Virus ardamax keyloger al'aide
Résolu
yoo123
Messages postés
239
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
bonjour,voila je viens de faire un scan avec avira et il me trouve le virus ardamax keyloger je l'ai donc supprimé ,mais avira m'envoie encore plein d'alerte genre 6 ou 7 en meme temps avec marqué s keyloger etc esque cela me montre tous les fichiers infecter?en tout cas lorsque il m' a demande ce que je devais faire (avira) je n'avais que le choix de la quarantaine mais je ne le trouve pas dedant, esqu'il se peut qu'il est réussi à passer?(le virus)et puis j'ai plein de "svchost.exe dans les processus de mon gestionnaire de tache avec cetains decris comme SYSTEM et d'autres SERVICE qui n'étaient pas la avant et qui ne s'affichent que lorsque je mets "afficher les processus de tous les utilisateurs" alors voila esqu'il y a beaucoup de fichiers infecter? et que faire ?je vous poste le raport hijack this dans ce post et je mettrais celui d'avira, de mbam et de A-squared dans le prochain dés qu'ils seront finis.merci d'avance pour votre aide .ps connaitriez vous un logiciel qui repere les processus malveillant ou bizarres.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:51, on 27/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\hp\kbd\kbd.exe
C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2start.exe
C:\Users\Invité\Downloads\SoftonicDownloader77510.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Invité\Documents\utilitaires netoyage desinfction\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Auslogics BoostSpeed] C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-591646234-3356040000-929009438-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Invité')
O13 - Gopher Prefix:
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
End of file - 7864 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:51, on 27/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\hp\kbd\kbd.exe
C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2start.exe
C:\Users\Invité\Downloads\SoftonicDownloader77510.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Invité\Documents\utilitaires netoyage desinfction\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Auslogics BoostSpeed] C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-591646234-3356040000-929009438-501\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Invité')
O13 - Gopher Prefix:
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
End of file - 7864 bytes
A voir également:
- Virus ardamax keyloger al'aide
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Softonic virus ✓ - Forum Logiciels
61 réponses
c'est moi qui l'ai fait List_Kill'em avec l'aide de membres de CCM .....t'inquiete !!
j'ai aucun interet à infecter ton pc
j'ai aucun interet à infecter ton pc
ok j'ai fait ce que tu m'as dit je remet l'antivirus etc un fois que c'est fini ou je peux le remetrre de suite ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
merde windows me met "catch me.exe a cesser de fonctionner" c'est pas normal je pense,non? j'fais quoi maintenant?
oui mais j'ai quand meme un raport (le bon j'espere)je te le mets avec j'espere que ça irat.
Update on 27/03/2010 by g3n-h@ckm@n ::::: 14.50
Start at: 17:43:17 | 27/03/2010
AMD Phenom(tm) 8250e Triple-Core Processor
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 64-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 451,92 Go (339,32 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,83 Go (1,93 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Anti Keylogger Shield\AntiKeyloggerShield.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Users\INVIT~1\AppData\Local\Temp\Rar$EX00.565\procexp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2start.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HPAdvisor REG_SZ C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
VeohPlugin REG_SZ "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
Auslogics BoostSpeed REG_SZ C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\OsdMaestro
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv REG_SZ c:\hp\support\hpsysdrv.exe
KBD REG_SZ C:\HP\KBD\KbdStub.EXE
OsdMaestro REG_SZ c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
a-squared REG_SZ "C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
avgnt REG_SZ "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
SSDMonitor REG_SZ "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
00PCTFW REG_SZ "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)
ForceActiveDesktopOn REG_DWORD 0 (0x0)
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
ReportBootOk REG_SZ 1
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C69A95E4-0327-46DC-8915-16C30332B805}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C69A95E4-0327-46DC-8915-16C30332B805}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C69A95E4-0327-46DC-8915-16C30332B805}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://gamespace.daemon-tools.cc/fra/home
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files (x86)\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
##
22584,1898fae8e07d97f2f6c2d5326c633fac,62142e7b720c0a7fad36577ee985b5793cb395574a3eca9f2af613c0f889d39c,C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files (x86)\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
##
20952,e68d9b3a3905619732f7fe039466a623,74c0b29e54ef064660b9c756e03d5a7eb78f261eff768eb6e74d261fbd34340d,C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files (x86)\DAEMON Tools Toolbar
Present !! : C:\Users\karine-yo\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\karine-yo\LOCAL Settings\Temp\ETPK.exe
Present !! : C:\Users\karine-yo\LOCAL Settings\Temp\UDQSYSOTTLX.exe
Present !! : C:\Users\karine-yo\LOCAL Settings\Temp\YHDRMKPLQEAKBB.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Present !! : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Present !! : HKLM\software\classes\appid\GenericAskToolbar.DLL
============
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: error reading MBR
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 18:13:18,44
Update on 27/03/2010 by g3n-h@ckm@n ::::: 14.50
Start at: 17:43:17 | 27/03/2010
AMD Phenom(tm) 8250e Triple-Core Processor
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 64-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 451,92 Go (339,32 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,83 Go (1,93 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
Boot: Normal
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2guard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Anti Keylogger Shield\AntiKeyloggerShield.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Users\INVIT~1\AppData\Local\Temp\Rar$EX00.565\procexp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2start.exe
C:\Program Files (x86)\List_Kill'em\List_Kill'em.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\List_Kill'em\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HPAdvisor REG_SZ C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
VeohPlugin REG_SZ "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
Auslogics BoostSpeed REG_SZ C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\boostspeed.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\OsdMaestro
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv REG_SZ c:\hp\support\hpsysdrv.exe
KBD REG_SZ C:\HP\KBD\KbdStub.EXE
OsdMaestro REG_SZ c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
a-squared REG_SZ "C:\PROGRAM FILES (X86)\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
avgnt REG_SZ "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
SSDMonitor REG_SZ "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
00PCTFW REG_SZ "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoActiveDesktop REG_DWORD 1 (0x1)
NoActiveDesktopChanges REG_DWORD 1 (0x1)
ForceActiveDesktopOn REG_DWORD 0 (0x0)
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
ReportBootOk REG_SZ 1
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
===============
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
===
DNS
===
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C69A95E4-0327-46DC-8915-16C30332B805}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C69A95E4-0327-46DC-8915-16C30332B805}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C69A95E4-0327-46DC-8915-16C30332B805}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://gamespace.daemon-tools.cc/fra/home
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files (x86)\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
##
22584,1898fae8e07d97f2f6c2d5326c633fac,62142e7b720c0a7fad36577ee985b5793cb395574a3eca9f2af613c0f889d39c,C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files (x86)\List_Kill'em
## C:\> hashdeep.exe C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
##
20952,e68d9b3a3905619732f7fe039466a623,74c0b29e54ef064660b9c756e03d5a7eb78f261eff768eb6e74d261fbd34340d,C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
Référence :
==========
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e
=======
Drive :
=======
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files (x86)\DAEMON Tools Toolbar
Present !! : C:\Users\karine-yo\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\karine-yo\LOCAL Settings\Temp\ETPK.exe
Present !! : C:\Users\karine-yo\LOCAL Settings\Temp\UDQSYSOTTLX.exe
Present !! : C:\Users\karine-yo\LOCAL Settings\Temp\YHDRMKPLQEAKBB.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Present !! : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Present !! : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Present !! : HKLM\software\classes\appid\GenericAskToolbar.DLL
============
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: error reading MBR
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 18:13:18,44
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
voila le raport
Update on 27/03/2010 by g3n-h@ckm@n ::::: 14.50
Start at: 18:28:03 | 27/03/2010
AMD Phenom(tm) 8250e Triple-Core Processor
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 64-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 451,92 Go (339,99 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,83 Go (1,93 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\List_Kill'em\ERUNT.EXE
C:\Program Files (x86)\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files (x86)\DAEMON Tools Toolbar
Quarantined & Deleted !! : C:\Users\karine-yo\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\karine-yo\LOCAL Settings\Temp\ETPK.exe
Quarantined & Deleted !! : C:\Users\karine-yo\LOCAL Settings\Temp\UDQSYSOTTLX.exe
Quarantined & Deleted !! : C:\Users\karine-yo\LOCAL Settings\Temp\YHDRMKPLQEAKBB.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I0APJFB.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I0CAJER.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I2JAZBA.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I2OYHCP.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I34VC13.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I3UQ07J.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I48ZH25.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I4BS2NH.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I59ZHNJ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I5LT7UO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I5ROVRU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I6L36T9.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I6XLXLX.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I6YR650.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I6Z3XYT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I7R4WZQ.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I83Y2OZ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I8DK3F3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I8ER9ZX.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I8MTDT1.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I8XBAKO.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I91X8U2.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I9DQ6PS.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I9H6N3L.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IA26DAW.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IA8W10H.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IB50YTF.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IBLPTRG.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ICRJO9F.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ICWNB1D.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ID1GKOI.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ID2IP2I.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IDKZDE6.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IE51RMU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IETIK15.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IEV4723.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IF5AG2E.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IF7NVO7.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IG4SQ9V.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IGEYFTR.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IGIJGHN.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IGLH02H.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IH3HCPU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IHL23AT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$II79TB7.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IIGTA3P.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IIKPV22.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IIT1KE8.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IJKC6UW.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IKC34P3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IKUTMD6.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ILA7GRX.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ILED0TA.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ILKTG3Z.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ILR29MV.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IMN4YZQ
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IN4QJKW.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$INB72Y8.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$INN2YJV.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IOC645D.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IOJNTJU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IOREKFO.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IPG5HQH.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IPT2WGJ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IQLGE84.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IQT0KY7.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IQT8SR4.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IRAC3KF.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IRK6AAW.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IRMIG5H.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ISYTAHO.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IT7HULD.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IT9CELG.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ITDKXC1.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ITFSF3W.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ITU10SL.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IUBZF9Z.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IUFK6GB.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IUJQ5HE.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IURN63T.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IUTWLAI.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IVBHFIZ.cab
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IWGL1YO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IWK2GFZ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IWRNIVT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IXBI745.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IXMPZL4.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IY3G5OC.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IY6Y549.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IY7ZNL9.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IYHK69A.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IYLX49M.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IZBAKG3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IZR0DZY.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R0APJFB.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R0CAJER.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R2JAZBA.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R2OYHCP.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R34VC13.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R3UQ07J.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R48ZH25.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R4BS2NH.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R59ZHNJ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R5LT7UO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R5ROVRU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R6L36T9.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R6XLXLX.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R6YR650.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R6Z3XYT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R7R4WZQ.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R83Y2OZ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R8DK3F3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R8ER9ZX.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R8MTDT1.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R8XBAKO.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R91X8U2.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R9DQ6PS.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R9H6N3L.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RA26DAW.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RA8W10H.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RB50YTF.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RBLPTRG.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RCRJO9F.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RCWNB1D.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RD1GKOI.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RD2IP2I.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RDKZDE6.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RE51RMU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RETIK15.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$REV4723.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RF5AG2E.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RF7NVO7.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RG4SQ9V.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RGEYFTR.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RGIJGHN.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RGLH02H.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RH3HCPU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RHL23AT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RI79TB7.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RIGTA3P.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RIKPV22.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RIT1KE8.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RJKC6UW.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RKC34P3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RKUTMD6.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RLA7GRX.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RLED0TA.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RLKTG3Z.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RLR29MV.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RN4QJKW.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RNB72Y8.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RNN2YJV.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ROC645D.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ROJNTJU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ROREKFO.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RPG5HQH.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RPT2WGJ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RQLGE84.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RQT0KY7.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RQT8SR4.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RRAC3KF.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RRK6AAW.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RRMIG5H.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RSYTAHO.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RT7HULD.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RT9CELG.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RTDKXC1.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RTFSF3W.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RTU10SL.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RUBZF9Z.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RUFK6GB.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RUJQ5HE.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RURN63T.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RUTWLAI.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RVBHFIZ.cab
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RWGL1YO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RWK2GFZ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RWRNIVT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RXBI745.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RXMPZL4.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RY3G5OC.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RY6Y549.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RY7ZNL9.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RYHK69A.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RYLX49M.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RZBAKG3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RZR0DZY.pdf
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Deleted : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted : HKLM\software\classes\appid\GenericAskToolbar.DLL
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
Update on 27/03/2010 by g3n-h@ckm@n ::::: 14.50
Start at: 18:28:03 | 27/03/2010
AMD Phenom(tm) 8250e Triple-Core Processor
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 64-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 451,92 Go (339,99 Go free) [HP] | NTFS
D:\ -> Disque fixe local | 13,83 Go (1,93 Go free) [FACTORY_IMAGE] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\a-squared Anti-Malware\a2service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\SysWOW64\svchost.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\List_Kill'em\ERUNT.EXE
C:\Program Files (x86)\List_Kill'em\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files (x86)\DAEMON Tools Toolbar
Quarantined & Deleted !! : C:\Users\karine-yo\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Users\karine-yo\LOCAL Settings\Temp\ETPK.exe
Quarantined & Deleted !! : C:\Users\karine-yo\LOCAL Settings\Temp\UDQSYSOTTLX.exe
Quarantined & Deleted !! : C:\Users\karine-yo\LOCAL Settings\Temp\YHDRMKPLQEAKBB.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I0APJFB.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I0CAJER.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I2JAZBA.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I2OYHCP.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I34VC13.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I3UQ07J.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I48ZH25.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I4BS2NH.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I59ZHNJ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I5LT7UO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I5ROVRU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I6L36T9.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I6XLXLX.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I6YR650.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I6Z3XYT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I7R4WZQ.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I83Y2OZ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I8DK3F3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I8ER9ZX.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I8MTDT1.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I8XBAKO.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I91X8U2.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I9DQ6PS.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$I9H6N3L.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IA26DAW.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IA8W10H.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IB50YTF.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IBLPTRG.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ICRJO9F.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ICWNB1D.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ID1GKOI.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ID2IP2I.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IDKZDE6.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IE51RMU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IETIK15.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IEV4723.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IF5AG2E.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IF7NVO7.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IG4SQ9V.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IGEYFTR.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IGIJGHN.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IGLH02H.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IH3HCPU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IHL23AT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$II79TB7.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IIGTA3P.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IIKPV22.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IIT1KE8.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IJKC6UW.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IKC34P3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IKUTMD6.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ILA7GRX.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ILED0TA.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ILKTG3Z.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ILR29MV.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IMN4YZQ
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IN4QJKW.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$INB72Y8.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$INN2YJV.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IOC645D.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IOJNTJU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IOREKFO.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IPG5HQH.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IPT2WGJ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IQLGE84.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IQT0KY7.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IQT8SR4.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IRAC3KF.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IRK6AAW.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IRMIG5H.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ISYTAHO.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IT7HULD.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IT9CELG.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ITDKXC1.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ITFSF3W.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ITU10SL.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IUBZF9Z.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IUFK6GB.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IUJQ5HE.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IURN63T.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IUTWLAI.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IVBHFIZ.cab
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IWGL1YO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IWK2GFZ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IWRNIVT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IXBI745.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IXMPZL4.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IY3G5OC.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IY6Y549.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IY7ZNL9.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IYHK69A.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IYLX49M.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IZBAKG3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$IZR0DZY.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R0APJFB.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R0CAJER.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R2JAZBA.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R2OYHCP.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R34VC13.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R3UQ07J.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R48ZH25.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R4BS2NH.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R59ZHNJ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R5LT7UO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R5ROVRU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R6L36T9.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R6XLXLX.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R6YR650.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R6Z3XYT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R7R4WZQ.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R83Y2OZ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R8DK3F3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R8ER9ZX.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R8MTDT1.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R8XBAKO.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R91X8U2.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R9DQ6PS.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$R9H6N3L.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RA26DAW.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RA8W10H.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RB50YTF.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RBLPTRG.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RCRJO9F.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RCWNB1D.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RD1GKOI.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RD2IP2I.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RDKZDE6.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RE51RMU.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RETIK15.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$REV4723.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RF5AG2E.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RF7NVO7.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RG4SQ9V.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RGEYFTR.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RGIJGHN.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RGLH02H.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RH3HCPU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RHL23AT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RI79TB7.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RIGTA3P.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RIKPV22.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RIT1KE8.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RJKC6UW.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RKC34P3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RKUTMD6.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RLA7GRX.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RLED0TA.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RLKTG3Z.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RLR29MV.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RN4QJKW.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RNB72Y8.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RNN2YJV.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ROC645D.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ROJNTJU.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$ROREKFO.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RPG5HQH.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RPT2WGJ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RQLGE84.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RQT0KY7.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RQT8SR4.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RRAC3KF.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RRK6AAW.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RRMIG5H.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RSYTAHO.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RT7HULD.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RT9CELG.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RTDKXC1.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RTFSF3W.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RTU10SL.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RUBZF9Z.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RUFK6GB.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RUJQ5HE.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RURN63T.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RUTWLAI.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RVBHFIZ.cab
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RWGL1YO.exe
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RWK2GFZ.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RWRNIVT.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RXBI745.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RXMPZL4.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RY3G5OC.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RY6Y549.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RY7ZNL9.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RYHK69A.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RYLX49M.iwi
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RZBAKG3.pdf
Deleted !! : C:\$Recycle.bin\S-1-5-21-591646234-3356040000-929009438-1000\$RZR0DZY.pdf
==============
host file OK !
==============
========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File execution Options\taskmgr.exe"
Deleted : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Deleted : HKLM\software\classes\appid\GenericAskToolbar.DLL
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
antivirus pareil je le réactive pas si j'ai bien compris!
je pense que le scan de mbam vas prendre un peu de temps je le post des qu'il est fini
je pense que le scan de mbam vas prendre un peu de temps je le post des qu'il est fini
voila le raport mbam
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
27/03/2010 21:33:12
mbam-log-2010-03-27 (21-33-12).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 335549
Temps écoulé: 41 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882
27/03/2010 21:33:12
mbam-log-2010-03-27 (21-33-12).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 335549
Temps écoulé: 41 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
