Sujet Précédent Sujet Suivant

COMBOFIX.EXE N4EST PAS UNE APLICATION WIN32

Fermé
drsniper - 14 janv. 2009 à 08:42
 Utilisateur anonyme - 14 janv. 2009 à 14:07
Bonjour,
VOILA MON PROBLEME jai un viruse qui me laisse pas acsede au mode son echec est qui me laisse pas instale ou d'instale aide moi
A voir également:

20 réponses

Réponse 1 / 20
Utilisateur anonyme
14 janv. 2009 à 08:44
bonjour :


Telecharge FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Fais un clic droit sur le raccourci FindyKill sur ton bureau

--> Choisi executer en tant qu administrateur

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
1
Réponse 2 / 20
Utilisateur anonyme
14 janv. 2009 à 10:47
C:\Documents and Settings\yasine\Bureau\Aaa Logo v1.21 Retail Keygen.rar
C:\Documents and Settings\yasine\Bureau\keygen.exe
C:\Documents and Settings\yasine\Bureau\keygen.rar
C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen (2).lnk
C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen.lnk
C:\Documents and Settings\yasine\Recent\keygen.lnk

c'est de là qu'est venu Bagle supprimes les tous

et :


rends toi sur ce site :

https://www.virustotal.com/gui/

pour faire analyser ces deux fichiers

C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

ensuite :

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
1
Réponse 3 / 20
drsniper
14 janv. 2009 à 08:44
EST quont je lance le combofx c ne demar pas il me dit COMBOFIX.EXE N4EST PAS UNE APLICATION WIN32
0
Réponse 4 / 20
drsniper
14 janv. 2009 à 09:45
----------------- FindyKill V4.711 ------------------

* User : yasine - DELL
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 8:58:16 le 14/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\twain_32\L3U16\WATCH.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Program Files\Adobe\Illustrator CS\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wintems.exe
C:\DOCUME~1\yasine\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\yasine\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

--------------- [ Processus infectieux stoppés ] ----------------




--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\WINDOWS


»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\101453.EXE-38C46BC1.pf
Found ! - C:\WINDOWS\prefetch\103531.EXE-2A6814A1.pf
Found ! - C:\WINDOWS\prefetch\121578.EXE-20F35554.pf
Found ! - C:\WINDOWS\prefetch\135609.EXE-36E7BAA3.pf
Found ! - C:\WINDOWS\prefetch\14783546.EXE-14CED4A9.pf
Found ! - C:\WINDOWS\prefetch\14936875.EXE-2457C07F.pf
Found ! - C:\WINDOWS\prefetch\14950437.EXE-2762A9BC.pf
Found ! - C:\WINDOWS\prefetch\14999703.EXE-1C323E0D.pf
Found ! - C:\WINDOWS\prefetch\172812.EXE-3436AD21.pf
Found ! - C:\WINDOWS\prefetch\294093.EXE-2A803CAF.pf
Found ! - C:\WINDOWS\prefetch\29600796.EXE-0550F014.pf
Found ! - C:\WINDOWS\prefetch\297265.EXE-342CBC4A.pf
Found ! - C:\WINDOWS\prefetch\29811656.EXE-05F2DBF1.pf
Found ! - C:\WINDOWS\prefetch\29822250.EXE-0F680B2F.pf
Found ! - C:\WINDOWS\prefetch\29860296.EXE-297C224D.pf
Found ! - C:\WINDOWS\prefetch\343781.EXE-2A9883F4.pf
Found ! - C:\WINDOWS\prefetch\372968.EXE-051F99AB.pf
Found ! - C:\WINDOWS\prefetch\392765.EXE-03740203.pf
Found ! - C:\WINDOWS\prefetch\67437.EXE-129D9EC3.pf
Found ! - C:\WINDOWS\prefetch\71921.EXE-3548786F.pf
Found ! - C:\WINDOWS\prefetch\77250.EXE-2A7CCB10.pf
Found ! - C:\WINDOWS\prefetch\FLEC003.EXE-1FF354CF.pf
Found ! - C:\WINDOWS\prefetch\HLDRRR.EXE-106798BB.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-23B13664.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-1B0555A2.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-26FD3333.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-1B0555A2.pf
Found ! - C:\WINDOWS\Prefetch\KEYGEN.EXE-26FD3333.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [14/01/2009 08:32] - C:\WINDOWS\system32\mdelk.exe
Found ! [14/01/2009 08:32] - C:\WINDOWS\system32\wintems.exe
Found ! [14/01/2009 08:34] - C:\WINDOWS\system32\ban_list.txt

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

Found ! [16/04/2005 03:09] - C:\WINDOWS\system32\drivers\mdelk.exe
Found ! [14/01/2009 08:31] - C:\WINDOWS\system32\drivers\srosa.sys
Found ! [16/04/2005 03:09] - C:\WINDOWS\system32\drivers\hldrrr.exe
Found ! [14/01/2009 08:36] - "C:\WINDOWS\system32\drivers\downld"

»»»» Presence des fichiers dans C:\Documents and Settings\yasine\Application Data

Found ! [14/01/2009 08:32] - "C:\Documents and Settings\yasine\Application Data\m\flec006.exe"
Found ! [14/01/2009 08:33] - "C:\Documents and Settings\yasine\Application Data\m\list.oct"
Found ! [14/01/2009 08:36] - "C:\Documents and Settings\yasine\Application Data\m\data.oct"
Found ! [14/01/2009 08:36] - "C:\Documents and Settings\yasine\Application Data\m\srvlist.oct"
Found ! [14/01/2009 08:37] - "C:\Documents and Settings\yasine\Application Data\m\shared"
Found ! [13/01/2009 12:55] - "C:\Documents and Settings\yasine\Application Data\m"
Found ! [13/01/2009 12:52] - "C:\Documents and Settings\yasine\Application Data\hidires\flec003.exe"
Found ! [14/01/2009 08:11] - "C:\Documents and Settings\yasine\Application Data\hidires"

»»»» Presence des fichiers dans C:\DOCUME~1\yasine\LOCALS~1\Temp


»»»» Presence des fichiers dans C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5

Found ! [06/11/2008 08:27] - C:\Documents and Settings\pc\Application Data\Adobe\XMP\FileInfoLibPrefs.txt
Found ! [13/01/2009 12:53] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64[1].jpg
Found ! [13/01/2009 17:00] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64[2].jpg
Found ! [14/01/2009 08:33] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64_2[1].jpg
Found ! [13/01/2009 17:00] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64_5[1].jpg
Found ! [14/01/2009 08:10] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64_5[2].jpg
Found ! [13/01/2009 08:41] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[1].htm
Found ! [14/01/2009 08:33] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[3].htm
Found ! [13/01/2009 08:40] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[4].htm
Found ! [13/01/2009 12:50] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[5].htm
Found ! [14/01/2009 07:50] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\mxd[1].jpg
Found ! [13/01/2009 17:01] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64[1].jpg
Found ! [14/01/2009 07:50] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64[2].jpg
Found ! [13/01/2009 08:32] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_2[1].jpg
Found ! [13/01/2009 08:45] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_3[1].jpg
Found ! [14/01/2009 08:32] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_3[2].jpg
Found ! [14/01/2009 08:32] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_3[3].jpg
Found ! [13/01/2009 08:45] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_5[1].jpg
Found ! [14/01/2009 08:34] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\ffl[1].htm
Found ! [14/01/2009 08:32] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\ffl[2].htm
Found ! [14/01/2009 08:34] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\file[1].txt
Found ! [14/01/2009 07:51] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64[1].jpg
Found ! [13/01/2009 08:41] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[1].jpg
Found ! [13/01/2009 08:42] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[2].jpg
Found ! [13/01/2009 17:00] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[3].jpg
Found ! [14/01/2009 07:51] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[4].jpg
Found ! [13/01/2009 12:53] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_3[1].jpg
Found ! [14/01/2009 07:50] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_3[2].jpg
Found ! [13/01/2009 08:30] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_5[1].jpg
Found ! [13/01/2009 12:52] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_5[2].jpg
Found ! [14/01/2009 08:32] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_5[3].jpg
Found ! [14/01/2009 08:10] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[1].htm
Found ! [13/01/2009 08:44] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[2].htm
Found ! [14/01/2009 08:31] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[3].htm
Found ! [14/01/2009 08:32] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[4].htm
Found ! [14/01/2009 08:33] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[5].htm
Found ! [13/01/2009 12:53] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\mxd[1].jpg
Found ! [13/01/2009 12:52] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64[1].jpg
Found ! [13/01/2009 08:40] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64_2[1].jpg
Found ! [14/01/2009 08:11] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64_3[1].jpg
Found ! [14/01/2009 08:30] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64_5[1].jpg
Found ! [14/01/2009 08:33] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[1].htm
Found ! [14/01/2009 08:33] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[2].htm
Found ! [14/01/2009 08:34] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[3].htm
Found ! [14/01/2009 08:34] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[4].htm
Found ! [13/01/2009 12:53] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\mxd[1].jpg
Found ! [14/01/2009 07:50] - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\servernames2[1].htm

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

[HKEY_CURRENT_USER\software\local appwizard-generated applications\75675678894534654654658456]

--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-299502267-1637723038-839522115-1003\Software\DateTime4
Found ! - HKEY_USERS\S-1-5-21-299502267-1637723038-839522115-1003\Software\FirstRRRun
Found ! - HKEY_USERS\S-1-5-21-299502267-1637723038-839522115-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-299502267-1637723038-839522115-1003\Software\MuleAppData
Found ! - HKEY_USERS\.DEFAULT\Software\FirstRRRun
Found ! - HKEY_USERS\.DEFAULT\Software\FirtR
Found ! - HKEY_USERS\S-1-5-18\Software\FirstRRRun
Found ! - HKEY_USERS\S-1-5-18\Software\FirtR
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Found ! - HKEY_CURRENT_USER\Software\DateTime4
Found ! - HKEY_CURRENT_USER\Software\FirtR
Found ! - HKEY_CURRENT_USER\Software\FirstRRRun

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

--------------- [ Etat / Services ] ----------------

Clé manquante : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden

/!\ Affichage des fichiers cachés non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

/!\ Mode sans echec non fonctionnel !!

Clé manquante : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

/!\ Mode sans echec non fonctionnel !!



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

/!\ Ip6Fw - Type de démarrage = 4

/!\ SharedAccess - Type de démarrage = 4

/!\ wuauserv - Type de démarrage = 4

/!\ wscsvc - Type de démarrage = 4


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
Utilisateur anonyme
14 janv. 2009 à 09:47
sacré Bagle !!


Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


--> Fais clic droit sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 6 / 20
drsniper
14 janv. 2009 à 10:15
----------------- FindyKill V4.711 ------------------

* User : yasine - DELL
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 10:00:57 the 14/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\101453.EXE-38C46BC1.pf
Deleted ! - C:\WINDOWS\prefetch\103531.EXE-2A6814A1.pf
Deleted ! - C:\WINDOWS\prefetch\121578.EXE-20F35554.pf
Deleted ! - C:\WINDOWS\prefetch\135609.EXE-36E7BAA3.pf
Deleted ! - C:\WINDOWS\prefetch\14783546.EXE-14CED4A9.pf
Deleted ! - C:\WINDOWS\prefetch\14936875.EXE-2457C07F.pf
Deleted ! - C:\WINDOWS\prefetch\14950437.EXE-2762A9BC.pf
Deleted ! - C:\WINDOWS\prefetch\14999703.EXE-1C323E0D.pf
Deleted ! - C:\WINDOWS\prefetch\172812.EXE-3436AD21.pf
Deleted ! - C:\WINDOWS\prefetch\294093.EXE-2A803CAF.pf
Deleted ! - C:\WINDOWS\prefetch\29600796.EXE-0550F014.pf
Deleted ! - C:\WINDOWS\prefetch\297265.EXE-342CBC4A.pf
Deleted ! - C:\WINDOWS\prefetch\29811656.EXE-05F2DBF1.pf
Deleted ! - C:\WINDOWS\prefetch\29822250.EXE-0F680B2F.pf
Deleted ! - C:\WINDOWS\prefetch\29860296.EXE-297C224D.pf
Deleted ! - C:\WINDOWS\prefetch\343781.EXE-2A9883F4.pf
Deleted ! - C:\WINDOWS\prefetch\372968.EXE-051F99AB.pf
Deleted ! - C:\WINDOWS\prefetch\392765.EXE-03740203.pf
Deleted ! - C:\WINDOWS\prefetch\67437.EXE-129D9EC3.pf
Deleted ! - C:\WINDOWS\prefetch\71921.EXE-3548786F.pf
Deleted ! - C:\WINDOWS\prefetch\77250.EXE-2A7CCB10.pf
Deleted ! - C:\WINDOWS\prefetch\HLDRRR.EXE-106798BB.pf
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-1B0555A2.pf
Deleted ! - C:\WINDOWS\prefetch\KEYGEN.EXE-26FD3333.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-23B13664.pf
Deleted ! - C:\WINDOWS\prefetch\NIDEIECT.COM-22E4F2D0.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-101AF362.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

Deleted ! - C:\WINDOWS\system32\drivers\mdelk.exe
Deleted ! - C:\WINDOWS\system32\drivers\srosa.sys
Deleted ! - C:\WINDOWS\system32\drivers\hldrrr.exe
Deleted ! - "C:\WINDOWS\system32\drivers\downld"

»»»» Supression files in C:\Documents and Settings\yasine\Application Data

Deleted ! - "C:\Documents and Settings\yasine\Application Data\m\flec006.exe"
Deleted ! - "C:\Documents and Settings\yasine\Application Data\m\list.oct"
Deleted ! - "C:\Documents and Settings\yasine\Application Data\m\data.oct"
Deleted ! - "C:\Documents and Settings\yasine\Application Data\m\srvlist.oct"
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\101 MP3 Splitter & Joiner 3.6.3.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\A4DeskPro Flash Website Builder 1.30.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Ababa speedread 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Abby 1.00.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Abdio Free MP4 Player 5.0.71125.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Abduction2002 2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Absolute Trivia 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Active Volcano 3D Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Anapod Explorer 9.0.6.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Ann Arbor Toolbar 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Antechinus Code Chameleon 2.1 Build 2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\AOL Deskbar 2.0.0.12.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Apex Video To MOV Converter 4.64.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Argus Panoptes 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\AVP Kaspersky Pro v4.5 (Espa%C3%B1ol) + Crack + Manual.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Babyphone PC 1.000.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Barcode 1.0.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Be Fuel Smart For Clean Air 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Bingo Generation 2.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Boating Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Circle Feeds Icons 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Clone 2.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Clone My CD 1.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Comparators 2.5 Build 9228.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\ComponentSet 2.3.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Cool Record Edit Pro 7.0.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Data Exchange Extension for Network File Monitor 2.27.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\DB MP3 Master 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Denum Code Generator Alpha.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Diary Defender 1.8.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Disk Recon 4.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\DiskLogon 2.5.1.53.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Dr.Web anti-virus link checker 1.0.18.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\EDraw Organizational Chart 4.2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\ERP Flex - Inventory 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\EZY Unit Converter 1.3.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\FaceOnBody 2.4.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Falco Watcher 1.2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Filter Wiz PRO 4.2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Flash Chilli Sleek Menu 1.2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Flash SlideShow Engine 1.0.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Folder iconset.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\FoneJoy for Yahoo! Music Engine 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Google Toolbar Button 0.3.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Gorgeous Butterflies Screensaver.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Homebrew Low-Rights IE 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Image Searcher PRO 1.2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\IPNEM 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\iRCTunes for mIRC v3.3.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\iRecordMax 7.1.3.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\JOC Print Commander 2.40.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Kankowski Edit 2.2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Kaspersky.Internet.Security.2006.6.0.1.411.-.Final.KEYS.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\KFBK Radio Sacramento 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Kimbo 2.5.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Magic Ellipses 1.3.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\MaxTo 8.08.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\MC Screen Capture 4.5.39.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\McAfee.VirusScan.PLUS.2007.Full.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Merlin Graph Components 2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\MetaTagDummy! 1.7.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\MMPlayerX 2.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\MojoDirectories 2.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\MP3 Playlister 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Multi CC 3.1.0.33.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Multimedia Icon Set.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\NATIONAL ARCHIVE 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Nature Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\NetPalpus 2.8.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\netsend 2.61.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Network Video Surveillence 1.0.1.19.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Nockylock 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Nod32.Antivirus.-.Espaڑ?ol.Cracks.Con.Actualizacion.Infinita-2000-Xp.updated-fixed.08-2006.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\NOTE2MID 2.2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Oracle 1Z0-040 Exam.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Outlook Express Backup Plus 2.7.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Panda.Antivirus.Titanium.Platinum.Full.Edition.2007.updated-fixed.10-2006.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Picsplorer 3.4.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Portable Ifactor 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Project-Eo Multi Diary - Day Edition 1.0.2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\QR Photo to 3GP Converter 1.1.8.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Quick Blank Screen 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\QuickTime Lite (QT Lite) 2.7.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Quien Quiere Ser Millonario 3 Edicion Nokia 5200 Es.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\RadarSync Toolbar 1.5.42.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\RAM Idle Pro 3.6.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\ReallyEasyReader 4.0 (Build 1247).zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Refresher 1.2.4.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Resume Rater 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Rhapsody Radio 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\RuleLab.Net Server 1.7.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Scale Trainer Guitar Edition 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\SemSim 640-801 CCNA Exams 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\ShareMail 4.7.3 Build 20070304.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Simple Analog Clock 1.0.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\SmartBackup 3.3.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\SoftAtlas Google Booster 2.3.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Stone Club Penguin 1.01.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\StudyX 3.0.7.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\SWF Assayer 2.00 Beta Build 70815.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Target Desktop Widget 5.2.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\The MP3 Machine 2.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\The Way 1.10.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\TheOne SysLog Sender Free Edition 2.5.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\TimeUp 5.00.8.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Transitions Screen Saver 3.0.1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Urban PPL XP Icons.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Version Edit 1.0.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\VideoConstructor 1.5.0.17.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Web Log Mixer 1.3.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Web Login Manager 1.07.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Website Extractor 9.86.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Wild West Animal Free Animated Screensaver 5.11.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Windows NTP Time Server Client 1.0.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\WinHTTP 3.2.8.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Wissenbach Map3D 2.44.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Woodworking Projects for Everyone 2.0.002.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\XL Fusion 3.0.4.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\XMedia EMail Backup 2.1.3.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\YZMatrix Screen Saver 1.0.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Zafari Mobile 2.7.0.4.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\Zeppelin 3D 1.zip
Deleted ! - C:\Documents and Settings\yasine\Application Data\m\shared\ZipWrangler 1.20.zip
Deleted ! - "C:\Documents and Settings\yasine\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\yasine\Application Data\m"
Deleted ! - "C:\Documents and Settings\yasine\Application Data\hidires\flec003.exe"
Deleted ! - "C:\Documents and Settings\yasine\Application Data\hidires"

»»»» Supression files in C:\DOCUME~1\yasine\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[1].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[3].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[4].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[5].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\mxd[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\ffl[1].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\ffl[2].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[4].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_5[3].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[1].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[2].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[3].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[4].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[5].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\file[1].txt
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\mxd[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[1].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[2].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[3].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[4].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\mxd[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\servernames2[1].htm

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa
Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_CURRENT_USER\Software\DateTime4
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_CURRENT_USER\Software\FirstRRRun
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-299502267-1637723038-839522115-1003\Software\MuleAppData
Deleted ! - HKEY_USERS\.DEFAULT\Software\FirstRRRun
Deleted ! - HKEY_USERS\.DEFAULT\Software\FirtR

--------------- [ States / Restarting of services ] ----------------

+- Safe boot mode restored !

+- Showing of hidden files has been repaired !



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

H: - Lecteur amovible


+- deleting files :

Deleted ! - H:\autorun.inf
Deleted ! - H:\nideiect.com

--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe
655f6629198c99d8285f9a8767fda983 C:\WINDOWS\system32\drivers\hldrrr.exe
655f6629198c99d8285f9a8767fda983 C:\WINDOWS\system32\drivers\mdelk.exe

Suspect ! - 655f6629198c99d8285f9a8767fda983 C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe
Suspect ! - 655f6629198c99d8285f9a8767fda983 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\yasine\Bureau\Aaa Logo v1.21 Retail Keygen.rar
C:\Documents and Settings\yasine\Bureau\keygen.exe
C:\Documents and Settings\yasine\Bureau\keygen.rar
C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen (2).lnk
C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen.lnk
C:\Documents and Settings\yasine\Recent\keygen.lnk


---------------- ! End of report ! ------------------
0
Réponse 7 / 20
drsniper
14 janv. 2009 à 11:54
info.txt logfile of random's system information tool 1.05 2009-01-14 11:31:26

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Contribute CS3-->MsiExec.exe /I{F84ADE4E-9220-4324-994D-801EDD9DD251}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Setup-->MsiExec.exe /I{BE136F60-5D0F-4663-8B32-938A3EFD3FCB}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Agfa ScanWise 1.60-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Agfa\ScanWise 1_60\uninst.isu" -c"C:\Program Files\Agfa\ScanWise 1_60\UNINSTALL.DLL"
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Web Premium-->C:\Program Files\Fichiers communs\Adobe\Installers\e7f691c6f2bf7b70c25ea19f3d73b6e\Setup.exe
Atmel TPM Driver Installer 3.0.3.15-->MsiExec.exe /X{BBD6BA59-4593-43CC-BBC8-8E53D354AEA4}
BitDefender Free Edition v10-->MsiExec.exe /I{CEFC581D-BEAE-4F75-989E-BD931970D8AD}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Crush'Em 2.0-->C:\WINDOWS\Crush'Em 2.0\UNWISE.EXE C:\WINDOWS\Crush'Em 2.0\install.log
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Modem Helper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NTRU Hybrid TSS v2.0.25-->MsiExec.exe /I{0BA2A0BA-7F4D-4B7B-AE94-5F0233AC8A5A}
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Puzzl'Em 1.0 Beta2-->C:\WINDOWS\Puzzl'Em1.0Beta2\UNWISE.EXE C:\WINDOWS\Puzzl'Em1.0Beta2\install.log
ScanExpress A3 USB v1.0-->C:\WINDOWS\twain_32\L3U16\UNINST.EXE
Spyder2PRO-->C:\WINDOWS\unvise32.exe C:\Program Files\PANTONE COLORVISION\Spyder2PRO\uninstal.log
Star Downloader Free-->C:\PROGRA~1\STARDO~1\UNWISE.EXE C:\PROGRA~1\STARDO~1\INSTALL.LOG
the names of god-->C:\Program Files\the names of god\uninstall.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: Bitdefender Antivirus

System event log

Computer Name: DELL
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

Record Number: 1895
Source Name: Cdrom
Time Written: 20090106083940.000000+000
Event Type: warning
User:

Computer Name: DELL
Event Code: 11
Message: Le pilote a détecté une erreur du contrôleur sur \Device\CdRom0.

Record Number: 1894
Source Name: Cdrom
Time Written: 20090106083934.000000+000
Event Type: error
User:

Computer Name: DELL
Event Code: 11
Message: Le pilote a détecté une erreur du contrôleur sur \Device\CdRom0.

Record Number: 1893
Source Name: Cdrom
Time Written: 20090106083927.000000+000
Event Type: error
User:

Computer Name: DELL
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

Record Number: 1892
Source Name: Cdrom
Time Written: 20090106083920.000000+000
Event Type: warning
User:

Computer Name: DELL
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\CdRom0 au cours d'une opération de pagination.

Record Number: 1891
Source Name: Cdrom
Time Written: 20090106083916.000000+000
Event Type: warning
User:

Application event log

Computer Name: DELL
Event Code: 1
Message:
Record Number: 253
Source Name: Bonjour Service
Time Written: 20081230080323.000000+000
Event Type: information
User:

Computer Name: DELL
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 252
Source Name: SecurityCenter
Time Written: 20081228080534.000000+000
Event Type: information
User:

Computer Name: DELL
Event Code: 2004
Message: Impossible d'ouvrir le Service serveur. Les données de performance du
serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0.

Record Number: 251
Source Name: PerfNet
Time Written: 20081228080530.000000+000
Event Type: error
User:

Computer Name: DELL
Event Code: 1
Message:
Record Number: 250
Source Name: Bonjour Service
Time Written: 20081228080529.000000+000
Event Type: information
User:

Computer Name: DELL
Event Code: 11707
Message: Product: MSXML 4.0 SP2 (KB954430) -- Installation completed successfully.

Record Number: 249
Source Name: MsiInstaller
Time Written: 20081227170139.000000+000
Event Type: information
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Fichiers communs\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
0
Réponse 8 / 20
drsniper
14 janv. 2009 à 11:55
Logfile of random's system information tool 1.05 (written by random/random)
Run by yasine at 2009-01-14 11:31:23
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 38 GB (48%) free of 80 GB
Total RAM: 1014 MB (67% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-24 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-24 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFEF0-5B30-21D4-945D-000000000000}]
C:\PROGRA~1\STARDO~1\SDIEInt.dll [2006-02-26 135680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll []
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"drvsyskit"=C:\WINDOWS\system32\drivers\hldrrr.exe []
"german.exe"=C:\WINDOWS\system32\wintems.exe []
"mule_st_key"=C:\Documents and Settings\yasine\Application Data\m\flec006.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2005-04-16 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\Softwin\BitDefender10\bdagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Program Files\Softwin\BitDefender10\bdmcon.exe /reg []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gtwatch]
C:\WINDOWS\gtwatch.exe [2001-08-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2006-07-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2006-07-21 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-09-07 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2006-07-21 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-24 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2005-04-16 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]
C:\DOCUME~1\yasine\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-10-17 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^ColorVisionStartup.lnk]
C:\PROGRA~1\PANTON~1\Utility\COLORV~1.EXE [2005-03-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^yasine^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
C:\WINDOWS\BRICOP~1\VISTAI~1\TransBar\TransBar.exe [2005-06-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^yasine^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
C:\WINDOWS\BRICOP~1\VISTAI~1\UberIcon\UBERIC~1.EXE [2006-05-21 180224]

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Watch.lnk - C:\WINDOWS\twain_32\L3U16\WATCH.exe

C:\Documents and Settings\yasine\Menu Démarrer\Programmes\Démarrage
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-07-21 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-05 240128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NofolderOptions"=0
"NoFind"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81df7331-e149-11dd-a692-0019b9165b81}]
shell\explore\command - F:\explorer.exe
shell\open\command - F:\explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81df7332-e149-11dd-a692-0019b9165b81}]
shell\explore\command - G:\explorer.exe
shell\open\command - G:\explorer.exe


======File associations======

.txt - open -

======List of files/folders created in the last 2 months======

2009-01-14 11:31:23 ----D---- C:\rsit
2009-01-14 11:31:23 ----D---- C:\Program Files\trend micro
2009-01-14 11:13:57 ----A---- C:\a.txt
2009-01-14 10:00:57 ----A---- C:\FindyKill.txt
2009-01-14 08:56:37 ----D---- C:\Program Files\FindyKill
2009-01-14 08:19:08 ----A---- C:\curr_ver.tmp
2009-01-13 15:25:57 ----A---- C:\WINDOWS\unvise32.exe
2009-01-13 15:25:34 ----D---- C:\Program Files\PANTONE COLORVISION
2009-01-13 09:54:28 ----D---- C:\WINDOWS\pss
2009-01-13 09:41:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
2009-01-11 03:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2009-01-10 13:24:27 ----D---- C:\Documents and Settings\yasine\Application Data\Google
2009-01-10 13:22:28 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-01-10 13:22:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedBit
2009-01-10 13:22:11 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2009-01-10 13:22:05 ----D---- C:\Program Files\Google
2009-01-10 13:22:05 ----D---- C:\Program Files\DAP
2009-01-06 16:43:08 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
2009-01-06 16:43:08 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
2009-01-06 16:43:08 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
2009-01-06 16:43:08 ----RA---- C:\WINDOWS\system32\kbdarme.dll
2009-01-06 16:43:08 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2009-01-06 16:43:07 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
2009-01-06 16:43:07 ----RA---- C:\WINDOWS\system32\kbdintel.dll
2009-01-06 16:43:07 ----RA---- C:\WINDOWS\system32\kbdintam.dll
2009-01-06 16:43:07 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
2009-01-06 16:43:07 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
2009-01-06 16:43:07 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
2009-01-06 16:43:07 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
2009-01-06 16:43:07 ----RA---- C:\WINDOWS\system32\kbdindev.dll
2009-01-06 16:43:07 ----A---- C:\WINDOWS\system32\c_iscii.dll
2009-01-06 16:43:06 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
2009-01-06 16:43:06 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
2009-01-06 16:43:06 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
2009-01-06 16:43:06 ----RA---- C:\WINDOWS\system32\kbdfa.dll
2009-01-06 16:43:06 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
2009-01-06 16:43:06 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
2009-01-06 16:43:06 ----RA---- C:\WINDOWS\system32\kbda3.dll
2009-01-06 16:43:06 ----RA---- C:\WINDOWS\system32\kbda2.dll
2009-01-06 16:43:06 ----RA---- C:\WINDOWS\system32\kbda1.dll
2009-01-06 16:43:06 ----A---- C:\WINDOWS\system32\kbdusa.dll
2009-01-06 16:43:05 ----RA---- C:\WINDOWS\system32\kbdheb.dll
2009-01-06 16:43:03 ----RA---- C:\WINDOWS\system32\kbdth3.dll
2009-01-06 16:43:03 ----RA---- C:\WINDOWS\system32\kbdth2.dll
2009-01-06 16:43:03 ----RA---- C:\WINDOWS\system32\kbdth1.dll
2009-01-06 16:43:03 ----RA---- C:\WINDOWS\system32\kbdth0.dll
2009-01-06 16:38:30 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-01-06 16:38:30 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-01-06 16:38:30 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-01-06 16:38:29 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-01-06 16:38:17 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-01-06 16:38:17 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-01-06 16:38:08 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-01-06 16:37:54 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-01-06 16:35:12 ----A---- C:\WINDOWS\system32\uniime.dll
2009-01-06 16:35:08 ----A---- C:\WINDOWS\system32\imjp81k.dll
2009-01-06 16:35:06 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-01-06 16:35:06 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-01-06 16:35:06 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-01-06 16:35:06 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-01-06 16:35:06 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-01-06 16:35:04 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-01-06 16:34:52 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2009-01-06 16:27:59 ----A---- C:\WINDOWS\ODBC.INI
2009-01-06 16:27:54 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-01-06 16:24:38 ----D---- C:\Nouveau dossier
2009-01-06 16:04:47 ----RHD---- C:\MSOCache
2009-01-05 09:52:23 ----D---- C:\Download
2009-01-05 09:40:41 ----D---- C:\Program Files\Star Downloader
2009-01-04 16:42:52 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-04 16:42:22 ----D---- C:\Documents and Settings\yasine\Application Data\BitTorrent
2009-01-04 13:30:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2009-01-04 13:26:00 ----D---- C:\Program Files\Softwin
2009-01-04 11:29:01 ----D---- C:\Program Files\Fichiers communs\Softwin
2009-01-04 08:22:20 ----D---- C:\Program Files\the names of god
2009-01-04 08:22:20 ----A---- C:\WINDOWS\the names of god.ini
2009-01-03 15:48:39 ----A---- C:\WINDOWS\system32\agusbsti.dll
2009-01-03 15:39:34 ----A---- C:\WINDOWS\IsUn040c.exe
2009-01-03 15:38:54 ----D---- C:\WINDOWS\Crush'Em 2.0
2009-01-03 15:38:51 ----D---- C:\WINDOWS\Puzzl'Em1.0Beta2
2009-01-03 15:38:38 ----A---- C:\WINDOWS\system32\A32usd.dll
2009-01-03 15:38:38 ----A---- C:\WINDOWS\Gtwatch.exe
2009-01-03 15:38:22 ----A---- C:\WINDOWS\system32\vb5ko.dll
2009-01-03 15:38:17 ----D---- C:\Program Files\ScanExpress A3 USB
2009-01-03 10:06:25 ----D---- C:\Program Files\Fichiers communs\BitDefender
2008-12-31 12:06:01 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-30 16:25:35 ----D---- C:\Documents and Settings\yasine\Application Data\Nero
2008-12-30 15:58:29 ----D---- C:\Documents and Settings\yasine\Application Data\Opera
2008-12-30 08:55:21 ----A---- C:\WINDOWS\Irremote.ini
2008-12-30 08:53:17 ----D---- C:\Program Files\Windows Sidebar
2008-12-30 08:43:23 ----D---- C:\Program Files\Nero
2008-12-30 08:43:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-12-30 08:43:01 ----D---- C:\Program Files\Fichiers communs\Nero
2008-12-30 08:42:50 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-30 08:17:09 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2008-12-30 08:15:31 ----A---- C:\WINDOWS\BricoPackUninst.txt
2008-12-30 08:15:31 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-12-30 08:15:05 ----D---- C:\WINDOWS\BricoPacks
2008-12-30 08:11:33 ----D---- C:\Program Files\KGB Archiver
2008-12-27 17:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-27 17:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-27 17:03:30 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-27 17:03:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-27 17:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-27 17:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-27 17:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-27 17:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-27 17:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-27 17:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-27 17:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-27 17:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-27 17:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-27 17:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-27 17:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-27 17:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-27 17:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-27 17:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-27 17:02:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-27 17:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-27 17:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-27 17:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-27 17:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-27 17:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-25 12:02:22 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-12-25 12:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-25 11:13:36 ----A---- C:\WINDOWS\system32\FileOps.exe
2008-12-24 16:56:32 ----D---- C:\Documents and Settings\yasine\Application Data\Macromedia
2008-12-24 14:48:39 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-24 14:48:39 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-24 14:48:39 ----A---- C:\WINDOWS\system32\java.exe
2008-12-24 14:48:39 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-24 14:12:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-12-24 13:43:37 ----D---- C:\Documents and Settings\yasine\Application Data\Sun
2008-12-24 13:36:25 ----A---- C:\WINDOWS\system32\wpa.bak
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igxpun.exe
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igxprd32.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igmedkrn.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxtray.exe
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxress.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxpph.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxpers.exe
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxext.exe
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxexps.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxdo.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxdev.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxCoIn_v4642.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\ig4icd32.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\ig4dev32.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\hkcmd.exe
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\hccutils.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\difxapi.dll
2008-12-24 13:28:59 ----A---- C:\WINDOWS\system32\difx32.dll
2008-12-24 13:17:47 ----D---- C:\Program Files\Adobe
2008-12-24 13:06:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-12-24 12:51:43 ----D---- C:\Documents and Settings\yasine\Application Data\Adobe
2008-12-24 12:49:23 ----D---- C:\Program Files\QuickTime
2008-12-24 12:41:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-12-24 12:40:56 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-12-24 12:40:56 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2008-12-24 12:36:51 ----D---- C:\Program Files\Java
2008-12-24 12:36:50 ----D---- C:\Program Files\Fichiers communs\Java
2008-12-24 12:34:17 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-12-24 11:53:20 ----D---- C:\Documents and Settings\yasine\Application Data\MSN6
2008-12-24 11:53:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
2008-12-24 11:44:17 ----D---- C:\WINDOWS\Prefetch
2008-12-24 11:40:23 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-24 11:39:25 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-12-24 11:33:13 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-12-24 11:33:13 ----A---- C:\WINDOWS\system32\irclass.dll
2008-12-24 11:33:02 ----RA---- C:\WINDOWS\SET67.tmp
2008-12-24 11:33:02 ----RA---- C:\WINDOWS\SET66.tmp
2008-12-24 11:32:56 ----RA---- C:\WINDOWS\SET2B.tmp
2008-12-24 11:32:53 ----RA---- C:\WINDOWS\SET1F.tmp
2008-12-24 11:32:51 ----RA---- C:\WINDOWS\SET1C.tmp
2008-12-24 11:18:14 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-12-24 11:18:12 ----D---- C:\WINDOWS\setup.pss
2008-12-24 11:09:20 ----D---- C:\Documents and Settings\yasine\Application Data\Identities
2008-12-24 11:09:11 ----ASH---- C:\Documents and Settings\yasine\Application Data\desktop.ini
2008-12-24 11:09:10 ----SD---- C:\Documents and Settings\yasine\Application Data\Microsoft
2008-12-24 11:08:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-24 11:04:01 ----A---- C:\WINDOWS\control.ini
2008-12-24 11:03:49 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-24 11:03:42 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-12-24 11:02:41 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-24 11:02:02 ----A---- C:\WINDOWS\system32\atrace.dll
2008-12-24 11:02:00 ----A---- C:\WINDOWS\system32\desktop.ini
2008-12-24 11:02:00 ----A---- C:\WINDOWS\desktop.ini
2008-12-24 11:01:54 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-12-24 11:01:53 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-12-24 11:01:53 ----A---- C:\WINDOWS\system32\acctres.dll
2008-12-24 11:01:48 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-12-24 11:01:48 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-12-24 11:01:48 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-12-24 11:01:48 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-12-24 11:01:47 ----A---- C:\WINDOWS\system32\wups.dll
2008-12-24 11:01:47 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-12-24 11:01:47 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-12-24 11:01:47 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-12-24 11:01:47 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-12-24 11:01:47 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-12-24 11:01:47 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-12-24 11:01:47 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-12-24 11:01:47 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-12-24 11:01:42 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-12-24 11:01:42 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-12-24 11:01:42 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-12-24 11:01:42 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-12-24 11:01:39 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-12-24 11:01:39 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-12-24 11:01:38 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-12-24 11:01:38 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-12-24 11:01:38 ----A---- C:\WINDOWS\system32\srclient.dll
2008-12-24 11:01:37 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-12-24 11:01:37 ----A---- C:\WINDOWS\system32\msconf.dll
2008-12-24 11:01:37 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-12-24 11:01:37 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-12-24 11:01:37 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-12-24 11:01:37 ----A---- C:\WINDOWS\system32\ils.dll
2008-12-24 11:01:34 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-12-24 11:01:34 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-12-24 11:01:33 ----A---- C:\WINDOWS\system32\inetres.dll
2008-12-24 11:01:33 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-12-24 11:01:32 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-12-24 11:01:31 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-12-24 11:01:31 ----A---- C:\WINDOWS\system32\mstask.dll
2008-12-24 11:01:31 ----A---- C:\WINDOWS\system32\isign32.dll
2008-12-24 11:01:31 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-12-24 11:01:31 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-12-24 11:01:31 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-12-24 11:00:48 ----A---- C:\WINDOWS\vbaddin.ini
2008-12-24 11:00:48 ----A---- C:\WINDOWS\vb.ini
2008-12-24 11:00:30 ----A---- C:\WINDOWS\system32\write.exe
2008-12-24 11:00:25 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-12-24 11:00:25 ----A---- C:\WINDOWS\system32\hticons.dll
2008-12-24 11:00:25 ----A---- C:\WINDOWS\system32\avwav.dll
2008-12-24 11:00:25 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-12-24 11:00:24 ----A---- C:\WINDOWS\system32\winchat.exe
2008-12-24 11:00:24 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-12-24 11:00:19 ----A---- C:\WINDOWS\system32\getuname.dll
2008-12-24 11:00:18 ----A---- C:\WINDOWS\system32\winmine.exe
2008-12-24 11:00:18 ----A---- C:\WINDOWS\system32\sol.exe
2008-12-24 11:00:18 ----A---- C:\WINDOWS\system32\charmap.exe
2008-12-24 11:00:18 ----A---- C:\WINDOWS\system32\calc.exe
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\tskill.exe
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\tscon.exe
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\shadow.exe
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\reset.exe
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-12-24 11:00:17 ----A---- C:\WINDOWS\system32\freecell.exe
2008-12-24 11:00:16 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-12-24 11:00:16 ----A---- C:\WINDOWS\system32\regini.exe
2008-12-24 11:00:16 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-12-24 11:00:16 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-12-24 11:00:16 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-12-24 11:00:16 ----A---- C:\WINDOWS\system32\msg.exe
2008-12-24 11:00:16 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-12-24 11:00:16 ----A---- C:\WINDOWS\system32\logoff.exe
2008-12-24 11:00:16 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-12-24 11:00:15 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-12-24 11:00:15 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-12-24 11:00:15 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-12-24 11:00:15 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-12-24 11:00:15 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-12-24 11:00:15 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-12-24 11:00:14 ----A---- C:\WINDOWS\system32\stclient.dll
2008-12-24 11:00:14 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-12-24 11:00:10 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-12-24 11:00:09 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-12-24 11:00:09 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-12-24 11:00:09 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-12-24 11:00:09 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-12-24 11:00:08 ----A---- C:\WINDOWS\system32\spider.exe
2008-12-24 11:00:08 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-12-24 11:00:08 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-12-24 11:00:07 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-12-24 11:00:07 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-12-24 11:00:07 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-12-24 11:00:07 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-12-24 11:00:07 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-12-24 11:00:07 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-12-24 11:00:07 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-12-24 11:00:07 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-12-24 11:00:06 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-12-24 11:00:06 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-12-24 11:00:06 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-12-24 11:00:06 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-12-24 11:00:06 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-12-24 11:00:06 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-12-24 11:00:06 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-12-24 11:00:06 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-12-24 11:00:06 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-12-24 11:00:05 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-12-24 11:00:05 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-12-24 11:00:05 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-12-24 11:00:05 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-12-24 11:00:05 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-12-24 11:00:05 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-12-24 11:00:04 ----A---- C:\WINDOWS\system32\colbact.dll
2008-12-24 11:00:04 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-12-24 11:00:04 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-12-24 11:00:03 ----A---- C:\WINDOWS\system32\comuid.dll
2008-12-24 11:00:03 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-12-24 11:00:03 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-12-24 11:00:03 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-12-24 11:00:02 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-12-24 10:59:57 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-12-24 10:59:57 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-12-24 10:59:56 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-12-24 10:59:56 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-12-24 10:58:59 ----A---- C:\WINDOWS\system32\h323log.txt
2008-12-24 10:53:34 ----A---- C:\WINDOWS\imsins.BAK
2008-12-24 10:53:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-24 10:53:29 ----A---- C:\WINDOWS\ODBCINST.INI
2008-12-24 10:53:14 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-12-24 10:53:14 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-12-24 10:53:12 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2008-12-24 10:53:11 ----A---- C:\WINDOWS\system32\storprop.dll
2008-12-24 10:53:03 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2008-12-24 10:52:59 ----RA---- C:\WINDOWS\SET8.tmp
2008-12-24 10:52:57 ----RA---- C:\WINDOWS\SET4.tmp
2008-12-24 10:52:55 ----RA---- C:\WINDOWS\SET3.tmp
2008-12-24 10:52:45 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-12-24 10:52:28 ----A---- C:\WINDOWS\setuplog.txt
2008-12-24 10:47:39 ----D---- C:\WINDOWS\nldrv
2008-12-21 15:49:57 ----D---- C:\Program Files\abrViewer.NET
2008-12-21 14:57:38 ----D---- C:\Program Files\WinZip
2008-12-18 10:13:45 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-18 10:12:04 ----D---- C:\Program Files\AskTBar
2008-12-13 10:01:02 ----D---- C:\Program Files\High-Logic
2008-12-13 08:21:43 ----D---- C:\Program Files\FontExpert
2008-12-13 08:16:55 ----D---- C:\WINDOWS\Minidump
2008-12-13 07:49:06 ----D---- C:\Program Files\Photoshop
2008-12-13 07:36:25 ----D---- C:\Program Files\onOne Software
2008-12-07 14:59:24 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-07 12:57:08 ----D---- C:\Program Files\WinRAR
2008-12-03 16:14:15 ----D---- C:\Program Files\MSXML 4.0
2008-12-03 13:10:11 ----D---- C:\Program Files\eMule
2008-12-03 07:21:04 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-03 06:52:54 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-01 11:35:44 ----D---- C:\Program Files\DNA
2008-12-01 11:35:44 ----D---- C:\Program Files\BitTorrent
2008-12-01 11:35:37 ----D---- C:\Program Files\Mozilla Firefox
2008-12-01 11:35:37 ----D---- C:\Program Files\AskSearch
2008-11-30 13:08:45 ----D---- C:\Program Files\EPSON
2008-11-29 07:54:13 ----D---- C:\Program Files\Jasc Software Inc
2008-11-29 07:53:43 ----D---- C:\Program Files\Fichiers communs\SWF Studio
2008-11-22 13:04:16 ----D---- C:\Program Files\Hemera Photo-Objects 50,000
2008-11-22 10:21:51 ----D---- C:\Program Files\Art Explosion
2008-11-22 10:13:07 ----D---- C:\WINDOWS\MetaTools
2008-11-22 10:12:59 ----D---- C:\Program Files\Kai's Photo Soap SE
2008-11-18 15:56:59 ----D---- C:\WINDOWS\Cache

======List of files/folders modified in the last 2 months======

2009-01-14 11:31:23 ----RD---- C:\Program Files
2009-01-14 11:29:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-14 11:01:24 ----D---- C:\WINDOWS\Temp
2009-01-14 11:01:18 ----D---- C:\WINDOWS
2009-01-14 10:16:28 ----HD---- C:\WINDOWS\inf
2009-01-14 10:11:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 10:07:12 ----D---- C:\WINDOWS\system32
2009-01-14 10:01:08 ----HD---- C:\WINDOWS\system32\drivers
2009-01-14 08:26:59 ----SH---- C:\boot.ini
2009-01-14 08:26:59 ----A---- C:\WINDOWS\win.ini
2009-01-14 08:26:59 ----A---- C:\WINDOWS\system.ini
2009-01-13 13:17:08 ----RSD---- C:\WINDOWS\Fonts
2009-01-13 08:46:07 ----SHD---- C:\WINDOWS\Installer
2009-01-11 03:00:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-06 16:52:03 ----D---- C:\WINDOWS\system
2009-01-06 16:52:03 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-01-06 16:43:07 ----D---- C:\WINDOWS\Help
2009-01-06 16:27:23 ----HD---- C:\WINDOWS\ShellNew
2009-01-04 16:42:54 ----D---- C:\WINDOWS\Debug
2009-01-04 16:40:57 ----D---- C:\Program Files\Windows Media Player
2009-01-04 16:40:57 ----D---- C:\Program Files\Movie Maker
2009-01-04 11:29:01 ----D---- C:\Program Files\Fichiers communs
2009-01-04 10:50:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-03 15:38:00 ----D---- C:\WINDOWS\twain_32
2009-01-03 06:55:48 ----A---- C:\WINDOWS\system32\uxtheme.dll
2008-12-31 12:06:21 ----D---- C:\Documents and Settings
2008-12-30 08:42:52 ----D---- C:\WINDOWS\system32\DirectX
2008-12-30 08:22:36 ----D---- C:\Program Files\Outlook Express
2008-12-30 08:22:36 ----D---- C:\Program Files\Internet Explorer
2008-12-30 08:22:34 ----D---- C:\WINDOWS\system32\usmt
2008-12-30 08:16:32 ----D---- C:\WINDOWS\Cursors
2008-12-30 08:16:26 ----D---- C:\WINDOWS\Media
2008-12-27 17:03:32 ----D---- C:\Program Files\Messenger
2008-12-25 08:08:18 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-24 13:41:29 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-12-24 13:39:27 ----D---- C:\WINDOWS\Adobe Illustrator CS
2008-12-24 13:29:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-24 13:28:41 ----D---- C:\Program Files\Modem Helper
2008-12-24 13:14:24 ----D---- C:\WINDOWS\WinSxS
2008-12-24 13:09:18 ----SHD---- C:\RECYCLER
2008-12-24 13:05:40 ----D---- C:\WINDOWS\security
2008-12-24 12:38:03 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-24 12:34:20 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-24 12:33:57 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-24 12:33:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-24 11:52:08 ----D---- C:\WINDOWS\Registration
2008-12-24 11:44:19 ----SHD---- C:\System Volume Information
2008-12-24 11:44:19 ----D---- C:\WINDOWS\system32\Restore
2008-12-24 11:43:50 ----D---- C:\WINDOWS\system32\config
2008-12-24 11:39:48 ----D---- C:\WINDOWS\system32\ias
2008-12-24 11:39:26 ----RD---- C:\WINDOWS\Web
2008-12-24 11:39:08 ----D---- C:\WINDOWS\system32\oobe
2008-12-24 11:38:20 ----D---- C:\WINDOWS\system32\Com
2008-12-24 11:37:55 ----D---- C:\WINDOWS\system32\wbem
2008-12-24 11:30:42 ----D---- C:\WINDOWS\system32\Setup
2008-12-24 11:30:26 ----D---- C:\WINDOWS\AppPatch
2008-12-24 11:30:24 ----D---- C:\WINDOWS\ime
2008-12-24 11:30:24 ----D---- C:\WINDOWS\ehome
2008-12-24 11:30:12 ----D---- C:\WINDOWS\PeerNet
2008-12-24 11:30:00 ----D---- C:\WINDOWS\system32\npp
2008-12-24 11:29:55 ----D---- C:\WINDOWS\msagent
2008-12-24 11:27:30 ----D---- C:\WINDOWS\system32\1036
2008-12-24 11:26:32 ----D---- C:\WINDOWS\system32\icsxml
2008-12-24 11:25:59 ----D---- C:\WINDOWS\system32\1033
2008-12-24 11:25:08 ----D---- C:\WINDOWS\Driver Cache
2008-12-24 11:08:18 ----SD---- C:\WINDOWS\Tasks
2008-12-24 11:04:13 ----D---- C:\WINDOWS\repair
2008-12-24 11:02:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-24 11:02:49 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-24 11:02:26 ----D---- C:\WINDOWS\srchasst
2008-12-24 11:01:37 ----D---- C:\Program Files\NetMeeting
2008-12-24 11:01:34 ----D---- C:\Program Files\Fichiers communs\System
2008-12-24 11:00:42 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-24 11:00:09 ----D---- C:\Program Files\Windows NT
2008-12-24 10:49:08 ----D---- C:\WINDOWS\system32\ras
2008-12-24 10:47:39 ----D---- C:\WINDOWS\system32\vmm32
2008-12-17 08:53:17 ----HD---- C:\Program Files\WindowsUpdate
2008-12-17 08:33:39 ----D---- C:\WINDOWS\java
2008-12-17 08:31:36 ----D---- C:\Program Files\MSN
2008-12-12 17:35:12 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-07 14:59:15 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2008-11-30 13:21:41 ----D---- C:\PluginCommanderLight
2008-11-30 11:50:03 ----D---- C:\DELL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 GT681x;%GrandTechICNameNT%; C:\WINDOWS\system32\DRIVERS\GT681x.SYS [2001-08-27 18120]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-07-21 1095968]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 cvspydr2;ColorVision Spyder 2; C:\WINDOWS\system32\DRIVERS\cvspydr2.sys [2002-04-02 33024]
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-24 152984]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [2006-06-12 180224]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe /service []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-23 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3 {fr_FR} ; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-10 654848]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 bdss;BitDefender Scan Server; C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe /service []
S4 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2009-01-14 462848]
S4 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe /service []

-----------------EOF-----------------
0
Réponse 9 / 20
Utilisateur anonyme
14 janv. 2009 à 12:14
j'attends les rapports de virustotal

ensuite relance findykill option 2 stp
0
Réponse 10 / 20
drsniper
14 janv. 2009 à 12:54
jai pas u de raport ces fichier je lai suprime se cont des generateur de clé ces tout jai deja suprime ces fichier
0
Réponse 11 / 20
drsniper
14 janv. 2009 à 12:54
jai pas u de raport ces fichier je lai suprime se sont des generateur de clé ces tout jai deja suprime ces fichier
0
Réponse 12 / 20
Utilisateur anonyme
14 janv. 2009 à 13:01
bien relance findykill option 2 stp
0
Réponse 13 / 20
drsniper
14 janv. 2009 à 13:07
merci je vais le faire
0
Réponse 14 / 20
Utilisateur anonyme
14 janv. 2009 à 13:09
vide toutes tes quarantaines aussi
0
Réponse 15 / 20
drsniper
14 janv. 2009 à 13:22
----------------- FindyKill V4.711 ------------------

* User : yasine - DELL
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 13:10:13 the 14/01/2009
* Windows XP - Internet Explorer 6.0.2900.2180


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\WINDOWS


»»»» Supression files in C:\WINDOWS\Prefetch


»»»» Supression files in C:\WINDOWS\system32


»»»» Supression files in C:\WINDOWS\system32\drivers


»»»» Supression files in C:\Documents and Settings\yasine\Application Data


»»»» Supression files in C:\DOCUME~1\yasine\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[1].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[3].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[4].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\ffl[5].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\05UNKXYR\mxd[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_3[3].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\ffl[1].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\49QBO5EV\ffl[2].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[3].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_2[4].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_3[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_5[2].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\b64_5[3].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[1].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[2].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[3].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[4].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\ffl[5].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\file[1].txt
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\KH6NOXUR\mxd[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64_2[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64_3[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\b64_5[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[1].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[2].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[3].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\ffl[4].htm
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\mxd[1].jpg
Deleted ! - C:\Documents and Settings\yasine\Local Settings\Temporary Internet Files\Content.IE5\SPMR85EB\servernames2[1].htm

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

H: - Lecteur amovible


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------

Suspect ! - 655f6629198c99d8285f9a8767fda983 C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe
Suspect ! - 655f6629198c99d8285f9a8767fda983 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen (2).lnk
C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen.lnk
C:\Documents and Settings\yasine\Recent\keygen.lnk


---------------- ! End of report ! ------------------
0
Réponse 16 / 20
Utilisateur anonyme
14 janv. 2009 à 13:30
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen (2).lnk
C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen.lnk
C:\Documents and Settings\yasine\Recent\keygen.lnk
C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 17 / 20
drsniper
14 janv. 2009 à 13:41
01142009_133525.log c le nom du fichier trouve




========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen (2).lnk moved successfully.
C:\Documents and Settings\yasine\Recent\Aaa Logo v1.21 Retail Keygen.lnk moved successfully.
C:\Documents and Settings\yasine\Recent\keygen.lnk moved successfully.
C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe moved successfully.
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\yasine\LOCALS~1\Temp\Acr2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\yasine\LOCALS~1\Temp\Acr3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\yasine\LOCALS~1\Temp\AIVMFile6003334847 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_46c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01142009_133525

Files moved on Reboot...
File C:\DOCUME~1\yasine\LOCALS~1\Temp\Acr2.tmp not found!
File C:\DOCUME~1\yasine\LOCALS~1\Temp\Acr3.tmp not found!
File C:\DOCUME~1\yasine\LOCALS~1\Temp\AIVMFile6003334847 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_46c.dat not found!
0
Réponse 18 / 20
Utilisateur anonyme
14 janv. 2009 à 13:48
relance rsit s il te plait
0
Réponse 19 / 20
drsniper
14 janv. 2009 à 13:57
Logfile of random's system information tool 1.05 (written by random/random)
Run by yasine at 2009-01-14 13:49:33
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 39 GB (49%) free of 80 GB
Total RAM: 1014 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:54, on 14/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\twain_32\L3U16\WATCH.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\yasine\Bureau\RSIT.exe
C:\Program Files\trend micro\yasine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
0
Réponse 20 / 20
Utilisateur anonyme
14 janv. 2009 à 14:07
Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes ( option " recherche " ) puis tape sur [Entrée].

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

( le rapport est en outre sauvegardé ici -> C:\TB.txt )
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses