Virus?

stef0481 -  
 Utilisateur anonyme -
Bonjour,

Depuis quelques semaines, mon PC est extrêmement lent, au démarrage, à la fermeture, Office plante dès que les document Word ont des images, ...Tout fonctionne mais tellement au ralenti que ça devient infernal. En me baladant sur les forums, j'ai telechargé Malware bytes et Hijack this afin de poster les rapports que j'ai obtenu, dans l'espoir que vous pourrez m'aider. Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:44:19, on 02/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Antipub\antipub.exe
C:\Documents and Settings\Stéphanie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [LMgrVolOSD] C:\Launch Manager\OSD.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [uwsnzjikm] c:\windows\system32\uwsnzjikm.exe uwsnzjikm
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453974 14
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: Notification de cadeaux MSN.lnk = ?
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stef0481.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://stef0481.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{327E633F-8A6F-44C1-BF8B-7E7E6D8DC061}: NameServer = 212.27.40.241,212.27.40.240
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
Utilisateur anonyme
 
salut :

C'est un adware installé par les programmes suivants:

* Funky Emoticons
* Games Attack
* go-astro
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Official Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer
* Sur le site www.games-desktop.com (n'allez pas dessus!!)

(N'aie plus aucun contact avec eux)

Lien utile: http://www.malekal.com/Adware.Magic_Control.php

Télécharge Navilog1 depuis-ce lien

▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, le fix s'exécutera automatiquement.

▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique

Patiente jusqu'au message :
*** Analyse Termine le ..... ***

>>>>> Le fix peut durer une dizaine de minutes ;)

▶ Appuie sur une touche le bloc note va s'ouvrir.

▶ Copie-colle le rapport ici.

0
Réponse 2 / 26
stef0481
 
Bonjour et merci de ta réponse.
J'ai bien installé Navilog1 mais à la fin de l'analyse, en appuyant sur une touche au lieu d'afficher le bloc-notes, ça a provoqué un redémarrage du système. Résultat, Windows est en cours de fermeture depuis 10 bonnes minutes...
0
Réponse 3 / 26
Utilisateur anonyme
 
ok redemarre le pc manuellement et poste c:\fixnavi.txt
0
Réponse 4 / 26
stef0481
 
Peux-tu m'expliquer "poste" c:\fixnavi.txt? Dans Executer?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
Utilisateur anonyme
 
non dans ton disque dur tu as un txt de ce nom-là....ouvre-le et poste son contenu
0
Réponse 6 / 26
stef0481
 
C'est tout ce que j'ai pu trouver sur mon disque dur. J'espère que c'est le bon doc.

Fix Navipromo version 4.0.6 commencé le 02/03/2010 9:10:34,92

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-32 )
BIOS : Ver 1.00PARTTBLh


USER : Stéphanie ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1368 [VPS 100301-1] 4.8.1368 (Activated)
Firewall : Norton Internet Worm Protection 2006 (Not Activated)

C:\ (Local Disk) - NTFS - Total:93 Go (Free:36 Go)
D:\ (CD or DVD)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\Documents and Settings\St‚phanie\applic~1\MessengerSkinner supprimé !
c:\docume~1\stphan~1\menudm~1\progra~1\MessengerSkinner supprimé !
C:\WINDOWS\pack.epk supprimé !
0
Réponse 7 / 26
Utilisateur anonyme
 
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

0
Réponse 8 / 26
stef0481
 
List'em by g3n-h@ckm@n 1.2.8.3

User : Stéphanie (Administrateurs)
Update on 02/03/2010 by g3n-h@ckm@n ::::: 11.30
Start at: 09:03:08 | 03/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Turion(tm) 64 Mobile Technology ML-32
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100301-1] 4.8.1368 [ (!) Disabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006

C:\ -> Disque fixe local | 93,16 Go (36,54 Go free) [n01113] | NTFS
D:\ -> Disque CD-ROM

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Antipub\antipub.exe
C:\Documents and Settings\Stéphanie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Documents and Settings\Stéphanie\Local Settings\Temp\1C.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
fsc-reminder.exe REG_SZ C:\WINDOWS\reminder\fsc-reminder.exe 2453974 14
Yahoo! Pager REG_SZ C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
messengerskinner REG_SZ C:\Program Files\MessengerSkinner\MessengerSkinner.exe
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
LaunchAp REG_SZ C:\Launch Manager\LaunchAp.exe
HotkeyApp REG_SZ C:\Launch Manager\HotkeyApp.exe
LMgrVolOSD REG_SZ C:\Launch Manager\OSD.exe
LMgrOSD REG_SZ C:\Launch Manager\OSDCtrl.exe
Wbutton REG_SZ "C:\Launch Manager\Wbutton.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
CtrlVol REG_SZ C:\Launch Manager\CtrlVol.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
YeppStudioAgent REG_SZ C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
SoundMan REG_SZ SOUNDMAN.EXE
ISUSPM REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
SSBkgdUpdate REG_SZ "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
WorkFlowTray REG_SZ "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
Opware14 REG_SZ "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
OpScheduler REG_SZ "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
uwsnzjikm REG_SZ c:\windows\system32\uwsnzjikm.exe uwsnzjikm
PaperPort PTD REG_SZ "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
IndexSearch REG_SZ "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
PPort11reminder REG_SZ "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
ISUSScheduler REG_SZ "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
gcasServ REG_SZ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ NOM-9C38B6165A7
DefaultUserName REG_SZ Stéphanie
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
DefaultPassword REG_SZ
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Stéphanie
AltDefaultDomainName REG_SZ NOM-9C38B6165A7
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
{9EF34FF2-3396-4527-9D27-04C8C1C67806} REG_SZ Microsoft AntiSpyware Service Hook

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Messenger\Msmsgs.exe REG_SZ C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Yahoo!\Messenger\YServer.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
C:\Program Files\Yahoo!\Messenger\YPager.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger
C:\Program Files\Freeplayer\vlc\vlc.exe REG_SZ C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player
C:\Program Files\Xi\NetXfer\NetTransport.exe REG_SZ C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Disabled:NetXfer Download Manager
C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Documents and Settings\Stéphanie\Bureau\incredimail_install.exe REG_SZ C:\Documents and Settings\Stéphanie\Bureau\incredimail_install.exe:*:Enabled:IncrediMail Installer
C:\Program Files\IncrediMail\bin\ImApp.exe REG_SZ C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
C:\Program Files\Mozilla Firefox\firefox.exe REG_SZ C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
C:\Program Files\Internet Explorer\iexplore.exe REG_SZ C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
C:\Program Files\InterVideo\DVD8\WinDVD.exe REG_SZ C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
C:\Program Files\adslTV\adsltv.exe REG_SZ C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv
C:\Program Files\adslTV\vlc.exe REG_SZ C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7FC1B346-83E6-4774-8D20-1A6B09B0E737}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{88764F69-3831-4EC1-B40B-FF21D8381345}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CE3409C4-9E26-4F8E-83E4-778498F9E7B4}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{DFB17AA8-042A-429D-987C-26CE244A4189}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0CC8367F-FA03-0AB7-9507-C3D9F99AD931}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{181695F4-EB28-F2F8-F0D0-D9FDA5908497}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{243BFCE2-1CCF-BBA8-A1AF-C56B1A12A230}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{327E633F-8A6F-44C1-BF8B-7E7E6D8DC061}: NameServer=212.27.40.241,212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{327E633F-8A6F-44C1-BF8B-7E7E6D8DC061}: NameServer=212.27.40.241,212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{327E633F-8A6F-44C1-BF8B-7E7E6D8DC061}: NameServer=212.27.40.241,212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{327E633F-8A6F-44C1-BF8B-7E7E6D8DC061}: NameServer=212.27.40.241,212.27.40.240

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/?ocid=iehp

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Stéphanie\Local Settings\Temp\1C.tmp
## C:\> hashdeep.exe C:\recover\WINDOWS\system32\dllcache\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\recover\WINDOWS\system32\dllcache\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Stéphanie\Local Settings\Temp\1C.tmp
## C:\> hashdeep.exe C:\recover\WINDOWS\system32\drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\recover\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Stéphanie\Local Settings\Temp\1C.tmp
## C:\> hashdeep.exe C:\recover\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\recover\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Stéphanie\Local Settings\Temp\1C.tmp
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Stéphanie\Local Settings\Temp\1C.tmp
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Stéphanie\Local Settings\Temp\1C.tmp
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Stéphanie\Local Settings\Temp\1C.tmp
## C:\> hashdeep.exe C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
93,16 Go total, 36,55 Go libre (39%), 18% fragment‚ (fragmentation du fichier 36%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\.zreglib
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\Install_Messenger.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe
Present !! : C:\WINDOWS\002800_.tmp
Present !! : C:\WINDOWS\System32\_*.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\System32\SET*.tmp
Present !! : C:\Documents and Settings\St‚phanie\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\St‚phanie\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\St‚phanie\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\St‚phanie\Application Data\wklnhst.dat
Present !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\327.pdf
Present !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\B0.tmp
Present !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\db.dat
Present !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\dw.log
Present !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\pp.log
Present !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\tdm.log
Present !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\um.um
Present !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\ytb.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\DWPUpgradeInstaller.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\HomePlayer-1.5.8a.77882.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\hpzscr01.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\IE8-Setup-Full-MSN-XP.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\igraal.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\RstApp.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\utt4B.tmp.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\ytb.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is143.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is18F.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is20E.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is229.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is2AB.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_isA2.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_isA3.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_isF9.exe
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\db.dat
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\hpoins08.dat
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\hposcr02.dat
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\liveplayer_exe.dat
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\liveplayer_skin.dat
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\OPWShellConvert_0.dat
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\skin_dll.dat
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\sqlite_dll.dat
Present !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\MFPL7014.DLL

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\messengerskinner
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCU\Software\epk_extr
Present !! : HKCU\Software\Lanconfig
Present !! : HKCU\Software\livesvc

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 09:37:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

a-squared Anti-Malware
Adobe
adslTV
Ahead
Alwil Software
Antipub
Apple Software Update
Astonsoft
ATI Technologies
Audacity
BitTorrent
Boonty
BoontyGames
Brother
ComPlus Applications
CONEXANT
Dictionnaire
DivX
DVD Shrink
Elaborate Bytes
eMule
Fichiers communs
Free
Freeplayer
Fritivi
GameHouse
Giganology
Hewlett-Packard
IncrediMail
InstallShield Installation Information
InterActual
Internet Explorer
InterVideo
InterVideo Information Service
IVCsoft
Java
JRE
Lame MP3 Codec
List_Kill'em
Malwarebytes' Anti-Malware
Messenger
Microsoft
Microsoft AntiSpyware
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Office Outlook Connector
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSI
MSN
MSN Gaming Zone
MSXML 4.0
Navilog1
NetMeeting
Nuance
NVIDIA Corporation
Online Services
OpenOffice.org 2.1
OpenOffice.org 2.2
OpenOffice.org 2.3
OpenOffice.org 2.4
OpenOffice.org 3
Outlook Express
Panda Security
PCFriendly
PhotoFiltre Studio
Progetto Italiano 1
Raccourcis de programmes
Real
Realtek AC97
Reference Assemblies
Samsung
ScanSoft
Services en ligne
Skype
Synaptics
Trend Micro
Uninstall Information
VideoLAN
Winamp
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
Xi
XviD
Yahoo!
Zylom Games

============
Drive C:
============

a474795e8633556ad4be0fbc14
Addon
ati.log
AUTOEXEC.BAT
boot.ini
Bootfont.bin
cddbplm.gcf
cddbplm.idx
cddbplm.lsf
cddbplm.pdb
celi_1_giugno_2003.wma
celi_2_giugno_2003.wma
celi_3_giugno_2003.wma
celi_3_giugno_2004.wma
cleannavi.txt
CONFIG.SYS
ConvertTemp
Desperate Housewives- 2x17 Vost Fr By Hogtied.wmv.nv!
Documents and Settings
drivers
ebc8acacdb28dbe965173963
emigrazione.zip
emoticones.exe
expand.txt
FirstSteps
FSP811n01113.dat
hiberfil.sys
homePage.srv
hpfr3420.xml
hpfr3425.log
info.rtf
info2.rtf
Install_Messenger(1).exe
Install_Messenger(2).exe
Install_Messenger.exe
IO.SYS
ISP
Kill'em
LANG.TXT
Language.txt
Launch Manager
LES_CENT_PAS-Selections
List'em.txt
Live! Cam
login.srf
MSDOS.SYS
MSOCache
MSWorks
Nis2006
NTDETECT.COM
ntldr
oem.tag
Office11
pagefile.sys
Perf1260-1660
Prodlog.txt
Program Files
recover
RECYCLER
Rome.zip
SBSI
setup.exe
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
stream.srv
System Volume Information
TDdownload
temp
UpdatedResults.cst
vcredist_x86.log
wdljovma.sys
WINDOWS
WinDVD
WLinstaller(1).exe
WLinstaller.exe
wp2Krtf.exe

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 10:35:54,39
0
Réponse 9 / 26
Utilisateur anonyme
 
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse
0
Réponse 10 / 26
stef0481
 
Je n'étais pas près de mon PC pendant le scan et maintenant que j'y retourne tout est fermé, pas de rapport disponible. Où le trouver?
0
Réponse 11 / 26
Utilisateur anonyme
 
ici : C:\Kill'em.txt
0
Réponse 12 / 26
stef0481
 
Kill'em by g3n-h@ckm@n 1.2.8.3

User : Stéphanie (Administrateurs)
Update on 02/03/2010 by g3n-h@ckm@n ::::: 11.30
Start at: 12:25:30 | 03/03/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

AMD Turion(tm) 64 Mobile Technology ML-32
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100301-1] 4.8.1368 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006

C:\ -> Disque fixe local | 93,16 Go (36,59 Go free) [n01113] | NTFS
D:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Launch Manager\LaunchAp.exe
C:\Launch Manager\HotkeyApp.exe
C:\Launch Manager\OSD.exe
C:\Launch Manager\OSDCtrl.exe
C:\Launch Manager\Wbutton.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Antipub\antipub.exe
C:\Documents and Settings\Stéphanie\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Stéphanie\Local Settings\Temp\34.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\.zreglib
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : C:\Install_Messenger.exe
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe
Quarantined & Deleted !! : C:\WINDOWS\002800_.tmp

Quarantined & Deleted !! : C:\WINDOWS\System32\_000005_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\System32\SET18.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET59C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET59E.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5A3.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET5AA.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET8.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET89.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET9C.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET9D.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SET9F.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETA0.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETA1.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETA4.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\SETA6.tmp
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Application Data\wklnhst.dat
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\327.pdf
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\B0.tmp
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\db.dat
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\dw.log
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\pp.log
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\tdm.log
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\um.um
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\Local Settings\Temp\ytb.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\DWPUpgradeInstaller.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\HomePlayer-1.5.8a.77882.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\hpzscr01.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\IE8-Setup-Full-MSN-XP.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\igraal.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\RstApp.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\utt4B.tmp.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is143.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is18F.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is20E.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is229.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_is2AB.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_isA2.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_isA3.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\_isF9.exe
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\hpoins08.dat
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\hposcr02.dat
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\liveplayer_exe.dat
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\liveplayer_skin.dat
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\OPWShellConvert_0.dat
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\skin_dll.dat
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\sqlite_dll.dat
Quarantined & Deleted !! : C:\Documents and Settings\St‚phanie\LOCAL Settings\Temp\MFPL7014.DLL

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run\messengerskinner
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
0
Réponse 13 / 26
Utilisateur anonyme
 
Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur "all"

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
0
Réponse 14 / 26
stef0481
 
Bonsoir,

Voilà les résultats d'OTL

http://www.cijoint.fr/cjlink.php?file=cj201003/cijciFZ3fz.txt
http://www.cijoint.fr/cjlink.php?file=cj201003/cijxR7Fok2.txt
0
Réponse 15 / 26
Utilisateur anonyme
 
▶ clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:services
boonty games

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [uwsnzjikm] C:\WINDOWS\System32\uwsnzjikm.exe File not found
O4 - HKLM..\Run: [Wbutton] C:\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe File not found
O4 - HKU\S-1-5-21-477886873-1884736103-868532163-1007..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)


:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IndexSearch"=-
"ISUSScheduler"=-
"NeroFilterCheck"=-
"PaperPort PTD"=-
"SoundMan"=-
"SSBkgdUpdate"=-
"TkBellExe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YServer.exe"=-
"C:\Program Files\Yahoo!\Messenger\YPager.exe"=-
"C:\Program Files\Xi\NetXfer\NetTransport.exe"=-
"C:\Program Files\LimeWire\LimeWire.exe"=-
"C:\Program Files\adslTV\adsltv.exe"=-
"C:\Program Files\adslTV\vlc.exe"=-


:Files
C:\Documents and Settings\All Users\Application Data\BOONTY


:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.

ensuite :

desinstalle "Favorit"

ensuite :

▶ Télécharge UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

ensuite :

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

▶ Ton bureau disparaitra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 16 / 26
stef0481
 
Bonjour,

J'ai bien fait la suppression par l'intermediaire d'OTL mais je n'ai pas obtenu de rapport et l'ordinateur a redémarré. Ensuite voilà le rapport d'USBfix avant la suppression.
Merci encore de ton aide, j'espère que ça va marcher.
0
Réponse 17 / 26
Utilisateur anonyme
 
rapport d'OTL :

C:\_OTL\Moved Files\la_date_et_l'heure_de_la_suppression
0
Réponse 18 / 26
stef0481
 
Bonsoir,

Ca a mis du temps mais ça y est

Rapport OTL
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========
Service boonty games stopped successfully!
No service named boonty games was found to delete!
========== OTL ==========
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uwsnzjikm deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wbutton deleted successfully.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Launch Manager\WButton.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\YeppStudioAgent deleted successfully.
Registry value HKEY_USERS\S-1-5-21-477886873-1884736103-868532163-1007\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Pager deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\WINDOWS\Downloaded Program Files\erma.inf scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IndexSearch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PaperPort PTD deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SoundMan deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SSBkgdUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|1 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|1 /E!
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Xi\NetXfer\NetTransport.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\adslTV\adsltv.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\adslTV\vlc.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService

User: NetworkService

User: Stéphanie

%systemdrive% .tmp files removed: 0 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
%systemroot% .tmp files removed: 0 bytes
Unable to locate HKLM\Software\OldTimer Tools\OTL key.
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.1.32.0 log created on 03042010_173720


Rapport UsbFix


############################## | UsbFix V6.098 |

User : Stéphanie (Administrateurs) # NOM-9C38B6165A7
Update on 03/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:20:12 | 04/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Turion(tm) 64 Mobile Technology ML-32
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1368 [VPS 100304-0] 4.8.1368 [ Enabled | Updated ]
FW : Norton Internet Worm Protection[ (!) Disabled ]2006

C:\ -> Disque fixe local # 93,16 Go (36,58 Go free) [n01113] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible # 1,92 Go (4,91 Mo free) [TOSHIBA] # FAT
F:\ -> Disque amovible # 940,73 Mo (473,2 Mo free) [UDISK 2.0] # FAT

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-477886873-1884736103-868532163-1007

################## | Registre |


################## | Mountpoints2 |


################## | Listing des fichiers présent |

[30/01/2006 10:07|--a------|185] C:\ati.log
[30/01/2006 09:16|--a------|0] C:\AUTOEXEC.BAT
[26/08/2006 18:02|-rahs----|216] C:\boot.ini
[05/08/2004 13:00|-rahs----|4952] C:\Bootfont.bin
[23/05/2007 09:40|--a------|681728] C:\cddbplm.gcf
[23/05/2007 09:40|--a------|768] C:\cddbplm.idx
[23/05/2007 09:40|--a------|308736] C:\cddbplm.lsf
[23/05/2007 09:40|--a------|768] C:\cddbplm.pdb
[23/10/2007 11:22|--a------|2893120] C:\celi_1_giugno_2003.wma
[23/10/2007 11:22|--a------|2550121] C:\celi_2_giugno_2003.wma
[23/10/2007 11:22|--a------|3062134] C:\celi_3_giugno_2003.wma
[23/10/2007 11:22|--a------|3159897] C:\celi_3_giugno_2004.wma
[02/03/2010 09:44|--a------|1024] C:\cleannavi.txt
[30/01/2006 09:16|--a------|0] C:\CONFIG.SYS
[09/01/2007 14:03|--a------|207201360] C:\Desperate Housewives- 2x17 Vost Fr By Hogtied.wmv.nv!
[28/01/2007 20:30|--a------|220971] C:\emigrazione.zip
[01/03/2007 10:28|--a------|262544] C:\emoticones.exe
[26/08/2006 18:04|--a------|27] C:\expand.txt
[30/01/2006 10:55|--a------|1116] C:\FSP811n01113.dat
[?|?|?] C:\hiberfil.sys
[18/12/2006 21:27|--a------|25193] C:\homePage.srv
[30/07/2009 11:02|--a------|522] C:\hpfr3420.xml
[30/07/2009 11:02|--a------|4869] C:\hpfr3425.log
[14/09/2008 19:20|--a------|12] C:\info.rtf
[14/09/2008 19:20|--a------|15] C:\info2.rtf
[19/01/2007 22:54|--a------|17929072] C:\Install_Messenger(1).exe
[30/07/2006 05:44|--a------|16277288] C:\Install_Messenger(2).exe
[30/01/2006 09:16|-rahs----|0] C:\IO.SYS
[03/03/2010 12:46|--a------|8995] C:\Kill'em.txt
[11/10/2004 06:18|--a------|19] C:\LANG.TXT
[09/04/2003 09:44|--a------|10] C:\Language.txt
[03/03/2010 10:35|--a------|36737] C:\List'em.txt
[09/01/2007 09:59|--a------|5253] C:\login.srf
[30/01/2006 09:16|-rahs----|0] C:\MSDOS.SYS
[05/08/2004 13:00|-rahs----|47564] C:\NTDETECT.COM
[14/10/2008 14:59|-rahs----|252240] C:\ntldr
[04/08/2004 13:00|--a------|2] C:\oem.tag
[?|?|?] C:\pagefile.sys
[30/01/2006 10:55|---h-----|1681] C:\Prodlog.txt
[17/02/2007 10:04|--a------|2419055] C:\Rome.zip
[15/02/2006 08:09|--a------|2102156] C:\setup.exe
[03/11/2007 14:24|--a------|17587] C:\stream.srv
[14/09/2008 19:20|--a------|143185] C:\UpdatedResults.cst
[04/03/2010 21:31|--a------|3355] C:\UsbFix.txt
[22/01/2009 20:51|--a------|509464] C:\vcredist_x86.log
[09/03/2009 21:42|--ahs----|1056] C:\wdljovma.sys
[28/10/2007 04:46|--a------|2402832] C:\WLinstaller(1).exe
[24/08/2007 16:43|--a------|1815408] C:\WLinstaller.exe
[15/11/1999 19:28|--a------|808408] C:\wp2Krtf.exe
[28/01/2010 11:29|--a------|24576] E:\Interrogazione.doc
[04/02/2010 17:30|--a------|35328] E:\Voyage Turin - Milan Programme visites.doc
[02/03/2010 14:10|--a------|47104] E:\ORAUX BAC BLANC.doc
[26/02/2010 11:25|--a------|62464] E:\Liste ‚lŠves Turin-Milan.doc
[26/05/2008 09:11|--a------|27648] E:\Contr“le A Tavola.doc
[13/01/2010 10:49|--a------|25088] E:\Lettre Credit Agricole.doc
[14/01/2010 11:25|--a------|22016] E:\LXM Echanges.doc
[21/02/2010 21:02|--a------|1765226] F:\Nord Sud Migrazioni.pdf
[20/09/2009 19:29|--a------|448702592] F:\X12-30194.exe
[22/02/2010 12:15|--a------|15360] F:\Mal di pietre - texte.doc
[11/01/2010 11:28|--a------|25088] F:\Compito nø 5.doc
[22/02/2010 12:16|--a------|17920] F:\Mal di pietre avec infos.doc
[22/02/2010 13:21|--a------|25600] F:\Compito Caruso.doc
[22/02/2010 13:24|--a------|953439] F:\italien_2_08_eserciziripasso_belin.pdf
[25/02/2010 09:00|--a------|109568] F:\Liste ‚lŠves Turin-Milan.doc
[25/02/2010 12:23|--a------|27136] F:\Fra gli eroi del Risorgimento.doc

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_NOM-9C38B6165A7.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.098 ! |

Dis-moi s'il manque quelque chose. En tout cas, mon PC a l'air plus rapide déjà.
Merci encore.
0
Réponse 19 / 26
Utilisateur anonyme
 
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\wdljovma.sys

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
0
Réponse 20 / 26
stef0481
 
Bonjour,

Un peu de temps ce matin, alors je t'envoie le rapport pour Virus Total.
Merci encore.

Fichier wdljovma.sys reçu le 2010.03.07 09:57:39 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.06 -
Avast5 5.0.332.0 2010.03.06 -
AVG 9.0.0.787 2010.03.06 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4921 2010.03.06 -
Norman 6.04.08 2010.03.06 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5778 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -
Information additionnelle
File size: 1056 bytes
MD5...: bf37a02120ca3faa33257b47c4ef1c77
SHA1..: d2a69e8fce7f12f4fbb819b622806cb270768bbe
SHA256: 36f9a30754a0aa74b20bc7f8b38c1d9de72457b84e36ebeb3c065d66d16042af
ssdeep: 12:H1x8wqqkc+1x8wqqkc+1x8wqqkc+1x8wqqkc+1x8wqqkc+1x8wqqkc+1x8wqq<br>kcy:ocZcZcZcZcZcZcZcZcZcb<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.07 -
AhnLab-V3 5.0.0.2 2010.03.07 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.06 -
Avast 4.8.1351.0 2010.03.06 -
Avast5 5.0.332.0 2010.03.06 -
AVG 9.0.0.787 2010.03.06 -
BitDefender 7.2 2010.03.07 -
CAT-QuickHeal 10.00 2010.03.06 -
ClamAV 0.96.0.0-git 2010.03.06 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.07 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7342 2010.03.05 -
F-Prot 4.5.1.85 2010.03.06 -
F-Secure 9.0.15370.0 2010.03.07 -
GData 19 2010.03.07 -
Ikarus T3.1.1.80.0 2010.03.07 -
Jiangmin 13.0.900 2010.03.07 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.07 -
McAfee 5912 2010.03.06 -
McAfee+Artemis 5912 2010.03.06 -
McAfee-GW-Edition 6.8.5 2010.03.07 -
Microsoft 1.5502 2010.03.07 -
NOD32 4921 2010.03.06 -
Norman 6.04.08 2010.03.06 -
nProtect 2009.1.8.0 2010.03.07 -
Panda 10.0.2.2 2010.03.07 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.07 -
Rising 22.37.06.04 2010.03.07 -
Sophos 4.51.0 2010.03.07 -
Sunbelt 5778 2010.03.07 -
Symantec 20091.2.0.41 2010.03.07 -
TheHacker 6.5.1.9.223 2010.03.07 -
TrendMicro 9.120.0.1004 2010.03.07 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.06 -

Information additionnelle
File size: 1056 bytes
MD5...: bf37a02120ca3faa33257b47c4ef1c77
SHA1..: d2a69e8fce7f12f4fbb819b622806cb270768bbe
SHA256: 36f9a30754a0aa74b20bc7f8b38c1d9de72457b84e36ebeb3c065d66d16042af
ssdeep: 12:H1x8wqqkc+1x8wqqkc+1x8wqqkc+1x8wqqkc+1x8wqqkc+1x8wqqkc+1x8wqq<br>kcy:ocZcZcZcZcZcZcZcZcZcb<br>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Unknown!
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses