|
|
Auteur
|
Message
|
1
|
|
|
|
Salut tout le monde
depuis hier mon arriere plan a disparus et a été remplacé par une image toute rouge avec un symbole nucléaire et en dessous il est écrit YOUR PRIVACY IS IN DANGER! download privacy protection software now. je crois que c'est une pub parceque je peut cliquer dessus (ce que je n'ai pas fait)
merci d'avance pour votre aide
|
|
Je ne cherche pas, je trouve !
|
|
|
Bonjour,
Tu tournes sous quel système d'exploitation ?
A++
|
|
|
|
|
no.ppp a écrit :
Bonjour,
Tu tournes sous quel système d'exploitation ?
A++
Je tourne sous XP pro SP2
|
|
Je ne cherche pas, je trouve !
|
|
|
Ok 
Fais ceci :
Télécharge HijackThis
Installe le à la racine de ton disque dur
Lance HijackThis en double-cliquant sur l'icône HijackThis
Clique sur Do a system Scan only and Save a Logfile
Un rapport sera généré dans le bloc-note (le rapport est également situé ici : C:\hijackthis.log)
Copie/colle le rapport dans ton prochain message.
Voici une aide en image si tu n'y arrives pas :
http://forum.telecharger.01net.com/microhebdo/questions_techniques_diverses/s(...)
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:35, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Stardock\Object Desktop\ThemeManager\wbload.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
R3 - URLSearchHook: (no name) - {fa4acd63-fdbf-4ee2-85e1-cad95e77cdf0} - (no file)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O3 - Toolbar: (no name) - {fa4acd63-fdbf-4ee2-85e1-cad95e77cdf0} - (no file)
O3 - Toolbar: gxvpsafm - {3ADE58BD-D99C-4E2B-906A-EEF5FBFD4044} - C:\WINDOWS\gxvpsafm.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1535.exe 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373FC12E6DCD66A47
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Bounab\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [lphcgwvj0e7at] C:\WINDOWS\system32\lphcgwvj0e7at.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvbaz.dll,startup
O4 - HKLM\..\Run: [Sys405.exe] C:\Windows\Sys405.exe
O4 - HKLM\..\Run: [Sys406.exe] C:\Windows\Sys406.exe
O4 - HKLM\..\Run: [Sys407.exe] C:\Windows\Sys407.exe
O4 - HKLM\..\Run: [Sys408.exe] C:\Windows\Sys408.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [SMrhclwvj0e7at] C:\Program Files\rhclwvj0e7at\rhclwvj0e7at.exe
O4 - HKLM\..\Run: [78a3fd56] rundll32.exe "C:\WINDOWS\system32\lkbylqld.dll",b
O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [isemk] c:\documents and settings\bounab\local settings\application data\isemk.exe isemk
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Bounab\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [WindowsManager] c:\d.exe
O4 - HKCU\..\Run: [mssecurity] C:\WINDOWS\mssecurity.exe
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKCU\..\Run: [Sys405.exe] C:\Windows\Sys405.exe
O4 - HKCU\..\Run: [Sys406.exe] C:\Windows\Sys406.exe
O4 - HKCU\..\Run: [Sys407.exe] C:\Windows\Sys407.exe
O4 - HKCU\..\Run: [Sys408.exe] C:\Windows\Sys408.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: AMSN.lnk = C:\Program Files\AMSN\amsn.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Samsung Fucker v1.0.lnk = C:\Documents and Settings\All Users\Bureau\AgereFucker.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housec(...)
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_06) -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: qegbdmwf - {7C5DEEB4-73CA-4F02-8720-890AF6568388} - C:\WINDOWS\qegbdmwf.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 14163 bytes
|
|
Je ne cherche pas, je trouve !
|
|
|
Ton système n'est pas à jour, il faudra le faire à la fin de la désinfection.
C'est un bordel monstrueux ton rapport...il va falloir penser à faire attention à ce que tu fais sur Internet..
/!\ Déconnecte toi d'Internet, désactive toutes tes protections résidentes et ne touche à rien pendant le scan /!\
Télécharge ComboFix (place-le dans un dossier où tu pourras le retrouver facilement !)
Exécute-le.
Choisis l'option 1.
Le bureau peut disparaître pendant le scan : c'est normal.
À la fin, il va créer un rapport situé à la racine de ton disque dur. (C:\ComboFix.txt)
Ouvre-le et colle-le ici.
PS : Si l'écran ne réapparaît pas :
Appuie simultanément sur CTRL + ALT + SUPPR.
Le Gestionnaire des tâches s'ouvre. Clique sur Fichier puis sur Exécuter. Tape explorer et valide. Le bureau s'affichera à nouveau.
/!\ Réactive toutes tes protections résidentes /!\
|
|
|
|
|
ComboFix 08-06-20.4 - Bounab 2008-06-28 16:46:39.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.468 [GMT 2:00]
Endroit: C:\Documents and Settings\Bounab\Bureau\tps +cardsharing\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Bounab\Application Data\inst.exe
C:\Documents and Settings\Bounab\Application Data\macromedia\Flash Player\#SharedObjects\5D7K9VEX\www.broadcaster.com
C:\Documents and Settings\Bounab\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Bounab\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Bounab\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\Bounab\Application Data\ShoppingReport
C:\Documents and Settings\Bounab\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Bounab\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Bounab\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Bounab\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Bounab\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Bounab\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Bounab\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Bounab\Application Data\urlredir.cfg
c:\Documents and Settings\Bounab\Local Settings\Application Data\isemk.dat
c:\documents and settings\bounab\local settings\application data\isemk.exe
c:\Documents and Settings\Bounab\Local Settings\Application Data\isemk_nav.dat
C:\Documents and Settings\Bounab\Local Settings\Application Data\isemk_navps.dat
C:\Documents and Settings\Bounab\Menu Démarrer\Programmes\Antivirus 2008 PRO
C:\Documents and Settings\Bounab\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Program Files\Antivirus 2008 PRO
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\Antivirus 2008 PRO\vscan.tsi
C:\Program Files\Antivirus 2008 PRO\zlib.dll
C:\Program Files\dbar
C:\Program Files\dbar\basis.xml
C:\Program Files\dbar\channel.tmpl
C:\Program Files\dbar\content.tmpl
C:\Program Files\dbar\dbaruninst.exe
C:\Program Files\dbar\deskbar.crc
C:\Program Files\dbar\deskbar.dll
C:\Program Files\dbar\deskbar.inf
C:\Program Files\dbar\edit_rss.tmpl
C:\Program Files\dbar\local.xml
C:\Program Files\dbar\nav1.bmp
C:\Program Files\dbar\nav2.bmp
C:\Program Files\dbar\new_alert.tmpl
C:\Program Files\dbar\version.ini
C:\Program Files\dbar\version.txt
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\Temporary
C:\WINDOWS\ewsk.exe
C:\WINDOWS\mrofinu1535.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\788877
C:\WINDOWS\system32\788877\788877.dll
C:\WINDOWS\system32\back.exe.exe
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\DcadsSocial-uninstall.exe
C:\WINDOWS\system32\dlqlybkl.ini
C:\WINDOWS\system32\drvbaz.dll
C:\WINDOWS\system32\lyyuabsu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\nNEtRLBu.dll
C:\WINDOWS\system32\nsi6A.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\poktcknv.ini
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\uBLRtENn.ini
C:\WINDOWS\system32\uBLRtENn.ini2
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\winzwr32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTMLSVC
((((((((((((((((((((((((((((( Fichiers créés 2008-05-28 to 2008-06-28 ))))))))))))))))))))))))))))))))))))
.
2008-06-28 16:34 . 2008-06-21 11:35 32,256 --a------ C:\WINDOWS\Sys5.exe
2008-06-28 16:34 . 2008-06-21 11:35 31,744 --a------ C:\WINDOWS\Sys6.exe
2008-06-28 16:34 . 2008-06-21 11:35 30,720 --a------ C:\WINDOWS\Sys8.exe
2008-06-28 16:34 . 2008-06-21 11:35 30,208 --a------ C:\WINDOWS\Sys7.exe
2008-06-28 16:34 . 2008-06-28 16:47 474 ---hs---- C:\WINDOWS\system32\dlqlybkl.ini
2008-06-28 16:03 . 2008-06-28 16:03 396,288 --a------ C:\HijackThis.exe
2008-06-28 12:38 . 2008-06-28 05:09 <REP> d-------- C:\PlugDVB.1.0.9 et vPlug 2.3.3
2008-06-28 04:57 . 2008-06-28 04:57 91,520 --a------ C:\WINDOWS\system32\lkbylqld.dll
2008-06-27 22:24 . 2008-06-21 11:35 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-06-27 22:22 . 2008-06-27 22:22 28,800 --a------ C:\WINDOWS\system32\mLEuvUon.dll
2008-06-27 22:22 . 2008-06-27 22:22 28,800 --a------ C:\WINDOWS\system32\hgGxYooP.dll
2008-06-27 22:21 . 2008-06-27 22:21 <REP> d-------- C:\Documents and Settings\Bounab\Application Data\rhclwvj0e7at
2008-06-27 22:21 . 2008-06-28 16:35 94,208 --a------ C:\WINDOWS\system32\pphcgwvj0e7at.exe
2008-06-27 22:20 . 2008-06-27 22:20 <REP> d-------- C:\Program Files\VAV
2008-06-27 22:20 . 2008-06-27 22:21 <REP> d-------- C:\Program Files\rhclwvj0e7at
2008-06-27 22:20 . 2008-06-27 22:20 <REP> d-------- C:\Program Files\PCHealthCenter
2008-06-27 22:19 . 2008-06-27 22:19 266,264 --a------ C:\WINDOWS\system32\dqmz.dat
2008-06-27 22:19 . 2008-06-27 22:19 119,296 --a------ C:\WINDOWS\mssecurity.exe
2008-06-27 22:19 . 2008-06-27 22:19 109,056 --a------ C:\WINDOWS\system32\lphcgwvj0e7at.exe
2008-06-27 22:19 . 2008-06-28 16:34 90,838 --a------ C:\WINDOWS\system32\phcgwvj0e7at.bmp
2008-06-27 22:19 . 2008-06-28 16:50 63,920 --a------ C:\WINDOWS\system32\drivers\5409d110.sys
2008-06-27 22:19 . 2008-06-27 22:19 34,304 --a------ C:\WINDOWS\system32\ljJARiiI.dll
2008-06-27 22:19 . 2008-06-27 22:19 10,000 --a------ C:\WINDOWS\system32\jfiehayd.dll
2008-06-27 22:19 . 2008-06-27 22:19 6,656 --a------ C:\WINDOWS\system32\el32.dll
2008-06-27 22:19 . 2008-06-27 22:19 4,608 --a------ C:\WINDOWS\system32\WINotify.dll
2008-06-27 21:43 . 2008-06-27 17:51 <REP> d-a------ C:\Lang
2008-06-27 21:43 . 2008-06-27 17:51 <REP> d-a------ C:\CSA
2008-06-27 21:43 . 2008-06-27 17:51 <REP> d-a------ C:\AUBins
2008-06-26 22:25 . 2008-06-28 13:48 <REP> d-------- C:\PlugDVB.1.0.9
2008-06-26 18:50 . 2008-06-21 15:23 <REP> d-------- C:\plugins
2008-06-26 16:05 . 2008-06-26 16:05 <REP> d-------- C:\Program Files\Virtual Earth 3D
2008-06-24 22:33 . 2008-06-24 22:33 <REP> d-------- C:\U700XXGG3
2008-06-24 20:12 . 2008-06-24 20:12 <REP> d-------- C:\Documents and Settings\Bounab\b.bad company
2008-06-20 22:07 . 2008-06-20 22:07 <REP> d-------- C:\Program Files\EVC
2008-06-14 13:38 . 2008-06-14 13:39 <REP> d-------- C:\Program Files\Antipub
2008-06-11 21:46 . 2008-06-12 00:08 <REP> d-------- C:\Documents and Settings\Bounab\Aretha Franklin - 20 Greatest Hits
2008-06-11 21:44 . 2008-06-11 21:46 <REP> d-------- C:\Documents and Settings\Bounab\Aretha Franklin - The Very Best Of Aretha Franklin
2008-06-11 12:34 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:34 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 18:22 . 2008-06-10 18:22 90,923 --a------ C:\WINDOWS\system32\hunvbuhbaexrjdaj.dll-uninst.exe
2008-06-10 13:55 . 2008-06-10 13:55 <REP> d-------- C:\Program Files\1964
2008-06-10 13:26 . 2008-06-10 13:27 <REP> d-------- C:\Program Files\Project64 v1.5
2008-06-07 17:32 . 2008-06-07 17:32 5,120 --ahs---- C:\Thumbs.db
2008-06-07 17:31 . 2008-06-28 16:44 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-07 17:23 . 2005-03-11 19:37 1,986,560 --a------ C:\WINDOWS\system32\AudFile.dll
2008-06-07 17:23 . 2005-02-24 14:11 1,212,416 --a------ C:\WINDOWS\system32\AudioInfos.dll
2008-06-07 17:23 . 2005-02-24 14:11 479,232 --a------ C:\WINDOWS\system32\AudioVisu.dll
2008-06-07 17:23 . 2005-02-24 17:21 458,752 --a------ C:\WINDOWS\system32\AudPlayer.dll
2008-06-07 17:23 . 2005-03-10 18:00 454,656 --a------ C:\WINDOWS\system32\AudioRecord.dll
2008-06-07 17:23 . 2005-01-10 14:54 116,296 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-06-07 17:22 . 2005-02-24 14:10 2,084,864 --a------ C:\WINDOWS\system32\AudDesign.dll
2008-06-07 17:22 . 2005-02-24 14:10 417,792 --a------ C:\WINDOWS\system32\AudDisplay.dll
2008-06-07 17:22 . 2003-08-07 17:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-06-07 16:20 . 2008-06-07 16:21 16,694 --a------ C:\WINDOWS\system32\drivers\PalmUSBD.sys
2008-06-07 09:41 . 2008-06-07 09:41 443,904 --a------ C:\WINDOWS\system32\hunvbuhbaexrjdaj.dll
2008-06-05 23:26 . 2008-06-05 23:26 <REP> d-------- C:\Program Files\Futuroscope Experience ADF
2008-06-05 22:44 . 2008-06-05 22:53 <REP> d-------- C:\Documents and Settings\Bounab\Creep.FRENCH.DVDRIP.DiVX-FrT
2008-06-05 19:04 . 2008-06-05 19:04 <REP> d-------- C:\Documents and Settings\Bounab\amsn_received
2008-06-05 19:04 . 2008-06-06 13:17 <REP> d-------- C:\Documents and Settings\Bounab\amsn
2008-06-05 19:03 . 2008-06-05 19:03 <REP> d-------- C:\Program Files\AMSN
2008-06-02 00:15 . 2008-06-02 00:15 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-06-02 00:15 . 2008-06-02 00:15 <REP> d-------- C:\Program Files\Windows Desktop Search
2008-06-02 00:13 . 2008-06-02 00:13 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-06-02 00:12 . 2008-06-05 23:22 <REP> d-------- C:\Program Files\SolidWorks
2008-06-02 00:12 . 2008-06-02 00:13 <REP> d-------- C:\Program Files\Fichiers communs\SolidWorks Shared
2008-06-02 00:12 . 2008-06-02 00:13 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008
2008-06-02 00:07 . 2008-06-02 00:07 <REP> d-------- C:\Program Files\MSECache
2008-06-02 00:07 . 2008-06-02 00:07 <REP> d-------- C:\FILES
2008-06-01 23:59 . 2008-06-01 23:59 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-01 23:58 . 2008-06-01 23:58 <REP> d-------- C:\Program Files\Reference Assemblies
2008-06-01 23:58 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-01 23:46 . 2008-06-02 00:17 <REP> d-------- C:\SolidWorks Data
2008-06-01 23:45 . 2008-06-01 23:45 <REP> d-------- C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks
2008-06-01 23:44 . 2008-06-01 23:47 <REP> d-------- C:\WINDOWS\SolidWorks
2008-06-01 23:44 . 2008-06-28 16:34 <REP> d-------- C:\Documents and Settings\Bounab\Application Data\IM
2008-06-01 23:33 . 2008-06-01 23:33 <REP> d-------- C:\Program Files\PowerISO
2008-06-01 01:18 . 2008-06-01 01:38 <REP> d-------- C:\Documents and Settings\Bounab\MEDINE
2008-06-01 00:22 . 2008-06-01 00:22 <REP> d-------- C:\Team17
2008-05-30 21:43 . 2008-06-01 10:37 <REP> d-------- C:\Documents and Settings\Bounab\SolidWorks 2008 SP0 Multilingual Incl Serial and Crack
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 14:34 60,928 ----a-w C:\WINDOWS\system32\blphcgwvj0e7at.scr
2008-06-28 13:12 --------- d-----w C:\Program Files\SPAMfighter
2008-06-28 12:42 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-27 19:38 --------- d-----w C:\Documents and Settings\Bounab\Application Data\utorrent
2008-06-27 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-27 14:34 81,920 ----a-w C:\WINDOWS\tovafrnm.exe
2008-06-27 14:34 303,104 ----a-w C:\WINDOWS\gfetqaxsrop.dll
2008-06-27 14:34 200,704 ----a-w C:\WINDOWS\qegbdmwf.dll
2008-06-27 14:34 200,704 ----a-w C:\WINDOWS\gxvpsafm.dll
2008-06-25 21:21 --------- d-----w C:\Program Files\Safari
2008-06-24 20:14 --------- d-----w C:\Program Files\TEsT Box-II
2008-06-21 22:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 09:35 32,256 ----a-w C:\WINDOWS\Sys405.exe
2008-06-21 09:35 31,744 ----a-w C:\WINDOWS\Sys406.exe
2008-06-21 09:35 30,720 ----a-w C:\WINDOWS\Sys408.exe
2008-06-21 09:35 30,208 ----a-w C:\WINDOWS\Sys407.exe
2008-06-10 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-07 14:23 --------- d-----w C:\Program Files\Palm
2008-06-05 21:49 --------- d-----w C:\Program Files\eMule
2008-06-01 22:00 --------- d-----w C:\Program Files\MSBuild
2008-05-31 22:47 --------- d-----w C:\Program Files\FlashGet
2008-05-31 22:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 19:54 --------- d-----w C:\Program Files\prjBPT
2008-05-23 19:49 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-05-23 19:49 --------- d-----w C:\Program Files\Autodesk
2008-05-23 09:13 --------- d-----w C:\Program Files\adslTV
2008-05-22 18:05 --------- d-----w C:\Program Files\PowerQuest
2008-05-21 12:29 --------- d-----w C:\Program Files\Steam
2008-05-21 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-20 21:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-17 11:05 95,833 ----a-w C:\WINDOWS\system32\{8fca2176-d163-a37c-6968-04171109374e}.dll-uninst.exe
2008-05-12 15:43 --------- d-----w C:\Program Files\WinAce
2008-05-10 18:50 --------- d-----w C:\Documents and Settings\Bounab\Application Data\ImgBurn
2008-05-10 18:07 --------- d-----w C:\Program Files\ImgBurn
2008-05-08 20:35 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-05-08 20:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-05-08 20:35 333,576 ----a-w C:\WINDOWS\TSC.exe
2008-05-08 20:35 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-05-08 20:33 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2008-05-08 20:33 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2008-05-08 20:33 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2008-05-08 20:06 --------- d-----w C:\Program Files\iTunes
2008-05-08 20:06 --------- d-----w C:\Program Files\iPod
2008-05-08 20:05 --------- d-----w C:\Program Files\QuickTime
2008-05-08 19:58 --------- d-----w C:\Program Files\Apple Software Update
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 18:12 --------- d-----w C:\Documents and Settings\Bounab\Application Data\DMCache
2008-05-07 18:06 --------- d-----w C:\Documents and Settings\Bounab\Application Data\IDM
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 20:44 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2008-05-06 20:44 --------- d-----w C:\Program Files\BoontyGames
2008-05-06 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2008-05-06 20:43 --------- d-----w C:\Program Files\Boonty
2008-05-06 11:59 --------- d-----w C:\Program Files\free-downloads.net
2008-05-04 19:10 --------- d-----w C:\Documents and Settings\Bounab\Application Data\LimeWire
2008-05-04 12:05 --------- d-----w C:\Documents and Settings\Bounab\Application Data\TaoUSign
2008-05-03 20:16 --------- d-----w C:\Program Files\Java
2008-05-01 20:17 --------- d-----w C:\Documents and Settings\Bounab\Application Data\Skype
2008-05-01 17:12 --------- d-----w C:\Documents and Settings\Bounab\Application Data\skypePM
2008-05-01 14:50 --------- d-----w C:\Program Files\X-Projects
2008-05-01 14:50 --------- d-----w C:\Documents and Settings\Bounab\Application Data\X-Projects
2008-04-30 18:45 --------- d-----w C:\Program Files\MessengerDiscovery
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 16:16 89,070 ----a-w C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-04-10 19:09 43,520 ----a-w C:\WINDOWS\system32\CBNDLL.DLL
2008-04-10 19:09 376,832 ----a-w C:\WINDOWS\system32\MPIWIN32.DLL
2008-03-24 16:57 124,337,488 ----a-w C:\Documents and Settings\Bounab\Trials2_SE_1.05_installer.exe
2008-01-07 20:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-27 19:34 47,360 -c--a-w C:\Documents and Settings\Bounab\Application Data\pcouffin.sys
2007-09-20 17:34 27,458,958 ----a-w C:\Documents and Settings\Bounab\(Pc Game) Trial Bike Pro Version & Circuits Pack.zip
2007-07-10 20:49 561,871 ----a-w C:\Documents and Settings\Bounab\Maple1101WindowsUpgrade.exe
2007-05-22 20:33 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-02-25 09:29 316,928 ----a-w C:\Documents and Settings\Bounab\Schtrom360XtractV3.2.exe
2007-01-11 13:07 58,032,562 ----a-w C:\Documents and Settings\Bounab\Samsung_PC_Studio_311_FKB.exe
1998-12-22 00:44 426,382 ----a-w C:\Documents and Settings\Bounab\PP2144WV.EXE
1997-01-06 15:51 509,523 ----a-w C:\Documents and Settings\Bounab\ANADEMO.EXE
1996-12-20 08:50 114,955 ----a-w C:\Documents and Settings\Bounab\ANAGEN.DLL
1996-10-29 21:38 102 -c--a-w C:\Documents and Settings\Bounab\DOCSPERS.DAT
1996-10-29 21:14 96 -c--a-w C:\Documents and Settings\Bounab\THEMPERS.DAT
1996-10-28 20:52 99 -c--a-w C:\Documents and Settings\Bounab\TREEPERS.DAT
1994-09-15 06:56 398,416 ----a-w C:\Documents and Settings\Bounab\VBRUN300.DLL
2008-03-14 14:10 2 --shatr C:\WINDOWS\winstart.bat
.
------- Sigcheck -------
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-19 18:09 978432 c2e06cb7cfb5dbd8767ddd5e2e18cf71 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0e64e841-2463-47c9-8797-daf2810bbf61}]
2008-06-27 22:19 34304 --a------ C:\WINDOWS\system32\ljJARiiI.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{734f2638-8752-44fb-ab06-cbffedf540a4}]
2008-06-27 16:34 303104 --a------ C:\WINDOWS\gfetqaxsrop.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfre1.dll" [2008-05-06 13:59 1470488]
"{3ADE58BD-D99C-4E2B-906A-EEF5FBFD4044}"= "C:\WINDOWS\gxvpsafm.dll" [2008-06-27 16:34 200704]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CLASSES_ROOT\clsid\{3ade58bd-d99c-4e2b-906a-eef5fbfd4044}]
[HKEY_CLASSES_ROOT\gxvpsafm.1]
[HKEY_CLASSES_ROOT\TypeLib\{B2324782-66A4-464B-AFF0-00CEA98FDDAE}]
[HKEY_CLASSES_ROOT\gxvpsafm]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfre1.dll [2008-05-06 13:59 1470488]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry"="C:\Program Files\Greatis\RegRunSuite\lsoon.exe" [2008-02-13 18:10 312832]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"WindowsManager"="c:\d.exe" [ ]
"mssecurity"="C:\WINDOWS\mssecurity.exe" [2008-06-27 22:19 119296]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 07:19 7626752]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"SolidWorks_CheckForUpdates"="C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2007-09-10 08:15 6460696]
"lphcgwvj0e7at"="C:\WINDOWS\system32\lphcgwvj0e7at.exe" [2008-06-27 22:19 109056]
"Antivirus"="C:\Program Files\VAV\vav.exe" [2008-06-19 18:22 325632]
"SMrhclwvj0e7at"="C:\Program Files\rhclwvj0e7at\rhclwvj0e7at.exe" [2008-06-27 19:06 1214976]
"78a3fd56"="C:\WINDOWS\system32\lkbylqld.dll" [2008-06-28 04:57 91520]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 18:09 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
C:\Documents and Settings\Bounab\Menu D‚marrer\Programmes\D‚marrage\
AMSN.lnk - C:\Program Files\AMSN\amsn.exe [2008-06-05 19:03:56 32768]
palmOne Registration.lnk - C:\Program Files\Palm\register.exe [2007-11-25 14:35:58 2367488]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34 471040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= C:\Program Files\Greatis\RegRunSuite\RRShell.dll [2004-11-02 10:15 368711]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{0E64E841-2463-47C9-8797-DAF2810BBF61}"= C:\WINDOWS\system32\ljJARiiI.dll [2008-06-27 22:19 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qegbdmwf"= {7C5DEEB4-73CA-4F02-8720-890AF6568388} - C:\WINDOWS\qegbdmwf.dll [2008-06-27 16:34 200704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJARiiI]
ljJARiiI.dll 2008-06-27 22:19 34304 C:\WINDOWS\system32\ljJARiiI.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WlNotify]
WINotify.dll 2008-06-27 22:19 4608 C:\WINDOWS\system32\WINotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"vidc.X264"= x264vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dataviz Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dataviz Messenger.lnk
backup=C:\WINDOWS\pss\Dataviz Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Samsung Fucker v1.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Samsung Fucker v1.0.lnk
backup=C:\WINDOWS\pss\Samsung Fucker v1.0.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Status Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Status Monitor.lnk
backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^VPro520.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\VPro520.lnk
backup=C:\WINDOWS\pss\VPro520.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Bounab^Menu Démarrer^Programmes^Démarrage^Mobiola Web Camera USB.lnk]
path=C:\Documents and Settings\Bounab\Menu Démarrer\Programmes\Démarrage\Mobiola Web Camera USB.lnk
backup=C:\WINDOWS\pss\Mobiola Web Camera USB.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bounab^Menu Démarrer^Programmes^Démarrage^palmOne Registration.lnk]
path=C:\Documents and Settings\Bounab\Menu Démarrer\Programmes\Démarrage\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bounab^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe]
path=C:\Documents and Settings\Bounab\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bounab^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Bounab\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bounab^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\Bounab\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bounab^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Bounab\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bounab^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Bounab\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@RegRunOnSecure]
--a------ 2003-01-22 12:03 57856 C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-02-22 13:30 217544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 21:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-19 18:09 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dbar_starter]
C:\Documents and Settings\Bounab\Application Data\Deskbar_{79BB6251-0F45-4c8c-B942-6A6C1D909F38}\starter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_201781]
--a------ 2006-06-13 18:11 351000 C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_298937]
--a------ 2006-06-13 18:11 351000 C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07FXLRD_3473515]
--a------ 2006-06-13 18:11 351000 C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-01-08 23:17 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2005-10-11 19:25 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-07-12 07:19 7626752 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-07-12 07:19 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-07-12 07:19 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2007-10-18 16:42 5207368 C:\Program Files\Pando Networks\Pando\Pando.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegRun WinBait]
--a------ 2000-12-12 20:56 16384 C:\WINDOWS\winbait.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]
--a------ 2008-02-13 18:12 356352 C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-01-08 23:26 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-12 16:20 21686568 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPAMfighter Agent]
--a------ 2007-11-01 18:15 308880 C:\Program Files\SPAMfighter\SFAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-04-06 19:20 1271032 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysMetrix]
C:\Program Files\SysMetrix\SysMetrix.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSUpdater]
C:\Program Files\winvi\wupda.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdater]
C:\Program Files\winvi\update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-11-03 09:59 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"MediaDico9"=C:\Program Files\Micro Application\9 DICOS Indispensables\LanceMediaDICO9.exe Lancement
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
"Alcmtr"=ALCMTR.EXE
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
"MAAgent"=C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"SetDefPrt"=C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SkyTel"=SkyTel.EXE
"SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
"RTHDCPL"=RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"C:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\HomePlayer1.5.2\\HomePlayer.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\shute77\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\shute77\\counter-strike\\hl.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\mssecurity.exe"=
R0 OCDE;ZTekWare Original CD Emulator Service;C:\WINDOWS\system32\Drivers\OCDE.sys [2007-08-25 19:27]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-11-01 18:15]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-19 18:10]
R3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2006-01-11 15:55]
R3 SPC520;Philips SPC520NC PC Camera;C:\WINDOWS\system32\drivers\SPC520.sys [2007-03-27 22:27]
R3 SPC520m;Philips SPC520NC PC Cameram;C:\WINDOWS\system32\drivers\SPC520m.sys [2007-03-27 22:27]
R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\WINDOWS\system32\DRIVERS\evsbc.sys [2008-03-04 18:35]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-05-06 22:44]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\WINDOWS\system32\DRIVERS\evserial.sys [2008-03-04 18:35]
S3 Fadpu16E;Fadpu16E;C:\DOCUME~1\Bounab\LOCALS~1\Temp\Fadpu16E.sys []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
S3 ntportio;ntportio;C:\DOCUME~1\Bounab\LOCALS~1\Temp\Rar$EX00.250\LG3G_Tool_v25\LG3G_Tool_v25\ntportio.sys []
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2008-03-08 22:18]
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2008-04-06 12:07]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 15:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 15:38]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bb509b0-e484-11db-b704-0007cb0000ff}]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b63f32c2-5028-11dc-bb47-00138fc9fb1f}]
\Shell\AutoRun\command - I:\fooool.exe
\Shell\explore\Command - I:\fooool.exe
\Shell\open\Command - I:\fooool.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-25 21:20:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 15:18:02 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-06-27 16:34:18 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 16:50:08
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ljJARiiI.dll
-> C:\WINDOWS\system32\WINotify.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\lkbylqld.dll
.
Temps d'accomplissement: 2008-06-28 16:53:04
ComboFix-quarantined-files.txt 2008-06-28 14:51:58
Pre-Run: 8,757,641,216 octets libres
Post-Run: 8,733,003,776 octets libres
535 --- E O F --- 2008-06-21 10:50:03
|
|
|
|
Je ne cherche pas, je trouve !
|
|
|
J'ai une vie privée
Bon ComboFix en a supprimé pas mal mais il en reste encore beaucoup des méchantes bêtes..
On va faire comme ça :
Télécharge SDFix (créé par AndyManchesta)
Double-clique sur SDFix.exe
Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre en mode sans échec (tapote F8 au démarrage)
Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
Double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
Copie/colle le contenu
Si SDFix ne se lance pas
Clique sur Démarrer > Exécuter
Copie/colle ceci : %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Clique sur Ok.
Redémarre et essaie de relance SDFix.
|
|
|
1
|
|
|
|
