A voir également:
- Virus détécté besoin d'aide svp !!
- Reseau orange non détecté ✓ - Forum Livebox
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
28 réponses
Merci d'avoir répondu a mon message !
www.malwarebytes.org
Version de la base de données: 4402
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
07/08/2010 14:28:40
mbam-log-2010-08-07 (14-28-40).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 200897
Temps écoulé: 1 heure(s), 32 minute(s), 47 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 38
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 17
Fichier(s) infecté(s): 19
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nujusuqi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\exlgksos (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nujusuqi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\exlgksos (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Kouider\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.79 (Adware.ShopperReports) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Local Settings\Temp\0.3972070292931065.exe (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Mes documents\Downloads\35.exe (Adware.TryMedia) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oobe\GetMName.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BARD6.tmp\upgrade.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
www.malwarebytes.org
Version de la base de données: 4402
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
07/08/2010 14:28:40
mbam-log-2010-08-07 (14-28-40).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 200897
Temps écoulé: 1 heure(s), 32 minute(s), 47 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 38
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 17
Fichier(s) infecté(s): 19
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d95c7240-0282-4c01-93f5-673bca03da86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nujusuqi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\exlgksos (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nujusuqi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\exlgksos (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Kouider\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.6.79 (Adware.ShopperReports) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\ShoppingReport\Bin\2.6.79\ShoppingReport.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Local Settings\Temp\0.3972070292931065.exe (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Mes documents\Downloads\35.exe (Adware.TryMedia) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oobe\GetMName.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\BARD6.tmp\upgrade.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kouider\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karim\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
▶ Télécharge ici :List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
▶ laisse travailler l'outil
il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "ok" ou "Agree"
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
Voila j'ai fais ce que vous m'avez dis :
http://www.cijoint.fr/cjlink.php?file=cj201008/cijZ5m3Wny.txt
-More.txt
http://www.cijoint.fr/cjlink.php?file=cj201008/cijNGyaHOf.txt
http://www.cijoint.fr/cjlink.php?file=cj201008/cijZ5m3Wny.txt
-More.txt
http://www.cijoint.fr/cjlink.php?file=cj201008/cijNGyaHOf.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
desinstalle Max France toolbar
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\Program Files\Internet Explorer\xpshims.dll
C:\WINDOWS\System32\drvins64.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
C:\Program Files\Internet Explorer\xpshims.dll
C:\WINDOWS\System32\drvins64.exe
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
Fichier xpshims.dll reçu le 2010.08.07 15:49:32 (UTC)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6698 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -
Information additionnelle
File size: 12800 bytes
MD5...: e9ae5b85b0ba6517536d575198a75e73
SHA1..: db40da7b81e354e8f81b1ff52d54d42b1d423ef0
SHA256: e1344f1c9e4a7438e4649e19987ca0aafbb44b3a30d45f3830ed1149e5d0fadb
ssdeep: 192:nN/RkC8V1nV7pGDCAaqk5jwj/kAxu3rO3qYiN/IDau4tvjVIb/ZWUMtYD:NJ<BR>k3BV1QCVS/fOiaYQAat61WUM<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x201c<BR>timedatestamp.....: 0x4be29b08 (Thu May 06 10:33:44 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1c60 0x1e00 5.98 b7b2337ef4a2518e0328b360bb44aff0<BR>.data 0x3000 0x6ac 0x400 5.94 5da750cdeb597431e75c0fb511a66517<BR>.rsrc 0x4000 0x448 0x600 2.62 c1ad9fe981038e397ee449d19fdc82fc<BR>.reloc 0x5000 0x486 0x600 2.60 39b4166857ced9a57dc6dee2d3ed42e6<BR><BR>( 6 imports ) <BR>> msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, free, malloc, _XcptFilter<BR>> ntdll.dll: NtQueryObject, RtlUnwind<BR>> KERNEL32.dll: QueryPerformanceCounter, GetCurrentProcessId, GetProcAddress, VirtualProtect, VirtualQuery, GetCurrentThreadId, GetModuleHandleExW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleA, InterlockedCompareExchange, Sleep, InterlockedExchange, LoadLibraryExW, WaitForSingleObject<BR>> USER32.dll: FindWindowExA, GetClassNameW, GetWindowThreadProcessId, SetWindowsHookExW<BR>> SHLWAPI.dll: -, -, -<BR>> iertutil.dll: -<BR><BR>( 2 exports ) <BR>IEShims_Initialize, IEShims_Uninitialize<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Windows_ Internet Explorer<BR>description..: Internet Explorer Compatibility Shims for XP<BR>original name: xpshims.dll<BR>internal name: xpshims.dll<BR>file version.: 8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6698 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -
Information additionnelle
File size: 12800 bytes
MD5...: e9ae5b85b0ba6517536d575198a75e73
SHA1..: db40da7b81e354e8f81b1ff52d54d42b1d423ef0
SHA256: e1344f1c9e4a7438e4649e19987ca0aafbb44b3a30d45f3830ed1149e5d0fadb
ssdeep: 192:nN/RkC8V1nV7pGDCAaqk5jwj/kAxu3rO3qYiN/IDau4tvjVIb/ZWUMtYD:NJ<BR>k3BV1QCVS/fOiaYQAat61WUM<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x201c<BR>timedatestamp.....: 0x4be29b08 (Thu May 06 10:33:44 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1c60 0x1e00 5.98 b7b2337ef4a2518e0328b360bb44aff0<BR>.data 0x3000 0x6ac 0x400 5.94 5da750cdeb597431e75c0fb511a66517<BR>.rsrc 0x4000 0x448 0x600 2.62 c1ad9fe981038e397ee449d19fdc82fc<BR>.reloc 0x5000 0x486 0x600 2.60 39b4166857ced9a57dc6dee2d3ed42e6<BR><BR>( 6 imports ) <BR>> msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, free, malloc, _XcptFilter<BR>> ntdll.dll: NtQueryObject, RtlUnwind<BR>> KERNEL32.dll: QueryPerformanceCounter, GetCurrentProcessId, GetProcAddress, VirtualProtect, VirtualQuery, GetCurrentThreadId, GetModuleHandleExW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleA, InterlockedCompareExchange, Sleep, InterlockedExchange, LoadLibraryExW, WaitForSingleObject<BR>> USER32.dll: FindWindowExA, GetClassNameW, GetWindowThreadProcessId, SetWindowsHookExW<BR>> SHLWAPI.dll: -, -, -<BR>> iertutil.dll: -<BR><BR>( 2 exports ) <BR>IEShims_Initialize, IEShims_Uninitialize<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Windows_ Internet Explorer<BR>description..: Internet Explorer Compatibility Shims for XP<BR>original name: xpshims.dll<BR>internal name: xpshims.dll<BR>file version.: 8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6698 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -
Information additionnelle
File size: 12800 bytes
MD5...: e9ae5b85b0ba6517536d575198a75e73
SHA1..: db40da7b81e354e8f81b1ff52d54d42b1d423ef0
SHA256: e1344f1c9e4a7438e4649e19987ca0aafbb44b3a30d45f3830ed1149e5d0fadb
ssdeep: 192:nN/RkC8V1nV7pGDCAaqk5jwj/kAxu3rO3qYiN/IDau4tvjVIb/ZWUMtYD:NJ<BR>k3BV1QCVS/fOiaYQAat61WUM<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x201c<BR>timedatestamp.....: 0x4be29b08 (Thu May 06 10:33:44 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1c60 0x1e00 5.98 b7b2337ef4a2518e0328b360bb44aff0<BR>.data 0x3000 0x6ac 0x400 5.94 5da750cdeb597431e75c0fb511a66517<BR>.rsrc 0x4000 0x448 0x600 2.62 c1ad9fe981038e397ee449d19fdc82fc<BR>.reloc 0x5000 0x486 0x600 2.60 39b4166857ced9a57dc6dee2d3ed42e6<BR><BR>( 6 imports ) <BR>> msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, free, malloc, _XcptFilter<BR>> ntdll.dll: NtQueryObject, RtlUnwind<BR>> KERNEL32.dll: QueryPerformanceCounter, GetCurrentProcessId, GetProcAddress, VirtualProtect, VirtualQuery, GetCurrentThreadId, GetModuleHandleExW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleA, InterlockedCompareExchange, Sleep, InterlockedExchange, LoadLibraryExW, WaitForSingleObject<BR>> USER32.dll: FindWindowExA, GetClassNameW, GetWindowThreadProcessId, SetWindowsHookExW<BR>> SHLWAPI.dll: -, -, -<BR>> iertutil.dll: -<BR><BR>( 2 exports ) <BR>IEShims_Initialize, IEShims_Uninitialize<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Windows_ Internet Explorer<BR>description..: Internet Explorer Compatibility Shims for XP<BR>original name: xpshims.dll<BR>internal name: xpshims.dll<BR>file version.: 8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6698 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -
Information additionnelle
File size: 12800 bytes
MD5...: e9ae5b85b0ba6517536d575198a75e73
SHA1..: db40da7b81e354e8f81b1ff52d54d42b1d423ef0
SHA256: e1344f1c9e4a7438e4649e19987ca0aafbb44b3a30d45f3830ed1149e5d0fadb
ssdeep: 192:nN/RkC8V1nV7pGDCAaqk5jwj/kAxu3rO3qYiN/IDau4tvjVIb/ZWUMtYD:NJ<BR>k3BV1QCVS/fOiaYQAat61WUM<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x201c<BR>timedatestamp.....: 0x4be29b08 (Thu May 06 10:33:44 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x1c60 0x1e00 5.98 b7b2337ef4a2518e0328b360bb44aff0<BR>.data 0x3000 0x6ac 0x400 5.94 5da750cdeb597431e75c0fb511a66517<BR>.rsrc 0x4000 0x448 0x600 2.62 c1ad9fe981038e397ee449d19fdc82fc<BR>.reloc 0x5000 0x486 0x600 2.60 39b4166857ced9a57dc6dee2d3ed42e6<BR><BR>( 6 imports ) <BR>> msvcrt.dll: _adjust_fdiv, _amsg_exit, _initterm, free, malloc, _XcptFilter<BR>> ntdll.dll: NtQueryObject, RtlUnwind<BR>> KERNEL32.dll: QueryPerformanceCounter, GetCurrentProcessId, GetProcAddress, VirtualProtect, VirtualQuery, GetCurrentThreadId, GetModuleHandleExW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleA, InterlockedCompareExchange, Sleep, InterlockedExchange, LoadLibraryExW, WaitForSingleObject<BR>> USER32.dll: FindWindowExA, GetClassNameW, GetWindowThreadProcessId, SetWindowsHookExW<BR>> SHLWAPI.dll: -, -, -<BR>> iertutil.dll: -<BR><BR>( 2 exports ) <BR>IEShims_Initialize, IEShims_Uninitialize<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)<BR>Generic Win/DOS Executable (15.9%)<BR>DOS Executable Generic (15.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Windows_ Internet Explorer<BR>description..: Internet Explorer Compatibility Shims for XP<BR>original name: xpshims.dll<BR>internal name: xpshims.dll<BR>file version.: 8.00.6001.18923 (longhorn_ie8_gdr.100419-1241)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Fichier drvins64.exe reçu le 2010.08.07 15:44:01 (UTC)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6698 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -
Information additionnelle
File size: 68080 bytes
MD5...: b8ef400bd7a61230d99527a3a603d44c
SHA1..: ddb0f2f074ef33d0a427efcfadcce6adf2a45c89
SHA256: f587435cab843ebffe385dcd9b03078e2314630dbf033ee4c4ae3bee6b746a5b
ssdeep: 1536:75c84YcTGNzurWSolg6zyJxec205l0mIf:y84AWF6zyJxecB54<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2b28<BR>timedatestamp.....: 0x4a14a685 (Thu May 21 00:55:33 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x760a 0x8000 6.32 1b46dae15c499603beb11a04357fdb66<BR>.rdata 0x9000 0xeda 0x1000 5.18 63b5dd12bfa1f7af20189ec39550ff7b<BR>.data 0xa000 0x4928 0x4000 1.11 cb37d868053931c2c0b82cca693cc055<BR>.rsrc 0xf000 0x654 0x1000 4.47 7dddf7d8bb0c45062c08259fed4e21d3<BR><BR>( 3 imports ) <BR>> ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegQueryValueExA, RegOpenKeyA, RegCreateKeyA<BR>> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA<BR>> KERNEL32.dll: SetEndOfFile, ReadFile, GetStringTypeW, GetStringTypeA, FlushFileBuffers, SetStdHandle, HeapReAlloc, VirtualAlloc, SetFilePointer, WriteFile, RtlUnwind, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetWindowsDirectoryA, GetSystemDirectoryA, lstrcpyA, GetModuleFileNameA, CloseHandle, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetLastError, DeleteFileA, SetFileAttributesA, CreateFileA, CopyFileA, MoveFileExA, CompareFileTime, GetFileTime, GetTempFileNameA, GetTempPathA, FindClose, FindFirstFileA, FreeLibrary, GetProcAddress, LoadLibraryA, GetCurrentProcess, GetVersionExA, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, TerminateProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
sigcheck:<BR>publisher....: Sonic Solutions<BR>copyright....: Copyright (c) Sonic Solutions<BR>product......: n/a<BR>description..: PX Install Application<BR>original name: DRVINS64.EXE<BR>internal name: DRVINS64.EXE<BR>file version.: 3.00.94.0<BR>comments.....: n/a<BR>signers......: Sonic Solutions<BR>VeriSign Class 3 Code Signing 2004 CA<BR>Class 3 Public Primary Certification Authority<BR>signing date.: 2:56 AM 5/21/2009<BR>verified.....: -<BR>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6698 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -
Information additionnelle
File size: 68080 bytes
MD5...: b8ef400bd7a61230d99527a3a603d44c
SHA1..: ddb0f2f074ef33d0a427efcfadcce6adf2a45c89
SHA256: f587435cab843ebffe385dcd9b03078e2314630dbf033ee4c4ae3bee6b746a5b
ssdeep: 1536:75c84YcTGNzurWSolg6zyJxec205l0mIf:y84AWF6zyJxecB54<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2b28<BR>timedatestamp.....: 0x4a14a685 (Thu May 21 00:55:33 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x760a 0x8000 6.32 1b46dae15c499603beb11a04357fdb66<BR>.rdata 0x9000 0xeda 0x1000 5.18 63b5dd12bfa1f7af20189ec39550ff7b<BR>.data 0xa000 0x4928 0x4000 1.11 cb37d868053931c2c0b82cca693cc055<BR>.rsrc 0xf000 0x654 0x1000 4.47 7dddf7d8bb0c45062c08259fed4e21d3<BR><BR>( 3 imports ) <BR>> ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegQueryValueExA, RegOpenKeyA, RegCreateKeyA<BR>> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA<BR>> KERNEL32.dll: SetEndOfFile, ReadFile, GetStringTypeW, GetStringTypeA, FlushFileBuffers, SetStdHandle, HeapReAlloc, VirtualAlloc, SetFilePointer, WriteFile, RtlUnwind, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetWindowsDirectoryA, GetSystemDirectoryA, lstrcpyA, GetModuleFileNameA, CloseHandle, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetLastError, DeleteFileA, SetFileAttributesA, CreateFileA, CopyFileA, MoveFileExA, CompareFileTime, GetFileTime, GetTempFileNameA, GetTempPathA, FindClose, FindFirstFileA, FreeLibrary, GetProcAddress, LoadLibraryA, GetCurrentProcess, GetVersionExA, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, TerminateProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
sigcheck:<BR>publisher....: Sonic Solutions<BR>copyright....: Copyright (c) Sonic Solutions<BR>product......: n/a<BR>description..: PX Install Application<BR>original name: DRVINS64.EXE<BR>internal name: DRVINS64.EXE<BR>file version.: 3.00.94.0<BR>comments.....: n/a<BR>signers......: Sonic Solutions<BR>VeriSign Class 3 Code Signing 2004 CA<BR>Class 3 Public Primary Certification Authority<BR>signing date.: 2:56 AM 5/21/2009<BR>verified.....: -<BR>
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6698 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -
Information additionnelle
File size: 68080 bytes
MD5...: b8ef400bd7a61230d99527a3a603d44c
SHA1..: ddb0f2f074ef33d0a427efcfadcce6adf2a45c89
SHA256: f587435cab843ebffe385dcd9b03078e2314630dbf033ee4c4ae3bee6b746a5b
ssdeep: 1536:75c84YcTGNzurWSolg6zyJxec205l0mIf:y84AWF6zyJxecB54<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2b28<BR>timedatestamp.....: 0x4a14a685 (Thu May 21 00:55:33 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x760a 0x8000 6.32 1b46dae15c499603beb11a04357fdb66<BR>.rdata 0x9000 0xeda 0x1000 5.18 63b5dd12bfa1f7af20189ec39550ff7b<BR>.data 0xa000 0x4928 0x4000 1.11 cb37d868053931c2c0b82cca693cc055<BR>.rsrc 0xf000 0x654 0x1000 4.47 7dddf7d8bb0c45062c08259fed4e21d3<BR><BR>( 3 imports ) <BR>> ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegQueryValueExA, RegOpenKeyA, RegCreateKeyA<BR>> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA<BR>> KERNEL32.dll: SetEndOfFile, ReadFile, GetStringTypeW, GetStringTypeA, FlushFileBuffers, SetStdHandle, HeapReAlloc, VirtualAlloc, SetFilePointer, WriteFile, RtlUnwind, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetWindowsDirectoryA, GetSystemDirectoryA, lstrcpyA, GetModuleFileNameA, CloseHandle, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetLastError, DeleteFileA, SetFileAttributesA, CreateFileA, CopyFileA, MoveFileExA, CompareFileTime, GetFileTime, GetTempFileNameA, GetTempPathA, FindClose, FindFirstFileA, FreeLibrary, GetProcAddress, LoadLibraryA, GetCurrentProcess, GetVersionExA, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, TerminateProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
sigcheck:<BR>publisher....: Sonic Solutions<BR>copyright....: Copyright (c) Sonic Solutions<BR>product......: n/a<BR>description..: PX Install Application<BR>original name: DRVINS64.EXE<BR>internal name: DRVINS64.EXE<BR>file version.: 3.00.94.0<BR>comments.....: n/a<BR>signers......: Sonic Solutions<BR>VeriSign Class 3 Code Signing 2004 CA<BR>Class 3 Public Primary Certification Authority<BR>signing date.: 2:56 AM 5/21/2009<BR>verified.....: -<BR>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.07 -
Avast 4.8.1351.0 2010.08.07 -
Avast5 5.0.332.0 2010.08.07 -
AVG 9.0.0.851 2010.08.07 -
BitDefender 7.2 2010.08.07 -
CAT-QuickHeal 11.00 2010.08.07 -
ClamAV 0.96.0.3-git 2010.08.07 -
Comodo 5672 2010.08.07 -
DrWeb 5.0.2.03300 2010.08.07 -
Emsisoft 5.0.0.36 2010.08.07 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7773 2010.08.07 -
F-Prot 4.6.1.107 2010.08.07 -
F-Secure 9.0.15370.0 2010.08.07 -
Fortinet 4.1.143.0 2010.08.07 -
GData 21 2010.08.07 -
Ikarus T3.1.1.84.0 2010.08.07 -
Jiangmin 13.0.900 2010.08.07 -
Kaspersky 7.0.0.125 2010.08.07 -
McAfee 5.400.0.1158 2010.08.07 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.07 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.07 -
nProtect 2010-08-07.01 2010.08.07 -
Panda 10.0.2.7 2010.08.07 -
PCTools 7.0.3.5 2010.08.07 -
Prevx 3.0 2010.08.07 -
Rising 22.59.05.04 2010.08.07 -
Sophos 4.56.0 2010.08.07 -
Sunbelt 6698 2010.08.07 -
SUPERAntiSpyware 4.40.0.1006 2010.08.07 -
Symantec 20101.1.1.7 2010.08.07 -
TheHacker 6.5.2.1.335 2010.08.07 -
TrendMicro 9.120.0.1004 2010.08.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.07 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.07 -
VirusBuster 5.0.27.0 2010.08.07 -
Information additionnelle
File size: 68080 bytes
MD5...: b8ef400bd7a61230d99527a3a603d44c
SHA1..: ddb0f2f074ef33d0a427efcfadcce6adf2a45c89
SHA256: f587435cab843ebffe385dcd9b03078e2314630dbf033ee4c4ae3bee6b746a5b
ssdeep: 1536:75c84YcTGNzurWSolg6zyJxec205l0mIf:y84AWF6zyJxecB54<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2b28<BR>timedatestamp.....: 0x4a14a685 (Thu May 21 00:55:33 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x760a 0x8000 6.32 1b46dae15c499603beb11a04357fdb66<BR>.rdata 0x9000 0xeda 0x1000 5.18 63b5dd12bfa1f7af20189ec39550ff7b<BR>.data 0xa000 0x4928 0x4000 1.11 cb37d868053931c2c0b82cca693cc055<BR>.rsrc 0xf000 0x654 0x1000 4.47 7dddf7d8bb0c45062c08259fed4e21d3<BR><BR>( 3 imports ) <BR>> ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegQueryValueExA, RegOpenKeyA, RegCreateKeyA<BR>> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA<BR>> KERNEL32.dll: SetEndOfFile, ReadFile, GetStringTypeW, GetStringTypeA, FlushFileBuffers, SetStdHandle, HeapReAlloc, VirtualAlloc, SetFilePointer, WriteFile, RtlUnwind, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetWindowsDirectoryA, GetSystemDirectoryA, lstrcpyA, GetModuleFileNameA, CloseHandle, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetLastError, DeleteFileA, SetFileAttributesA, CreateFileA, CopyFileA, MoveFileExA, CompareFileTime, GetFileTime, GetTempFileNameA, GetTempPathA, FindClose, FindFirstFileA, FreeLibrary, GetProcAddress, LoadLibraryA, GetCurrentProcess, GetVersionExA, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, TerminateProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<BR>Win32 Executable MS Visual C++ (generic) (26.2%)<BR>Win32 Executable Generic (5.9%)<BR>Win32 Dynamic Link Library (generic) (5.2%)<BR>Generic Win/DOS Executable (1.3%)
sigcheck:<BR>publisher....: Sonic Solutions<BR>copyright....: Copyright (c) Sonic Solutions<BR>product......: n/a<BR>description..: PX Install Application<BR>original name: DRVINS64.EXE<BR>internal name: DRVINS64.EXE<BR>file version.: 3.00.94.0<BR>comments.....: n/a<BR>signers......: Sonic Solutions<BR>VeriSign Class 3 Code Signing 2004 CA<BR>Class 3 Public Primary Certification Authority<BR>signing date.: 2:56 AM 5/21/2009<BR>verified.....: -<BR>
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.0.2.4 ¤¤¤¤¤¤¤¤¤¤
User : Kouider (Administrateurs)
Update on 06/08/2010 by g3n-h@ckm@n ::::: 19.10
Start at: 17:55:44 | 07/08/2010
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83886674 [ Enabled | Updated ]
C:\ -> Disque fixe local | 149,04 Go (77,51 Go free) | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)
C:\WINDOWS\System32\smss.exe ----428 Ko
C:\WINDOWS\system32\csrss.exe ----3484 Ko
C:\WINDOWS\system32\winlogon.exe ----1828 Ko
C:\WINDOWS\system32\services.exe ----3580 Ko
C:\WINDOWS\system32\lsass.exe ----6460 Ko
C:\WINDOWS\system32\svchost.exe ----4976 Ko
C:\WINDOWS\system32\svchost.exe ----4412 Ko
C:\WINDOWS\system32\logonui.exe ----4060 Ko
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe ----12352 Ko
C:\WINDOWS\System32\svchost.exe ----25780 Ko
C:\WINDOWS\system32\svchost.exe ----3560 Ko
C:\WINDOWS\system32\svchost.exe ----3020 Ko
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ----22040 Ko
C:\WINDOWS\system32\spoolsv.exe ----5536 Ko
c:\program files\idt\wdm\STacSV.exe ----3780 Ko
C:\WINDOWS\system32\svchost.exe ----3780 Ko
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ----3204 Ko
C:\WINDOWS\system32\svchost.exe ----3300 Ko
C:\Program Files\Java\jre6\bin\jqs.exe ----1372 Ko
C:\WINDOWS\system32\svchost.exe ----4488 Ko
C:\WINDOWS\system32\wuauclt.exe ----7160 Ko
C:\WINDOWS\system32\wbem\wmiapsrv.exe ----4616 Ko
C:\WINDOWS\System32\alg.exe ----3612 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe ----4976 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe ----7524 Ko
C:\WINDOWS\Explorer.EXE ----11184 Ko
C:\WINDOWS\system32\cmd.exe ----1872 Ko
C:\Program Files\Google\Update\GoogleUpdate.exe ----6084 Ko
C:\WINDOWS\system32\wscntfy.exe ----2260 Ko
C:\Program Files\Alwil Software\Avast5\setup\avast.setup ----6264 Ko
C:\Program Files\List_Kill'em\ERUNT.EXE ----3364 Ko
C:\Program Files\List_Kill'em\pv.exe ----2772 Ko
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\install.exe
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Deleted : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : "HKLM\Software\Trymedia Systems"
Deleted : HKCU\Software\Conduit
Deleted : HKLM\Software\Conduit
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 1 (0x1)
FirewallOverride = 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys iaStor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : Kouider (Administrateurs)
Update on 06/08/2010 by g3n-h@ckm@n ::::: 19.10
Start at: 17:55:44 | 07/08/2010
Intel(R) Atom(TM) CPU N270 @ 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83886674 [ Enabled | Updated ]
C:\ -> Disque fixe local | 149,04 Go (77,51 Go free) | NTFS
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)
C:\WINDOWS\System32\smss.exe ----428 Ko
C:\WINDOWS\system32\csrss.exe ----3484 Ko
C:\WINDOWS\system32\winlogon.exe ----1828 Ko
C:\WINDOWS\system32\services.exe ----3580 Ko
C:\WINDOWS\system32\lsass.exe ----6460 Ko
C:\WINDOWS\system32\svchost.exe ----4976 Ko
C:\WINDOWS\system32\svchost.exe ----4412 Ko
C:\WINDOWS\system32\logonui.exe ----4060 Ko
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe ----12352 Ko
C:\WINDOWS\System32\svchost.exe ----25780 Ko
C:\WINDOWS\system32\svchost.exe ----3560 Ko
C:\WINDOWS\system32\svchost.exe ----3020 Ko
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ----22040 Ko
C:\WINDOWS\system32\spoolsv.exe ----5536 Ko
c:\program files\idt\wdm\STacSV.exe ----3780 Ko
C:\WINDOWS\system32\svchost.exe ----3780 Ko
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe ----3204 Ko
C:\WINDOWS\system32\svchost.exe ----3300 Ko
C:\Program Files\Java\jre6\bin\jqs.exe ----1372 Ko
C:\WINDOWS\system32\svchost.exe ----4488 Ko
C:\WINDOWS\system32\wuauclt.exe ----7160 Ko
C:\WINDOWS\system32\wbem\wmiapsrv.exe ----4616 Ko
C:\WINDOWS\System32\alg.exe ----3612 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe ----4976 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe ----7524 Ko
C:\WINDOWS\Explorer.EXE ----11184 Ko
C:\WINDOWS\system32\cmd.exe ----1872 Ko
C:\Program Files\Google\Update\GoogleUpdate.exe ----6084 Ko
C:\WINDOWS\system32\wscntfy.exe ----2260 Ko
C:\Program Files\Alwil Software\Avast5\setup\avast.setup ----6264 Ko
C:\Program Files\List_Kill'em\ERUNT.EXE ----3364 Ko
C:\Program Files\List_Kill'em\pv.exe ----2772 Ko
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\install.exe
=======
Hosts :
=======
127.0.0.1 localhost
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktopChanges
Deleted : HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetActiveDesktop
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"
Deleted : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : "HKLM\Software\Trymedia Systems"
Deleted : HKCU\Software\Conduit
Deleted : HKLM\Software\Conduit
=================
Internet Explorer
=================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
===============
Security Center
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 1 (0x1)
FirewallOverride = 1 (0x1)
========
Services
=========
Ndisuio : Start = 3
EapHost : Start = 2
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
================
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys iaStor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Télécharge ici :OTL de OLDTimer
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ Coche les 2 cases Lop et Purity
▶ Coche la case devant tous les utilisateurs
▶ règle age du fichier sur "60 jours"
▶ dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
http://www.cijoint.fr/cjlink.php?file=cj201008/cijvuVhNyU.txt
http://www.cijoint.fr/cjlink.php?file=cj201008/cijrFlAMnD.txt
http://www.cijoint.fr/cjlink.php?file=cj201008/cijrFlAMnD.txt
▶ Télécharge ici : Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Déconnecte toi et ferme toutes applications en cours !
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.