Your computer is infected, spyware
marie
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai un gros problème avec mon PC, je ne peux plus toucher à mes paramètres de bureau pour mon fond d'écran, à la place j'ai un fond d'écran tout vert avec un grand cadre noir qui affiche: your system is infected,system has been stopped due to a serious malfunction, Spyware activity has been detected.
Je reçois plein de messages d'alertes de windows me disant que je me fais attaquer par d'autres PC, etx...
je ne sais pas quoi faire, je ne suis pas une spécialiste en informatique loin de là! j'ai télécharger un autre antivirus, j'avais avast que j'ai gardé, mais maintenant j'ai aussi Avira Antivirus; j'ai aussi téléchargé Hijack This, en voici le résumé:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:51, on 13/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir Desktop\avwsc.exe
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Tlohonulohufaj] rundll32.exe "C:\WINDOWS\alujaxak.dll",Startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
J'ai un gros problème avec mon PC, je ne peux plus toucher à mes paramètres de bureau pour mon fond d'écran, à la place j'ai un fond d'écran tout vert avec un grand cadre noir qui affiche: your system is infected,system has been stopped due to a serious malfunction, Spyware activity has been detected.
Je reçois plein de messages d'alertes de windows me disant que je me fais attaquer par d'autres PC, etx...
je ne sais pas quoi faire, je ne suis pas une spécialiste en informatique loin de là! j'ai télécharger un autre antivirus, j'avais avast que j'ai gardé, mais maintenant j'ai aussi Avira Antivirus; j'ai aussi téléchargé Hijack This, en voici le résumé:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:51, on 13/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir Desktop\avwsc.exe
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Tlohonulohufaj] rundll32.exe "C:\WINDOWS\alujaxak.dll",Startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
A voir également:
- Your computer is infected, spyware
- What is my movie français - Télécharger - Divers TV & Vidéo
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Who is on my wifi - Télécharger - Outils Internet
- Spyware terminator - Télécharger - Antivirus & Antimalwares
- Where is it - Télécharger - Gestion de fichiers
29 réponses
salut :
desinstalle Avast
ensuite :
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
desinstalle Avast
ensuite :
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
Tout d'abord merci beaucoup pour ton aide! J'ai supprimé avast et téléchargé List & Kill'Them, voila le rapport ci-dessous:
List'em by g3n-h@ckm@n 1.1.8.2
Thx to El Desaparecido.....& CCM team
User : Marie LEPORT (Administrateurs) # MARIE_LEPORT
Update on 14/01/2010 by g3n-h@ckm@n ::::: 02:50
Start at: 10:19:30 | 14/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 80,02 Go (22,82 Go free) | NTFS
D:\ -> Disque fixe local | 69 Go (68,77 Go free) | NTFS
E:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Marie LEPORT\Local Settings\Temp\15.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Internet Security 2010 REG_SZ C:\Program Files\InternetSecurity2010\IS2010.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
ETDWare REG_SZ C:\Program Files\Elantech\ETDCtrl.exe
ETDWareDetect REG_SZ C:\Program Files\Elantech\ETDDect.exe
AsusTray REG_SZ C:\Program Files\EeePC\ACPI\AsTray.exe
AsusACPIServer REG_SZ C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
AsusEPCMonitor REG_SZ C:\Program Files\EeePC\ACPI\AsEPCMon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SearchSettings REG_SZ C:\Program Files\pdfforge Toolbar\SearchSettings.exe
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
smss32.exe REG_SZ C:\WINDOWS\system32\smss32.exe
Tlohonulohufaj REG_SZ rundll32.exe "C:\WINDOWS\alujaxak.dll",Startup
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoSetActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoSetActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
80,02 Go total, 22,84 Go libre (28%), 14% fragment‚ (fragmentation du fichier 29%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Program Files\AskBarDis
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\InternetSecurity2010
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\pdfforge Toolbar\SearchSettings.dll
C:\WINDOWS\System32\SET3B.tmp
C:\WINDOWS\System32\SET3F.tmp
C:\WINDOWS\System32\SET40.tmp
C:\WINDOWS\System32\SET47.tmp
C:\Documents and Settings\Marie LEPORT\Application Data\Search Settings
C:\Documents and Settings\Marie LEPORT\LOCAL Settings\Temp\ose00000.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoActiveDesktopChanges"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoSetActiveDesktop"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoSetActiveDesktop"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
"HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
"HKLM\Software\Search Settings"
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\AppDataLow\AskBarDis
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
HKLM\Software\pdfforge
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 10:23:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:80,40,23,11,87,c3,25,9f,e8,2b,dc,79,3d,d6,ae,38,90,b3,01,39,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,a1,da,f8,1e,48,2b,ff,05,49,38,74,9a,bf,0b,48,1a,27,..
"hdf12"=hex:55,65,8c,f1,6d,61,54,cd,30,62,37,41,5c,3f,bf,df,40,2d,56,bb,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8c,76,66,76,a9,69,d0,47,fe,a0,1b,b7,dd,6f,36,19,a1,4b,2c,c5,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ce,6c,4b,95,28,13,13,aa,ff,de,9d,61,ea,9a,6c,4c,0f,3b,b2,a1,bd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:80,40,23,11,87,c3,25,9f,e8,2b,dc,79,3d,d6,ae,38,90,b3,01,39,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,a1,da,f8,1e,48,2b,ff,05,49,38,74,9a,bf,0b,48,1a,27,..
"hdf12"=hex:55,65,8c,f1,6d,61,54,cd,30,62,37,41,5c,3f,bf,df,40,2d,56,bb,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8c,76,66,76,a9,69,d0,47,fe,a0,1b,b7,dd,6f,36,19,a1,4b,2c,c5,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ce,6c,4b,95,28,13,13,aa,ff,de,9d,61,ea,9a,6c,4c,0f,3b,b2,a1,bd,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Adobe
Alwil Software
Apple Software Update
AskBarDis
Asus
Avira
Bonjour
ComPlus Applications
DAEMON Tools Lite
DAEMON Tools Toolbar
EeePC
Elantech
eMule
Fichiers communs
InstallShield Installation Information
Intel
Internet Explorer
InternetSecurity2010
iPod
iTunes
Java
List_Kill'em
Messenger
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSN Gaming Zone
NetMeeting
NOS
Orange
Outlook Express
PDFCreator
pdfforge Toolbar
QuickTime
RALINK
Realtek
Services en ligne
Skype
Sun
Trend Micro
U1 Setup.exe
Uninstall Information
uTorrent
VideoLAN
VLC
WIDCOMM
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
============
Lecteur C:
============
adabas
AsusUpdate.log
AUTOEXEC.BAT
boot.ini
Bootfont.bin
CONFIG.SYS
Documents and Settings
Intel
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
Program Files
RECYCLER
RHDSetup.log
sqmdata00.sqm
sqmnoopt00.sqm
System Volume Information
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Et maintenant que dois-je faire????
Merci vraiment de ton aide!
List'em by g3n-h@ckm@n 1.1.8.2
Thx to El Desaparecido.....& CCM team
User : Marie LEPORT (Administrateurs) # MARIE_LEPORT
Update on 14/01/2010 by g3n-h@ckm@n ::::: 02:50
Start at: 10:19:30 | 14/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local | 80,02 Go (22,82 Go free) | NTFS
D:\ -> Disque fixe local | 69 Go (68,77 Go free) | NTFS
E:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Marie LEPORT\Local Settings\Temp\15.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Internet Security 2010 REG_SZ C:\Program Files\InternetSecurity2010\IS2010.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
ETDWare REG_SZ C:\Program Files\Elantech\ETDCtrl.exe
ETDWareDetect REG_SZ C:\Program Files\Elantech\ETDDect.exe
AsusTray REG_SZ C:\Program Files\EeePC\ACPI\AsTray.exe
AsusACPIServer REG_SZ C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
AsusEPCMonitor REG_SZ C:\Program Files\EeePC\ACPI\AsEPCMon.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SearchSettings REG_SZ C:\Program Files\pdfforge Toolbar\SearchSettings.exe
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
smss32.exe REG_SZ C:\WINDOWS\system32\smss32.exe
Tlohonulohufaj REG_SZ rundll32.exe "C:\WINDOWS\alujaxak.dll",Startup
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoSetActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)
NoSetActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2
=========
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
80,02 Go total, 22,84 Go libre (28%), 14% fragment‚ (fragmentation du fichier 29%)
Vous devriez d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
C:\Program Files\AskBarDis
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\InternetSecurity2010
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\pdfforge Toolbar\SearchSettings.dll
C:\WINDOWS\System32\SET3B.tmp
C:\WINDOWS\System32\SET3F.tmp
C:\WINDOWS\System32\SET40.tmp
C:\WINDOWS\System32\SET47.tmp
C:\Documents and Settings\Marie LEPORT\Application Data\Search Settings
C:\Documents and Settings\Marie LEPORT\LOCAL Settings\Temp\ose00000.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoActiveDesktopChanges"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoSetActiveDesktop"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoSetActiveDesktop"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
"HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
"HKLM\Software\Search Settings"
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\Software\AppDataLow\AskBarDis
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
HKLM\Software\pdfforge
================
Other infections
================
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 10:23:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:80,40,23,11,87,c3,25,9f,e8,2b,dc,79,3d,d6,ae,38,90,b3,01,39,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,a1,da,f8,1e,48,2b,ff,05,49,38,74,9a,bf,0b,48,1a,27,..
"hdf12"=hex:55,65,8c,f1,6d,61,54,cd,30,62,37,41,5c,3f,bf,df,40,2d,56,bb,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8c,76,66,76,a9,69,d0,47,fe,a0,1b,b7,dd,6f,36,19,a1,4b,2c,c5,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ce,6c,4b,95,28,13,13,aa,ff,de,9d,61,ea,9a,6c,4c,0f,3b,b2,a1,bd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:80,40,23,11,87,c3,25,9f,e8,2b,dc,79,3d,d6,ae,38,90,b3,01,39,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,a1,da,f8,1e,48,2b,ff,05,49,38,74,9a,bf,0b,48,1a,27,..
"hdf12"=hex:55,65,8c,f1,6d,61,54,cd,30,62,37,41,5c,3f,bf,df,40,2d,56,bb,ff,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8c,76,66,76,a9,69,d0,47,fe,a0,1b,b7,dd,6f,36,19,a1,4b,2c,c5,10,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ce,6c,4b,95,28,13,13,aa,ff,de,9d,61,ea,9a,6c,4c,0f,3b,b2,a1,bd,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
==========
Programs
==========
Adobe
Alwil Software
Apple Software Update
AskBarDis
Asus
Avira
Bonjour
ComPlus Applications
DAEMON Tools Lite
DAEMON Tools Toolbar
EeePC
Elantech
eMule
Fichiers communs
InstallShield Installation Information
Intel
Internet Explorer
InternetSecurity2010
iPod
iTunes
Java
List_Kill'em
Messenger
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSN Gaming Zone
NetMeeting
NOS
Orange
Outlook Express
PDFCreator
pdfforge Toolbar
QuickTime
RALINK
Realtek
Services en ligne
Skype
Sun
Trend Micro
U1 Setup.exe
Uninstall Information
uTorrent
VideoLAN
VLC
WIDCOMM
Windows Live
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
xerox
============
Lecteur C:
============
adabas
AsusUpdate.log
AUTOEXEC.BAT
boot.ini
Bootfont.bin
CONFIG.SYS
Documents and Settings
Intel
IO.SYS
Kill'em
List'em.txt
MSDOS.SYS
MSOCache
NTDETECT.COM
ntldr
pagefile.sys
Program Files
RECYCLER
RHDSetup.log
sqmdata00.sqm
sqmnoopt00.sqm
System Volume Information
WINDOWS
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Et maintenant que dois-je faire????
Merci vraiment de ton aide!
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
Ok boss! alors voilà le contenu:
Kill'em by g3n-h@ckm@n 1.1.8.2
User : Marie LEPORT (Administrateurs) # MARIE_LEPORT
Update on 14/01/2010 by g3n-h@ckm@n ::::: 02:50
Start at: 14:02:39 | 14/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
C:\ -> Disque fixe local | 80,02 Go (22,94 Go free) | NTFS
D:\ -> Disque fixe local | 69 Go (68,77 Go free) | NTFS
E:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Marie LEPORT\Local Settings\Temp\B.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
"C:\Program Files\AskBarDis"
"C:\Program Files\DAEMON Tools Toolbar"
"C:\Program Files\InternetSecurity2010"
"C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}"
"C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com"
"C:\Program Files\pdfforge Toolbar\SearchSettings.dll"
C:\WINDOWS\System32\SET3B.tmp
C:\WINDOWS\System32\SET3F.tmp
C:\WINDOWS\System32\SET40.tmp
C:\WINDOWS\System32\SET47.tmp
"C:\Documents and Settings\Marie LEPORT\Application Data\Search Settings"
C:\Documents and Settings\Marie LEPORT\LOCAL Settings\Temp\ose00000.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
AskBarDis.Kill'em
DAEMON Tools Toolbar.Kill'em
ose00000.exe.Kill'em
Search Settings.Kill'em
search@searchsettings.com.Kill'em
SearchSettings.dll.Kill'em
SET3B.tmp.Kill'em
SET3F.tmp.Kill'em
SET40.tmp.Kill'em
SET47.tmp.Kill'em
{B922D405-6D13-4A2B-AE89-08A030DA4402}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\Software\Search Settings
Deleted : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Deleted : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCU\Software\AppDataLow\AskBarDis
Deleted : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Deleted : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
Deleted : HKLM\Software\pdfforge
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
et maintenant?
Kill'em by g3n-h@ckm@n 1.1.8.2
User : Marie LEPORT (Administrateurs) # MARIE_LEPORT
Update on 14/01/2010 by g3n-h@ckm@n ::::: 02:50
Start at: 14:02:39 | 14/01/2010
Contact : g3n-h@ckm@n sur CCM
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]
C:\ -> Disque fixe local | 80,02 Go (22,94 Go free) | NTFS
D:\ -> Disque fixe local | 69 Go (68,77 Go free) | NTFS
E:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Marie LEPORT\Local Settings\Temp\B.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
"C:\Program Files\AskBarDis"
"C:\Program Files\DAEMON Tools Toolbar"
"C:\Program Files\InternetSecurity2010"
"C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}"
"C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com"
"C:\Program Files\pdfforge Toolbar\SearchSettings.dll"
C:\WINDOWS\System32\SET3B.tmp
C:\WINDOWS\System32\SET3F.tmp
C:\WINDOWS\System32\SET40.tmp
C:\WINDOWS\System32\SET47.tmp
"C:\Documents and Settings\Marie LEPORT\Application Data\Search Settings"
C:\Documents and Settings\Marie LEPORT\LOCAL Settings\Temp\ose00000.exe
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :
Quarantine :
AskBarDis.Kill'em
DAEMON Tools Toolbar.Kill'em
ose00000.exe.Kill'em
Search Settings.Kill'em
search@searchsettings.com.Kill'em
SearchSettings.dll.Kill'em
SET3B.tmp.Kill'em
SET3F.tmp.Kill'em
SET40.tmp.Kill'em
SET47.tmp.Kill'em
{B922D405-6D13-4A2B-AE89-08A030DA4402}.Kill'em
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKLM\Software\Search Settings
Deleted : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Deleted : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Deleted : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Deleted : HKCU\Software\AppDataLow\AskBarDis
Deleted : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Deleted : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
Deleted : HKLM\Software\pdfforge
============
Disk Cleaned
============
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
et maintenant?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
desinstalle List_Kill'em puis :
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_H | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 14.01.2010 à 18:48
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:18:21, 14/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: MARIE_LEPORT | Utilisateur actuel: Marie LEPORT
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: ASKUpgrade - ... [b]ERREUR SUPPRESSION !![/b]
C:\DOCUME~1\MARIEL~1\APPLIC~1\Mozilla\FireFox\Profiles\60k11mrp.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\Program Files\pdfforge Toolbar
C:\DOCUME~1\MARIEL~1\APPLIC~1\pdfforge
C:\Windows\Installer\f3891.msi
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\AskBarDis
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\pdfforge
HKCU\software\Search Settings
HKLM\software\appdatalow\AskBarDis
HKLM\software\AskBarDis
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.17 [fr] *
.
Nom du profil: 60k11mrp.default (Marie LEPORT)
.
(MARIEL~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Marie LEPORT\Mes documents\Dossiers Professionnels
(MARIEL~1, prefs.js) Browser.search.selectedEngine, Yahoo
(MARIEL~1, prefs.js) Browser.startup.homepage, www.google.fr
(MARIEL~1, prefs.js) Extensions.enabledItems, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1,6,2,44,{E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{01D32D7B-B85C-4CD5-AAAA-FF8C77E837E5}:1.9.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.17
(MARIEL~1, prefs.js) Keyword.URL, hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
.
.
.
* Internet Explorer Version 6.0.2900.5512 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Marie LEPORT\Application Data\uTorrent\The Sims 3 v1.27 patch crack + store items [Hirya].torrent
.
===================================
.
3248 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
66 Fichier(s) - C:\DOCUME~1\MARIEL~1\LOCALS~1\Temp
30 Fichier(s) - C:\WINDOWS\Temp
7 Fichier(s) - C:\WINDOWS\Prefetch
.
19 Fichier(s) - C:\Ad-Remover\BACKUP
36 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 17:22:15 | 14/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.
voilà j'ai fait le nettoyage, et maintenant?
merci encore pour tout d'avance!
======= RAPPORT D'AD-REMOVER 1.1.4.6_H | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 14.01.2010 à 18:48
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:18:21, 14/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: MARIE_LEPORT | Utilisateur actuel: Marie LEPORT
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: ASKUpgrade - ... [b]ERREUR SUPPRESSION !![/b]
C:\DOCUME~1\MARIEL~1\APPLIC~1\Mozilla\FireFox\Profiles\60k11mrp.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\Program Files\pdfforge Toolbar
C:\DOCUME~1\MARIEL~1\APPLIC~1\pdfforge
C:\Windows\Installer\f3891.msi
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\AskBarDis
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\pdfforge
HKCU\software\Search Settings
HKLM\software\appdatalow\AskBarDis
HKLM\software\AskBarDis
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.17 [fr] *
.
Nom du profil: 60k11mrp.default (Marie LEPORT)
.
(MARIEL~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Marie LEPORT\Mes documents\Dossiers Professionnels
(MARIEL~1, prefs.js) Browser.search.selectedEngine, Yahoo
(MARIEL~1, prefs.js) Browser.startup.homepage, www.google.fr
(MARIEL~1, prefs.js) Extensions.enabledItems, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1,6,2,44,{E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{01D32D7B-B85C-4CD5-AAAA-FF8C77E837E5}:1.9.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.17
(MARIEL~1, prefs.js) Keyword.URL, hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
.
.
.
* Internet Explorer Version 6.0.2900.5512 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Marie LEPORT\Application Data\uTorrent\The Sims 3 v1.27 patch crack + store items [Hirya].torrent
.
===================================
.
3248 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
66 Fichier(s) - C:\DOCUME~1\MARIEL~1\LOCALS~1\Temp
30 Fichier(s) - C:\WINDOWS\Temp
7 Fichier(s) - C:\WINDOWS\Prefetch
.
19 Fichier(s) - C:\Ad-Remover\BACKUP
36 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 17:22:15 | 14/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.
voilà j'ai fait le nettoyage, et maintenant?
merci encore pour tout d'avance!
bonjour
desinstalle ad-remover
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
desinstalle ad-remover
Télécharge OTL de OLDTimer
▶ enregistre le sur ton Bureau.
▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant scan all users
▶ règle-le sur "60 Days"
▶ dans la colonne de gauche , mets tout sur all
ne modifie pas ceci :
"files created whithin" et "files modified whithin"
▶Clic sur Run Scan.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt".
Bonjour!
J'ai suivi à la lettre tes recommandations, alors voilà les liens:
http://www.cijoint.fr/cjlink.php?file=cj201001/cijN3oznQy.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/cij0YHaaD6.txt
et maintenant?
Merci encore pour toute ton aide d'avance!
J'ai suivi à la lettre tes recommandations, alors voilà les liens:
http://www.cijoint.fr/cjlink.php?file=cj201001/cijN3oznQy.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/cij0YHaaD6.txt
et maintenant?
Merci encore pour toute ton aide d'avance!
▶ Double clic sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
IS2010.exe
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O4 - HKU\S-1-5-21-3858180786-1096807416-71719086-1006..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security)
O7 - HKU\S-1-5-21-3858180786-1096807416-71719086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O33 - MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\Shell - "" = AutoRun
O33 - MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\Shell\AutoRun\command - "" = E:\Memorybar.exe -- File not found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"iTunesHelper"=-
"QuickTime Task"=-
"RTHDCPL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ask Toolbar_is1"=-
:files
C:\WINDOWS\Fqohewotehokof.dat
C:\WINDOWS\Onocejoguxabok.bin
C:\Program Files\InternetSecurity2010
C:\WINDOWS\System32\warning.html
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
ensuite :
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\alujaxak.dll
C:\WINDOWS\System32\igfxCoIn_v4906.dll
C:\WINDOWS\AsAcpiSvrLang.ini
C:\WINDOWS\AsTrayLang.ini
C:\WINDOWS\System32\BTNeighborhood.dll.manifest
C:\WINDOWS\System32\btcss.dll.manifest
C:\WINDOWS\System32\lcppn21.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous Customs Scans/Fixes :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
IS2010.exe
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
O4 - HKU\S-1-5-21-3858180786-1096807416-71719086-1006..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security)
O7 - HKU\S-1-5-21-3858180786-1096807416-71719086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O33 - MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\Shell - "" = AutoRun
O33 - MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\Shell\AutoRun\command - "" = E:\Memorybar.exe -- File not found
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"iTunesHelper"=-
"QuickTime Task"=-
"RTHDCPL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ask Toolbar_is1"=-
:files
C:\WINDOWS\Fqohewotehokof.dat
C:\WINDOWS\Onocejoguxabok.bin
C:\Program Files\InternetSecurity2010
C:\WINDOWS\System32\warning.html
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur RunFix pour lancer la suppression.
▶ Poste le rapport.
ensuite :
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\WINDOWS\alujaxak.dll
C:\WINDOWS\System32\igfxCoIn_v4906.dll
C:\WINDOWS\AsAcpiSvrLang.ini
C:\WINDOWS\AsTrayLang.ini
C:\WINDOWS\System32\BTNeighborhood.dll.manifest
C:\WINDOWS\System32\btcss.dll.manifest
C:\WINDOWS\System32\lcppn21.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
Voilà tout d'abord le premier rapport de OTL:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
No active process named IS2010.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3858180786-1096807416-71719086-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 deleted successfully.
C:\Program Files\InternetSecurity2010\IS2010.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3858180786-1096807416-71719086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ not found.
File E:\Memorybar.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Ask Toolbar_is1 not found.
========== FILES ==========
C:\WINDOWS\Fqohewotehokof.dat moved successfully.
C:\WINDOWS\Onocejoguxabok.bin moved successfully.
C:\Program Files\InternetSecurity2010 folder moved successfully.
C:\WINDOWS\System32\warning.html moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Marie LEPORT
->Temp folder emptied: 8001887 bytes
->Temporary Internet Files folder emptied: 412547 bytes
->Java cache emptied: 51482276 bytes
->FireFox cache emptied: 106003307 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 104386971 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3402909 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1215690 bytes
Total Files Cleaned = 262,00 mb
OTL by OldTimer - Version 3.1.24.1 log created on 01152010_115217
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
No active process named IS2010.exe was found!
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3858180786-1096807416-71719086-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 deleted successfully.
C:\Program Files\InternetSecurity2010\IS2010.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3858180786-1096807416-71719086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ not found.
File E:\Memorybar.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Ask Toolbar_is1 not found.
========== FILES ==========
C:\WINDOWS\Fqohewotehokof.dat moved successfully.
C:\WINDOWS\Onocejoguxabok.bin moved successfully.
C:\Program Files\InternetSecurity2010 folder moved successfully.
C:\WINDOWS\System32\warning.html moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Marie LEPORT
->Temp folder emptied: 8001887 bytes
->Temporary Internet Files folder emptied: 412547 bytes
->Java cache emptied: 51482276 bytes
->FireFox cache emptied: 106003307 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 104386971 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3402909 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1215690 bytes
Total Files Cleaned = 262,00 mb
OTL by OldTimer - Version 3.1.24.1 log created on 01152010_115217
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
refais OTL et runfix , mais avec juste ceci à copier :
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1]
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1]
Fichier alujaxak.dll reçu le 2010.01.15 17:03:29 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 Trojan:W32/Hiloti.gen!C
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 Trojan:Win32/Hiloti.gen!D
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 Mal/Hiloti-A
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 BScope.Trojan.Hiloti
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 172544 bytes
MD5...: 7c4b66668305249e3fb0969c39126b1b
SHA1..: 47cc1d512f7307c6a80b7215613da327408030f2
SHA256: 2a7114bcf8da2387eb1d0440715ab3ad44c701c3eb08fdb71e2983fffe4d5ce7
ssdeep: 3072:CFDCCJ6jq3ndWCS473CA1/verdNyqXJiBFH+lBS+S+:KCqu7nEvK3yq5iBF<br>H+lB<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x449c<br>timedatestamp.....: 0x4a2bcd8c (Sun Jun 07 14:24:12 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2e000 0x16000 7.96 e5f959fad885ff3f62ae9d7cf2e88c51<br>.data 0x2f000 0x14000 0x13600 4.65 6e03f59b9b7c9afb54dfed3b72c40102<br>.rsrc 0x43000 0x1000 0x600 2.87 aef05787db2cac886b7b1699bee6c681<br>.reloc 0x44000 0x1000 0x200 1.72 5018b8e296fb7da2fd2e43a34423df02<br><br>( 4 imports ) <br>> KERNEL32.dll: CloseHandle, ExitProcess, FileTimeToSystemTime, FindFirstFileA, FindResourceA, GetACP, GetCommandLineA, GetModuleHandleA, GetNumberFormatA, GetOEMCP, GetStartupInfoA, HeapAlloc, HeapCreate, HeapFree, HeapReAlloc, MapViewOfFile, MultiByteToWideChar, OpenProcess, ReadProcessMemory, RtlUnwind, SetEndOfFile, SetFilePointer, SetHandleCount, SetLastError, SetUnhandledExceptionFilter, TerminateThread, TlsGetValue, UnmapViewOfFile, VirtualAlloc, VirtualFree, WideCharToMultiByte, lstrlenW<br>> msvcrt.dll: __p__commode, __set_app_type, exit, fwprintf, printf, __getmainargs<br>> user32.dll: SetUserObjectSecurity, RegisterClassExA, IntersectRect, GetWindowTextA, GetClientRect, OpenClipboard, TranslateMessage<br>> ole32.dll: CreateBindCtx, CoTaskMemRealloc, CoFileTimeNow, CoCreateInstance, CLSIDFromString<br><br>( 11 exports ) <br>ActivatorUpdateForIsRouterChanges, D3DRealloc, GetUpdateCount, NxGetCookingInterface, NxPlatformMismatch, OpenComponentLibraryEx, SetSetupOpen, TextOutWCP_ME, UpdateFromAppChange, UpdateFromComponentChange, W32N_IsWindows2000<br>
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) 1988-2000 Microsoft Corp. All rights reserved.<br>product......: Microsoft Soap SDK<br>description..: Microsoft Soap SDK<br>original name: MSSOAP1.DLL<br>internal name: MSSOAP1<br>file version.: 1.02.814.0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 Trojan:W32/Hiloti.gen!C
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 Trojan:Win32/Hiloti.gen!D
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 Mal/Hiloti-A
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 BScope.Trojan.Hiloti
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 172544 bytes
MD5...: 7c4b66668305249e3fb0969c39126b1b
SHA1..: 47cc1d512f7307c6a80b7215613da327408030f2
SHA256: 2a7114bcf8da2387eb1d0440715ab3ad44c701c3eb08fdb71e2983fffe4d5ce7
ssdeep: 3072:CFDCCJ6jq3ndWCS473CA1/verdNyqXJiBFH+lBS+S+:KCqu7nEvK3yq5iBF<br>H+lB<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x449c<br>timedatestamp.....: 0x4a2bcd8c (Sun Jun 07 14:24:12 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2e000 0x16000 7.96 e5f959fad885ff3f62ae9d7cf2e88c51<br>.data 0x2f000 0x14000 0x13600 4.65 6e03f59b9b7c9afb54dfed3b72c40102<br>.rsrc 0x43000 0x1000 0x600 2.87 aef05787db2cac886b7b1699bee6c681<br>.reloc 0x44000 0x1000 0x200 1.72 5018b8e296fb7da2fd2e43a34423df02<br><br>( 4 imports ) <br>> KERNEL32.dll: CloseHandle, ExitProcess, FileTimeToSystemTime, FindFirstFileA, FindResourceA, GetACP, GetCommandLineA, GetModuleHandleA, GetNumberFormatA, GetOEMCP, GetStartupInfoA, HeapAlloc, HeapCreate, HeapFree, HeapReAlloc, MapViewOfFile, MultiByteToWideChar, OpenProcess, ReadProcessMemory, RtlUnwind, SetEndOfFile, SetFilePointer, SetHandleCount, SetLastError, SetUnhandledExceptionFilter, TerminateThread, TlsGetValue, UnmapViewOfFile, VirtualAlloc, VirtualFree, WideCharToMultiByte, lstrlenW<br>> msvcrt.dll: __p__commode, __set_app_type, exit, fwprintf, printf, __getmainargs<br>> user32.dll: SetUserObjectSecurity, RegisterClassExA, IntersectRect, GetWindowTextA, GetClientRect, OpenClipboard, TranslateMessage<br>> ole32.dll: CreateBindCtx, CoTaskMemRealloc, CoFileTimeNow, CoCreateInstance, CLSIDFromString<br><br>( 11 exports ) <br>ActivatorUpdateForIsRouterChanges, D3DRealloc, GetUpdateCount, NxGetCookingInterface, NxPlatformMismatch, OpenComponentLibraryEx, SetSetupOpen, TextOutWCP_ME, UpdateFromAppChange, UpdateFromComponentChange, W32N_IsWindows2000<br>
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) 1988-2000 Microsoft Corp. All rights reserved.<br>product......: Microsoft Soap SDK<br>description..: Microsoft Soap SDK<br>original name: MSSOAP1.DLL<br>internal name: MSSOAP1<br>file version.: 1.02.814.0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 Trojan:W32/Hiloti.gen!C
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 Trojan:Win32/Hiloti.gen!D
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 Mal/Hiloti-A
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 BScope.Trojan.Hiloti
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 172544 bytes
MD5...: 7c4b66668305249e3fb0969c39126b1b
SHA1..: 47cc1d512f7307c6a80b7215613da327408030f2
SHA256: 2a7114bcf8da2387eb1d0440715ab3ad44c701c3eb08fdb71e2983fffe4d5ce7
ssdeep: 3072:CFDCCJ6jq3ndWCS473CA1/verdNyqXJiBFH+lBS+S+:KCqu7nEvK3yq5iBF<br>H+lB<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x449c<br>timedatestamp.....: 0x4a2bcd8c (Sun Jun 07 14:24:12 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2e000 0x16000 7.96 e5f959fad885ff3f62ae9d7cf2e88c51<br>.data 0x2f000 0x14000 0x13600 4.65 6e03f59b9b7c9afb54dfed3b72c40102<br>.rsrc 0x43000 0x1000 0x600 2.87 aef05787db2cac886b7b1699bee6c681<br>.reloc 0x44000 0x1000 0x200 1.72 5018b8e296fb7da2fd2e43a34423df02<br><br>( 4 imports ) <br>> KERNEL32.dll: CloseHandle, ExitProcess, FileTimeToSystemTime, FindFirstFileA, FindResourceA, GetACP, GetCommandLineA, GetModuleHandleA, GetNumberFormatA, GetOEMCP, GetStartupInfoA, HeapAlloc, HeapCreate, HeapFree, HeapReAlloc, MapViewOfFile, MultiByteToWideChar, OpenProcess, ReadProcessMemory, RtlUnwind, SetEndOfFile, SetFilePointer, SetHandleCount, SetLastError, SetUnhandledExceptionFilter, TerminateThread, TlsGetValue, UnmapViewOfFile, VirtualAlloc, VirtualFree, WideCharToMultiByte, lstrlenW<br>> msvcrt.dll: __p__commode, __set_app_type, exit, fwprintf, printf, __getmainargs<br>> user32.dll: SetUserObjectSecurity, RegisterClassExA, IntersectRect, GetWindowTextA, GetClientRect, OpenClipboard, TranslateMessage<br>> ole32.dll: CreateBindCtx, CoTaskMemRealloc, CoFileTimeNow, CoCreateInstance, CLSIDFromString<br><br>( 11 exports ) <br>ActivatorUpdateForIsRouterChanges, D3DRealloc, GetUpdateCount, NxGetCookingInterface, NxPlatformMismatch, OpenComponentLibraryEx, SetSetupOpen, TextOutWCP_ME, UpdateFromAppChange, UpdateFromComponentChange, W32N_IsWindows2000<br>
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) 1988-2000 Microsoft Corp. All rights reserved.<br>product......: Microsoft Soap SDK<br>description..: Microsoft Soap SDK<br>original name: MSSOAP1.DLL<br>internal name: MSSOAP1<br>file version.: 1.02.814.0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 Trojan:W32/Hiloti.gen!C
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 Trojan:Win32/Hiloti.gen!D
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 Mal/Hiloti-A
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 BScope.Trojan.Hiloti
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 172544 bytes
MD5...: 7c4b66668305249e3fb0969c39126b1b
SHA1..: 47cc1d512f7307c6a80b7215613da327408030f2
SHA256: 2a7114bcf8da2387eb1d0440715ab3ad44c701c3eb08fdb71e2983fffe4d5ce7
ssdeep: 3072:CFDCCJ6jq3ndWCS473CA1/verdNyqXJiBFH+lBS+S+:KCqu7nEvK3yq5iBF<br>H+lB<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x449c<br>timedatestamp.....: 0x4a2bcd8c (Sun Jun 07 14:24:12 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2e000 0x16000 7.96 e5f959fad885ff3f62ae9d7cf2e88c51<br>.data 0x2f000 0x14000 0x13600 4.65 6e03f59b9b7c9afb54dfed3b72c40102<br>.rsrc 0x43000 0x1000 0x600 2.87 aef05787db2cac886b7b1699bee6c681<br>.reloc 0x44000 0x1000 0x200 1.72 5018b8e296fb7da2fd2e43a34423df02<br><br>( 4 imports ) <br>> KERNEL32.dll: CloseHandle, ExitProcess, FileTimeToSystemTime, FindFirstFileA, FindResourceA, GetACP, GetCommandLineA, GetModuleHandleA, GetNumberFormatA, GetOEMCP, GetStartupInfoA, HeapAlloc, HeapCreate, HeapFree, HeapReAlloc, MapViewOfFile, MultiByteToWideChar, OpenProcess, ReadProcessMemory, RtlUnwind, SetEndOfFile, SetFilePointer, SetHandleCount, SetLastError, SetUnhandledExceptionFilter, TerminateThread, TlsGetValue, UnmapViewOfFile, VirtualAlloc, VirtualFree, WideCharToMultiByte, lstrlenW<br>> msvcrt.dll: __p__commode, __set_app_type, exit, fwprintf, printf, __getmainargs<br>> user32.dll: SetUserObjectSecurity, RegisterClassExA, IntersectRect, GetWindowTextA, GetClientRect, OpenClipboard, TranslateMessage<br>> ole32.dll: CreateBindCtx, CoTaskMemRealloc, CoFileTimeNow, CoCreateInstance, CLSIDFromString<br><br>( 11 exports ) <br>ActivatorUpdateForIsRouterChanges, D3DRealloc, GetUpdateCount, NxGetCookingInterface, NxPlatformMismatch, OpenComponentLibraryEx, SetSetupOpen, TextOutWCP_ME, UpdateFromAppChange, UpdateFromComponentChange, W32N_IsWindows2000<br>
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) 1988-2000 Microsoft Corp. All rights reserved.<br>product......: Microsoft Soap SDK<br>description..: Microsoft Soap SDK<br>original name: MSSOAP1.DLL<br>internal name: MSSOAP1<br>file version.: 1.02.814.0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Fichier AsAcpiSvrLang.ini reçu le 2010.01.15 17:08:57 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 -
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 21864 bytes
MD5...: 38489f463ab7ff6bfa1e0a68cdf5d636
SHA1..: 0e11a785e40666198308fcd6274fd6e7f5b854e0
SHA256: 3101413975122d541c74ae917ec6ab0b4a955824c52da56a5791cf934db0cf61
ssdeep: 192:FTZM6riWZW5u5gOEA3jCl0IPX0KLividoiZwU9KQO7/qN2kBDrDF0CDjEt+2<br>5:FTZMwCXXe6doiZwxF7/sDrDx25<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (66.6%)<br>MP3 audio (33.3%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
packers (F-Prot): Unicode
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 -
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 21864 bytes
MD5...: 38489f463ab7ff6bfa1e0a68cdf5d636
SHA1..: 0e11a785e40666198308fcd6274fd6e7f5b854e0
SHA256: 3101413975122d541c74ae917ec6ab0b4a955824c52da56a5791cf934db0cf61
ssdeep: 192:FTZM6riWZW5u5gOEA3jCl0IPX0KLividoiZwU9KQO7/qN2kBDrDF0CDjEt+2<br>5:FTZMwCXXe6doiZwxF7/sDrDx25<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (66.6%)<br>MP3 audio (33.3%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
packers (F-Prot): Unicode
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 -
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 21864 bytes
MD5...: 38489f463ab7ff6bfa1e0a68cdf5d636
SHA1..: 0e11a785e40666198308fcd6274fd6e7f5b854e0
SHA256: 3101413975122d541c74ae917ec6ab0b4a955824c52da56a5791cf934db0cf61
ssdeep: 192:FTZM6riWZW5u5gOEA3jCl0IPX0KLividoiZwU9KQO7/qN2kBDrDF0CDjEt+2<br>5:FTZMwCXXe6doiZwxF7/sDrDx25<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (66.6%)<br>MP3 audio (33.3%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
packers (F-Prot): Unicode
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 -
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 21864 bytes
MD5...: 38489f463ab7ff6bfa1e0a68cdf5d636
SHA1..: 0e11a785e40666198308fcd6274fd6e7f5b854e0
SHA256: 3101413975122d541c74ae917ec6ab0b4a955824c52da56a5791cf934db0cf61
ssdeep: 192:FTZM6riWZW5u5gOEA3jCl0IPX0KLividoiZwU9KQO7/qN2kBDrDF0CDjEt+2<br>5:FTZMwCXXe6doiZwxF7/sDrDx25<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (66.6%)<br>MP3 audio (33.3%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
packers (F-Prot): Unicode
Fichier btcss.dll.manifest reçu le 2010.01.15 17:12:19 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 -
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 593 bytes
MD5...: 1b5da2956493091472d9dbc88420c2f4
SHA1..: 45fdea792d6acc2a5781b0b436e482e6d4f29847
SHA256: a9a8e01416df57eaf766e4a636f2016c21cc62a366fae4184c4089e06de0e114
ssdeep: 12:TMHdtYJ5BgVNWpSNTMOA453SNK+bJM+gVNsJ3LRU2K:2dtYbBgHNSgiNK+bu+<br>gME<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Windows Manifest - Visual Stylesheet XML file (95.0%)<br>Generic XML (ASCII) (4.9%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 -
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 593 bytes
MD5...: 1b5da2956493091472d9dbc88420c2f4
SHA1..: 45fdea792d6acc2a5781b0b436e482e6d4f29847
SHA256: a9a8e01416df57eaf766e4a636f2016c21cc62a366fae4184c4089e06de0e114
ssdeep: 12:TMHdtYJ5BgVNWpSNTMOA453SNK+bJM+gVNsJ3LRU2K:2dtYbBgHNSgiNK+bu+<br>gME<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Windows Manifest - Visual Stylesheet XML file (95.0%)<br>Generic XML (ASCII) (4.9%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 -
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 593 bytes
MD5...: 1b5da2956493091472d9dbc88420c2f4
SHA1..: 45fdea792d6acc2a5781b0b436e482e6d4f29847
SHA256: a9a8e01416df57eaf766e4a636f2016c21cc62a366fae4184c4089e06de0e114
ssdeep: 12:TMHdtYJ5BgVNWpSNTMOA453SNK+bJM+gVNsJ3LRU2K:2dtYbBgHNSgiNK+bu+<br>gME<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Windows Manifest - Visual Stylesheet XML file (95.0%)<br>Generic XML (ASCII) (4.9%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 -
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5861 2010.01.14 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 -
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.151 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Information additionnelle
File size: 593 bytes
MD5...: 1b5da2956493091472d9dbc88420c2f4
SHA1..: 45fdea792d6acc2a5781b0b436e482e6d4f29847
SHA256: a9a8e01416df57eaf766e4a636f2016c21cc62a366fae4184c4089e06de0e114
ssdeep: 12:TMHdtYJ5BgVNWpSNTMOA453SNK+bJM+gVNsJ3LRU2K:2dtYbBgHNSgiNK+bu+<br>gME<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
pdfid.: -
trid..: Windows Manifest - Visual Stylesheet XML file (95.0%)<br>Generic XML (ASCII) (4.9%)
Je viens de refaire OTL et voilà ce que ça me dit:
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1\ not found.
OTL by OldTimer - Version 3.1.24.1 log created on 01152010_122054
Sinon je n'arrive pas à supprimer C:\WINDOWS\alujaxak.dll , le pc me dit que l'écriture est protégé.
J'espère que j'ai tout bien suivi tes instructions autrement, dis moi ce qu'il me reste à faire.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1\ not found.
OTL by OldTimer - Version 3.1.24.1 log created on 01152010_122054
Sinon je n'arrive pas à supprimer C:\WINDOWS\alujaxak.dll , le pc me dit que l'écriture est protégé.
J'espère que j'ai tout bien suivi tes instructions autrement, dis moi ce qu'il me reste à faire.
ok execute ceci et remets le rapport
http://sd-1.archive-host.com/membres/up/829108531491024/Remove_File.exe
http://sd-1.archive-host.com/membres/up/829108531491024/Remove_File.exe
