Virus WinTouch au demarrage
galaye
Messages postés
10
Statut
Membre
-
galaye Messages postés 10 Statut Membre -
galaye Messages postés 10 Statut Membre -
BONJOURS à TOUS?
Voilà ,j'ai en fait deux petits problèmes,
***Le premier concerne une ouverture de popup intempestive sous IE affichant des publicités commerciales avec une adresse du genre rond.stardoor.com.
***Le deuxième problème est un programme wintouch.exe qui s'ouvre au démarrage de windows dans une fenêtre Dos (C:\DOCUME~1\GaLaYe\APPLIC~1\WinTouch.exe), je le ferme immédiatement mais cette fenetre même férmée semble causer pas mal de troubles à l'IE (qui fait que de planter et dont la lenteur devien extrement agacante).........
Je joint a ce post le rapport Hijack.
Merci d'avance....................;
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:43:18, on 06/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SVCHOST.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system32\drivers\uzcx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\retadpu420.exe
E:\Program Files\Lecteurs Audio\Itunes\iTunesHelper.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This V.2\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Athan] E:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\Lecteurs Audio\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Program Files\Utilitaires Windows\Norton Anti-Virus 2007\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu420.exe 61A847B5BBF72816309B284503996897C881250221C8670836AC4FA7C88332017491394662EA4EBF968951185EFC412806867680AEC1775663CF781376FB11FD97CB77
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\Lecteurs Audio\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\GaLaYe\Application Data\WinTouch\WinTouch.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: system32 - {F64771C2-FE6F-4314-A759-7E1B97F80691} - sysprinters.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dshnd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Program Files\Utilitaires Windows\Norton Anti-Virus 2007\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
Voilà ,j'ai en fait deux petits problèmes,
***Le premier concerne une ouverture de popup intempestive sous IE affichant des publicités commerciales avec une adresse du genre rond.stardoor.com.
***Le deuxième problème est un programme wintouch.exe qui s'ouvre au démarrage de windows dans une fenêtre Dos (C:\DOCUME~1\GaLaYe\APPLIC~1\WinTouch.exe), je le ferme immédiatement mais cette fenetre même férmée semble causer pas mal de troubles à l'IE (qui fait que de planter et dont la lenteur devien extrement agacante).........
Je joint a ce post le rapport Hijack.
Merci d'avance....................;
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:43:18, on 06/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SVCHOST.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Athan\Athan.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system32\drivers\uzcx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\retadpu420.exe
E:\Program Files\Lecteurs Audio\Itunes\iTunesHelper.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijack This V.2\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Athan] E:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\Lecteurs Audio\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iut75] c:\windows\system32\drivers\uzcx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Program Files\Utilitaires Windows\Norton Anti-Virus 2007\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu420.exe 61A847B5BBF72816309B284503996897C881250221C8670836AC4FA7C88332017491394662EA4EBF968951185EFC412806867680AEC1775663CF781376FB11FD97CB77
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\Lecteurs Audio\Itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\GaLaYe\Application Data\WinTouch\WinTouch.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: system32 - {F64771C2-FE6F-4314-A759-7E1B97F80691} - sysprinters.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AFSEGTGF Windows Service - Unknown owner - C:\WINDOWS\system32\dshnd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Program Files\Utilitaires Windows\Norton Anti-Virus 2007\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
A voir également:
- Virus WinTouch au demarrage
- Ordinateur lent au démarrage - Guide
- Reinitialiser pc au demarrage - Guide
- Forcer demarrage pc - Guide
- Problème démarrage windows 10 - Guide
- Qu'est ce qui se lance au démarrage de l'ordinateur - Guide
4 réponses
Bonjour
Qu'as-tu comme anti-spywares ?
----
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Et
Télécharge lopxp :
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fais un copier-coller du rapport puis mets le ici
Qu'as-tu comme anti-spywares ?
----
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Et
Télécharge lopxp :
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fais un copier-coller du rapport puis mets le ici
Voici le rapport de MSNFix:
C:\PROGRA~1\Bifrost\
C:\PROGRA~1\InetGet2\
C:\PROGRA~1\WinPop\
C:\AVG_BETA\
C:\Install\
C:\oddysee\
C:\Temp\
C:\WINDOWS\_tmp\
C:\WINDOWS\system32\openfile\
C:\WINDOWS\system32\Security\
C:\WINDOWS\system32\service\
C:\WINDOWS\system32\updatelinkmsn\
C:\Documents and Settings\GaLaYe\Application Data\addon.dat
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Antivirus32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ashDisp.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ashServ.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\atimvex.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\atrvmmx.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\bios.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\bsyys.scr
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ccssrss.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\cmd.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Computador.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Diup.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\dll.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\dllvirtual.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\eixdrv.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ExAlien.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\fbguad.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\firefoxx.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Flash.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\GbpSvc.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\HelpDesk.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Hide32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\icpldrvx.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\InstallHelp.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\javaupd.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\javsu.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\juchek.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\jvasu.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\JVM0.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\klpp.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\logon.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\lsssas.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\mdll.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\messengerr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\messenup.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\messgrr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\mjavas.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msm.cmd
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\MSN_MSS.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\MSNENVIA.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msnfile.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msng.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msnmsg.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msnmsgr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\My_Love.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Ndtstat.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\norton32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ntvvm.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\pdvsym.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\qtapp.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\regfixxsx.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\registtry.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\remote.cmd
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\repara_ae.bat
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Rg2catbd.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\rundl32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\rxnetq.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\smss.scr
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchost.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchostss.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svhost.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\sxrork.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\sxrsym.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\system32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\task.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\taskmgrrr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Tasks.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\udll.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\voieup.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\voiork.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wepaint.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Win XP.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Windows Update.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Windows32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\windowsupdate.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Winhost.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\winupdbc.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\WMedPlayer.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wrdmgr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wrloginpro.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wsnctfy.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wuaucltt.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ying.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\yong.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ZaZ.exe
C:\PROGRA~1\FICHIE~1\Microsoft Shared\DAO\svchost.exe
C:\PROGRA~1\FICHIE~1\tmp.scr
C:\DOCUME~1\GaLaYe\LOCALS~1\APPLIC~1\addon.dat
C:\PROGRA~1\\WinPop\winpop.exe.lzma
C:\PROGRA~1\a.txt
C:\PROGRA~1\Ajuda.exe
C:\PROGRA~1\Amor.exe
C:\PROGRA~1\Bifrost\klog.dat
C:\PROGRA~1\Bifrost\server.exe
C:\PROGRA~1\Bifrost\sys32.exe
C:\PROGRA~1\Cica.exe
C:\PROGRA~1\dll.exe
C:\PROGRA~1\dllvirtual.exe
C:\PROGRA~1\dllwin.exe
C:\PROGRA~1\ExAlien.exe
C:\PROGRA~1\Favoritos.exe
C:\PROGRA~1\fer.exe
C:\PROGRA~1\Flash.exe
C:\PROGRA~1\GbPlugin\\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\GbpSvc.exe
C:\PROGRA~1\GbPlugin\mdll.exe
C:\PROGRA~1\GbPlugin\msng.exe
C:\PROGRA~1\GbPlugin\Ndtstat.exe
C:\PROGRA~1\GbPlugin\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\udll.exe
C:\PROGRA~1\GbPlugin\yong.exe
C:\PROGRA~1\GbpSvc.exe
C:\PROGRA~1\help.exe
C:\PROGRA~1\HelpDesk.exe
C:\PROGRA~1\icpldrvx.exe
C:\PROGRA~1\ildredr.exe
C:\PROGRA~1\inetget2\installeur.exe
C:\PROGRA~1\InetGet2\Installeur.exe
C:\PROGRA~1\Internet Explorer\bb.exe
C:\PROGRA~1\Internet Explorer\desc.exe
C:\PROGRA~1\Internet Explorer\realplayerp.exe
C:\PROGRA~1\klog.dat
C:\PROGRA~1\login.scr
C:\PROGRA~1\Logun.exe
C:\PROGRA~1\mdll.exe
C:\PROGRA~1\messenger.exe
C:\PROGRA~1\Messenger\msmsg.exe
C:\PROGRA~1\Messenger\Msnmsgr.exe
C:\PROGRA~1\Microsoft Studio Files\Winlsass32.exe
C:\PROGRA~1\Microsoft\svhost32.exe
C:\PROGRA~1\Movie Maker\ja_era_hehe.exe
C:\PROGRA~1\MSN Messenger Guiños
C:\PROGRA~1\MSN Messenger Guiños\instalar guiños.exe
C:\PROGRA~1\MSN Messenger\instalar guiños.exe
C:\PROGRA~1\msng.exe
C:\PROGRA~1\msnmsg.exe
C:\PROGRA~1\My_Love.exe
C:\PROGRA~1\Ndtstat.exe
C:\PROGRA~1\orkut.scr
C:\PROGRA~1\outlook express\express.exe
C:\PROGRA~1\Outlook Express\inyourface.exe
C:\PROGRA~1\Outlook Express\OutlookEx.exe
C:\PROGRA~1\Perfect.exe
C:\PROGRA~1\photopaint.exe
C:\PROGRA~1\Real.dll
C:\PROGRA~1\regedti.exe
C:\PROGRA~1\Remove.exe
C:\PROGRA~1\Rg2catbd.exe
C:\PROGRA~1\rm.exe
C:\PROGRA~1\smss.exe
C:\PROGRA~1\SOUND.exe
C:\PROGRA~1\spiider.exe
C:\PROGRA~1\System\CDRom.exe
C:\PROGRA~1\System\Flash.exe
C:\PROGRA~1\System\Windows32.exe
C:\PROGRA~1\Tasks.exe
C:\PROGRA~1\udll.exe
C:\PROGRA~1\update.exe
C:\PROGRA~1\VTTimers.exe
C:\PROGRA~1\Widows.exe
C:\PROGRA~1\Windows32.exe
C:\PROGRA~1\winINI.exe
C:\PROGRA~1\winpop\uninstall.exe
C:\PROGRA~1\WinPop\UnInstall.exe
C:\PROGRA~1\WinPop\UnInstall.exe.lzma
C:\PROGRA~1\winpop\winpop.exe
C:\PROGRA~1\WinPop\winpop.exe.lzma
C:\PROGRA~1\Wm2emt.exe
C:\PROGRA~1\wmplay.exe
C:\PROGRA~1\yong.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ashDisp.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ashServ.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\avgccc.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\bios.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\bsyys.scr
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ccssrss.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\cmd.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Computador.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\dll.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\eixdrv.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ExAlien.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\fbguad.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\firefoxx.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Flash.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\InstallHelp.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\javsu.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\juchek.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\klpp.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\logon.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\lsssas.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\messengerr.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\messgrr.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\msm.cmd
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\msnmsgr.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\My_Love.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\norton32.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ntvvm.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\pdvsym.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\qtapp.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\qupdate.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\regfixxsx.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\registtry.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\remote.cmd
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\repara_ae.bat
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\rundl32.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\rxnetq.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\smss.scr
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\svchost.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\svchostss.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\svhost.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\sxrork.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\sxrsym.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\system32.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\task.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\taskmgrrr.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Tasks.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\voieup.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\voiork.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\wepaint.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Win XP.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Windows Update.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Windows32.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\windowsupdate.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Winhost.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\winupdbc.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\WMedPlayer.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\wrloginpro.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\wuaucltt.exe
C:\Amigos.exe
C:\amor.exe
C:\animacao.scr
C:\auto1.exe
C:\auto2.exe
C:\auto3.exe
C:\AVG\Tools\csrss.scr
C:\AVG\Tools\svchost.exe
C:\AVG\Tools\taskmgr.exe
C:\AVG_BETA\DB\arquivo.txt
C:\AVG_BETA\Tools\csrss.scr
C:\AVG_BETA\Tools\msnmsgr.exe
C:\bedroom-thongs.pif
C:\cartao.scr
C:\claro.exe
C:\cmd.exe
C:\Conf\msm.cmd
C:\Conf\msmFF.cmd
C:\Conf\msmho.cmd
C:\Conf\ork.cmd
C:\contato.exe
C:\csrs.txt
C:\DB\arquivo.txt
C:\dllwin.exe
C:\download1591.exe
C:\emai.exe
C:\Enviado.123
C:\fFa4vV0rR170S5S2.exe
C:\File.exe
C:\foto.exe
C:\Foto_celular.scr
C:\Foto_celular.zip
C:\fotos_posse.zip
C:\Hot.pif
C:\hptzb02.exe
C:\hy.exe
C:\icone.exe
C:\IE.exe
C:\ierro.exe
C:\iexplorer.exe
C:\instalador de guiños y emoticonos.exe
C:\Install\Ghost.exe
C:\Install\install.exe
C:\Install_Messenger.exe
C:\inupdbc.exe
C:\Isass.scr
C:\jshxw.exe
C:\kl.exe
C:\lauro.exe
C:\Lista.txt
C:\LMAO.pif
C:\log.txt
C:\LOL.scr
C:\lsass.exe
C:\Mensagem.exe
C:\messenger.exe
C:\Microsoft.exe
C:\mis contactos.txt
C:\Mis imágenes\yo_posse_007.jpg.exe
C:\msn.exe
C:\MSN_Update1
C:\msnmsg.exe
C:\msnmsgr.exe
C:\msnmsnr.scr
C:\MSNWA.exe
C:\naked_drunk.pif
C:\new_webcam.pif
C:\NOD\Tools\csrss.exe
C:\NOD\Tools\csrss.scr
C:\NOD\Tools\explorer.exe
C:\NOD\Tools\msnmsgr.exe
C:\NOD\Tools\smss.exe
C:\NOD\Tools\svchost.exe
C:\NOD\Tools\taskmgr.exe
C:\NOD\Tools\winlogon.exe
C:\NOD_Firewall
C:\Norton -2006
C:\Norton -2007
C:\Norton -Beta
C:\orkut.exe
C:\orkut.scr
C:\PastaImagens.exe
C:\raizw.exe
C:\RECYCLER\msnservice.exe
C:\RemotoMSN.txt
C:\ROFL.pif
C:\sadan.avi.exe
C:\server.exe
C:\servico.exe
C:\show.exe
C:\SOUND32.exe
C:\start.bat
C:\SVCH0STll.exe
C:\svchost.exe
C:\svchost.scr
C:\svchost32.exe
C:\Svchosts.exe
C:\sys.txt
C:\syssryh.exe
C:\system.exe
C:\System\iexplore.exe
C:\System\plugin.exe
C:\system1591.exe
C:\system1691.exe
C:\system1791.exe
C:\system2525.exe
C:\system32.exe
C:\tim.exe
C:\Tools\csrss.scr
C:\underware.pif
C:\up.exe
C:\update.exe
C:\updt.exe
C:\video.exe
C:\Webcam.pif
C:\windebug.log
C:\Windows Messeger.exe
C:\Windows Messenger.exe
C:\windows.cmd
C:\winfgt.exe
C:\winlogin.exe
C:\WINNT\ScktSrvr.exe
C:\WINNT\system\kl.dll
C:\WINNT\system\msmsgs.exe
C:\WINNT\system\msn.dat
C:\WINNT\system\msn.dll
C:\WINNT\system\smsc.exe
C:\WINNT\system\svchost.dat
C:\WINNT\system\xsmith.scr
C:\winptz.exe
C:\winupdaet.exe
C:\winupdate128.exe
C:\winupdate32.exe
C:\Winupdbc.exe
C:\winuping.exe
C:\winvrc.exe
C:\winvrc.exe
C:\winXP.exe
C:\x.exe
C:\Xerr0.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\2238.EXE
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\800_zip_dump.scr
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\activ.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\ADF.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\allgg.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\anjinhos.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\bifrost.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\carinhos.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\ccAApp.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\csrss.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\firefoxx.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\fotos.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\g0ld.com
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\hkxqwfui.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\ibguardr.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\jjusched.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\llsaass.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\load.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\logs.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\lsasss.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\mensagem.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\msnclient.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\Photo.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\pork.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\realsched.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\RTHDCPL.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\second.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\server.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\serverivy.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\services.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\sistema32.com
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\spoolsv.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\svcchhost.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\svchost.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\tosvid45.vxd
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\tosvid45.vxd
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\Update.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\win.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\winamp.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\winnttemp100mr\wmplayers.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\wuaucltt.exe
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\addon.dat
C:\WINDOWS\ c8iu3h.log
C:\WINDOWS\ msmsgr.exe
C:\WINDOWS\ vpgr.exe
C:\WINDOWS\ wmeiuht.exe
C:\WINDOWS\system32\zser.exe
RAPPORT DE LOPXP:
Rapport lopxpMH2 version 2.0 fait à 11:52:17,75 le 06/07/2007
C:\Documents and Settings\GaLaYe\Bureau
******************************************
## Répertoires Application Data
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\All Users\Application Data
17/06/2007 13:24 <REP> .
17/06/2007 13:24 <REP> ..
03/07/2007 13:29 <REP> Apple
17/06/2007 12:09 <REP> Apple Computer
17/06/2007 16:00 <REP> Google
17/06/2007 15:59 <REP> Google Updater
17/06/2007 13:24 <REP> Microsoft
17/06/2007 23:16 <REP> Nero
17/06/2007 23:56 <REP> Skype
17/06/2007 11:57 <REP> Symantec
19/06/2007 18:55 <REP> TEMP
05/07/2007 20:23 <REP> WindowsLiveInstaller
05/07/2007 20:23 <REP> WLInstaller
17/06/2007 13:25 62 desktop.ini
1 fichier(s) 62 octets
13 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\Default User\Application Data
17/06/2007 13:24 <REP> .
17/06/2007 13:24 <REP> ..
17/06/2007 13:24 <REP> Microsoft
17/06/2007 13:25 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data
17/06/2007 13:25 <REP> .
17/06/2007 13:25 <REP> ..
17/06/2007 11:42 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\GaLaYe\Application Data
17/06/2007 11:48 <REP> .
17/06/2007 11:48 <REP> ..
17/06/2007 15:02 <REP> Adobe
17/06/2007 23:22 <REP> Ahead
23/06/2007 01:49 <REP> Apple Computer
17/06/2007 17:04 <REP> Azureus
17/06/2007 16:00 <REP> Google
17/06/2007 11:49 <REP> Identities
02/07/2007 15:22 <REP> LimeWire
17/06/2007 18:31 <REP> Macromedia
17/06/2007 11:48 <REP> Microsoft
17/06/2007 20:36 <REP> Publish Providers
29/06/2007 23:20 <REP> Real
17/06/2007 23:58 <REP> Skype
17/06/2007 20:35 <REP> Sony
17/06/2007 20:18 <REP> Sony Setup
05/07/2007 20:52 <REP> WinTouch
17/06/2007 11:48 62 desktop.ini
1 fichier(s) 62 octets
17 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\GaLaYe\Local Settings\Application Data
17/06/2007 11:48 <REP> .
17/06/2007 11:48 <REP> ..
17/06/2007 23:49 <REP> Ahead
23/06/2007 01:49 <REP> Apple Computer
17/06/2007 16:00 <REP> Google
18/06/2007 15:09 <REP> Identities
17/06/2007 11:48 <REP> Microsoft
17/06/2007 20:36 <REP> Native Instruments
17/06/2007 20:35 <REP> Sony
17/06/2007 18:32 15 872 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
17/06/2007 14:51 16 568 GDIPFONTCACHEV1.DAT
30/06/2007 21:40 6 412 254 IconCache.db
3 fichier(s) 6 444 694 octets
9 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\LocalService\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
20/06/2007 16:57 <REP> Google
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
20/06/2007 16:57 <REP> Google
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\NetworkService\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data
17/06/2007 11:46 <REP> .
17/06/2007 11:46 <REP> ..
17/06/2007 11:46 <REP> Microsoft
17/06/2007 11:46 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
17/06/2007 11:46 <REP> .
17/06/2007 11:46 <REP> ..
17/06/2007 11:46 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 605 146 624 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
<ò!àºI¹xGo½tÔ§F ê <
s ˆ! : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - T a s k S Y S T E M € 0 ×
C:\WINDOWS\Tasks\At1.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × .Á ’RžûÌ£ZÇyŒiìPŸ ªfw0# ¼Ùu@‹³vÖ ùdA…á°°á·¶ÝÖØm൙æYáù½ƒ`%J
C:\WINDOWS\Tasks\At10.job
hOQ² DK $s¥wP"üF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × G"Á)¶4Ïfh>#eJT
Vd %Šdýe€˜¡ÖkMÔPú&UÝãÄH鋳Ө]è’¸,™o5ôÈëÖЉ»ÎÏ
C:\WINDOWS\Tasks\At11.job
mâÿ›‹¥J³i¹M
4aF ä <
! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 ×
ÊHÜ>§'èÓ¬TöÑ‹xGN³.{ûwÑ)UäÉÀÞóææ{UÞÝi8 [¡0wDÐ"Êa¼Zow*H
C:\WINDOWS\Tasks\At12.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ½v—wÊáÞäm…Ï»6tvwÓ¹¦ŒC¯üþxQ'£ Å%n‹}#€¼›•Š8Nƒ¹f ¦rcè!+ˆ
C:\WINDOWS\Tasks\At13.job
Ë'òG¾ó!C¬ðÎF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × Úw.´çþópµœþ=œ»Øu"kžÒkL…àßJGÑÞ—G±~¯¯ µY·`RÍSû¨6ˆ·¹8¿Ç8ÿÈ5`$
C:\WINDOWS\Tasks\At14.job
žCBÊ’OŽÊ•~« NF ä <
s ¨!×
! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 ×
ÒE¢ÊE¥Šã.]leß;^Xí ‰óY?u ß%óîÔ òÞô-Äc^t¿ÿ²; ¿: ±ÎXZX
C:\WINDOWS\Tasks\At15.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × lþ7ùŽøÐäŽÍ‡p0·zƒðè]Aª™¼–ô(«\!¦1
&WK±ks7ý Lrç5£¾´ë‚?»z
C:\WINDOWS\Tasks\At16.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ´˜–,ÖˆÑ>þúµ°e4@^Q’êû½zËm«n|7lKÞ©y:‰`¶.1ùÔØ”…eXoìÛ=úá)¾
C:\WINDOWS\Tasks\At17.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × \¸ þί
PVg”Î10ѺËNÅöì4n6ËN‹7¬&\åY\ÐUl®Iƒ^Và)Æ>Š3fåÚôU«Â³
C:\WINDOWS\Tasks\At18.job
¸¥òÀÈYJœÝÖfIˆbF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ¦2‹kGv$`Ir«Û2Û~S¢<]Gî¦9v
àâ„9+÷í2ÝÕm'ÅAÕii¦®gØl™tàÍ25e¯½½
C:\WINDOWS\Tasks\At19.job
@Tðù‰·zE…{Á LÉä%F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ývä )ë`g?€Š§ž•?ì~W·(”sl†¦N\é71W`ZBtzB$oRÕ‚Ÿ]•t(-f^h b<
C:\WINDOWS\Tasks\At2.job
Rapport lopxpMH2 version 2.0 fait à 20:06:43,04 le 06/07/2007
C:\Documents and Settings\GaLaYe\Bureau
******************************************
## Répertoires Application Data
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\All Users\Application Data
17/06/2007 13:24 <REP> .
17/06/2007 13:24 <REP> ..
03/07/2007 13:29 <REP> Apple
17/06/2007 12:09 <REP> Apple Computer
17/06/2007 16:00 <REP> Google
17/06/2007 15:59 <REP> Google Updater
17/06/2007 13:24 <REP> Microsoft
17/06/2007 23:16 <REP> Nero
17/06/2007 23:56 <REP> Skype
17/06/2007 11:57 <REP> Symantec
19/06/2007 18:55 <REP> TEMP
05/07/2007 20:23 <REP> WindowsLiveInstaller
05/07/2007 20:23 <REP> WLInstaller
17/06/2007 13:25 62 desktop.ini
1 fichier(s) 62 octets
13 Rép(s) 5 607 276 544 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\Default User\Application Data
17/06/2007 13:24 <REP> .
17/06/2007 13:24 <REP> ..
17/06/2007 13:24 <REP> Microsoft
17/06/2007 13:25 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data
17/06/2007 13:25 <REP> .
17/06/2007 13:25 <REP> ..
17/06/2007 11:42 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\GaLaYe\Application Data
17/06/2007 11:48 <REP> .
17/06/2007 11:48 <REP> ..
17/06/2007 15:02 <REP> Adobe
17/06/2007 23:22 <REP> Ahead
23/06/2007 01:49 <REP> Apple Computer
17/06/2007 17:04 <REP> Azureus
17/06/2007 16:00 <REP> Google
17/06/2007 11:49 <REP> Identities
02/07/2007 15:22 <REP> LimeWire
17/06/2007 18:31 <REP> Macromedia
17/06/2007 11:48 <REP> Microsoft
17/06/2007 20:36 <REP> Publish Providers
29/06/2007 23:20 <REP> Real
17/06/2007 23:58 <REP> Skype
17/06/2007 20:35 <REP> Sony
17/06/2007 20:18 <REP> Sony Setup
05/07/2007 20:52 <REP> WinTouch
17/06/2007 11:48 62 desktop.ini
1 fichier(s) 62 octets
17 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\GaLaYe\Local Settings\Application Data
17/06/2007 11:48 <REP> .
17/06/2007 11:48 <REP> ..
17/06/2007 23:49 <REP> Ahead
23/06/2007 01:49 <REP> Apple Computer
17/06/2007 16:00 <REP> Google
18/06/2007 15:09 <REP> Identities
17/06/2007 11:48 <REP> Microsoft
17/06/2007 20:36 <REP> Native Instruments
17/06/2007 20:35 <REP> Sony
17/06/2007 18:32 15 872 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
17/06/2007 14:51 16 568 GDIPFONTCACHEV1.DAT
30/06/2007 21:40 6 412 254 IconCache.db
3 fichier(s) 6 444 694 octets
9 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\LocalService\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
20/06/2007 16:57 <REP> Google
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
20/06/2007 16:57 <REP> Google
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\NetworkService\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 607 268 352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data
17/06/2007 11:46 <REP> .
17/06/2007 11:46 <REP> ..
17/06/2007 11:46 <REP> Microsoft
17/06/2007 11:46 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 5 607 268 352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
17/06/2007 11:46 <REP> .
17/06/2007 11:46 <REP> ..
17/06/2007 11:46 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 607 268 352 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
<ò!àºI¹xGo½tÔ§F ê <
s ˆ! : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - T a s k S Y S T E M € 0 ×
C:\WINDOWS\Tasks\At1.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × .Á ’RžûÌ£ZÇyŒiìPŸ ªfw0# ¼Ùu@‹³vÖ ùdA…á°°á·¶ÝÖØm൙æYáù½ƒ`%J
C:\WINDOWS\Tasks\At10.job
hOQ² DK $s¥wP"üF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × G"Á)¶4Ïfh>#eJT
Vd %Šdýe€˜¡ÖkMÔPú&UÝãÄH鋳Ө]è’¸,™o5ôÈëÖЉ»ÎÏ
C:\WINDOWS\Tasks\At11.job
mâÿ›‹¥J³i¹M
4aF ä <
! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 ×
ÊHÜ>§'èÓ¬TöÑ‹xGN³.{ûwÑ)UäÉÀÞóææ{UÞÝi8 [¡0wDÐ"Êa¼Zow*H
C:\WINDOWS\Tasks\At12.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ½v—wÊáÞäm…Ï»6tvwÓ¹¦ŒC¯üþxQ'£ Å%n‹}#€¼›•Š8Nƒ¹f ¦rcè!+ˆ
C:\WINDOWS\Tasks\At13.job
Ë'òG¾ó!C¬ðÎF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × Úw.´çþópµœþ=œ»Øu"kžÒkL…àßJGÑÞ—G±~¯¯ µY·`RÍSû¨6ˆ·¹8¿Ç8ÿÈ5`$
C:\WINDOWS\Tasks\At14.job
žCBÊ’OŽÊ•~« NF ä <
s ¨!×
! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 ×
ÒE¢ÊE¥Šã.]leß;^Xí ‰óY?u ß%óîÔ òÞô-Äc^t¿ÿ²; ¿: ±ÎXZX
C:\WINDOWS\Tasks\At15.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × lþ7ùŽøÐäŽÍ‡p0·zƒðè]Aª™¼–ô(«\!¦1
&WK±ks7ý Lrç5£¾´ë‚?»z
C:\WINDOWS\Tasks\At16.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ´˜–,ÖˆÑ>þúµ°e4@^Q’êû½zËm«n|7lKÞ©y:‰`¶.1ùÔØ”…eXoìÛ=úá)¾
C:\WINDOWS\Tasks\At17.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × \¸ þί
PVg”Î10ѺËNÅöì4n6ËN‹7¬&\åY\ÐUl®Iƒ^Và)Æ>Š3fåÚôU«Â³
C:\WINDOWS\Tasks\At18.job
¸¥òÀÈYJœÝÖfIˆbF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ¦2‹kGv$`Ir«Û2Û~S¢<]Gî¦9v
àâ„9+÷í2ÝÕm'ÅAÕii¦®gØl™tàÍ25e¯½½
C:\WINDOWS\Tasks\At19.job
@Tðù‰·zE…{Á LÉä%F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ývä )ë`g?€Š§ž•?ì~W·(”sl†¦N\é71W`ZBtzB$oRÕ‚Ÿ]•t(-f^h b<
C:\WINDOWS\Tasks\At2.job
øP ~\CaÀ V’›8F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × 8ÎüÈO~¬DÑËb»½6iÍ…xž[B¦øŠÅ&Hðâd‰"måµq\‹?a,q
GòHËœ)
C:\WINDOWS\Tasks\At20.job
zÁ»š"I˜ ÌQw½çF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ï„ÃY¾µ<³Éà·—‹øçgŒˆÛJ‚YRtœ¿Óƒ×ÀÿÑ5çêp`ˆü8bÚ-_jïÁðå«ûhÃ
C:\WINDOWS\Tasks\At21.job
;7zMn`óL®óÓd[ÙãF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ä»·¾œ:?ŽìÛþb!Ö†!kúš³ÿ+x™dïjö’·Ã…ØÓ¬^õ}<ÒØúW hÖ0‘,ÔÊ<-¿
C:\WINDOWS\Tasks\At22.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × @˜t0Uïoí¹HÍ¢7¬ïÞè c)Ä`I¥ƒê
~䡃ëñK|\V$¨È_€¡Í˜° éwý l
C:\WINDOWS\Tasks\At23.job
§Y‹‘¦çK±Ý\C&ÇÙ;F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × `lSTØeäÀ7’|äL%Ó ".ÏŒJ¿ò¥cå!c{ðtüyyÖ‚Ì¡€öm³6jo¦ã9H¬j°m¢$S¯|
C:\WINDOWS\Tasks\At24.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × :ø1!ùØðªæ”ö’”lµ*?ò“” „a™Ç<¦Ö`ì ˆ<¹-fËõˆûˆ±@ÃYê
ÙÃþüHŠb埊
C:\WINDOWS\Tasks\At25.job
s !× Þ ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Ïü+¨[föm 4šà¾æ¯éiùwB(ijD;þu±»u
$PŽW2
C:\WINDOWS\Tasks\At26.job
µkÃâ®M‡¿ý<d5LóF ä <
s !× Ô ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × éú¦ÆÎn9³so¶ÐÖñQ†î41ƒzARÞ†±þ÷ÚÖ9øñ}C“Âma„š<Óã“{HκŸS˜*˜ˆ\
C:\WINDOWS\Tasks\At27.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × `J!23å,q“:ï,8Ü`‹mh)k°žtù~—7SµŽÁo4g¾a#B‡‰ÏW:kyƒ¥ö`dêÞã
C:\WINDOWS\Tasks\At28.job
7ðÜËÐH¤°øI½›ÎF ä <
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ¦ˆˆŠ “?eðC ž˜ëܦ•Œ£Ý2o͸ÐèØMüOŒÊÀGçEÄ `D KƒÔ-søó—‹KÈ;LO
C:\WINDOWS\Tasks\At29.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × . L¸”Õ³3‡R·«V/ÇÙô þ‰Íx˜Â‘ô— jþèÈEìaTŽ‰¶5 Œú5µÍöxèÛ@-g
C:\WINDOWS\Tasks\At3.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ãü*kát<±w’zK¡¨³¦Ä»Ð®e= Th³Û¡î‹ÞñBI2„"Bìýå!WtýD«ì•æ²»yY*
C:\WINDOWS\Tasks\At30.job
¬ŸÄ€7óL³åýægÍF ä <
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Þ²cJýŒ&X²ÂžŒ¨›‘vD@.šVv|Çï#ÄÝNÅÀ—e2*vÀÛ§*HªOÑã@Üð·‹)ù¦ö•g
C:\WINDOWS\Tasks\At31.job
ÚònÒ©ÄA¼™Ÿ¼:ùþBF ä <
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Y” éx,g¤ÐÍgF˜oW¨=Ø¿F¡Ô'V½¾ob)xtÑPaæÙ£Ç4ñTß»É.’ ŸE¨r!Mþ”G›
C:\WINDOWS\Tasks\At32.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ±‰<뎇PÑ2f;ÒA<
úˆ±ó·œm»0ß6AØós]Õc.äA¬rœ¡EÈáÆW9ž™ñ¨©¶Z¶ë6úv
C:\WINDOWS\Tasks\At33.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × OÂRXöôܵÀ ýõüïÝGu³D¦”ð>IÆÜKíKTðïóbsWx~|`úã½!7d'Ýên:ÂÑ5A6µ
C:\WINDOWS\Tasks\At34.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ¨Äù$/í¼âÒ…‚ÂË^°ÌuYjÖAfOJVÙJ °Ø;ÕÆÍÆ¿Dß‚dÇô GV$S•{óuº
C:\WINDOWS\Tasks\At35.job
ŒÕß3
¯—I«ï-fÂ:ãF ä <
> ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 ×
³@íGýqNR— }³Y˜l ~6Â
ý“B
Ú\v‰ê¯ÂS«(í"uç` b+ÄaØ·Ò|NdÔ˜$E
C:\WINDOWS\Tasks\At36.job
Cf¹õþA‘1 ªpmì³F ä <
s !× N ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × 9ðùìLq¾ÚPé~ѨFR+¹Kz¤`$w9`ŠüaÜØ[7Cm]î/à'HzT=WÞ¸KÕ ¥c¡ù¢óç÷Ñ
C:\WINDOWS\Tasks\At37.job
s !× . ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ë8“W‡¡¡ÝÅ$«gø7 `ãîGu9ÂaEefxò)sÄ<WÈ
æ_™™@3{Û·1¦‹|“GWô!&«
C:\WINDOWS\Tasks\At38.job
s !×
! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 ×
¯uf_¢¡!ÙË’bÕ„–kà
ÎXà:Ûâ)㻲9
}*iËc›¤r6øν»Vë÷?_
oUnœ–Z¡¹Š
C:\WINDOWS\Tasks\At39.job
2R#.&¦'CØ×JC>±µF ä <
s !× » ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × þ?7C¥öð<ÓØE;ôÕtJ .Xd´ÐŽÃͨãH@§û·PÈqûþ±¥Úß{üHFþ?šD¡n;µ
C:\WINDOWS\Tasks\At4.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × v-,âƃ‰¨™ûÙ C|E@6 m6±÷ÄoÖ·:Ñ
C:\WINDOWS\Tasks\At40.job
~òea<ÅÑMΧX>n°F ä <
s !× « ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × 4UõZÌi–ør&S˜ãh©<v+ºtìÜ•+y1³Ei‰0DÐÑÒ‹Ÿ¬AFRoÂ2d3´®=BðîÍz¬
C:\WINDOWS\Tasks\At41.job
ú ‚ÅFžA9–š´F ä <
s !× Ú ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Ò ÙèQ[Æøo<Ž¹áfÀmjä*;v÷–rª¿%ðËË«ÚŠQIÏ2‡
ý´lpæð.Š(z–£¥Ð*<=„#Y
C:\WINDOWS\Tasks\At42.job
7©ÑÓ©ÔF°P÷x9ñëF ä <
s !× . ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × HºqeÀÑ å÷+©¢àÛß)亮‘M›Z£$ëaL¤§Ì·-Õ£:©éfÏgÿð~8cõQÛ{+ò¦RXD
C:\WINDOWS\Tasks\At43.job
C¨Ç]°I¬<ߥÏÁØF ä <
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ãÍŽ Û¡ãVÀè–扞:”Ù~W?r}œÇ×mvkLÚ-$y&Â4^C°m:Å=æbŸI!ìJyç$ŸK¡Šžƒ
C:\WINDOWS\Tasks\At44.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × µ1Žä)Š¦gZœAäN(@96àí÷ÄAhÑETíX[§¾Ì«e£áØëÕ«îùÿáòZú…TX¥
C:\WINDOWS\Tasks\At45.job
s !× C ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Á®¨”©øÕ&`y¢Ù,ÀŠHêK®ßñ>Ÿ©¨NÞ‚¿®ÉcN°²ìÆÿx¥à6™_T
C:\WINDOWS\Tasks\At46.job
s !× œ ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × $´ ,Rš¥íÌÔÿHÇä÷gBØtÎ\¹Gaµ‘—BÐöŸ,v$Êö ÁXÁùÆÍÆˬ²½Ý™B¸D
C:\WINDOWS\Tasks\At47.job
aÐ/[!ÚD”±Ã%q%Œ)F ä <
s !× Ú ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ùÞàÞ4¾2¸M%UG`@\»Žå~ ÿr FŸ6a]WS9Çh¿tÑÀ«‹¥"aÂZ’ga¡Ži”t_v¡
C:\WINDOWS\Tasks\At48.job
¶¤Ù'l@,Ž“Êñ4óF ä <
s !× Ë ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Jö¨–¬¢O¦ÝÁþQ³”
óŸ"^ŒV†œïIlX´Ì§K
Uü85¶3^‡x¢%ÝÛ¸E8($*ŒCð–
C:\WINDOWS\Tasks\At5.job
aâf&NBA°Z€šíÂF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ¬§”Ä2D+AÜX_÷äôÊCÒ÷_„”¶ÞUa°UíÙ× É®5 {ÃPÄcíî˜ ¿K» Ák¸*
C:\WINDOWS\Tasks\At6.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × N?ñ&ýÒ¡èkØœ\x°IÄ{y’r0”è]Z³HU|{úœÊ«äÀ¦;±‹‰»¼äãEü(}†–¹¦üo
C:\WINDOWS\Tasks\At7.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × và+AhŒ dk¸Âî;´Ù“ YkÖNcŠyUŸ5†ÃX¿‹×í¡‰ü[+sæ•kòÉI%Û¢]f6'
C:\WINDOWS\Tasks\At8.job
7BKá
¿@´¾¹%¨iª$F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × »¸u¡³7=M‰a4„Iw
ðÊçHU»Äõ““eC« Íóã7O¥[cOŒØzÖû€ÇÇû‰¯wÿÕ»R Ìc
C:\WINDOWS\Tasks\At9.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × v/[ê;'x½0YN5/Y*-²WÎxPu‚äIí˜×CÎ\K<ƒºî¼ŽLz8u_@bˆ‡åoXè;ÂLå
C:\WINDOWS\Tasks\Norton
Norton inexploitable
******************************************
## Répertoires de C:\Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Program Files
06/07/2007 19:57 <REP> .
06/07/2007 19:57 <REP> ..
17/06/2007 11:50 <REP> Analog Devices
03/07/2007 13:25 <REP> Apple Software Update
17/06/2007 23:14 <REP> AskTBar
17/06/2007 11:39 <REP> ComPlus Applications
05/07/2007 20:22 <REP> Fichiers communs
17/06/2007 16:00 <REP> Google
06/07/2007 09:43 <REP> Hijack This V.2
17/06/2007 13:10 <REP> Image-Line
17/06/2007 20:23 <REP> Internet Explorer
03/07/2007 13:32 <REP> iPod
17/06/2007 17:02 <REP> Java
17/06/2007 14:02 <REP> Kit ADSL
17/06/2007 11:38 <REP> Messenger
17/06/2007 11:43 <REP> microsoft frontpage
17/06/2007 11:40 <REP> Movie Maker
17/06/2007 11:30 <REP> MSN
17/06/2007 11:38 <REP> MSN Gaming Zone
17/06/2007 23:16 <REP> Nero
17/06/2007 11:40 <REP> NetMeeting
17/06/2007 11:39 <REP> Online Services
17/06/2007 11:40 <REP> Outlook Express
29/06/2007 23:20 <REP> Real
17/06/2007 11:41 <REP> Services en ligne
17/06/2007 23:56 <REP> Skype
17/06/2007 20:34 <REP> Sony
20/06/2007 17:12 <REP> Symantec
17/06/2007 20:14 <REP> Syncrosoft
17/06/2007 13:58 <REP> Utilitaire de gestion du LAN Wifi IEEE 802.11g
17/06/2007 20:33 <REP> Vstplugins
05/07/2007 20:24 <REP> Windows Live
17/06/2007 23:13 <REP> Windows Media Player
17/06/2007 11:38 <REP> Windows NT
17/06/2007 11:43 <REP> xerox
0 fichier(s) 0 octets
35 Rép(s) 5 607 243 776 octets libres
******************************************
## Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.starsdoor.com REG_BINARY
* Mozilla Firefox (1 autorisé 2 interdit)
******************************************
## Registre
* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinTouch REG_SZ C:\Documents and Settings\GaLaYe\Application Data\WinTouch\WinTouch.exe
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"
*************** Fin du rapport ****************
C:\PROGRA~1\Bifrost\
C:\PROGRA~1\InetGet2\
C:\PROGRA~1\WinPop\
C:\AVG_BETA\
C:\Install\
C:\oddysee\
C:\Temp\
C:\WINDOWS\_tmp\
C:\WINDOWS\system32\openfile\
C:\WINDOWS\system32\Security\
C:\WINDOWS\system32\service\
C:\WINDOWS\system32\updatelinkmsn\
C:\Documents and Settings\GaLaYe\Application Data\addon.dat
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Antivirus32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ashDisp.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ashServ.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\atimvex.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\atrvmmx.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\bios.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\bsyys.scr
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ccssrss.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\cmd.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Computador.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Diup.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\dll.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\dllvirtual.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\eixdrv.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ExAlien.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\fbguad.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\firefoxx.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Flash.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\GbpSvc.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\HelpDesk.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Hide32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\icpldrvx.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\InstallHelp.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\javaupd.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\javsu.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\juchek.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\jvasu.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\JVM0.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\klpp.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\logon.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\lsssas.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\mdll.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\messengerr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\messenup.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\messgrr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\mjavas.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msm.cmd
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\MSN_MSS.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\MSNENVIA.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msnfile.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msng.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msnmsg.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\msnmsgr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\My_Love.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Ndtstat.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\norton32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ntvvm.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\pdvsym.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\qtapp.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\regfixxsx.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\registtry.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\remote.cmd
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\repara_ae.bat
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Rg2catbd.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\rundl32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\rxnetq.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\smss.scr
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchost.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchostss.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svhost.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\sxrork.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\sxrsym.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\system32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\task.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\taskmgrrr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Tasks.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\udll.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\voieup.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\voiork.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wepaint.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Win XP.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Windows Update.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Windows32.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\windowsupdate.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\Winhost.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\winupdbc.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\WMedPlayer.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wrdmgr.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wrloginpro.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wsnctfy.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\wuaucltt.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ying.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\yong.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ZaZ.exe
C:\PROGRA~1\FICHIE~1\Microsoft Shared\DAO\svchost.exe
C:\PROGRA~1\FICHIE~1\tmp.scr
C:\DOCUME~1\GaLaYe\LOCALS~1\APPLIC~1\addon.dat
C:\PROGRA~1\\WinPop\winpop.exe.lzma
C:\PROGRA~1\a.txt
C:\PROGRA~1\Ajuda.exe
C:\PROGRA~1\Amor.exe
C:\PROGRA~1\Bifrost\klog.dat
C:\PROGRA~1\Bifrost\server.exe
C:\PROGRA~1\Bifrost\sys32.exe
C:\PROGRA~1\Cica.exe
C:\PROGRA~1\dll.exe
C:\PROGRA~1\dllvirtual.exe
C:\PROGRA~1\dllwin.exe
C:\PROGRA~1\ExAlien.exe
C:\PROGRA~1\Favoritos.exe
C:\PROGRA~1\fer.exe
C:\PROGRA~1\Flash.exe
C:\PROGRA~1\GbPlugin\\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\GbpSvc.exe
C:\PROGRA~1\GbPlugin\mdll.exe
C:\PROGRA~1\GbPlugin\msng.exe
C:\PROGRA~1\GbPlugin\Ndtstat.exe
C:\PROGRA~1\GbPlugin\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\udll.exe
C:\PROGRA~1\GbPlugin\yong.exe
C:\PROGRA~1\GbpSvc.exe
C:\PROGRA~1\help.exe
C:\PROGRA~1\HelpDesk.exe
C:\PROGRA~1\icpldrvx.exe
C:\PROGRA~1\ildredr.exe
C:\PROGRA~1\inetget2\installeur.exe
C:\PROGRA~1\InetGet2\Installeur.exe
C:\PROGRA~1\Internet Explorer\bb.exe
C:\PROGRA~1\Internet Explorer\desc.exe
C:\PROGRA~1\Internet Explorer\realplayerp.exe
C:\PROGRA~1\klog.dat
C:\PROGRA~1\login.scr
C:\PROGRA~1\Logun.exe
C:\PROGRA~1\mdll.exe
C:\PROGRA~1\messenger.exe
C:\PROGRA~1\Messenger\msmsg.exe
C:\PROGRA~1\Messenger\Msnmsgr.exe
C:\PROGRA~1\Microsoft Studio Files\Winlsass32.exe
C:\PROGRA~1\Microsoft\svhost32.exe
C:\PROGRA~1\Movie Maker\ja_era_hehe.exe
C:\PROGRA~1\MSN Messenger Guiños
C:\PROGRA~1\MSN Messenger Guiños\instalar guiños.exe
C:\PROGRA~1\MSN Messenger\instalar guiños.exe
C:\PROGRA~1\msng.exe
C:\PROGRA~1\msnmsg.exe
C:\PROGRA~1\My_Love.exe
C:\PROGRA~1\Ndtstat.exe
C:\PROGRA~1\orkut.scr
C:\PROGRA~1\outlook express\express.exe
C:\PROGRA~1\Outlook Express\inyourface.exe
C:\PROGRA~1\Outlook Express\OutlookEx.exe
C:\PROGRA~1\Perfect.exe
C:\PROGRA~1\photopaint.exe
C:\PROGRA~1\Real.dll
C:\PROGRA~1\regedti.exe
C:\PROGRA~1\Remove.exe
C:\PROGRA~1\Rg2catbd.exe
C:\PROGRA~1\rm.exe
C:\PROGRA~1\smss.exe
C:\PROGRA~1\SOUND.exe
C:\PROGRA~1\spiider.exe
C:\PROGRA~1\System\CDRom.exe
C:\PROGRA~1\System\Flash.exe
C:\PROGRA~1\System\Windows32.exe
C:\PROGRA~1\Tasks.exe
C:\PROGRA~1\udll.exe
C:\PROGRA~1\update.exe
C:\PROGRA~1\VTTimers.exe
C:\PROGRA~1\Widows.exe
C:\PROGRA~1\Windows32.exe
C:\PROGRA~1\winINI.exe
C:\PROGRA~1\winpop\uninstall.exe
C:\PROGRA~1\WinPop\UnInstall.exe
C:\PROGRA~1\WinPop\UnInstall.exe.lzma
C:\PROGRA~1\winpop\winpop.exe
C:\PROGRA~1\WinPop\winpop.exe.lzma
C:\PROGRA~1\Wm2emt.exe
C:\PROGRA~1\wmplay.exe
C:\PROGRA~1\yong.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ashDisp.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ashServ.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\avgccc.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\bios.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\bsyys.scr
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ccssrss.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\cmd.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Computador.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\dll.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\eixdrv.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ExAlien.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\fbguad.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\firefoxx.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Flash.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\InstallHelp.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\javsu.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\juchek.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\klpp.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\logon.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\lsssas.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\messengerr.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\messgrr.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\msm.cmd
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\msnmsgr.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\My_Love.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\norton32.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\ntvvm.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\pdvsym.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\qtapp.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\qupdate.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\regfixxsx.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\registtry.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\remote.cmd
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\repara_ae.bat
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\rundl32.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\rxnetq.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\smss.scr
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\svchost.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\svchostss.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\svhost.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\sxrork.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\sxrsym.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\system32.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\task.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\taskmgrrr.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Tasks.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\voieup.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\voiork.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\wepaint.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Win XP.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Windows Update.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Windows32.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\windowsupdate.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\Winhost.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\winupdbc.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\WMedPlayer.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\wrloginpro.exe
C:\DOCUME~1\GaLaYe\MENUDM~1\PROGRA~1\DMARRA~1\wuaucltt.exe
C:\Amigos.exe
C:\amor.exe
C:\animacao.scr
C:\auto1.exe
C:\auto2.exe
C:\auto3.exe
C:\AVG\Tools\csrss.scr
C:\AVG\Tools\svchost.exe
C:\AVG\Tools\taskmgr.exe
C:\AVG_BETA\DB\arquivo.txt
C:\AVG_BETA\Tools\csrss.scr
C:\AVG_BETA\Tools\msnmsgr.exe
C:\bedroom-thongs.pif
C:\cartao.scr
C:\claro.exe
C:\cmd.exe
C:\Conf\msm.cmd
C:\Conf\msmFF.cmd
C:\Conf\msmho.cmd
C:\Conf\ork.cmd
C:\contato.exe
C:\csrs.txt
C:\DB\arquivo.txt
C:\dllwin.exe
C:\download1591.exe
C:\emai.exe
C:\Enviado.123
C:\fFa4vV0rR170S5S2.exe
C:\File.exe
C:\foto.exe
C:\Foto_celular.scr
C:\Foto_celular.zip
C:\fotos_posse.zip
C:\Hot.pif
C:\hptzb02.exe
C:\hy.exe
C:\icone.exe
C:\IE.exe
C:\ierro.exe
C:\iexplorer.exe
C:\instalador de guiños y emoticonos.exe
C:\Install\Ghost.exe
C:\Install\install.exe
C:\Install_Messenger.exe
C:\inupdbc.exe
C:\Isass.scr
C:\jshxw.exe
C:\kl.exe
C:\lauro.exe
C:\Lista.txt
C:\LMAO.pif
C:\log.txt
C:\LOL.scr
C:\lsass.exe
C:\Mensagem.exe
C:\messenger.exe
C:\Microsoft.exe
C:\mis contactos.txt
C:\Mis imágenes\yo_posse_007.jpg.exe
C:\msn.exe
C:\MSN_Update1
C:\msnmsg.exe
C:\msnmsgr.exe
C:\msnmsnr.scr
C:\MSNWA.exe
C:\naked_drunk.pif
C:\new_webcam.pif
C:\NOD\Tools\csrss.exe
C:\NOD\Tools\csrss.scr
C:\NOD\Tools\explorer.exe
C:\NOD\Tools\msnmsgr.exe
C:\NOD\Tools\smss.exe
C:\NOD\Tools\svchost.exe
C:\NOD\Tools\taskmgr.exe
C:\NOD\Tools\winlogon.exe
C:\NOD_Firewall
C:\Norton -2006
C:\Norton -2007
C:\Norton -Beta
C:\orkut.exe
C:\orkut.scr
C:\PastaImagens.exe
C:\raizw.exe
C:\RECYCLER\msnservice.exe
C:\RemotoMSN.txt
C:\ROFL.pif
C:\sadan.avi.exe
C:\server.exe
C:\servico.exe
C:\show.exe
C:\SOUND32.exe
C:\start.bat
C:\SVCH0STll.exe
C:\svchost.exe
C:\svchost.scr
C:\svchost32.exe
C:\Svchosts.exe
C:\sys.txt
C:\syssryh.exe
C:\system.exe
C:\System\iexplore.exe
C:\System\plugin.exe
C:\system1591.exe
C:\system1691.exe
C:\system1791.exe
C:\system2525.exe
C:\system32.exe
C:\tim.exe
C:\Tools\csrss.scr
C:\underware.pif
C:\up.exe
C:\update.exe
C:\updt.exe
C:\video.exe
C:\Webcam.pif
C:\windebug.log
C:\Windows Messeger.exe
C:\Windows Messenger.exe
C:\windows.cmd
C:\winfgt.exe
C:\winlogin.exe
C:\WINNT\ScktSrvr.exe
C:\WINNT\system\kl.dll
C:\WINNT\system\msmsgs.exe
C:\WINNT\system\msn.dat
C:\WINNT\system\msn.dll
C:\WINNT\system\smsc.exe
C:\WINNT\system\svchost.dat
C:\WINNT\system\xsmith.scr
C:\winptz.exe
C:\winupdaet.exe
C:\winupdate128.exe
C:\winupdate32.exe
C:\Winupdbc.exe
C:\winuping.exe
C:\winvrc.exe
C:\winvrc.exe
C:\winXP.exe
C:\x.exe
C:\Xerr0.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\2238.EXE
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\800_zip_dump.scr
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\activ.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\ADF.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\allgg.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\anjinhos.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\bifrost.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\carinhos.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\ccAApp.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\csrss.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\firefoxx.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\fotos.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\g0ld.com
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\hkxqwfui.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\ibguardr.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\jjusched.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\llsaass.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\load.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\logs.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\lsasss.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\mensagem.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\msnclient.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\Photo.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\pork.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\realsched.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\RTHDCPL.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\second.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\server.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\serverivy.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\services.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\sistema32.com
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\spoolsv.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\svcchhost.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\svchost.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\tosvid45.vxd
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\tosvid45.vxd
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\Update.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\win.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\winamp.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\winnttemp100mr\wmplayers.exe
C:\DOCUME~1\GaLaYe\LOCALS~1\Temp\wuaucltt.exe
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\addon.dat
C:\WINDOWS\ c8iu3h.log
C:\WINDOWS\ msmsgr.exe
C:\WINDOWS\ vpgr.exe
C:\WINDOWS\ wmeiuht.exe
C:\WINDOWS\system32\zser.exe
RAPPORT DE LOPXP:
Rapport lopxpMH2 version 2.0 fait à 11:52:17,75 le 06/07/2007
C:\Documents and Settings\GaLaYe\Bureau
******************************************
## Répertoires Application Data
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\All Users\Application Data
17/06/2007 13:24 <REP> .
17/06/2007 13:24 <REP> ..
03/07/2007 13:29 <REP> Apple
17/06/2007 12:09 <REP> Apple Computer
17/06/2007 16:00 <REP> Google
17/06/2007 15:59 <REP> Google Updater
17/06/2007 13:24 <REP> Microsoft
17/06/2007 23:16 <REP> Nero
17/06/2007 23:56 <REP> Skype
17/06/2007 11:57 <REP> Symantec
19/06/2007 18:55 <REP> TEMP
05/07/2007 20:23 <REP> WindowsLiveInstaller
05/07/2007 20:23 <REP> WLInstaller
17/06/2007 13:25 62 desktop.ini
1 fichier(s) 62 octets
13 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\Default User\Application Data
17/06/2007 13:24 <REP> .
17/06/2007 13:24 <REP> ..
17/06/2007 13:24 <REP> Microsoft
17/06/2007 13:25 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data
17/06/2007 13:25 <REP> .
17/06/2007 13:25 <REP> ..
17/06/2007 11:42 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\GaLaYe\Application Data
17/06/2007 11:48 <REP> .
17/06/2007 11:48 <REP> ..
17/06/2007 15:02 <REP> Adobe
17/06/2007 23:22 <REP> Ahead
23/06/2007 01:49 <REP> Apple Computer
17/06/2007 17:04 <REP> Azureus
17/06/2007 16:00 <REP> Google
17/06/2007 11:49 <REP> Identities
02/07/2007 15:22 <REP> LimeWire
17/06/2007 18:31 <REP> Macromedia
17/06/2007 11:48 <REP> Microsoft
17/06/2007 20:36 <REP> Publish Providers
29/06/2007 23:20 <REP> Real
17/06/2007 23:58 <REP> Skype
17/06/2007 20:35 <REP> Sony
17/06/2007 20:18 <REP> Sony Setup
05/07/2007 20:52 <REP> WinTouch
17/06/2007 11:48 62 desktop.ini
1 fichier(s) 62 octets
17 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\GaLaYe\Local Settings\Application Data
17/06/2007 11:48 <REP> .
17/06/2007 11:48 <REP> ..
17/06/2007 23:49 <REP> Ahead
23/06/2007 01:49 <REP> Apple Computer
17/06/2007 16:00 <REP> Google
18/06/2007 15:09 <REP> Identities
17/06/2007 11:48 <REP> Microsoft
17/06/2007 20:36 <REP> Native Instruments
17/06/2007 20:35 <REP> Sony
17/06/2007 18:32 15 872 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
17/06/2007 14:51 16 568 GDIPFONTCACHEV1.DAT
30/06/2007 21:40 6 412 254 IconCache.db
3 fichier(s) 6 444 694 octets
9 Rép(s) 5 605 150 720 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\LocalService\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
20/06/2007 16:57 <REP> Google
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
20/06/2007 16:57 <REP> Google
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\NetworkService\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data
17/06/2007 11:46 <REP> .
17/06/2007 11:46 <REP> ..
17/06/2007 11:46 <REP> Microsoft
17/06/2007 11:46 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 5 605 146 624 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
17/06/2007 11:46 <REP> .
17/06/2007 11:46 <REP> ..
17/06/2007 11:46 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 605 146 624 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
<ò!àºI¹xGo½tÔ§F ê <
s ˆ! : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - T a s k S Y S T E M € 0 ×
C:\WINDOWS\Tasks\At1.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × .Á ’RžûÌ£ZÇyŒiìPŸ ªfw0# ¼Ùu@‹³vÖ ùdA…á°°á·¶ÝÖØm൙æYáù½ƒ`%J
C:\WINDOWS\Tasks\At10.job
hOQ² DK $s¥wP"üF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × G"Á)¶4Ïfh>#eJT
Vd %Šdýe€˜¡ÖkMÔPú&UÝãÄH鋳Ө]è’¸,™o5ôÈëÖЉ»ÎÏ
C:\WINDOWS\Tasks\At11.job
mâÿ›‹¥J³i¹M
4aF ä <
! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 ×
ÊHÜ>§'èÓ¬TöÑ‹xGN³.{ûwÑ)UäÉÀÞóææ{UÞÝi8 [¡0wDÐ"Êa¼Zow*H
C:\WINDOWS\Tasks\At12.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ½v—wÊáÞäm…Ï»6tvwÓ¹¦ŒC¯üþxQ'£ Å%n‹}#€¼›•Š8Nƒ¹f ¦rcè!+ˆ
C:\WINDOWS\Tasks\At13.job
Ë'òG¾ó!C¬ðÎF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × Úw.´çþópµœþ=œ»Øu"kžÒkL…àßJGÑÞ—G±~¯¯ µY·`RÍSû¨6ˆ·¹8¿Ç8ÿÈ5`$
C:\WINDOWS\Tasks\At14.job
žCBÊ’OŽÊ•~« NF ä <
s ¨!×
! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 ×
ÒE¢ÊE¥Šã.]leß;^Xí ‰óY?u ß%óîÔ òÞô-Äc^t¿ÿ²; ¿: ±ÎXZX
C:\WINDOWS\Tasks\At15.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × lþ7ùŽøÐäŽÍ‡p0·zƒðè]Aª™¼–ô(«\!¦1
&WK±ks7ý Lrç5£¾´ë‚?»z
C:\WINDOWS\Tasks\At16.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ´˜–,ÖˆÑ>þúµ°e4@^Q’êû½zËm«n|7lKÞ©y:‰`¶.1ùÔØ”…eXoìÛ=úá)¾
C:\WINDOWS\Tasks\At17.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × \¸ þί
PVg”Î10ѺËNÅöì4n6ËN‹7¬&\åY\ÐUl®Iƒ^Và)Æ>Š3fåÚôU«Â³
C:\WINDOWS\Tasks\At18.job
¸¥òÀÈYJœÝÖfIˆbF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ¦2‹kGv$`Ir«Û2Û~S¢<]Gî¦9v
àâ„9+÷í2ÝÕm'ÅAÕii¦®gØl™tàÍ25e¯½½
C:\WINDOWS\Tasks\At19.job
@Tðù‰·zE…{Á LÉä%F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ývä )ë`g?€Š§ž•?ì~W·(”sl†¦N\é71W`ZBtzB$oRÕ‚Ÿ]•t(-f^h b<
C:\WINDOWS\Tasks\At2.job
Rapport lopxpMH2 version 2.0 fait à 20:06:43,04 le 06/07/2007
C:\Documents and Settings\GaLaYe\Bureau
******************************************
## Répertoires Application Data
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\All Users\Application Data
17/06/2007 13:24 <REP> .
17/06/2007 13:24 <REP> ..
03/07/2007 13:29 <REP> Apple
17/06/2007 12:09 <REP> Apple Computer
17/06/2007 16:00 <REP> Google
17/06/2007 15:59 <REP> Google Updater
17/06/2007 13:24 <REP> Microsoft
17/06/2007 23:16 <REP> Nero
17/06/2007 23:56 <REP> Skype
17/06/2007 11:57 <REP> Symantec
19/06/2007 18:55 <REP> TEMP
05/07/2007 20:23 <REP> WindowsLiveInstaller
05/07/2007 20:23 <REP> WLInstaller
17/06/2007 13:25 62 desktop.ini
1 fichier(s) 62 octets
13 Rép(s) 5 607 276 544 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\Default User\Application Data
17/06/2007 13:24 <REP> .
17/06/2007 13:24 <REP> ..
17/06/2007 13:24 <REP> Microsoft
17/06/2007 13:25 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data
17/06/2007 13:25 <REP> .
17/06/2007 13:25 <REP> ..
17/06/2007 11:42 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\GaLaYe\Application Data
17/06/2007 11:48 <REP> .
17/06/2007 11:48 <REP> ..
17/06/2007 15:02 <REP> Adobe
17/06/2007 23:22 <REP> Ahead
23/06/2007 01:49 <REP> Apple Computer
17/06/2007 17:04 <REP> Azureus
17/06/2007 16:00 <REP> Google
17/06/2007 11:49 <REP> Identities
02/07/2007 15:22 <REP> LimeWire
17/06/2007 18:31 <REP> Macromedia
17/06/2007 11:48 <REP> Microsoft
17/06/2007 20:36 <REP> Publish Providers
29/06/2007 23:20 <REP> Real
17/06/2007 23:58 <REP> Skype
17/06/2007 20:35 <REP> Sony
17/06/2007 20:18 <REP> Sony Setup
05/07/2007 20:52 <REP> WinTouch
17/06/2007 11:48 62 desktop.ini
1 fichier(s) 62 octets
17 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\GaLaYe\Local Settings\Application Data
17/06/2007 11:48 <REP> .
17/06/2007 11:48 <REP> ..
17/06/2007 23:49 <REP> Ahead
23/06/2007 01:49 <REP> Apple Computer
17/06/2007 16:00 <REP> Google
18/06/2007 15:09 <REP> Identities
17/06/2007 11:48 <REP> Microsoft
17/06/2007 20:36 <REP> Native Instruments
17/06/2007 20:35 <REP> Sony
17/06/2007 18:32 15 872 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
17/06/2007 14:51 16 568 GDIPFONTCACHEV1.DAT
30/06/2007 21:40 6 412 254 IconCache.db
3 fichier(s) 6 444 694 octets
9 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\LocalService\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
20/06/2007 16:57 <REP> Google
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
20/06/2007 16:57 <REP> Google
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\NetworkService\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 607 272 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data
17/06/2007 11:47 <REP> .
17/06/2007 11:47 <REP> ..
17/06/2007 11:47 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 607 268 352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data
17/06/2007 11:46 <REP> .
17/06/2007 11:46 <REP> ..
17/06/2007 11:46 <REP> Microsoft
17/06/2007 11:46 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 5 607 268 352 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
17/06/2007 11:46 <REP> .
17/06/2007 11:46 <REP> ..
17/06/2007 11:46 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 5 607 268 352 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
<ò!àºI¹xGo½tÔ§F ê <
s ˆ! : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e - T a s k S Y S T E M € 0 ×
C:\WINDOWS\Tasks\At1.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × .Á ’RžûÌ£ZÇyŒiìPŸ ªfw0# ¼Ùu@‹³vÖ ùdA…á°°á·¶ÝÖØm൙æYáù½ƒ`%J
C:\WINDOWS\Tasks\At10.job
hOQ² DK $s¥wP"üF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × G"Á)¶4Ïfh>#eJT
Vd %Šdýe€˜¡ÖkMÔPú&UÝãÄH鋳Ө]è’¸,™o5ôÈëÖЉ»ÎÏ
C:\WINDOWS\Tasks\At11.job
mâÿ›‹¥J³i¹M
4aF ä <
! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 ×
ÊHÜ>§'èÓ¬TöÑ‹xGN³.{ûwÑ)UäÉÀÞóææ{UÞÝi8 [¡0wDÐ"Êa¼Zow*H
C:\WINDOWS\Tasks\At12.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ½v—wÊáÞäm…Ï»6tvwÓ¹¦ŒC¯üþxQ'£ Å%n‹}#€¼›•Š8Nƒ¹f ¦rcè!+ˆ
C:\WINDOWS\Tasks\At13.job
Ë'òG¾ó!C¬ðÎF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × Úw.´çþópµœþ=œ»Øu"kžÒkL…àßJGÑÞ—G±~¯¯ µY·`RÍSû¨6ˆ·¹8¿Ç8ÿÈ5`$
C:\WINDOWS\Tasks\At14.job
žCBÊ’OŽÊ•~« NF ä <
s ¨!×
! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 ×
ÒE¢ÊE¥Šã.]leß;^Xí ‰óY?u ß%óîÔ òÞô-Äc^t¿ÿ²; ¿: ±ÎXZX
C:\WINDOWS\Tasks\At15.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × lþ7ùŽøÐäŽÍ‡p0·zƒðè]Aª™¼–ô(«\!¦1
&WK±ks7ý Lrç5£¾´ë‚?»z
C:\WINDOWS\Tasks\At16.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ´˜–,ÖˆÑ>þúµ°e4@^Q’êû½zËm«n|7lKÞ©y:‰`¶.1ùÔØ”…eXoìÛ=úá)¾
C:\WINDOWS\Tasks\At17.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × \¸ þί
PVg”Î10ѺËNÅöì4n6ËN‹7¬&\åY\ÐUl®Iƒ^Và)Æ>Š3fåÚôU«Â³
C:\WINDOWS\Tasks\At18.job
¸¥òÀÈYJœÝÖfIˆbF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ¦2‹kGv$`Ir«Û2Û~S¢<]Gî¦9v
àâ„9+÷í2ÝÕm'ÅAÕii¦®gØl™tàÍ25e¯½½
C:\WINDOWS\Tasks\At19.job
@Tðù‰·zE…{Á LÉä%F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ývä )ë`g?€Š§ž•?ì~W·(”sl†¦N\é71W`ZBtzB$oRÕ‚Ÿ]•t(-f^h b<
C:\WINDOWS\Tasks\At2.job
øP ~\CaÀ V’›8F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × 8ÎüÈO~¬DÑËb»½6iÍ…xž[B¦øŠÅ&Hðâd‰"måµq\‹?a,q
GòHËœ)
C:\WINDOWS\Tasks\At20.job
zÁ»š"I˜ ÌQw½çF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ï„ÃY¾µ<³Éà·—‹øçgŒˆÛJ‚YRtœ¿Óƒ×ÀÿÑ5çêp`ˆü8bÚ-_jïÁðå«ûhÃ
C:\WINDOWS\Tasks\At21.job
;7zMn`óL®óÓd[ÙãF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ä»·¾œ:?ŽìÛþb!Ö†!kúš³ÿ+x™dïjö’·Ã…ØÓ¬^õ}<ÒØúW hÖ0‘,ÔÊ<-¿
C:\WINDOWS\Tasks\At22.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × @˜t0Uïoí¹HÍ¢7¬ïÞè c)Ä`I¥ƒê
~䡃ëñK|\V$¨È_€¡Í˜° éwý l
C:\WINDOWS\Tasks\At23.job
§Y‹‘¦çK±Ý\C&ÇÙ;F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × `lSTØeäÀ7’|äL%Ó ".ÏŒJ¿ò¥cå!c{ðtüyyÖ‚Ì¡€öm³6jo¦ã9H¬j°m¢$S¯|
C:\WINDOWS\Tasks\At24.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × :ø1!ùØðªæ”ö’”lµ*?ò“” „a™Ç<¦Ö`ì ˆ<¹-fËõˆûˆ±@ÃYê
ÙÃþüHŠb埊
C:\WINDOWS\Tasks\At25.job
s !× Þ ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Ïü+¨[föm 4šà¾æ¯éiùwB(ijD;þu±»u
$PŽW2
C:\WINDOWS\Tasks\At26.job
µkÃâ®M‡¿ý<d5LóF ä <
s !× Ô ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × éú¦ÆÎn9³so¶ÐÖñQ†î41ƒzARÞ†±þ÷ÚÖ9øñ}C“Âma„š<Óã“{HκŸS˜*˜ˆ\
C:\WINDOWS\Tasks\At27.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × `J!23å,q“:ï,8Ü`‹mh)k°žtù~—7SµŽÁo4g¾a#B‡‰ÏW:kyƒ¥ö`dêÞã
C:\WINDOWS\Tasks\At28.job
7ðÜËÐH¤°øI½›ÎF ä <
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ¦ˆˆŠ “?eðC ž˜ëܦ•Œ£Ý2o͸ÐèØMüOŒÊÀGçEÄ `D KƒÔ-søó—‹KÈ;LO
C:\WINDOWS\Tasks\At29.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × . L¸”Õ³3‡R·«V/ÇÙô þ‰Íx˜Â‘ô— jþèÈEìaTŽ‰¶5 Œú5µÍöxèÛ@-g
C:\WINDOWS\Tasks\At3.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ãü*kát<±w’zK¡¨³¦Ä»Ð®e= Th³Û¡î‹ÞñBI2„"Bìýå!WtýD«ì•æ²»yY*
C:\WINDOWS\Tasks\At30.job
¬ŸÄ€7óL³åýægÍF ä <
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Þ²cJýŒ&X²ÂžŒ¨›‘vD@.šVv|Çï#ÄÝNÅÀ—e2*vÀÛ§*HªOÑã@Üð·‹)ù¦ö•g
C:\WINDOWS\Tasks\At31.job
ÚònÒ©ÄA¼™Ÿ¼:ùþBF ä <
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Y” éx,g¤ÐÍgF˜oW¨=Ø¿F¡Ô'V½¾ob)xtÑPaæÙ£Ç4ñTß»É.’ ŸE¨r!Mþ”G›
C:\WINDOWS\Tasks\At32.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ±‰<뎇PÑ2f;ÒA<
úˆ±ó·œm»0ß6AØós]Õc.äA¬rœ¡EÈáÆW9ž™ñ¨©¶Z¶ë6úv
C:\WINDOWS\Tasks\At33.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × OÂRXöôܵÀ ýõüïÝGu³D¦”ð>IÆÜKíKTðïóbsWx~|`úã½!7d'Ýên:ÂÑ5A6µ
C:\WINDOWS\Tasks\At34.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ¨Äù$/í¼âÒ…‚ÂË^°ÌuYjÖAfOJVÙJ °Ø;ÕÆÍÆ¿Dß‚dÇô GV$S•{óuº
C:\WINDOWS\Tasks\At35.job
ŒÕß3
¯—I«ï-fÂ:ãF ä <
> ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 ×
³@íGýqNR— }³Y˜l ~6Â
ý“B
Ú\v‰ê¯ÂS«(í"uç` b+ÄaØ·Ò|NdÔ˜$E
C:\WINDOWS\Tasks\At36.job
Cf¹õþA‘1 ªpmì³F ä <
s !× N ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × 9ðùìLq¾ÚPé~ѨFR+¹Kz¤`$w9`ŠüaÜØ[7Cm]î/à'HzT=WÞ¸KÕ ¥c¡ù¢óç÷Ñ
C:\WINDOWS\Tasks\At37.job
s !× . ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ë8“W‡¡¡ÝÅ$«gø7 `ãîGu9ÂaEefxò)sÄ<WÈ
æ_™™@3{Û·1¦‹|“GWô!&«
C:\WINDOWS\Tasks\At38.job
s !×
! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 ×
¯uf_¢¡!ÙË’bÕ„–kà
ÎXà:Ûâ)㻲9
}*iËc›¤r6øν»Vë÷?_
oUnœ–Z¡¹Š
C:\WINDOWS\Tasks\At39.job
2R#.&¦'CØ×JC>±µF ä <
s !× » ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × þ?7C¥öð<ÓØE;ôÕtJ .Xd´ÐŽÃͨãH@§û·PÈqûþ±¥Úß{üHFþ?šD¡n;µ
C:\WINDOWS\Tasks\At4.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × v-,âƃ‰¨™ûÙ C|E@6 m6±÷ÄoÖ·:Ñ
C:\WINDOWS\Tasks\At40.job
~òea<ÅÑMΧX>n°F ä <
s !× « ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × 4UõZÌi–ør&S˜ãh©<v+ºtìÜ•+y1³Ei‰0DÐÑÒ‹Ÿ¬AFRoÂ2d3´®=BðîÍz¬
C:\WINDOWS\Tasks\At41.job
ú ‚ÅFžA9–š´F ä <
s !× Ú ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Ò ÙèQ[Æøo<Ž¹áfÀmjä*;v÷–rª¿%ðËË«ÚŠQIÏ2‡
ý´lpæð.Š(z–£¥Ð*<=„#Y
C:\WINDOWS\Tasks\At42.job
7©ÑÓ©ÔF°P÷x9ñëF ä <
s !× . ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × HºqeÀÑ å÷+©¢àÛß)亮‘M›Z£$ëaL¤§Ì·-Õ£:©éfÏgÿð~8cõQÛ{+ò¦RXD
C:\WINDOWS\Tasks\At43.job
C¨Ç]°I¬<ߥÏÁØF ä <
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ãÍŽ Û¡ãVÀè–扞:”Ù~W?r}œÇ×mvkLÚ-$y&Â4^C°m:Å=æbŸI!ìJyç$ŸK¡Šžƒ
C:\WINDOWS\Tasks\At44.job
s !× ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × µ1Žä)Š¦gZœAäN(@96àí÷ÄAhÑETíX[§¾Ì«e£áØëÕ«îùÿáòZú…TX¥
C:\WINDOWS\Tasks\At45.job
s !× C ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Á®¨”©øÕ&`y¢Ù,ÀŠHêK®ßñ>Ÿ©¨NÞ‚¿®ÉcN°²ìÆÿx¥à6™_T
C:\WINDOWS\Tasks\At46.job
s !× œ ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × $´ ,Rš¥íÌÔÿHÇä÷gBØtÎ\¹Gaµ‘—BÐöŸ,v$Êö ÁXÁùÆÍÆˬ²½Ý™B¸D
C:\WINDOWS\Tasks\At47.job
aÐ/[!ÚD”±Ã%q%Œ)F ä <
s !× Ú ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × ùÞàÞ4¾2¸M%UG`@\»Žå~ ÿr FŸ6a]WS9Çh¿tÑÀ«‹¥"aÂZ’ga¡Ži”t_v¡
C:\WINDOWS\Tasks\At48.job
¶¤Ù'l@,Ž“Êñ4óF ä <
s !× Ë ! C : \ W I N D O W S \ s y s t e m 3 2 \ 2 2 m 5 S l I 0 . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . 0 × Jö¨–¬¢O¦ÝÁþQ³”
óŸ"^ŒV†œïIlX´Ì§K
Uü85¶3^‡x¢%ÝÛ¸E8($*ŒCð–
C:\WINDOWS\Tasks\At5.job
aâf&NBA°Z€šíÂF ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × ¬§”Ä2D+AÜX_÷äôÊCÒ÷_„”¶ÞUa°UíÙ× É®5 {ÃPÄcíî˜ ¿K» Ák¸*
C:\WINDOWS\Tasks\At6.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × N?ñ&ýÒ¡èkØœ\x°IÄ{y’r0”è]Z³HU|{úœÊ«äÀ¦;±‹‰»¼äãEü(}†–¹¦üo
C:\WINDOWS\Tasks\At7.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × và+AhŒ dk¸Âî;´Ù“ YkÖNcŠyUŸ5†ÃX¿‹×í¡‰ü[+sæ•kòÉI%Û¢]f6'
C:\WINDOWS\Tasks\At8.job
7BKá
¿@´¾¹%¨iª$F ä <
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × »¸u¡³7=M‰a4„Iw
ðÊçHU»Äõ““eC« Íóã7O¥[cOŒØzÖû€ÇÇû‰¯wÿÕ»R Ìc
C:\WINDOWS\Tasks\At9.job
s ¨!× ! C : \ W I N D O W S \ s y s t e m 3 2 \ e 4 y w m j 3 p . e x e S Y S T E M C r é é p a r N e t S c h e d u l e J o b A d d . € 0 × v/[ê;'x½0YN5/Y*-²WÎxPu‚äIí˜×CÎ\K<ƒºî¼ŽLz8u_@bˆ‡åoXè;ÂLå
C:\WINDOWS\Tasks\Norton
Norton inexploitable
******************************************
## Répertoires de C:\Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C5C-94D9
Répertoire de C:\Program Files
06/07/2007 19:57 <REP> .
06/07/2007 19:57 <REP> ..
17/06/2007 11:50 <REP> Analog Devices
03/07/2007 13:25 <REP> Apple Software Update
17/06/2007 23:14 <REP> AskTBar
17/06/2007 11:39 <REP> ComPlus Applications
05/07/2007 20:22 <REP> Fichiers communs
17/06/2007 16:00 <REP> Google
06/07/2007 09:43 <REP> Hijack This V.2
17/06/2007 13:10 <REP> Image-Line
17/06/2007 20:23 <REP> Internet Explorer
03/07/2007 13:32 <REP> iPod
17/06/2007 17:02 <REP> Java
17/06/2007 14:02 <REP> Kit ADSL
17/06/2007 11:38 <REP> Messenger
17/06/2007 11:43 <REP> microsoft frontpage
17/06/2007 11:40 <REP> Movie Maker
17/06/2007 11:30 <REP> MSN
17/06/2007 11:38 <REP> MSN Gaming Zone
17/06/2007 23:16 <REP> Nero
17/06/2007 11:40 <REP> NetMeeting
17/06/2007 11:39 <REP> Online Services
17/06/2007 11:40 <REP> Outlook Express
29/06/2007 23:20 <REP> Real
17/06/2007 11:41 <REP> Services en ligne
17/06/2007 23:56 <REP> Skype
17/06/2007 20:34 <REP> Sony
20/06/2007 17:12 <REP> Symantec
17/06/2007 20:14 <REP> Syncrosoft
17/06/2007 13:58 <REP> Utilitaire de gestion du LAN Wifi IEEE 802.11g
17/06/2007 20:33 <REP> Vstplugins
05/07/2007 20:24 <REP> Windows Live
17/06/2007 23:13 <REP> Windows Media Player
17/06/2007 11:38 <REP> Windows NT
17/06/2007 11:43 <REP> xerox
0 fichier(s) 0 octets
35 Rép(s) 5 607 243 776 octets libres
******************************************
## Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.starsdoor.com REG_BINARY
* Mozilla Firefox (1 autorisé 2 interdit)
******************************************
## Registre
* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WinTouch REG_SZ C:\Documents and Settings\GaLaYe\Application Data\WinTouch\WinTouch.exe
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"
*************** Fin du rapport ****************
Tu n'as pas fais la bonne manipulation pour MSNfix, recommence stp
¤ clic sur C:, WINDOWS, cherche et vide le contenu de ce dossier :
- Tasks
¤ Pour afficher tous les dossiers et fichiers cachés :
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
Coche :
- afficher les fichiers et dossiers cachés
- Clic sur "appliquer" puis "ok"
----------------------------------------------------------
Clic sur C:\Documents and Settings\GaLaYe\Application Data cherche et supprime :
- WinTouch
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
¤ clic sur C:, WINDOWS, cherche et vide le contenu de ce dossier :
- Tasks
¤ Pour afficher tous les dossiers et fichiers cachés :
Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
Coche :
- afficher les fichiers et dossiers cachés
- Clic sur "appliquer" puis "ok"
----------------------------------------------------------
Clic sur C:\Documents and Settings\GaLaYe\Application Data cherche et supprime :
- WinTouch
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
¤ Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
https://www.bitdefender.com/toolbox/
_________________Rapport de SDFix_______________________
SDFix: Version 1.90
Run by GaLaYe on 07/07/2007 at 11:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\GaLaYe\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Name:
core
ImagePath:
system32\drivers\core.sys
core - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\sstray.exe - Deleted
C:\svhost.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\b136.exe - Deleted
C:\WINDOWS\b138.exe - Deleted
C:\WINDOWS\retadpu420.exe - Deleted
C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\drivers\uzcx.exe - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\SVCHOST.EXE"="C:\\WINDOWS\\SVCHOST.EXE:*:Enabled:SVCHOST"
"C:\\RECYCLER\\msnmnsgr.exe"="C:\\RECYCLER\\msnmnsgr.exe:*:Enabled:RSBX"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"E:\\Program Files\\Internet\\LimeWire\\LimeWire.exe"="E:\\Program Files\\Internet\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\Lecteurs Audio\\Itunes\\iTunes.exe"="E:\\Program Files\\Lecteurs Audio\\Itunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\GaLaYe\Local Settings\Temp\~rnsetup\pncrt.dll
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
Finished
_____________________________Rapoort de BITDEFENDER________________________
BitDefender Online Scanner
Scan report generated at: Sat, Jul 07, 2007 - 21:31:33
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;
Statistics
Time
01:21:57
Files
216257
Folders
8534
Boot Sectors
5
Archives
2651
Packed Files
7462
Results
Identified Viruses
7
Infected Files
17
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
16
Engines Info
Virus Definitions
637536
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b122.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b122.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b122.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b122.exe=>(NSIS o)
Update failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b128.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.Purityscan.EH
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b128.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b128.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b128.exe=>(NSIS o)
Update failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b136.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Rootkit.Agent.EV
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b136.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b136.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b136.exe=>(NSIS o)
Update failed
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>ghost.exe
Infected with: Generic.Istbar.C3985415
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>ghost.exe
Disinfection failed
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>ghost.exe
Deleted
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)
Update failed
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>install.exe
Infected with: Trojan.Agent.VB.AOH
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>install.exe
Disinfection failed
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>install.exe
Deleted
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)
Update failed
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\D888FAEE-F778-4F66-9C7E-855B66B2C5C9.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\DB855CCB-5E24-47C6-884F-B5EFA400B8A1.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E2327DE8-38B8-4C3D-B1BE-6F2E728A4D42.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E28C23D1-5DA5-4D84-900C-628AA6E7FD7F.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E3A41292-AB70-4345-95A7-CC0119E02308.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E741F0FB-EB07-4CC8-AA77-09911592F5BA.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E75CEC13-5A70-40B1-986E-9343BE35F2B7.WindowsLiveGroup
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\EEE08F1C-046E-4CB6-953A-45E7258C7A25.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\EF452495-5836-4977-AD0D-BE6DA9B368AC.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\EF58F801-52B7-4A68-BF6E-9FFAA8D63641.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\F15A0DF9-297B-4EB9-874D-1E9D2D948015.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\F1D8B983-1C77-4E0D-84F7-A6CD1CC9EA57.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\F1FABBD1-40E7-480F-8F6D-A8E40325B327.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\F9FB1245-90BE-41F6-AD28-3BAE4B3B8483.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\FAF8BC21-7FDB-4600-B65C-C68D9FEE29BE.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\FB637B4C-B154-4DA6-9AA1-961A4FB5E567.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\FC47AF4E-F5B7-4E29-853F-5BA07CDC2BFC.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>ghost.exe
Infected with: Generic.Istbar.C3985415
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>ghost.exe
Disinfection failed
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>ghost.exe
Deleted
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)
Update failed
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>install.exe
Infected with: Trojan.Agent.VB.AOH
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>install.exe
Disinfection failed
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>install.exe
Deleted
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP30\A0010577.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP30\A0010577.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP30\A0010577.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP30\A0010577.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012408.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012408.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012408.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012408.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012409.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.Purityscan.EH
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012409.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012409.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012409.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012410.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Rootkit.Agent.EV
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012410.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012410.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012410.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012420.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012420.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012420.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012420.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012421.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.Purityscan.EH
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012421.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012421.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012421.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012422.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Rootkit.Agent.EV
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012422.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012422.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012422.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012512.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012512.exe
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012512.exe
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012513.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012513.exe
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012513.exe
Deleted
E:\Program Files\Athan\Athan.exe
Infected with: Win32.Cuter.A
E:\Program Files\Athan\Athan.exe
Disinfection failed
E:\Program Files\Athan\Athan.exe
Delete failed
SDFix: Version 1.90
Run by GaLaYe on 07/07/2007 at 11:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\GaLaYe\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Name:
core
ImagePath:
system32\drivers\core.sys
core - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\sstray.exe - Deleted
C:\svhost.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\b136.exe - Deleted
C:\WINDOWS\b138.exe - Deleted
C:\WINDOWS\retadpu420.exe - Deleted
C:\WINDOWS\svchost.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\drivers\uzcx.exe - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\SVCHOST.EXE"="C:\\WINDOWS\\SVCHOST.EXE:*:Enabled:SVCHOST"
"C:\\RECYCLER\\msnmnsgr.exe"="C:\\RECYCLER\\msnmnsgr.exe:*:Enabled:RSBX"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"E:\\Program Files\\Internet\\LimeWire\\LimeWire.exe"="E:\\Program Files\\Internet\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\Lecteurs Audio\\Itunes\\iTunes.exe"="E:\\Program Files\\Lecteurs Audio\\Itunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\GaLaYe\Local Settings\Temp\~rnsetup\pncrt.dll
C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
Finished
_____________________________Rapoort de BITDEFENDER________________________
BitDefender Online Scanner
Scan report generated at: Sat, Jul 07, 2007 - 21:31:33
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;
Statistics
Time
01:21:57
Files
216257
Folders
8534
Boot Sectors
5
Archives
2651
Packed Files
7462
Results
Identified Viruses
7
Infected Files
17
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
16
Engines Info
Virus Definitions
637536
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b122.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b122.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b122.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b122.exe=>(NSIS o)
Update failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b128.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.Purityscan.EH
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b128.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b128.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b128.exe=>(NSIS o)
Update failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b136.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Rootkit.Agent.EV
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b136.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b136.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\Documents and Settings\GaLaYe\Bureau\sdfix\SDFix\backups\backups.zip=>backups/b136.exe=>(NSIS o)
Update failed
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>ghost.exe
Infected with: Generic.Istbar.C3985415
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>ghost.exe
Disinfection failed
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>ghost.exe
Deleted
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)
Update failed
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>install.exe
Infected with: Trojan.Agent.VB.AOH
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>install.exe
Disinfection failed
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)=>install.exe
Deleted
C:\Documents and Settings\GaLaYe\gfegul.exe=>(RAR Sfx o)
Update failed
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\D888FAEE-F778-4F66-9C7E-855B66B2C5C9.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\DB855CCB-5E24-47C6-884F-B5EFA400B8A1.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E2327DE8-38B8-4C3D-B1BE-6F2E728A4D42.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E28C23D1-5DA5-4D84-900C-628AA6E7FD7F.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E3A41292-AB70-4345-95A7-CC0119E02308.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E741F0FB-EB07-4CC8-AA77-09911592F5BA.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\E75CEC13-5A70-40B1-986E-9343BE35F2B7.WindowsLiveGroup
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\EEE08F1C-046E-4CB6-953A-45E7258C7A25.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\EF452495-5836-4977-AD0D-BE6DA9B368AC.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\EF58F801-52B7-4A68-BF6E-9FFAA8D63641.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\F15A0DF9-297B-4EB9-874D-1E9D2D948015.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\F1D8B983-1C77-4E0D-84F7-A6CD1CC9EA57.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\F1FABBD1-40E7-480F-8F6D-A8E40325B327.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\F9FB1245-90BE-41F6-AD28-3BAE4B3B8483.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\FAF8BC21-7FDB-4600-B65C-C68D9FEE29BE.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\FB637B4C-B154-4DA6-9AA1-961A4FB5E567.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\Local Settings\Application Data\Microsoft\Windows Live Contacts\soulwade@hotmail.com\shadow\FC47AF4E-F5B7-4E29-853F-5BA07CDC2BFC.WindowsLiveContact
Clean
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>ghost.exe
Infected with: Generic.Istbar.C3985415
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>ghost.exe
Disinfection failed
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>ghost.exe
Deleted
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)
Update failed
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>install.exe
Infected with: Trojan.Agent.VB.AOH
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>install.exe
Disinfection failed
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)=>install.exe
Deleted
C:\Documents and Settings\GaLaYe\snblxt.exe=>(RAR Sfx o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP30\A0010577.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP30\A0010577.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP30\A0010577.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP30\A0010577.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012408.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012408.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012408.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012408.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012409.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.Purityscan.EH
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012409.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012409.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012409.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012410.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Rootkit.Agent.EV
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012410.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012410.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012410.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012420.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Popwin.BK
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012420.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012420.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012420.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012421.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.Purityscan.EH
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012421.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012421.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012421.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012422.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Rootkit.Agent.EV
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012422.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012422.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012422.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012512.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012512.exe
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012512.exe
Deleted
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012513.exe
Infected with: BehavesLike:Win32.ExplorerHijack
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012513.exe
Disinfection failed
C:\System Volume Information\_restore{A11CB2C8-C604-4092-95B2-B59D46F45EFA}\RP34\A0012513.exe
Deleted
E:\Program Files\Athan\Athan.exe
Infected with: Win32.Cuter.A
E:\Program Files\Athan\Athan.exe
Disinfection failed
E:\Program Files\Athan\Athan.exe
Delete failed
