Sujet Précédent Sujet Suivant

Infection malware

Fermé
mokytiti - 8 déc. 2009 à 16:37
 Utilisateur anonyme - 16 déc. 2009 à 13:46
Bonjour,

mon ordi bloque en permanence les antivirus ne trouve rien même la frappe est à retardement
merci de votre aide!!!
A voir également:

17 réponses

Réponse 1 / 17
Utilisateur anonyme
12 déc. 2009 à 23:24
c est bon tu peux le supprimer

▶ Télécharge :ATF Cleaner par Atribune

Double-clique (clic droit "en tant qu'administrateur" pour Vista) ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected
Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected a
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité.
Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invité.
Clique Exit, du menu prinicipal, afin de fermer le programme.
Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

__________________________________________________

Tu peux garder ATF pour d'eventuels netttoyages un peu plus poussés
__________________________________________________

▶---> Télécharge ToolsCleaner2sur ton Bureau.
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
________________________________________________

Tu peux supprimer ToolCleaner
_________________________________________________

▶ Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :

* Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse
* Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman)
__________________________________________________

Attention : ne pas toucher au PC pendant qu'il travaille !

▶ Nettoyage et Défragmentation de tes Disques

*Nettoyage :

Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général"
Cliques sur le bouton "nettoyage de disque", OK
tu le fais pour chacun de tes disques
________________________________________________

*Vérifications des erreurs :

Clic droit sur "poste de travail"(ordinateur pour vista) ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil"
"Vérifier maintenant", une boîte s'ouvre, cocher les cases :
-réparer automatiquement les erreurs...
-rechercher et tenter une récupération...

--->Démarrer, ok
Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal
tu le fais pour chacun de tes disques
________________________________________________

ensuite toujours dans le même onglet tu choisis :

*Défragmentation :
"défragmenter maintenant", OK
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK
tu le fais pour chacun de tes disques
_______________________________________________

Note : si tu as un utilitaire pour défragmenter , utilises le à la place

pour ce faire Defraggler est proposé
_________________________________________________

▶ Peux-tu vérifier ta Console Java ? :

et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version).

voici pour desinstaller :

JavaRa

Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa.
* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Choisis Français puis clique sur Select.
* Clique sur Recherche de mises à jour.
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
* Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
* Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
* Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
* Ferme l'application.

Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

_________________________________________________

▶ Mets à jour Adobe Reader si ce n'est pas le cas (désinstalle avant la version antérieure)
__________________________________________________

▶ Je te conseille si tu n en as pas , afin de mieux securiser ton pc , d'installer un parefeu :

Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

https://www.commentcamarche.net/telecharger/securite/16545-online-armor-personal-firewall/
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/securite/24863-zonealarm/
___________________________________________________

▶ Tu peux aussi vider ta corbeille,quoi que Ccleaner le fasse tout seul
_____________________________________________________

▶ Si nous avons utilisé MalwareByte's Anti-Malware , vide sa quarantaine :

* Lance le programme puis clique sur <Quarantaine>.
* Sélectionne tous les éléments puis clique sur <supprimer>.
* Quitte le programme.
______________________________________________________

si tu as installé Antivir :

Configuration
________________________________________________________

▶ Idem pour ton antivirus : vide sa quarantaine si ce n'est pas déjà fait
______________________________________________________

▶ Désactive et réactive la restauration de système, pour cela : suis les instructions du lien :

Lien XP

Lien Vista

Sitôt fait , recrées un point de restoration dit "sain" pour parer à quelques eventuels problêmes dans le futur
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Quelques conseils et recommandations pour l'avenir :

▶ Passe un coup de MalwareByte's Anti-Malware de temps en temps (1 fois par semaine , suivant l'utilisation que tu fais de ton PC.
▶ Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser.
* Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise))
_____________

▶ Pour bien protéger ton PC :
[1 seul Antivirus] + [1 seul Pare feu] + [Un bon Antispyware avec immunisation] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows et Windows live Messenger)]

Je te conseille d'installer cette extension pour Firefox pour securiser ton surf : WOT
Je te conseille d'installer cette extension pour Internet Explorer pour securiser ton surf : WOT

PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect....
Les virus utilisent les failles de ton PC pour infecter un système

dans le souhait de vouloir desinstaller un antivirus au profit d'un autre , voici quelques liens :

Desinstaller Avast
Desinstaller BitDefender
Desinstaller Norton
Desinstaller Kaspersky
Desinstaller AVG

ou tout en un :

Désinstallation Antivirus , Parefeu , Antispyware
_____________

Si tu as Vista n'oublie pas de réactiver le controle des comptes des utilisateurs(UAC)
___________

Si tu as Spybot S&D et que nous avons desactive le "Tea-timer" tu peux le réactiver
___________

si nous avons affiché les fichiers cachés , n'oublies pas de les remettre en attribut "caché"

▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Décoche Afficher les fichiers et dossiers cachés
* - coche Masquer les extensions des fichiers dont le type est connu
* - coche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.
____________


Voila,

Bonne lecture, à bientot , une fois tout ceci fait,

tu peux mettre le topic en resolu

Bonne continuation et surtout , prudence et bon surf :)

1
mokytiti
12 déc. 2009 à 23:49
waou!!! merci je me met au taf de suite!!!
à bientôt
0
mokytiti
13 déc. 2009 à 00:09
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Qoobox: trouvé !
C:\FindyKill: trouvé !
C:\Documents and Settings\thierry\Bureau\sécu\hijackthis.log: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\thierry\Bureau\sécu\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Qoobox: supprimé !
C:\FindyKill: supprimé !
C:\Program Files\Ad-remover: supprimé !

Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !

MERCIje continu
0
Réponse 2 / 17
Utilisateur anonyme
8 déc. 2009 à 16:43
salut je repasse plus tard:

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

▶ double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

un rapport du nom de catchme apparait sur ton bureau , ignore-le , mais ne le supprime pas pour l instant

▶ Poste le contenu du rapport qui s'ouvre



0
Réponse 3 / 17
mokytiti
8 déc. 2009 à 18:37
List'em by g3n-h@ckm@n 1.1.3.1

Thx to Chiquitine29.....& CCM team

User : thierry (Administrateurs) # ARCHIBALD
Update on 08/12/2009 by g3n-h@ckm@n ::::: 12:30
Start at: 16:51:07 | 08/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 2.93GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506

C:\ -> Disque fixe local | 149,05 Go (86,93 Go free) [436352] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 1244
C:\WINDOWS\system32\csrss.exe 1292
C:\WINDOWS\system32\winlogon.exe 1320
C:\WINDOWS\system32\services.exe 1364
C:\WINDOWS\system32\lsass.exe 1376
C:\WINDOWS\system32\Ati2evxx.exe 1540
C:\WINDOWS\system32\svchost.exe 1568
C:\WINDOWS\system32\svchost.exe 1780
C:\WINDOWS\System32\svchost.exe 1904
C:\WINDOWS\system32\svchost.exe 412
C:\WINDOWS\system32\spoolsv.exe 636
C:\WINDOWS\system32\svchost.exe 1192
C:\Program Files\a-squared Free\a2service.exe 1508
C:\WINDOWS\system32\Ati2evxx.exe 1592
C:\WINDOWS\Explorer.EXE 1712
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1844
C:\WINDOWS\system32\drivers\CDAC11BA.EXE 2020
C:\WINDOWS\System32\svchost.exe 168
C:\Program Files\Java\jre6\bin\jqs.exe 344
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 436
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 504
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 948
C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe 984
C:\WINDOWS\system32\SearchIndexer.exe 1096
C:\WINDOWS\system32\fxssvc.exe 1720
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe 852
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe 1856
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe 2220
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 2344
C:\WINDOWS\system32\ctfmon.exe 2472
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 2644
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 2748
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2060
C:\WINDOWS\System32\alg.exe 2504
C:\WINDOWS\system32\svchost.exe 3624
C:\WINDOWS\system32\SearchProtocolHost.exe 3412
C:\WINDOWS\system32\SearchFilterHost.exe 4496
C:\DOCUME~1\thierry\LOCALS~1\Temp\Répertoire temporaire 1 pour List_Killem.zip\List_Kill'em.exe 5168
C:\WINDOWS\system32\cmd.exe 5528
C:\WINDOWS\system32\wbem\wmiprvse.exe 5724
C:\Documents and Settings\thierry\Local Settings\temp\106.tmp\pv.exe 1036

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Connexion SFR 9props.exe REG_SZ "C:\Program Files\SFR\Kit\9props.exe" /trayicon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
SoundMax REG_SZ "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
ProfilerU REG_SZ C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
SaiMfd REG_SZ C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
DisableRegistryTools REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
ClearRecentDocsOnExit REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDrives REG_DWORD 0 (0x0)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 383 (0x17f)
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)
NoDrives REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Sony Ericsson\Update Service\Update Service.exe REG_SZ C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe REG_SZ C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials
C:\Program Files\Hercules\DualPix Exchange\ControlUI.exe REG_SZ C:\Program Files\Hercules\DualPix Exchange\ControlUI.exe:*:Enabled:Hercules Zoom Controller Main Application
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Disabled:eMule
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Hercules\DualPix Exchange\Station2.exe REG_SZ C:\Program Files\Hercules\DualPix Exchange\Station2.exe:*:Enabled:Hercules Webcam Station Evolution SE
C:\Program Files\Hercules\DualPix Exchange\CamService.exe REG_SZ C:\Program Files\Hercules\DualPix Exchange\CamService.exe:*:Enabled:Zoom Controller
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live FolderShare
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox
C:\Documents and Settings\thierry\Application Data\U3\0000060514086613\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe REG_SZ C:\Documents and Settings\thierry\Application Data\U3\0000060514086613\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ about:blank

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ about:blank

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
149 Go total, 86,93 Go libre (58%), 3% fragmenté (fragmentation du fichier 6%)

Il ne vous est pas nécessaire de défragmenter ce volume.

==========
Programs
==========

a-squared Free
Adobe
Ahead
Analog Devices
ArcSoft
AvRack
bfgclient
Bonjour
Build-a-lot 3 - Passport to Europe
Canon
CAPCOM
CCleaner
ComPlus Applications
Conduit
Defraggler
Dictionnaire
directx
DVD Shrink
eMule
Fichiers communs
FileZilla FTP Client
Foxit Software
Free Audio Pack
Fujitsu
Google
GRISOFT
Hercules
Infogrames
InstallShield Installation Information
Internet Explorer
InterVideo
Java
JoWood
Kalypso
Kaspersky Lab
Le Gang de Dillinger
Les Chasseurs de Tresor - Reves d'Or
Malwarebytes' Anti-Malware
Maxis
Megastore Madness
Mes Jeux Téléchargés
Messenger
Micro Application
Microids
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Games
Microsoft Games for Windows - LIVE
Microsoft Office
Microsoft Publisher
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Works
Mindscape
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
MySpace
Mystery Stories - Berlin Nights
Nero
NETGEAR
NetMeeting
NoteWorthy Composer
Oberon Media
Online Services
Orange
Outlook Express
QuickTime
Raccourcis de programmes
Realtek AC97
Realtek Sound Manager
Reference Assemblies
ReflexiveArcade
Riven
RngInterstitial.dll
Saitek
ScanSoft
Services en ligne
SFR
Shockwave.com
Sibelius Software
SmartFTP Client 3.0 Setup Files
Sony
Sony Ericsson
SpywareBlaster
The Adventure Company
The Mystery Of The Crystal Portal
The Rosetta Stone
Ubi Soft
UBISOFT
Uninstall Information
Utilitaire de gestion du LAN Wifi IEEE 802.11g
VideoLAN
Windows Desktop Search
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WMV9_VCM
xerox
Yahoo!
Ye Olde Sandwich Shoppe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\WINDOWS\iun6002.exe
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\System32\ot.ico
C:\WINDOWS\System32\SET4A.tmp
C:\WINDOWS\System32\SET4C.tmp
C:\WINDOWS\System32\SET51.tmp
C:\WINDOWS\System32\SET58.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET61.tmp
C:\WINDOWS\System32\SET62.tmp
C:\WINDOWS\System32\SET63.tmp
C:\WINDOWS\System32\SET66.tmp
C:\WINDOWS\System32\ts.ico
C:\Documents and Settings\thierry\Application Data\HbTools_Icons

¤¤¤¤¤¤¤¤¤¤ Keys :

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKLM\SOFTWARE\Classes\AppID\adm.exe

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 16:54:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...
voilà le contenu merci d'avance

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤)
0
Réponse 4 / 17
Utilisateur anonyme
8 déc. 2009 à 20:10
▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

ensuite ;


▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
mokytiti
9 déc. 2009 à 00:17
et hop ça c'est fait dans lattente de tes conseils
merci

======= RAPPORT D'AD-REMOVER 1.1.4.6_E | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 07.12.2009 à 21:14
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 23:47:44, 08/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: ARCHIBALD | Utilisateur actuel: thierry
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.


(!) -- Fichiers temporaires supprimés.

.
HKLM\Software\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
HKLM\software\GamesBarSetup
HKLM\Software\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKLM\Software\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
.
HKCU\..\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (Clé de registre orpheline)
HKCU\..\Toolbar\ShellBrowser\\{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} (Clé de registre orpheline)
HKCU\..\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} (Clé de registre orpheline)
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
Nom du profil: w10o8sid.default (thierry)
.
(thierry, prefs.js) Browser.download.lastDir, C:\Documents and Settings\thierry\Bureau
(thierry, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: 36253b3702bac901
Start Page Redirect Cache AcceptLangs: fr
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
.
===================================
.
2934 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
0 Fichier(s) - C:\DOCUME~1\thierry\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 0:00:27 | 09/12/2009 - CLEAN[1]
.
0
Réponse 6 / 17
Utilisateur anonyme
9 déc. 2009 à 06:27
ok desinstalle AD-Remover , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse
0
Réponse 7 / 17
mokytiti
9 déc. 2009 à 14:30
ça c'est fait qu'en penses tu ?
merci...

Kill'em by g3n-h@ckm@n 1.1.3.1

User : thierry (Administrateurs) # ARCHIBALD
Update on 08/12/2009 by g3n-h@ckm@n ::::: 12:30
Start at: 13:49:27 | 09/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 2.93GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506

C:\ -> Disque fixe local | 149,05 Go (86,59 Go free) [436352] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 1112
C:\WINDOWS\system32\csrss.exe 1292
C:\WINDOWS\system32\winlogon.exe 1352
C:\WINDOWS\system32\services.exe 1396
C:\WINDOWS\system32\lsass.exe 1408
C:\WINDOWS\system32\Ati2evxx.exe 1564
C:\WINDOWS\system32\svchost.exe 1580
C:\WINDOWS\system32\svchost.exe 1800
C:\WINDOWS\System32\svchost.exe 1924
C:\WINDOWS\system32\svchost.exe 452
C:\WINDOWS\system32\spoolsv.exe 776
C:\WINDOWS\system32\svchost.exe 1268
C:\Program Files\a-squared Free\a2service.exe 1296
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1608
C:\WINDOWS\system32\drivers\CDAC11BA.EXE 1644
C:\WINDOWS\System32\svchost.exe 1596
C:\Program Files\Java\jre6\bin\jqs.exe 1852
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 1912
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2028
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 220
C:\WINDOWS\system32\SearchIndexer.exe 524
C:\WINDOWS\system32\Ati2evxx.exe 2324
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe 2868
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe 2920
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe 2952
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 2968
C:\WINDOWS\system32\ctfmon.exe 3092
C:\Program Files\SFR\Kit\9props.exe 3180
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 3224
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 3232
C:\WINDOWS\system32\wbem\wmiapsrv.exe 840
C:\WINDOWS\System32\alg.exe 2436
C:\WINDOWS\explorer.exe 3120
C:\WINDOWS\system32\notepad.exe 3412
C:\WINDOWS\system32\svchost.exe 3732
C:\WINDOWS\system32\wuauclt.exe 1824
C:\DOCUME~1\thierry\LOCALS~1\Temp\Répertoire temporaire 2 pour List_Killem.zip\List_Kill'em.exe 2388
C:\WINDOWS\system32\cmd.exe 812
C:\WINDOWS\system32\wbem\wmiprvse.exe 3152
C:\Documents and Settings\thierry\Local Settings\temp\55.tmp\pv.exe 488

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
"C:\WINDOWS\iun6002.exe"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\system32\MSINET.oca"
"C:\WINDOWS\System32\ot.ico"
C:\WINDOWS\System32\SET4A.tmp
C:\WINDOWS\System32\SET4C.tmp
C:\WINDOWS\System32\SET51.tmp
C:\WINDOWS\System32\SET58.tmp
C:\WINDOWS\System32\SET5A.tmp
C:\WINDOWS\System32\SET61.tmp
C:\WINDOWS\System32\SET62.tmp
C:\WINDOWS\System32\SET63.tmp
C:\WINDOWS\System32\SET66.tmp
"C:\WINDOWS\System32\ts.ico"
"C:\Documents and Settings\thierry\Application Data\HbTools_Icons"


¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

HbTools_Icons.Kill'em
hosts.msn.Kill'em
iun6002.exe.Kill'em
MSINET.oca.Kill'em
ot.ico.Kill'em
QTSBandwidthCache.Kill'em
SET4A.tmp.Kill'em
SET4C.tmp.Kill'em
SET51.tmp.Kill'em
SET58.tmp.Kill'em
SET5A.tmp.Kill'em
SET61.tmp.Kill'em
SET62.tmp.Kill'em
SET63.tmp.Kill'em
SET66.tmp.Kill'em
ts.ico.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKLM\SOFTWARE\Classes\AppID\adm.exe

============
Disk Cleaned
============

================
Prefetch cleaned :
================

layout.ini
NTOSBOOT-B00DFAAD.pf



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 8 / 17
Utilisateur anonyme
9 déc. 2009 à 14:37
du bien....

########### [ Option 1 ( Recherche ) ]


▶ Télécharge FindyKill de Chiquitine29 sur ton bureau :

http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe

! Déconnecte toi et ferme toutes applications en cours !

▶ Double clique (clic droit "en tant qu'administrateur" pour Vista) sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

▶ Double-clique (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
mokytiti
9 déc. 2009 à 18:47
voici donc le rapport
merci de ton aide


############################## | FindyKill V5.020 |

# User : thierry (Administrateurs) # ARCHIBALD
# Update on 26/11/2009 by Chiquitine29
# Start at: 15:12:36 | 09/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Pentium(R) 4 CPU 2.93GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | Updated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506

# C:\ # Disque fixe local # 149,05 Go (86,59 Go free) [436352] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM # 5,49 Mo (0 Mo free) [U3 System] # CDFS
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible
# K:\ # Disque amovible # 483,56 Mo (432,94 Mo free) # FAT
# L:\ # Disque CD-ROM # 5,49 Mo (0 Mo free) [U3 System] # CDFS
# M:\ # Disque amovible # 483,56 Mo (332,06 Mo free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

Présent ! E:\autorun.inf
Présent ! L:\autorun.inf

################## | C:\WINDOWS |


################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\DOCUME~1\thierry\APPLIC~1 |


################## | Autres detections ... |

################## | Temporary Internet Files |


################## | Registre / Clés infectieuses |

Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Présent ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Présent ! [HKLM\software\microsoft\security center] "FirewallOverride"
Présent ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Présent ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |

"C:\Sun\SDK\jdk\bin\serialver.exe"
05/12/2009 23:54 |Size 27648 |Crc32 903136e7 |Md5 7f3a4bccaad709db55e1d4db3defca57


################## | ! Fin du rapport # FindyKill V5.020 ! |
0
Réponse 9 / 17
Utilisateur anonyme
9 déc. 2009 à 19:26
########### [ Option 2 ( Suppression ) ]



▶ Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .

▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

▶ Relance "FindyKill" (clic droit "en tant qu'administrateur" pour Vista): au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

▶ Le pc va redémarrer automatiquement ...

▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

▶ Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

▶ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide
0
mokytiti
10 déc. 2009 à 00:38
hey Gen!

j'ai eu chaud cette foisécran noir pc bloqué puis démarage avec un message "lace the the disk and valide press any key"
sauf que rien à faire à chaque "entré" toujours ce même message malgré les redémarages et c'est en débranchant un port usb 2.0 alimenté sur lequel se trouve mes clés usb que le pc est reparti une fois redémaré je l'ai rebranché avant le processus de findykill j'espère que cela c'est bien passé, merci de m'expliquer un peu voici donc le rapport :

############################## | FindyKill V5.020 |

# User : thierry (Administrateurs) # ARCHIBALD
# Update on 26/11/2009 by Chiquitine29
# Start at: 22:45:37 | 09/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# Intel(R) Pentium(R) 4 CPU 2.93GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | Updated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506

# C:\ # Disque fixe local # 149,05 Go (86,71 Go free) [436352] # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

Supprimé ! E:\"autorun.inf"
Supprimé ! L:\"autorun.inf"

################## | C:\WINDOWS |

Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf

################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\thierry\Application Data |


################## | Autres suppressions ... |

################## | Temporary Internet Files |


################## | Registre / Clés infectieuses |

Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "AntiVirusOverride"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallDisableNotify"
Supprimé ! [HKLM\software\microsoft\security center] "FirewallOverride"
Supprimé ! [HKLM\software\microsoft\security center] "UpdatesDisableNotify"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"

################## | Etat / Services / Informations |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |


################## | Cracks / Keygens / Serials |

"C:\Sun\SDK\jdk\bin\serialver.exe"
05/12/2009 23:54 |Size 27648 |Crc32 903136e7 |Md5 7f3a4bccaad709db55e1d4db3defca57


################## | ! Fin du rapport # FindyKill V5.020 ! |
0
Réponse 10 / 17
Utilisateur anonyme
10 déc. 2009 à 11:35
relance findykill , option desinstallation
desinstalle AD-Remover

Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt".
0
mokytiti
10 déc. 2009 à 16:03
c'est fait merci :

http://www.cijoint.fr/cjlink.php?file=cj200912/cijqAQjjJQ.txt



http://www.cijoint.fr/cjlink.php?file=cj200912/cijGm8YBx8.txt


j'espère que cela convient!

ps : peux tu me dire pourquoi cette manoeuvre merci.
0
Réponse 11 / 17
Utilisateur anonyme
10 déc. 2009 à 16:17
afin de virer les infections visibles restantes

que contiennent cvces dossiers ?

C:\Documents and Settings\thierry\.asadminpass
C:\Documents and Settings\thierry\.asadmintruststore

========================================
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\info147.sys

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
=================================================
▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\RunOnce: [] File not found
O4 - Startup: C:\Documents and Settings\fabienne\Menu Démarrer\Programmes\Démarrage\is-849MF.lnk = C:\Documents and Settings\thierry\Bureau\Virus Removal Tool2\is-849MF\startup.exe File not found
O4 - Startup: C:\Documents and Settings\fabienne\Menu Démarrer\Programmes\Démarrage\is-I8VKL.lnk = C:\Documents and Settings\thierry\Bureau\Virus Removal Tool1\is-I8VKL\startup.exe File not found
O4 - Startup: C:\Documents and Settings\fabienne\Menu Démarrer\Programmes\Démarrage\is-T5GTO.lnk = C:\Documents and Settings\thierry\Bureau\Virus Removal Tool\is-T5GTO\startup.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3705982474-3327753332-3805873517-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EBA4934
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE30352
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5DAEF21
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88B61AC3
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6CCB309
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DAFD38AE
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81405BF2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CD562B4
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0B46F67
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37CE0F2E
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE253B51
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95A5DD8D
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:580E04D8
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6683E95
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8A7F3FF
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4242D29
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB48E5A3
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7A4D14E
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:949483BD
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:523B97A0
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:895C5142
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61E5F0F7
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:517B507A
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F52A6209
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E07230CC
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A6E2216
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F0FFF8
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F384CF4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AE32E5
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FBFC061F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA2FBCA1
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA92F7C7
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84512B49
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F851032E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFCCC46E
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1713795
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1CCF2C1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AC7B784
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48070A48
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A459A2A
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:007D45CF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C946DB94
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC38C00C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C270C64
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37994DBE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6D027BB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5D4F1EB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C48D4F24
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:426796C0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F21CB906
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFBB0142
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AD7DE94
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E2D3F65
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77D98D08
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69BBEE29
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26946BE8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB3187E
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D31DA45
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF794BCD
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282CC2B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54F41DDA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:471AD3D0
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:417F5F46
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20DB61D6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AE6CC6C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9EEB760
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B093E177
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:753B0F80
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF2BD09
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:097FF903
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AB338B9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F58D818
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB603FE4
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D431AA5F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0A7408F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:970A6A7C
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F85EE30
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:35C78DCC
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C391C5CC
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFAD7A5D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:780A453A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70B3C619
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BD4D405
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3064D21D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FF4577A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DB021CF7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90E8309
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EEC29FB
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797573FF
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:667565EE
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C826C73
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38849DE5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00F7B10F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E225C3B9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59286A3A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C5BC70E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8AD7B8D
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D56A18C8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0B6888E
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:838FECBF
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C66F780
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A8F8A0C
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:462F5905
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3447AB86
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9D3C16C7
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:437B9941
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1794697E
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D525A14E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:68B56C9C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6641B59F
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5CE0D2E5
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:49EB0FDC
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:28DB0DC4
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECC979BD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6A1EE83
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDCD0530
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95775248
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:375A40C3
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:293ADB24
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162E02F7
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65D490F
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D644D3DF
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D26DD363
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77E2CEE9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70F0A2F4
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57EE48CA
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B90C7652
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89E1BAF5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E656ECE
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D0DF80F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:052A05A1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB2A7E51
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD727397
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2B9AD4B
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A0C7D68A
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B212553
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5856B2C0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:537F2522
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B1330FD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0BF96601
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB7EE4AE
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6BDE53F
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B14B4A95
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63F8EC77
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:575736B9
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47408F84
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:31080D0E
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2ABEB9EB
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FF8F1AE3
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DDC74062
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1361E51
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFE0B346
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:912389B7
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74699137
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35AE645
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C77DCC63
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AD417ED
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A0829E0
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43C9D140
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CB8D545
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10B7A752
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B902F888
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52E1DB1D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD874E14
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C841C093
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4363DE71
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09CD1DC6
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52E3B819
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50DD4118
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43D34EF3
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162D3733
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9EDE5FA
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D708EEF9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6DD2C7E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:459B4633
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:444C53BA
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BCA993F
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18AE7C5A
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13DFF3FB
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12C32D25
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08677BDD
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6B9E5A3
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:994AEA06
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:938EC881
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76987FE5
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8B96619
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86148D88
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FC64998
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


:files
C:\Kill'em
C:\Documents and Settings\thierry\Bureau\List_Killem.zip
C:\WINDOWS\is-43NJC.exe
C:\WINDOWS\is-43NJC.msg
C:\WINDOWS\is-43NJC.lst
C:\Documents and Settings\fabienne\Application Data\.#
C:\Documents and Settings\fabienne\Application Data\HbTools_Icons

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.
0
mokytiti
10 déc. 2009 à 17:54
Fichier info147.sys reçu le 2009.12.10 15:57:24 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.10 -
AhnLab-V3 5.0.0.2 2009.12.10 -
AntiVir 7.9.1.102 2009.12.10 -
Antiy-AVL 2.0.3.7 2009.12.10 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.10 -
AVG 8.5.0.426 2009.12.10 -
BitDefender 7.2 2009.12.10 -
CAT-QuickHeal 10.00 2009.12.10 -
ClamAV 0.94.1 2009.12.10 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.10 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7168 2009.12.10 -
F-Prot 4.5.1.85 2009.12.10 -
F-Secure 9.0.15370.0 2009.12.10 -
Fortinet 4.0.14.0 2009.12.10 -
GData 19 2009.12.10 -
Ikarus T3.1.1.74.0 2009.12.10 -
Jiangmin 13.0.900 2009.12.10 -
K7AntiVirus 7.10.917 2009.12.10 -
Kaspersky 7.0.0.125 2009.12.10 -
McAfee 5827 2009.12.09 -
McAfee+Artemis 5827 2009.12.09 -
McAfee-GW-Edition 6.8.5 2009.12.10 -
Microsoft 1.5302 2009.12.10 -
NOD32 4676 2009.12.10 -
Norman 6.04.03 2009.12.10 -
nProtect 2009.1.8.0 2009.12.10 -
Panda 10.0.2.2 2009.12.10 -
PCTools 7.0.3.5 2009.12.10 -
Prevx 3.0 2009.12.10 -
Rising 22.25.03.09 2009.12.10 -
Sophos 4.48.0 2009.12.10 -
Sunbelt 3.2.1858.2 2009.12.10 -
Symantec 1.4.4.12 2009.12.10 -
TheHacker 6.5.0.2.089 2009.12.10 -
TrendMicro 9.100.0.1001 2009.12.10 -
VBA32 3.12.12.0 2009.12.10 -
ViRobot 2009.12.10.2081 2009.12.10 -
VirusBuster 5.0.21.0 2009.12.09 -
Information additionnelle
File size: 4 bytes
MD5...: bf1b743c1ad793dd3f94d3932458fd8b
SHA1..: f2cdb27b132fb662bb3159ef8b4d90168f34cc90
SHA256: c2d87fa2935d89c1eda5dd9d6b40e5abc936fdcb65df79813cd49ccd8a9f5c0b
ssdeep: 3:3U:k<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Unknown!

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.10 -
AhnLab-V3 5.0.0.2 2009.12.10 -
AntiVir 7.9.1.102 2009.12.10 -
Antiy-AVL 2.0.3.7 2009.12.10 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.10 -
AVG 8.5.0.426 2009.12.10 -
BitDefender 7.2 2009.12.10 -
CAT-QuickHeal 10.00 2009.12.10 -
ClamAV 0.94.1 2009.12.10 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.10 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7168 2009.12.10 -
F-Prot 4.5.1.85 2009.12.10 -
F-Secure 9.0.15370.0 2009.12.10 -
Fortinet 4.0.14.0 2009.12.10 -
GData 19 2009.12.10 -
Ikarus T3.1.1.74.0 2009.12.10 -
Jiangmin 13.0.900 2009.12.10 -
K7AntiVirus 7.10.917 2009.12.10 -
Kaspersky 7.0.0.125 2009.12.10 -
McAfee 5827 2009.12.09 -
McAfee+Artemis 5827 2009.12.09 -
McAfee-GW-Edition 6.8.5 2009.12.10 -
Microsoft 1.5302 2009.12.10 -
NOD32 4676 2009.12.10 -
Norman 6.04.03 2009.12.10 -
nProtect 2009.1.8.0 2009.12.10 -
Panda 10.0.2.2 2009.12.10 -
PCTools 7.0.3.5 2009.12.10 -
Prevx 3.0 2009.12.10 -
Rising 22.25.03.09 2009.12.10 -
Sophos 4.48.0 2009.12.10 -
Sunbelt 3.2.1858.2 2009.12.10 -
Symantec 1.4.4.12 2009.12.10 -
TheHacker 6.5.0.2.089 2009.12.10 -
TrendMicro 9.100.0.1001 2009.12.10 -



C'est fait merci :

http://www.cijoint.fr/cjlink.php?file=cj200912/cijqAQjjJQ.tx­t



http://www.cijoint.fr/cjlink.php?file=cj200912/cijGm8YBx8.tx­t


j'espère que cela convient!

ps : peux tu me dire pourquoi cette manoeuvre merci.


rapport virus total


VBA32 3.12.12.0 2009.12.10 -
ViRobot 2009.12.10.2081 2009.12.10 -
VirusBuster 5.0.21.0 2009.12.09 -

Information additionnelle
File size: 4 bytes
MD5...: bf1b743c1ad793dd3f94d3932458fd8b
SHA1..: f2cdb27b132fb662bb3159ef8b4d90168f34cc90
SHA256: c2d87fa2935d89c1eda5dd9d6b40e5abc936fdcb65df79813cd49ccd8a9f5c0b
ssdeep: 3:3U:k<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Unknown!

plus le rapport otl.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
C:\Documents and Settings\fabienne\Menu Démarrer\Programmes\Démarrage\is-849MF.lnk moved successfully.
C:\Documents and Settings\fabienne\Menu Démarrer\Programmes\Démarrage\is-I8VKL.lnk moved successfully.
C:\Documents and Settings\fabienne\Menu Démarrer\Programmes\Démarrage\is-T5GTO.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3705982474-3327753332-3805873517-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EBA4934 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B285B76 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DF68137 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4FE30352 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D5DAEF21 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D3A8AA31 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:88B61AC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:33EA030E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D0D17155 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6CCB309 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FEEEFFAD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:814B9485 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DAFD38AE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D9F6664C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:81405BF2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:41099CE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3CD562B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A0B46F67 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:943D6A82 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:37CE0F2E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CE253B51 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:95A5DD8D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:580E04D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6683E95 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8A7F3FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D4242D29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB48E5A3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7A4D14E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:949483BD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:523B97A0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:895C5142 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:61E5F0F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:569CEE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:517B507A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:439E3411 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:28CDD861 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F52A6209 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E07230CC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7CEDF9F3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A6E2216 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F636E25 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48F0FFF8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3AB8D21A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3118E26B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2F384CF4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13AE32E5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FBFC061F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA2FBCA1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA92F7C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DD623B3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:84512B49 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71FA8B7F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A8BB29B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F851032E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EFCCC46E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB42AC3C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1713795 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C1CCF2C1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9FE30AB2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AC7B784 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48070A48 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2A459A2A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1A4BF204 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:059167AF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:007D45CF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C946DB94 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BC38C00C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA60673F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C270C64 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:37994DBE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6D027BB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E5D4F1EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2A5A561 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C48D4F24 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4C49306C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:426796C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F21CB906 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D994162E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BFBB0142 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2AD7DE94 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E2D3F65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF5C4195 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77D98D08 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69BBEE29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26946BE8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CB3187E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D31DA45 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF794BCD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D282CC2B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8FBE0E9C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:54F41DDA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:471AD3D0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:417F5F46 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:20DB61D6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AE6CC6C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B9EEB760 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B093E177 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:753B0F80 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EF2BD09 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EF1AD34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:598E0FFA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:58C9BCAC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:27D1368B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:097FF903 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9AB338B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:957E9765 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:639F0420 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F58D818 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EB603FE4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D431AA5F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A0A7408F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:970A6A7C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5F85EE30 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5711EF65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:47A24D4B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:35C78DCC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3214A283 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F0AB86C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C391C5CC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BFAD7A5D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:780A453A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:70B3C619 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BD4D405 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3064D21D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2FF4577A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DB021CF7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C90E8309 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8EEC29FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:797573FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:667565EE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C826C73 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38849DE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:00F7B10F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E225C3B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7881FECE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:59286A3A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0C5BC70E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E8AD7B8D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D56A18C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B0B6888E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:838FECBF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C66F780 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A8F8A0C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:462F5905 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3447AB86 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CF61CE5A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9D3C16C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7091055F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:437B9941 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1794697E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D525A14E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AA004D25 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:68B56C9C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6641B59F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5CE0D2E5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:49EB0FDC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:28DB0DC4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ECC979BD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D6A1EE83 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BDCD0530 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9FE5FC48 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:95775248 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:375A40C3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:293ADB24 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:162E02F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F65D490F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D644D3DF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D26DD363 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:77E2CEE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:70F0A2F4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:57EE48CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B90C7652 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CCDAB14 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89E1BAF5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E656ECE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7D0DF80F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1D6686D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:052A05A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB2A7E51 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AD727397 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A2B9AD4B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A0C7D68A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9ACB70D7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B212553 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5856B2C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:537F2522 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B1330FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0BF96601 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB7EE4AE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D6BDE53F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B845F669 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B14B4A95 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63F8EC77 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:57CC1FDC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:575736B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:47408F84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:31080D0E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2ABEB9EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1B9E79B3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FF8F1AE3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DDC74062 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1361E51 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CFE0B346 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:912389B7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:74699137 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F35AE645 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C77DCC63 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9AD417ED deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:861A898F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5A437AC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4A0829E0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43C9D140 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CB8D545 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:10B7A752 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B902F888 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A42A9F39 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52E1DB1D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DD874E14 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C841C093 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8643C5BE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:53DF59D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4363DE71 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09CD1DC6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8DB81DC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:88698068 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:52E3B819 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:50DD4118 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:43D34EF3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:162D3733 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D9EDE5FA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D708EEF9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BABA07C2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B6DD2C7E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:459B4633 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:444C53BA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BCA993F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:18AE7C5A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13DFF3FB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:12C32D25 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08677BDD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6B9E5A3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:994AEA06 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:938EC881 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:76987FE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1DEE6B65 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D8B96619 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:86148D88 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7FC64998 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:69FD6BF0 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\"NoDriveTypeAutoRun"|145 /E : value set successfully!
========== FILES ==========
C:\Kill'em folder moved successfully.
C:\Documents and Settings\thierry\Bureau\List_Killem.zip moved successfully.
C:\WINDOWS\is-43NJC.exe moved successfully.
C:\WINDOWS\is-43NJC.msg moved successfully.
C:\WINDOWS\is-43NJC.lst moved successfully.
C:\Documents and Settings\fabienne\Application Data\.# folder moved successfully.
C:\Documents and Settings\fabienne\Application Data\HbTools_Icons folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: fabienne
->Temp folder emptied: 7858662 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 9632712 bytes
->FireFox cache emptied: 90573330 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: thierry
->Temp folder emptied: 1434542 bytes
->Temporary Internet Files folder emptied: 130442 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 50656535 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 302296 bytes
%systemroot%\System32 .tmp files removed: 820016 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10956572 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34313 bytes
RecycleBin emptied: 1066161 bytes

Total Files Cleaned = 165,49 mb


OTL by OldTimer - Version 3.1.14.0 log created on 12102009_170632

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

A très vite merci
0
Réponse 12 / 17
Utilisateur anonyme
10 déc. 2009 à 18:40
pourquoi laquelle de manoeuvre ?
0
mokytiti
10 déc. 2009 à 23:37
pourquoi passer par www.cijoint

pour le reste qu'en penses tu ou en sommes nous?
et merci pour le travail déjà effectué ...
0
Réponse 13 / 17
Utilisateur anonyme
11 déc. 2009 à 06:48
les rapports demandés de passer par cijoint sont ceux qui sont trop mongs pour etre pris en charge par le forum qui est limité a un nombre de caracteres , uniquement pour cela.

on a presque fini :


Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
mokytiti
12 déc. 2009 à 19:23
bon j'ai eu un souci ma compagne a utiliser l'ordi pendant le travail j'ai du recommencer et ai perdu une alerte non corriger intitulée "rootkit" et puis ..........quelque chose" j'ai donc relancer le processus dont rapport mai pas de "rootkit dedans.
merci d'y regarder et de me guider encore un peu
désolé pour le contre temps!




Version de la base de données: 3349
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/12/2009 18:52:50
mbam-log-2009-12-12 (18-52-50).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 259667
Temps écoulé: 3 hour(s), 48 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



Version de la base de données: 3349
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.1870
0
Réponse 14 / 17
Utilisateur anonyme
12 déc. 2009 à 20:44
ouvre malwarebytes , onglet rapport/log , et tu colles l'avant dernier rapport
0
mokytiti
12 déc. 2009 à 20:59
le rapport précédent est vierge pas de rootkit ou quoi que ce soit d'autre
et maintenant que dois je faire stp merci
0
Réponse 15 / 17
Utilisateur anonyme
12 déc. 2009 à 21:45
supprime List_Kill'em , retelecharge-le et refais l'option 1 stp :

rappel :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau (car il est detecté a tort comme infection)

Il ne necessite pas d'installation

Lien XP : dezippe-le , (clic droit/ extraire.....) puis double-clique pour le lancer

Lien Vista/7 : clic droit "executer en temps qu'administrateur" pour le lancer

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

(si le premier lien ne fonctionne pas pour XP , Prends celui de Vista :</souline>
0
mokytiti
12 déc. 2009 à 23:19
VOICI LE RAPPORT


List'em by g3n-h@ckm@n 1.1.5.1

Thx to Chiquitine29.....& CCM team

User : thierry (Administrateurs) # ARCHIBALD
Update on 11/12/2009 by g3n-h@ckm@n ::::: 20:30
Start at: 22:42:10 | 12/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 2.93GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | Updated ]
FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506

C:\ -> Disque fixe local | 149,05 Go (86,4 Go free) [436352] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 1160
C:\WINDOWS\system32\csrss.exe 1296
C:\WINDOWS\system32\winlogon.exe 1396
C:\WINDOWS\system32\services.exe 1440
C:\WINDOWS\system32\lsass.exe 1452
C:\WINDOWS\system32\Ati2evxx.exe 1612
C:\WINDOWS\system32\svchost.exe 1628
C:\WINDOWS\system32\svchost.exe 1856
C:\WINDOWS\System32\svchost.exe 1980
C:\WINDOWS\system32\svchost.exe 196
C:\WINDOWS\system32\spoolsv.exe 828
C:\WINDOWS\system32\svchost.exe 1648
C:\Program Files\a-squared Free\a2service.exe 1696
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1720
C:\WINDOWS\system32\drivers\CDAC11BA.EXE 1768
C:\WINDOWS\System32\svchost.exe 1900
C:\WINDOWS\System32\svchost.exe 2008
C:\Program Files\Java\jre6\bin\jqs.exe 144
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 212
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 288
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 456
C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe 504
C:\WINDOWS\system32\SearchIndexer.exe 780
C:\WINDOWS\system32\wbem\wmiapsrv.exe 3824
C:\WINDOWS\System32\alg.exe 2436
C:\WINDOWS\system32\csrss.exe 1000
C:\WINDOWS\system32\winlogon.exe 3912
C:\WINDOWS\system32\Ati2evxx.exe 2324
C:\WINDOWS\Explorer.EXE 3792
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe 3472
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe 3720
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe 2828
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 3748
C:\WINDOWS\system32\ctfmon.exe 956
C:\Program Files\SFR\Kit\9props.exe 380
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 2416
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 1332
C:\WINDOWS\system32\svchost.exe 1004
C:\WINDOWS\system32\csrss.exe 2500
C:\WINDOWS\system32\winlogon.exe 3892
C:\WINDOWS\system32\wscntfy.exe 5572
C:\WINDOWS\system32\SearchProtocolHost.exe 4840
C:\WINDOWS\system32\SearchFilterHost.exe 5904
C:\Documents and Settings\thierry\Bureau\List_Killem\List_Kill'em.scr 5696
C:\WINDOWS\system32\cmd.exe 252
C:\WINDOWS\system32\wbem\wmiprvse.exe 2524
C:\Documents and Settings\thierry\Local Settings\temp\86.tmp\pv.exe 1020

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Connexion SFR 9props.exe REG_SZ "C:\Program Files\SFR\Kit\9props.exe" /trayicon

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVP REG_SZ "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
SoundMax REG_SZ "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
ProfilerU REG_SZ C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
SaiMfd REG_SZ C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 323 (0x143)
ClearRecentDocsOnExit REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_SZ 145
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoDriveAutoRun REG_DWORD 67108863 (0x3ffffff)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{56F9679E-7826-4C84-81F3-532071A8BCC5} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Sony Ericsson\Update Service\Update Service.exe REG_SZ C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe REG_SZ C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials
C:\Program Files\Hercules\DualPix Exchange\ControlUI.exe REG_SZ C:\Program Files\Hercules\DualPix Exchange\ControlUI.exe:*:Enabled:Hercules Zoom Controller Main Application
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Disabled:eMule
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Hercules\DualPix Exchange\Station2.exe REG_SZ C:\Program Files\Hercules\DualPix Exchange\Station2.exe:*:Enabled:Hercules Webcam Station Evolution SE
C:\Program Files\Hercules\DualPix Exchange\CamService.exe REG_SZ C:\Program Files\Hercules\DualPix Exchange\CamService.exe:*:Enabled:Zoom Controller
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live FolderShare
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox
C:\Documents and Settings\thierry\Application Data\U3\0000060514086613\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe REG_SZ C:\Documents and Settings\thierry\Application Data\U3\0000060514086613\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x2
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

Défragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
149 Go total, 86,41 Go libre (57%), 3% fragmenté (fragmentation du fichier 6%)

Il ne vous est pas nécessaire de défragmenter ce volume.

==========
Programs
==========

a-squared Free
Ad-Remover
Adobe
Ahead
Analog Devices
ArcSoft
AvRack
bfgclient
Bonjour
Build-a-lot 3 - Passport to Europe
Canon
CAPCOM
CCleaner
ComPlus Applications
Conduit
Defraggler
Dictionnaire
directx
DVD Shrink
eMule
Fichiers communs
FileZilla FTP Client
Foxit Software
Free Audio Pack
Fujitsu
Google
GRISOFT
Hercules
Infogrames
InstallShield Installation Information
Internet Explorer
InterVideo
Java
JoWood
Kalypso
Kaspersky Lab
Le Gang de Dillinger
Les Chasseurs de Tresor - Reves d'Or
Malwarebytes' Anti-Malware
Maxis
Megastore Madness
Mes Jeux Téléchargés
Messenger
Micro Application
Microids
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Games
Microsoft Games for Windows - LIVE
Microsoft Office
Microsoft Publisher
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Works
Mindscape
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSN Messenger
MSXML 4.0
MySpace
Mystery Stories - Berlin Nights
Nero
NETGEAR
NetMeeting
NoteWorthy Composer
Oberon Media
Online Services
Orange
Outlook Express
QuickTime
Raccourcis de programmes
Realtek AC97
Realtek Sound Manager
Reference Assemblies
ReflexiveArcade
Riven
RngInterstitial.dll
Saitek
ScanSoft
Services en ligne
SFR
Shockwave.com
Sibelius Software
SmartFTP Client 3.0 Setup Files
Sony
Sony Ericsson
SpywareBlaster
The Adventure Company
The Mystery Of The Crystal Portal
The Rosetta Stone
Ubi Soft
UBISOFT
Uninstall Information
Utilitaire de gestion du LAN Wifi IEEE 802.11g
VideoLAN
Windows Desktop Search
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WMV9_VCM
xerox
Yahoo!
Ye Olde Sandwich Shoppe

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\thierry\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\thierry\Application Data\wklnhst.dat

¤¤¤¤¤¤¤¤¤¤ Keys :


=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 22:46:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...



scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
MERCI...
0
Réponse 16 / 17
Utilisateur anonyme
13 déc. 2009 à 08:39
;)
0
mokytiti
16 déc. 2009 à 12:57
voilà le rapport javaRa
tout les correctif vont lentement et le pc bloque toujours seul la touche windows clavier le relance malgré les fenêtres persistantes et autres...
MERCI de tes conseils peux tu me donner ton avis .

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri May 01 15:39:29 2009

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

------------------------------------

Finished reporting.



JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri May 01 15:48:54 2009

Found and removed: Software\JavaSoft\Java2D\1.5.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.150_07

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

------------------------------------

Finished reporting.



JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Dec 16 12:43:35 2009

Found and removed: C:\Documents and Settings\thierry\Application Data\Sun\Java\jre1.6.0_13

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.
0
Réponse 17 / 17
Utilisateur anonyme
16 déc. 2009 à 13:46
je pense que ca ira mieux quand tu auras fait la defragmentation
0

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
Win64:Malware-gen
ptb35 -
MisteryBean -

3 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Problème de malware
jbijp -
MisteryBean -

1 réponse
Tor.Jack.Malware
Camille -
bazfile -

1 réponse