My security shield
Résolu
Guimauve
-
alvatore -
alvatore -
Bonjour,
Comme le dit le titre, mon PC a été infecté par My security shield. J'ai donc été fouiné un peu sur votre forum et lu qu'il fallait DL "ZHPdiag" l'installer et après faire d'autres manips que je n'ai pas eu le temps de réaliser car le virus bloque l'installation du logiciel.
Je voudrais donc avoir votre aide pour nettoyer mon PC.
Merci d'avance.
Comme le dit le titre, mon PC a été infecté par My security shield. J'ai donc été fouiné un peu sur votre forum et lu qu'il fallait DL "ZHPdiag" l'installer et après faire d'autres manips que je n'ai pas eu le temps de réaliser car le virus bloque l'installation du logiciel.
Je voudrais donc avoir votre aide pour nettoyer mon PC.
Merci d'avance.
A voir également:
- My security shield
- What is my movie français - Télécharger - Divers TV & Vidéo
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- My pascal - Télécharger - Édition & Programmation
- My reading manga - Forum Google Chrome
- My lockbox - Télécharger - Chiffrement
62 réponses
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "vbma3f60" deleted successfully.
File "c:\windows\system32\Drivers\vbma3f60.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "vbma3f60" deleted successfully.
File "c:\windows\system32\Drivers\vbma3f60.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\WINDOWS\system32\drivers\update.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Virus Total
* * Colle directement le chemin des fichiers , un par un , dans l'espace "Parcourir" apres chaque analyse :
C:\WINDOWS\system32\drivers\update.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\Drivers\update.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\Drivers\update.sys" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Services
vbma3f60
:OTL
IE - HKU\Guillaume_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O4 - HKU\Guillaume_ON_C..\Run: [Ocohuj] C:\WINDOWS\m3dsret.DLL ()
O4 - HKU\Guillaume_ON_C..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\Démarrage\CurseClientStartup.ccip ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) => Sun Java Runtime Environment 1.6.0
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) => Sun Microsystem Java Runtime
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) => Sun Microsystem Java Runtime
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) => Sun Microsystem Java Plug-in 1.6.0_07
:Files
C:\WINDOWS\System32\drivers\vbma3f60.sys
C:\Documents and Settings\Guillaume\Application Data\9AD2.2B0
C:\Documents and Settings\Guillaume\Local Settings\Application Data\1640234.exe
C:\Documents and Settings\Guillaume\Application Data\tigersetting.dll
C:\Documents and Settings\Guillaume\Application Data\init.dll
C:\Documents and Settings\Guillaume\Application Data\SYSTEM32.dll
C:\Documents and Settings\Guillaume\Application Data\sound.dll
C:\WINDOWS\m3dsret.dll
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\Conduit
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Services
vbma3f60
:OTL
IE - HKU\Guillaume_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O4 - HKU\Guillaume_ON_C..\Run: [Ocohuj] C:\WINDOWS\m3dsret.DLL ()
O4 - HKU\Guillaume_ON_C..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\Démarrage\CurseClientStartup.ccip ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) => Sun Java Runtime Environment 1.6.0
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) => Sun Microsystem Java Runtime
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) => Sun Microsystem Java Runtime
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) => Sun Microsystem Java Plug-in 1.6.0_07
:Files
C:\WINDOWS\System32\drivers\vbma3f60.sys
C:\Documents and Settings\Guillaume\Application Data\9AD2.2B0
C:\Documents and Settings\Guillaume\Local Settings\Application Data\1640234.exe
C:\Documents and Settings\Guillaume\Application Data\tigersetting.dll
C:\Documents and Settings\Guillaume\Application Data\init.dll
C:\Documents and Settings\Guillaume\Application Data\SYSTEM32.dll
C:\Documents and Settings\Guillaume\Application Data\sound.dll
C:\WINDOWS\m3dsret.dll
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\Conduit
:commands
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
Alors tout c bien passé sauf qu'à la fin il n'a pas redémarrer du coup j'ai redémarrer manuellement et je ne trouve pas le rapport.
Correction je crois que c celui la ^^
Correction je crois que c celui la ^^
Error: Unable to interpret <:processes > in the current context!
Error: Unable to interpret <explorer.exe > in the current context!
Error: Unable to interpret <iexplore.exe > in the current context!
Error: Unable to interpret <firefox.exe > in the current context!
Error: Unable to interpret <msnmsgr.exe > in the current context!
Error: Unable to interpret <Teatimer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vbma3f60 deleted successfully.
========== OTL ==========
Registry value HKEY_USERS\Guillaume_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\Guillaume_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Ocohuj deleted successfully.
C:\WINDOWS\m3dsret.dll moved successfully.
Registry value HKEY_USERS\Guillaume_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\Démarrage\CurseClientStartup.ccip moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\Administrateur_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\Guillaume_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrateur_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Guillaume_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrateur_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Guillaume_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrateur_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Guillaume_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== FILES ==========
C:\WINDOWS\System32\drivers\vbma3f60.sys moved successfully.
C:\Documents and Settings\Guillaume\Application Data\9AD2.2B0 moved successfully.
C:\Documents and Settings\Guillaume\Local Settings\Application Data\1640234.exe moved successfully.
C:\Documents and Settings\Guillaume\Application Data\tigersetting.dll moved successfully.
C:\Documents and Settings\Guillaume\Application Data\init.dll moved successfully.
C:\Documents and Settings\Guillaume\Application Data\SYSTEM32.dll moved successfully.
C:\Documents and Settings\Guillaume\Application Data\sound.dll moved successfully.
File\Folder C:\WINDOWS\m3dsret.dll not found.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 71271 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guillaume
->Temp folder emptied: 2427204 bytes
->Temporary Internet Files folder emptied: 677861 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81944495 bytes
->Flash cache emptied: 42355 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67555 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
Total Files Cleaned = 81.00 mb
OTLPE by OldTimer - Version 3.1.43.0 log created on 12272010_160901
Error: Unable to interpret <explorer.exe > in the current context!
Error: Unable to interpret <iexplore.exe > in the current context!
Error: Unable to interpret <firefox.exe > in the current context!
Error: Unable to interpret <msnmsgr.exe > in the current context!
Error: Unable to interpret <Teatimer.exe > in the current context!
========== SERVICES/DRIVERS ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vbma3f60 deleted successfully.
========== OTL ==========
Registry value HKEY_USERS\Guillaume_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\Guillaume_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Ocohuj deleted successfully.
C:\WINDOWS\m3dsret.dll moved successfully.
Registry value HKEY_USERS\Guillaume_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\Démarrage\CurseClientStartup.ccip moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\Administrateur_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\Guillaume_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrateur_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Guillaume_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrateur_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Guillaume_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrateur_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Guillaume_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== FILES ==========
C:\WINDOWS\System32\drivers\vbma3f60.sys moved successfully.
C:\Documents and Settings\Guillaume\Application Data\9AD2.2B0 moved successfully.
C:\Documents and Settings\Guillaume\Local Settings\Application Data\1640234.exe moved successfully.
C:\Documents and Settings\Guillaume\Application Data\tigersetting.dll moved successfully.
C:\Documents and Settings\Guillaume\Application Data\init.dll moved successfully.
C:\Documents and Settings\Guillaume\Application Data\SYSTEM32.dll moved successfully.
C:\Documents and Settings\Guillaume\Application Data\sound.dll moved successfully.
File\Folder C:\WINDOWS\m3dsret.dll not found.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 71271 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guillaume
->Temp folder emptied: 2427204 bytes
->Temporary Internet Files folder emptied: 677861 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81944495 bytes
->Flash cache emptied: 42355 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67555 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
Total Files Cleaned = 81.00 mb
OTLPE by OldTimer - Version 3.1.43.0 log created on 12272010_160901
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Scan -- Time : 25/12/2010 19:02:15
Bad processes:
Killed c:\documents and settings\guillaume\application data\dwm.exe
Killed c:\docume~1\guilla~1\locals~1\temp\csrss.exe
Killed c:\documents and settings\guillaume\application data\microsoft\conhost.exe
Found:
HKLM\...\RUN\ conhost : C:\Documents and Settings\Guillaume\Application Data\Microsoft\conhost.exe
HKCU\...\Winlogon\ Shell : explorer.exe,C:\Documents and Settings\Guillaume\Application Data\dwm.exe
HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:57152
Firefox Proxy: rci3kg9j.default \ 127.0.0.1:57152
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Remove -- Time : 25/12/2010 21:00:34
Bad processes:
Deregistred:
HKLM\...\RUN\ conhost : C:\Documents and Settings\Guillaume\Application Data\Microsoft\conhost.exe
HKCU\...\Winlogon\ Shell : explorer.exe,C:\Documents and Settings\Guillaume\Application Data\dwm.exe
HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:57152
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Remove -- Time : 26/12/2010 10:53:12
Bad processes:
Killed SERVICE vbma3f60 : ... NOT KILLED!
Deregistred:
HKLM\...\RUN\ conhost : C:\Documents and Settings\Guillaume\Application Data\Microsoft\conhost.exe
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Remove -- Time : 26/12/2010 16:09:19
Bad processes:
Killed SERVICE vbma3f60 : ... NOT KILLED!
Deregistred:
HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:57152
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Remove -- Time : 27/12/2010 17:10:31
Bad processes:
Deregistred:
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Scan -- Time : 25/12/2010 19:02:15
Bad processes:
Killed c:\documents and settings\guillaume\application data\dwm.exe
Killed c:\docume~1\guilla~1\locals~1\temp\csrss.exe
Killed c:\documents and settings\guillaume\application data\microsoft\conhost.exe
Found:
HKLM\...\RUN\ conhost : C:\Documents and Settings\Guillaume\Application Data\Microsoft\conhost.exe
HKCU\...\Winlogon\ Shell : explorer.exe,C:\Documents and Settings\Guillaume\Application Data\dwm.exe
HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:57152
Firefox Proxy: rci3kg9j.default \ 127.0.0.1:57152
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Remove -- Time : 25/12/2010 21:00:34
Bad processes:
Deregistred:
HKLM\...\RUN\ conhost : C:\Documents and Settings\Guillaume\Application Data\Microsoft\conhost.exe
HKCU\...\Winlogon\ Shell : explorer.exe,C:\Documents and Settings\Guillaume\Application Data\dwm.exe
HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:57152
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Remove -- Time : 26/12/2010 10:53:12
Bad processes:
Killed SERVICE vbma3f60 : ... NOT KILLED!
Deregistred:
HKLM\...\RUN\ conhost : C:\Documents and Settings\Guillaume\Application Data\Microsoft\conhost.exe
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Remove -- Time : 26/12/2010 16:09:19
Bad processes:
Killed SERVICE vbma3f60 : ... NOT KILLED!
Deregistred:
HKCU\...\Internet Settings\ ProxyServer : http=127.0.0.1:57152
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
RogueKiller V3.5.1 by Tigzy
contact at www.sur-la-toile.com
mail: tigzy44<at>hotmail<dot>fr
Feedback: https://www.luanagames.com/index.fr.html
Operating System: Windows XP (5.1.2600 Service Pack 3) version 32 bits
Mode: Remove -- Time : 27/12/2010 17:10:31
Bad processes:
Deregistred:
HKLM\SYSTEM\ControlSet001\services\vbma3f60 ->
HKLM\SYSTEM\ControlSet002\services\vbma3f60 ->
Finished
mmmm....essaie cette solution à graver :
http://consultaide.e-monsite.com/rubrique,cd-live-dr-web-cureit-super,245887.html
http://consultaide.e-monsite.com/rubrique,cd-live-dr-web-cureit-super,245887.html
bonjour
tente ces combofix là renommés ou avec une extension modifiée
http://sd-2.archive-host.com/membres/up/135518691112296573/ENDONE.exe
http://dl.free.fr/getfile.pl?file=/TirBgUW4
tente ces combofix là renommés ou avec une extension modifiée
http://sd-2.archive-host.com/membres/up/135518691112296573/ENDONE.exe
http://dl.free.fr/getfile.pl?file=/TirBgUW4
Bonjour,
Alors j'ai essayé de booté avec la clé USB mais ca ne marche pas lorsque je suis dans le Boot menu j'ai 4 option : USB fdd, zip, hdd, CDrom et aucune des 4 ne lance le logiciels. Une idée?
ps: en attendant je vais essayer ce que MDG a dit ^^
Alors j'ai essayé de booté avec la clé USB mais ca ne marche pas lorsque je suis dans le Boot menu j'ai 4 option : USB fdd, zip, hdd, CDrom et aucune des 4 ne lance le logiciels. Une idée?
ps: en attendant je vais essayer ce que MDG a dit ^^
Bien le Bonjour,
je vous informe par la présente être en train de faire un scan (rapide certe mais c'était pour tester) avec MBAM. je voudrais donc connaître la suite des oprérations merci.
je vous informe par la présente être en train de faire un scan (rapide certe mais c'était pour tester) avec MBAM. je voudrais donc connaître la suite des oprérations merci.
voila le log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5415
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29/12/2010 16:36:02
mbam-log-2010-12-29 (16-36-02).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 149349
Temps écoulé: 3 minute(s), 5 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4FA18276-912A-11D1-AD9B-00C04FD8FDFF} (Trojan.Agent.Max) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Value: scui.cpl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Value: wscui.cpl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sfx (Rootkit.Agent) -> Value: sfx -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\WinSxS\x86_microsoft.windows.shell.hweventdetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\vbma3f60.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5415
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29/12/2010 16:36:02
mbam-log-2010-12-29 (16-36-02).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 149349
Temps écoulé: 3 minute(s), 5 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4FA18276-912A-11D1-AD9B-00C04FD8FDFF} (Trojan.Agent.Max) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Value: scui.cpl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Value: wscui.cpl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sfx (Rootkit.Agent) -> Value: sfx -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\WinSxS\x86_microsoft.windows.shell.hweventdetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll (Trojan.Agent.Max) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\vbma3f60.sys (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
et voila le log du scan complet:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5415
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29/12/2010 17:26:12
mbam-log-2010-12-29 (17-26-12).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 235198
Temps écoulé: 46 minute(s), 47 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5415
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
29/12/2010 17:26:12
mbam-log-2010-12-29 (17-26-12).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 235198
Temps écoulé: 46 minute(s), 47 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)