1468
C:\windows\system32\svchost.exe 1392
C:\windows\System32\svchost.exe 3032
C:\windows\System32\alg.exe 3332
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3828
C:\Program Files\Outlook Express\msimn.exe 1048
C:\Program Files\Messenger\msmsgs.exe 936
C:\Program Files\Internet Explorer\IEXPLORE.EXE 2864
C:\Program Files\Internet Explorer\IEXPLORE.EXE 820
C:\Program Files\Internet Explorer\IEXPLORE.EXE 1604
C:\Program Files\WinRAR\WinRAR.exe 1044
C:\Documents and Settings\Hamon\Bureau\List_Kill'em.exe 1084
C:\windows\system32\cmd.exe 3464
C:\WINDOWS\system32\wbem\wmiprvse.exe 3476
C:\Documents and Settings\Hamon\Local Settings\temp\1D.tmp\pv.exe 2708
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
"C:\Documents and Settings\All Users\Application Data\~0"
"C:\Program Files\Mozilla FireFox\Components\AskSearch.js"
"C:\windows\System32\drivers\etc\hosts.msn"
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
AskSearch.js.Kill'em
hosts.msn.Kill'em
~0.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKCR\interface\{edb1a56e-2224-4c79-a4bd-42a39c6e4608}
Deleted : HKCR\TypeLib\{22c12739-c111-44c6-9bb7-f335c2a9be2a}
============
Disk Cleaned
============
================
Prefetch cleaned :
================
ASTDEMARRAGE.EXE-30691D0C.pf
Layout.ini
NTOSBOOT-B00DFAAD.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
bien un service n'est pas conforme :
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3 => 2
SharedAccess : 0x2
wuauserv : 0x2
=========
########### [ Option 1 ( Recherche ) ]
▶ Télécharge FindyKill de Chiquitine29 sur ton bureau :
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
! Déconnecte toi et ferme toutes applications en cours !
▶ Double clique (clic droit "en tant qu'administrateur" pour Vista) sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
▶ Double-clique (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3 => 2
SharedAccess : 0x2
wuauserv : 0x2
=========
########### [ Option 1 ( Recherche ) ]
▶ Télécharge FindyKill de Chiquitine29 sur ton bureau :
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
! Déconnecte toi et ferme toutes applications en cours !
▶ Double clique (clic droit "en tant qu'administrateur" pour Vista) sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
▶ Double-clique (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
############################## | FindyKill V5.020 |
# User : Hamon (Administrateurs) # UTILISAT-AA7485
# Update on 26/11/2009 by Chiquitine29
# Start at: 12:13:44 | 09/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 232,88 Go (174,24 Go free) # NTFS
# D:\ # Disque CD-ROM # 4,31 Go (0 Mo free) [1984] # CDFS
############################## | Processus actifs |
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Micro Application\LauncherMA.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
Présent ! D:\autorun.inf
################## | C:\windows |
################## | C:\windows\system32 |
################## | C:\windows\system32\drivers |
################## | C:\Documents and Settings\Hamon\Application Data |
################## | Autres detections ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Présent ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "FirewallOverride"
Présent ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Présent ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.020 ! |
# User : Hamon (Administrateurs) # UTILISAT-AA7485
# Update on 26/11/2009 by Chiquitine29
# Start at: 12:13:44 | 09/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 232,88 Go (174,24 Go free) # NTFS
# D:\ # Disque CD-ROM # 4,31 Go (0 Mo free) [1984] # CDFS
############################## | Processus actifs |
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Micro Application\LauncherMA.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | C: |
Présent ! D:\autorun.inf
################## | C:\windows |
################## | C:\windows\system32 |
################## | C:\windows\system32\drivers |
################## | C:\Documents and Settings\Hamon\Application Data |
################## | Autres detections ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Présent ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "FirewallOverride"
Présent ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Présent ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.020 ! |
########### [ Option 2 ( Suppression ) ]
▶ Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
▶ Relance "FindyKill" (clic droit "en tant qu'administrateur" pour Vista): au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
▶ Le pc va redémarrer automatiquement ...
▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
▶ Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
▶ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
▶ Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
▶ Relance "FindyKill" (clic droit "en tant qu'administrateur" pour Vista): au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu choisis l'option 2 (suppression) et tape sur [entrée]
▶ Le pc va redémarrer automatiquement ...
▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !
▶ Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
▶ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
############################## | FindyKill V5.020 |
# User : Hamon (Administrateurs) # UTILISAT-AA7485
# Update on 26/11/2009 by Chiquitine29
# Start at: 13:28:14 | 09/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 232,88 Go (174,24 Go free) # NTFS
# D:\ # Disque CD-ROM # 4,31 Go (0 Mo free) [1984] # CDFS
############################## | Processus actifs |
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe
C:\windows\System32\alg.exe
################## | C: |
Supprimé ! D:\"autorun.inf"
################## | C:\windows |
Supprimé ! C:\windows\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## | C:\windows\system32 |
################## | C:\windows\system32\drivers |
################## | C:\Documents and Settings\Hamon\Application Data |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.020 ! |
# User : Hamon (Administrateurs) # UTILISAT-AA7485
# Update on 26/11/2009 by Chiquitine29
# Start at: 13:28:14 | 09/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 232,88 Go (174,24 Go free) # NTFS
# D:\ # Disque CD-ROM # 4,31 Go (0 Mo free) [1984] # CDFS
############################## | Processus actifs |
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe
C:\windows\System32\alg.exe
################## | C: |
Supprimé ! D:\"autorun.inf"
################## | C:\windows |
Supprimé ! C:\windows\Prefetch\WINUPGRO.EXE-17681AA8.pf
################## | C:\windows\system32 |
################## | C:\windows\system32\drivers |
################## | C:\Documents and Settings\Hamon\Application Data |
################## | Autres suppressions ... |
################## | Temporary Internet Files |
################## | Registre / Clés infectieuses |
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | PEH ... |
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # FindyKill V5.020 ! |
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
http://www.cijoint.fr/cjlink.php?file=cj200912/cijWypwV20.txt
http://www.cijoint.fr/cjlink.php?file=cj200912/cijQefrd0C.txt
http://www.cijoint.fr/cjlink.php?file=cj200912/cijQefrd0C.txt
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-287218729-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
:files
C:\Kill'em
C:\Poker
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-287218729-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
:files
C:\Kill'em
C:\Poker
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-287218729-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ not found.
C:\Poker\Titan Poker\casino.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ not found.
File C:\Poker\Titan Poker\casino.exe not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E : value set successfully!
Unable to set value : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E!
Unable to set value : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E!
========== FILES ==========
C:\Kill'em\Quarantine\~0.Kill'em folder moved successfully.
C:\Kill'em\Quarantine folder moved successfully.
C:\Kill'em folder moved successfully.
C:\Poker\Titan Poker\History\TTR40004112\Table folder moved successfully.
C:\Poker\Titan Poker\History\TTR40004112 folder moved successfully.
C:\Poker\Titan Poker\History folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_jacks\classic folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_jacks folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_deuceswild\classic folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_deuceswild folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_4deuceswild folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_25aces\wintable folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_25aces folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\history folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\dialogs folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\coins folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\chat\chat_side folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\chat\chat_bottom folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\chat folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\cards folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\buttons folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\avatars folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\anim folder moved successfully.
C:\Poker\Titan Poker\data\table\topview folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\coins folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\chat\chat_bottom folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\chat folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\buttons folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\anim folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview folder moved successfully.
C:\Poker\Titan Poker\data\table\chat\cards folder moved successfully.
C:\Poker\Titan Poker\data\table\chat folder moved successfully.
C:\Poker\Titan Poker\data\table\anim folder moved successfully.
C:\Poker\Titan Poker\data\table\3d folder moved successfully.
C:\Poker\Titan Poker\data\table folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds\symbols folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds\reelspins folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds\doubleup folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\info folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\doubleup folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\buttons folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\bonusgame folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\animation folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\fonts folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\bonusgame folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\animation folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\symbols folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\reels folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\gamble folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\freespins folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\ambiances folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\info folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\fonts folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\doubleup folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\buttons folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line\fonts folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\symbols folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\reels folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\gamble folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\freespins folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\ambiances folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\info folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\doubleup folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\buttons folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line folder moved successfully.
C:\Poker\Titan Poker\data\slots_bonusbears25line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_bonusbears25line folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\bonusgame folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\betlines folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\animation folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_multiline\buttons folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_multiline folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_jacks folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_deuces folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_4line\buttons folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_4line folder moved successfully.
C:\Poker\Titan Poker\data\shared\ui folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablesigns folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablegames\silver_bright folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablegames\logos folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablegames folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\valleygirl folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\oldtourist folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\olderbusinesswoman folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\mafiaguy folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchman folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchgirl folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\cowboy folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\bond folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\blackdude folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\baseballer folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\dealervoices\numbers folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\dealervoices folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds folder moved successfully.
C:\Poker\Titan Poker\data\shared\slots\lines folder moved successfully.
C:\Poker\Titan Poker\data\shared\slots folder moved successfully.
C:\Poker\Titan Poker\data\shared\options folder moved successfully.
C:\Poker\Titan Poker\data\shared\interface\chat folder moved successfully.
C:\Poker\Titan Poker\data\shared\interface folder moved successfully.
C:\Poker\Titan Poker\data\shared\html\chat\emoticons folder moved successfully.
C:\Poker\Titan Poker\data\shared\html\chat folder moved successfully.
C:\Poker\Titan Poker\data\shared\html folder moved successfully.
C:\Poker\Titan Poker\data\shared\history\cards folder moved successfully.
C:\Poker\Titan Poker\data\shared\history folder moved successfully.
C:\Poker\Titan Poker\data\shared\fonts folder moved successfully.
C:\Poker\Titan Poker\data\shared\doublescreen folder moved successfully.
C:\Poker\Titan Poker\data\shared\dollarball2 folder moved successfully.
C:\Poker\Titan Poker\data\shared\dollarball\sounds folder moved successfully.
C:\Poker\Titan Poker\data\shared\dollarball folder moved successfully.
C:\Poker\Titan Poker\data\shared\coins\tablecoins folder moved successfully.
C:\Poker\Titan Poker\data\shared\coins folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards\videopoker_multiline folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards\textures folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards\poker folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards folder moved successfully.
C:\Poker\Titan Poker\data\shared\buttons folder moved successfully.
C:\Poker\Titan Poker\data\shared\blackjack folder moved successfully.
C:\Poker\Titan Poker\data\shared folder moved successfully.
C:\Poker\Titan Poker\data\roulette_mini\luxury\3d folder moved successfully.
C:\Poker\Titan Poker\data\roulette_mini\luxury folder moved successfully.
C:\Poker\Titan Poker\data\roulette_mini\3d folder moved successfully.
C:\Poker\Titan Poker\data\roulette_mini folder moved successfully.
C:\Poker\Titan Poker\data\roulette00\zoom folder moved successfully.
C:\Poker\Titan Poker\data\roulette00\3d folder moved successfully.
C:\Poker\Titan Poker\data\roulette00 folder moved successfully.
C:\Poker\Titan Poker\data\roulette\zoom folder moved successfully.
C:\Poker\Titan Poker\data\roulette\sounds folder moved successfully.
C:\Poker\Titan Poker\data\roulette\buttons folder moved successfully.
C:\Poker\Titan Poker\data\roulette\3d folder moved successfully.
C:\Poker\Titan Poker\data\roulette folder moved successfully.
C:\Poker\Titan Poker\data\poker_holdem folder moved successfully.
C:\Poker\Titan Poker\data\poker_caribbean folder moved successfully.
C:\Poker\Titan Poker\data\lobby\waitinglist folder moved successfully.
C:\Poker\Titan Poker\data\lobby\tables folder moved successfully.
C:\Poker\Titan Poker\data\lobby\sidegames folder moved successfully.
C:\Poker\Titan Poker\data\lobby\login folder moved successfully.
C:\Poker\Titan Poker\data\lobby\dialogs folder moved successfully.
C:\Poker\Titan Poker\data\lobby\buttons folder moved successfully.
C:\Poker\Titan Poker\data\lobby folder moved successfully.
C:\Poker\Titan Poker\data\blackjack folder moved successfully.
C:\Poker\Titan Poker\data folder moved successfully.
C:\Poker\Titan Poker folder moved successfully.
C:\Poker folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Hamon
->Temp folder emptied: 393047 bytes
->Temporary Internet Files folder emptied: 7534891 bytes
->Java cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 49554 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2804942 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 10,41 mb
OTL by OldTimer - Version 3.1.12.0 log created on 12092009_221426
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-287218729-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ not found.
C:\Poker\Titan Poker\casino.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49783ED4-258D-4f9f-BE11-137C18D3E543}\ not found.
File C:\Poker\Titan Poker\casino.exe not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E : value set successfully!
Unable to set value : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E!
Unable to set value : HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E!
========== FILES ==========
C:\Kill'em\Quarantine\~0.Kill'em folder moved successfully.
C:\Kill'em\Quarantine folder moved successfully.
C:\Kill'em folder moved successfully.
C:\Poker\Titan Poker\History\TTR40004112\Table folder moved successfully.
C:\Poker\Titan Poker\History\TTR40004112 folder moved successfully.
C:\Poker\Titan Poker\History folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_jacks\classic folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_jacks folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_deuceswild\classic folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_deuceswild folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_4deuceswild folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_25aces\wintable folder moved successfully.
C:\Poker\Titan Poker\data\videopoker_25aces folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\history folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\dialogs folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\coins folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\chat\chat_side folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\chat\chat_bottom folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\chat folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\cards folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\buttons folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\avatars folder moved successfully.
C:\Poker\Titan Poker\data\table\topview\anim folder moved successfully.
C:\Poker\Titan Poker\data\table\topview folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\coins folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\chat\chat_bottom folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\chat folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\buttons folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview\anim folder moved successfully.
C:\Poker\Titan Poker\data\table\smallview folder moved successfully.
C:\Poker\Titan Poker\data\table\chat\cards folder moved successfully.
C:\Poker\Titan Poker\data\table\chat folder moved successfully.
C:\Poker\Titan Poker\data\table\anim folder moved successfully.
C:\Poker\Titan Poker\data\table\3d folder moved successfully.
C:\Poker\Titan Poker\data\table folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds\symbols folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds\reelspins folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds\doubleup folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\info folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\doubleup folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\buttons folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_wildspirit20line folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\bonusgame folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line\animation folder moved successfully.
C:\Poker\Titan Poker\data\slots_millionaireslane20line folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\fonts folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\bonusgame folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line\animation folder moved successfully.
C:\Poker\Titan Poker\data\slots_lotto20line folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\symbols folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\reels folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\gamble folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\freespins folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds\ambiances folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\info folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\fonts folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\doubleup folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\buttons folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_greatblue25line folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line\fonts folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_geishastory15line folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\symbols folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\reels folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\gamble folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\freespins folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds\ambiances folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\info folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\doubleup folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\buttons folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line\bonus folder moved successfully.
C:\Poker\Titan Poker\data\slots_diamondvalley20line folder moved successfully.
C:\Poker\Titan Poker\data\slots_bonusbears25line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_bonusbears25line folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\wintable folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\sounds folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\bonusgame folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\betlines folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line\animation folder moved successfully.
C:\Poker\Titan Poker\data\slots_beachlife20line folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_multiline\buttons folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_multiline folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_jacks folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_deuces folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_4line\buttons folder moved successfully.
C:\Poker\Titan Poker\data\shared\videopoker_4line folder moved successfully.
C:\Poker\Titan Poker\data\shared\ui folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablesigns folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablegames\silver_bright folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablegames\logos folder moved successfully.
C:\Poker\Titan Poker\data\shared\tablegames folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\valleygirl folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\oldtourist folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\olderbusinesswoman folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\mafiaguy folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchman folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\frenchgirl folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\cowboy folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\bond folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\blackdude folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds\baseballer folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\playersounds folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\dealervoices\numbers folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds\dealervoices folder moved successfully.
C:\Poker\Titan Poker\data\shared\sounds folder moved successfully.
C:\Poker\Titan Poker\data\shared\slots\lines folder moved successfully.
C:\Poker\Titan Poker\data\shared\slots folder moved successfully.
C:\Poker\Titan Poker\data\shared\options folder moved successfully.
C:\Poker\Titan Poker\data\shared\interface\chat folder moved successfully.
C:\Poker\Titan Poker\data\shared\interface folder moved successfully.
C:\Poker\Titan Poker\data\shared\html\chat\emoticons folder moved successfully.
C:\Poker\Titan Poker\data\shared\html\chat folder moved successfully.
C:\Poker\Titan Poker\data\shared\html folder moved successfully.
C:\Poker\Titan Poker\data\shared\history\cards folder moved successfully.
C:\Poker\Titan Poker\data\shared\history folder moved successfully.
C:\Poker\Titan Poker\data\shared\fonts folder moved successfully.
C:\Poker\Titan Poker\data\shared\doublescreen folder moved successfully.
C:\Poker\Titan Poker\data\shared\dollarball2 folder moved successfully.
C:\Poker\Titan Poker\data\shared\dollarball\sounds folder moved successfully.
C:\Poker\Titan Poker\data\shared\dollarball folder moved successfully.
C:\Poker\Titan Poker\data\shared\coins\tablecoins folder moved successfully.
C:\Poker\Titan Poker\data\shared\coins folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards\videopoker_multiline folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards\textures folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards\poker folder moved successfully.
C:\Poker\Titan Poker\data\shared\cards folder moved successfully.
C:\Poker\Titan Poker\data\shared\buttons folder moved successfully.
C:\Poker\Titan Poker\data\shared\blackjack folder moved successfully.
C:\Poker\Titan Poker\data\shared folder moved successfully.
C:\Poker\Titan Poker\data\roulette_mini\luxury\3d folder moved successfully.
C:\Poker\Titan Poker\data\roulette_mini\luxury folder moved successfully.
C:\Poker\Titan Poker\data\roulette_mini\3d folder moved successfully.
C:\Poker\Titan Poker\data\roulette_mini folder moved successfully.
C:\Poker\Titan Poker\data\roulette00\zoom folder moved successfully.
C:\Poker\Titan Poker\data\roulette00\3d folder moved successfully.
C:\Poker\Titan Poker\data\roulette00 folder moved successfully.
C:\Poker\Titan Poker\data\roulette\zoom folder moved successfully.
C:\Poker\Titan Poker\data\roulette\sounds folder moved successfully.
C:\Poker\Titan Poker\data\roulette\buttons folder moved successfully.
C:\Poker\Titan Poker\data\roulette\3d folder moved successfully.
C:\Poker\Titan Poker\data\roulette folder moved successfully.
C:\Poker\Titan Poker\data\poker_holdem folder moved successfully.
C:\Poker\Titan Poker\data\poker_caribbean folder moved successfully.
C:\Poker\Titan Poker\data\lobby\waitinglist folder moved successfully.
C:\Poker\Titan Poker\data\lobby\tables folder moved successfully.
C:\Poker\Titan Poker\data\lobby\sidegames folder moved successfully.
C:\Poker\Titan Poker\data\lobby\login folder moved successfully.
C:\Poker\Titan Poker\data\lobby\dialogs folder moved successfully.
C:\Poker\Titan Poker\data\lobby\buttons folder moved successfully.
C:\Poker\Titan Poker\data\lobby folder moved successfully.
C:\Poker\Titan Poker\data\blackjack folder moved successfully.
C:\Poker\Titan Poker\data folder moved successfully.
C:\Poker\Titan Poker folder moved successfully.
C:\Poker folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Hamon
->Temp folder emptied: 393047 bytes
->Temporary Internet Files folder emptied: 7534891 bytes
->Java cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 49554 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2804942 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 10,41 mb
OTL by OldTimer - Version 3.1.12.0 log created on 12092009_221426
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3337
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/12/2009 08:47:38
mbam-log-2009-12-10 (08-47-38).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 157301
Temps écoulé: 22 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Version de la base de données: 3337
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/12/2009 08:47:38
mbam-log-2009-12-10 (08-47-38).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 157301
Temps écoulé: 22 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
