Faux centre de sécurité windows
garfield62
Messages postés
17
Statut
Membre
-
garfield62 Messages postés 17 Statut Membre -
garfield62 Messages postés 17 Statut Membre -
bonjour,
je suis touché par un virus faux centre de sécurité windows
Ayant peut de connaissances en informatique je n'arrive pas a l'enlever !
L'analyse Avast ne detecte rien !
et Spybot detecte quelques trucs mais rien de bien utile ...
Aidez moi svp :)
je suis touché par un virus faux centre de sécurité windows
Ayant peut de connaissances en informatique je n'arrive pas a l'enlever !
L'analyse Avast ne detecte rien !
et Spybot detecte quelques trucs mais rien de bien utile ...
Aidez moi svp :)
A voir également:
- Faux centre de sécurité windows
- Clé de produit windows 10 gratuit - Guide
- Mode securite - Guide
- Montage video windows - Guide
- Windows ne démarre pas - Guide
- Windows movie maker - Télécharger - Montage & Édition
7 réponses
Bonjour,
--> Télécharge OTL (de OldTimer) sur ton Bureau.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.
--> Coche également les cases à côté de LOP Check et Purity Check.
--> Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.
--> Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).
Pour me transmettre les rapports :
--> Clique sur ce lien : http://www.cijoint.fr/
--> Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
--> Clique sur Ouvrir.
--> Clique sur Cliquez ici pour déposer le fichier.
--> Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
--> Copie-colle ce lien dans ta réponse.
--> Télécharge OTL (de OldTimer) sur ton Bureau.
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.
--> Coche également les cases à côté de LOP Check et Purity Check.
--> Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.
--> Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).
Pour me transmettre les rapports :
--> Clique sur ce lien : http://www.cijoint.fr/
--> Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
--> Clique sur Ouvrir.
--> Clique sur Cliquez ici pour déposer le fichier.
--> Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
--> Copie-colle ce lien dans ta réponse.
Bonsoir,
Je vais m'occuper de ton infection.
Avant tout, il me faudrait connaitre ton système d'exploitation : Windows XP, Vista, 7, ...?
Je vais m'occuper de ton infection.
Avant tout, il me faudrait connaitre ton système d'exploitation : Windows XP, Vista, 7, ...?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
1/
--> Démarre Spybot, clique sur Mode, coche Mode avancé.
--> A gauche, clique sur Outils, puis sur Résident.
--> Décoche la case devant Résident "TeaTimer" :
http://sd-1.archive-host.com/membres/up/3288717712384394/TeaTimer.jpg
--> Quitte Spybot.
2/
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :
:OTL
PRC - C:\Documents and Settings\nd\Local Settings\Application Data\ave.exe ()
PRC - C:\WINDOWS\system32\wuaucldt.exe ()
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM\..\Run: [syncman] C:\WINDOWS\system32\wuaucldt.exe ()
O4 - HKCU\..\Run: [syncman] c:\documents and settings\nd\wuaucldt.exe File not found
O4 - Startup: C:\Documents and Settings\nd\Menu Démarrer\Programmes\Démarrage\syspck32.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O37 - HKCU\...exe [@ = secfile] -- "C:\Documents and Settings\nd\Local Settings\Application Data\ave.exe" /START "%1" %* ()
[2010/03/20 19:30:46 | 000,017,072 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\48531I0
[2010/03/20 19:29:53 | 000,029,764 | ---- | C] () -- C:\WINDOWS\System32\wuaucldt.exe
[2010/03/20 19:29:42 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010/03/20 19:28:31 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\nd\Application Data\avdrn.dat
[2010/03/22 17:57:55 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\nd\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/03/22 17:56:56 | 000,204,800 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\3570694465.dll
[2010/03/22 17:55:48 | 000,012,800 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\VH56DJI7u87yo
[2010/03/22 17:55:48 | 000,012,800 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2010/03/22 07:40:20 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\490373180.dll
[2010/03/22 07:37:01 | 000,014,600 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wo588q8Gd1tnB
[2010/03/22 07:37:00 | 000,014,600 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\wo588q8Gd1tnB
[2010/03/21 11:29:22 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\1139758833.dll
[2010/03/21 11:25:01 | 000,204,800 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe
[2010/03/21 11:22:59 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vma.exe
[2010/03/21 11:22:58 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\MSASCui.exe
[2010/03/21 11:22:58 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ave.exe
[2010/03/21 11:22:58 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\av.exe
[2010/03/21 11:22:58 | 000,017,072 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\48531I0
[2010/03/21 11:22:55 | 000,204,800 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\av.exe
[2010/03/21 11:22:55 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\vma.exe
[2010/03/21 11:22:55 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\MSASCui.exe
[2010/03/20 19:31:51 | 000,204,800 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\ave.exe
:commands
[emptytemp]
[reboot]
--> Puis clique sur le bouton Run Fix en haut de la fenêtre.
--> Laisse le programme travailler, redémarre une fois le fix terminé.
--> Poste le rapport qui s'affichera après redémarrage.
--> Démarre Spybot, clique sur Mode, coche Mode avancé.
--> A gauche, clique sur Outils, puis sur Résident.
--> Décoche la case devant Résident "TeaTimer" :
http://sd-1.archive-host.com/membres/up/3288717712384394/TeaTimer.jpg
--> Quitte Spybot.
2/
--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
--> Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :
:OTL
PRC - C:\Documents and Settings\nd\Local Settings\Application Data\ave.exe ()
PRC - C:\WINDOWS\system32\wuaucldt.exe ()
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM\..\Run: [syncman] C:\WINDOWS\system32\wuaucldt.exe ()
O4 - HKCU\..\Run: [syncman] c:\documents and settings\nd\wuaucldt.exe File not found
O4 - Startup: C:\Documents and Settings\nd\Menu Démarrer\Programmes\Démarrage\syspck32.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O37 - HKCU\...exe [@ = secfile] -- "C:\Documents and Settings\nd\Local Settings\Application Data\ave.exe" /START "%1" %* ()
[2010/03/20 19:30:46 | 000,017,072 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\48531I0
[2010/03/20 19:29:53 | 000,029,764 | ---- | C] () -- C:\WINDOWS\System32\wuaucldt.exe
[2010/03/20 19:29:42 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jasltw.dat
[2010/03/20 19:28:31 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\nd\Application Data\avdrn.dat
[2010/03/22 17:57:55 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\nd\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/03/22 17:56:56 | 000,204,800 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\3570694465.dll
[2010/03/22 17:55:48 | 000,012,800 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\VH56DJI7u87yo
[2010/03/22 17:55:48 | 000,012,800 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo
[2010/03/22 07:40:20 | 000,203,776 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\490373180.dll
[2010/03/22 07:37:01 | 000,014,600 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wo588q8Gd1tnB
[2010/03/22 07:37:00 | 000,014,600 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\wo588q8Gd1tnB
[2010/03/21 11:29:22 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\1139758833.dll
[2010/03/21 11:25:01 | 000,204,800 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe
[2010/03/21 11:22:59 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vma.exe
[2010/03/21 11:22:58 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\MSASCui.exe
[2010/03/21 11:22:58 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ave.exe
[2010/03/21 11:22:58 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\av.exe
[2010/03/21 11:22:58 | 000,017,072 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\48531I0
[2010/03/21 11:22:55 | 000,204,800 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\av.exe
[2010/03/21 11:22:55 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\vma.exe
[2010/03/21 11:22:55 | 000,202,240 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\MSASCui.exe
[2010/03/20 19:31:51 | 000,204,800 | -HS- | C] () -- C:\Documents and Settings\nd\Local Settings\Application Data\ave.exe
:commands
[emptytemp]
[reboot]
--> Puis clique sur le bouton Run Fix en haut de la fenêtre.
--> Laisse le programme travailler, redémarre une fois le fix terminé.
--> Poste le rapport qui s'affichera après redémarrage.
All processes killed
========== OTL ==========
No active process named ave.exe was found!
No active process named wuaucldt.exe was found!
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\system32\wuaucldt.exe not found.
Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
File move failed. C:\Documents and Settings\nd\Menu Démarrer\Programmes\Démarrage\syspck32.exe scheduled to be moved on reboot.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\Documents and Settings\All Users\Application Data\48531I0 not found.
File C:\WINDOWS\System32\wuaucldt.exe not found.
File C:\Documents and Settings\NetworkService\Application Data\jasltw.dat not found.
File C:\Documents and Settings\nd\Application Data\avdrn.dat not found.
File C:\Documents and Settings\nd\oashdihasidhasuidhiasdhiashdiuasdhasd not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\3570694465.dll not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\VH56DJI7u87yo not found.
File C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\490373180.dll not found.
File C:\Documents and Settings\All Users\Application Data\wo588q8Gd1tnB not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\wo588q8Gd1tnB not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\1139758833.dll not found.
File C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe not found.
File C:\Documents and Settings\All Users\Application Data\vma.exe not found.
File C:\Documents and Settings\All Users\Application Data\MSASCui.exe not found.
File C:\Documents and Settings\All Users\Application Data\ave.exe not found.
File C:\Documents and Settings\All Users\Application Data\av.exe not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\48531I0 not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\av.exe not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\vma.exe not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\MSASCui.exe not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\ave.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 7168644 bytes
User: nd
->Temp folder emptied: 1446537929 bytes
->Temporary Internet Files folder emptied: 247924946 bytes
->Java cache emptied: 47398699 bytes
->FireFox cache emptied: 51311636 bytes
->Flash cache emptied: 2052487 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2225529 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32864 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 128993 bytes
RecycleBin emptied: 82752036 bytes
Total Files Cleaned = 1 800,00 mb
OTL by OldTimer - Version 3.1.37.3 log created on 03222010_200156
Files\Folders moved on Reboot...
C:\Documents and Settings\nd\Menu Démarrer\Programmes\Démarrage\syspck32.exe moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
========== OTL ==========
No active process named ave.exe was found!
No active process named wuaucldt.exe was found!
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\WINDOWS\system32\wuaucldt.exe not found.
Registry key HKEY_CURRENT_USER\\Software\Microsoft\Windows\CurrentVersion\Run not found.
File move failed. C:\Documents and Settings\nd\Menu Démarrer\Programmes\Démarrage\syspck32.exe scheduled to be moved on reboot.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
File C:\Documents and Settings\All Users\Application Data\48531I0 not found.
File C:\WINDOWS\System32\wuaucldt.exe not found.
File C:\Documents and Settings\NetworkService\Application Data\jasltw.dat not found.
File C:\Documents and Settings\nd\Application Data\avdrn.dat not found.
File C:\Documents and Settings\nd\oashdihasidhasuidhiasdhiashdiuasdhasd not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\3570694465.dll not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\VH56DJI7u87yo not found.
File C:\Documents and Settings\All Users\Application Data\VH56DJI7u87yo not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\490373180.dll not found.
File C:\Documents and Settings\All Users\Application Data\wo588q8Gd1tnB not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\wo588q8Gd1tnB not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\1139758833.dll not found.
File C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe not found.
File C:\Documents and Settings\All Users\Application Data\vma.exe not found.
File C:\Documents and Settings\All Users\Application Data\MSASCui.exe not found.
File C:\Documents and Settings\All Users\Application Data\ave.exe not found.
File C:\Documents and Settings\All Users\Application Data\av.exe not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\48531I0 not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\av.exe not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\vma.exe not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\MSASCui.exe not found.
File C:\Documents and Settings\nd\Local Settings\Application Data\ave.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 7168644 bytes
User: nd
->Temp folder emptied: 1446537929 bytes
->Temporary Internet Files folder emptied: 247924946 bytes
->Java cache emptied: 47398699 bytes
->FireFox cache emptied: 51311636 bytes
->Flash cache emptied: 2052487 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2225529 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32864 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 128993 bytes
RecycleBin emptied: 82752036 bytes
Total Files Cleaned = 1 800,00 mb
OTL by OldTimer - Version 3.1.37.3 log created on 03222010_200156
Files\Folders moved on Reboot...
C:\Documents and Settings\nd\Menu Démarrer\Programmes\Démarrage\syspck32.exe moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Mozilla\Firefox\Profiles\9sr5epbu.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3901
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
22/03/2010 21:21:43
mbam-log-2010-03-22 (21-21-43).txt
Type de recherche: Examen rapide
Eléments examinés: 117121
Temps écoulé: 9 minute(s), 45 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 22
Processus mémoire infecté(s):
C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\config\SystemProfile\wuaucldt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\avG\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\avG\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\avG\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Microsoft\Windows Defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Microsoft\Windows Defender\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Microsoft\Windows Defender\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\avG\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\avG\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\avG\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\avG\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Version de la base de données: 3901
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
22/03/2010 21:21:43
mbam-log-2010-03-22 (21-21-43).txt
Type de recherche: Examen rapide
Eléments examinés: 117121
Temps écoulé: 9 minute(s), 45 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 22
Processus mémoire infecté(s):
C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom (Trojan.Patched) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\config\SystemProfile\wuaucldt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\avG\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\avG\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\avG\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\avG\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Microsoft\Windows Defender\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Microsoft\Windows Defender\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\nd\Local Settings\Application Data\Microsoft\Windows Defender\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\avG\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\avG\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\avG\vma.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\avG\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
OTL.txt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijYZLjKum.txt
Extras.tkt: http://www.cijoint.fr/cjlink.php?file=cj201003/cijGckpyvl.txt