Petit probleme avec virtumonde-bd
Fermé
laudela38
Messages postés
56
Date d'inscription
vendredi 16 septembre 2005
Statut
Membre
Dernière intervention
2 mars 2008
-
12 juil. 2007 à 20:21
raleuboleu Messages postés 5022 Date d'inscription mercredi 13 décembre 2006 Statut Membre Dernière intervention 14 mars 2012 - 16 juil. 2007 à 00:22
raleuboleu Messages postés 5022 Date d'inscription mercredi 13 décembre 2006 Statut Membre Dernière intervention 14 mars 2012 - 16 juil. 2007 à 00:22
27 réponses
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
77
14 juil. 2007 à 23:38
14 juil. 2007 à 23:38
mdr
je sais que tu es de finlande!!! moi ben c moi mdrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr simple loool
mais zut tu m l'anbonima ou euhhhhhhhhhhhhhhhhhhhhhh c fé expres ouuuuuuuuuuuuuuuuuuuuuuuuuuuu tu ve memerderder ptdr!!! moi c simple !!!!!!mdr
je sais que tu es de finlande!!! moi ben c moi mdrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr simple loool
mais zut tu m l'anbonima ou euhhhhhhhhhhhhhhhhhhhhhh c fé expres ouuuuuuuuuuuuuuuuuuuuuuuuuuuu tu ve memerderder ptdr!!! moi c simple !!!!!!mdr
laudela38
Messages postés
56
Date d'inscription
vendredi 16 septembre 2005
Statut
Membre
Dernière intervention
2 mars 2008
1
15 juil. 2007 à 08:38
15 juil. 2007 à 08:38
Merci pour vos instructions
Voici les logs generes par tout vos petits outils :
HIJACKTHIS :
Logfile of HijackThis v1.99.1
Scan saved at 12:58:31 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis Version Française\hijackthis vf.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)
--------------------------------------------------------------------------------------------------------------------------
SDFIX :
SDFix: Version 1.91
Run by cuyugan on Sun 07/15/2007 at 12:46 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\cuyugan\Desktop\sdfix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\UTSCSI.EXE - Deleted
C:\WINDOWS\system32\crss.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\PC SOFTWARE\\utorrent.exe"="D:\\PC SOFTWARE\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\cuyugan\Desktop\sdfix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\cuyugan\Local Settings\Application Data\Microsoft\Messenger\meekee76@hotmail.com\Sharing Folders\vinali@free.fr\Thumbs.db
C:\WINDOWS\Temp\_ISTMPI.DIR\mmc32.exe
C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\ovsaepfp.tmp
C:\WINDOWS\system32\sbtkfugm.tmp
Finished
-------------------------------------------------------------------------------------------------------------------------
COMBOFIX :
"cuyugan" - 2007-07-15 13:02:29 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\aafxfwkv.exe
C:\WINDOWS\system32\cmciincg.exe
C:\WINDOWS\system32\hgkmvlrm.exe
C:\WINDOWS\system32\kfgdjqac.exe
C:\WINDOWS\system32\ldvlutte.exe
C:\WINDOWS\system32\lmkbwqjh.exe
C:\WINDOWS\system32\lovhqidg.exe
C:\WINDOWS\system32\qwylvkhk.exe
C:\WINDOWS\system32\ujqfdbip.exe
C:\WINDOWS\system32\vlcypdir.exe
C:\WINDOWS\system32\vqxavmym.exe
C:\WINDOWS\system32\vxuyjhaq.exe
C:\WINDOWS\system32\yilpuugd.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\cuyugan\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\dnscon70.dll
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\mstcpcon20.dll
C:\WINDOWS\system32\netmanage.dll
C:\WINDOWS\system32\netused.dll
C:\WINDOWS\system32\sr1000r.dll
C:\WINDOWS\temp\_istmpi.dir
C:\WINDOWS\temp\_istmpi.dir\mmc32.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DNSCON
-------\LEGACY_NETMANAGER
-------\LEGACY_SFSYNC02
-------\dnscon
-------\NetManager
-------\sfsync02
((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))
2007-07-15 13:04 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-07-15 13:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 12:45 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-15 12:33 146,432 --a------ C:\regedit.exe
2007-07-15 11:09 <DIR> d-------- C:\VundoFix Backups
2007-07-13 05:16 <DIR> d-------- C:\Program Files\ToniArts
2007-07-13 04:57 <DIR> d-------- C:\Program Files\RegCleaner
2007-07-13 03:31 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-07-13 02:50 <DIR> d-------- C:\Hijackthis Version Fran‡aise
2007-07-13 02:48 <DIR> d-------- C:\hijacakthis
2007-07-12 22:01 <DIR> d-------- C:\WINDOWS\pss
2007-07-12 21:53 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-11 19:20 73,728 --a------ C:\WINDOWS\system32\vsnp2std.dll
2007-07-11 19:20 61,440 --a------ C:\WINDOWS\system32\csnp2std.dll
2007-07-11 19:20 40,960 --a------ C:\WINDOWS\system32\SNCTRL.exe
2007-07-11 19:20 339,968 --a------ C:\WINDOWS\vsnp2std.exe
2007-07-11 19:20 24,832 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2007-07-11 19:20 20,480 --a------ C:\WINDOWS\usnp2std.exe
2007-07-11 19:20 126,976 --a------ C:\WINDOWS\system32\tsnp2std.exe
2007-07-11 19:20 122,880 --a------ C:\WINDOWS\system32\rsnp2std.dll
2007-07-11 19:20 10,446,592 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2007-07-11 19:20 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-07-11 02:24 <DIR> d-------- C:\Program Files\a-squared Free
2007-07-11 02:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-07-10 20:30 <DIR> d-------- C:\unzipped
2007-07-10 14:55 <DIR> d-------- C:\DOCUME~1\cuyugan\Contacts
2007-07-10 14:49 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-07 00:15 <DIR> d-------- C:\DOCUME~1\cuyugan\APPLIC~1\Help
2007-07-07 00:13 <DIR> d-------- C:\Program Files\IrfanView
2007-07-06 22:09 <DIR> d-------- C:\Program Files\CCleaner
2007-07-03 13:09 934,810 ---hs---- C:\WINDOWS\system32\aybeg.bak2
2007-07-03 03:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-03 03:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 13:09 932,126 ---hs---- C:\WINDOWS\system32\aybeg.bak1
2007-07-01 13:51 999,927 ---hs---- C:\WINDOWS\system32\ghswinjh.ini2
2007-06-30 16:19 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-28 19:58 932,291 ---hs---- C:\WINDOWS\system32\aybeg.ini2
2007-06-28 11:40 405 ---hs---- C:\WINDOWS\system32\sbtkfugm.ini2
2007-06-28 03:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-27 18:00 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-25 17:04 <DIR> d-------- C:\Program Files\RegSeeker
2007-06-23 15:06 936,853 ---hs---- C:\WINDOWS\system32\hjkkj.bak2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-15 04:52:04 9,811 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-07-14 12:48:02 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\uTorrent
2007-07-12 21:16:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-12 21:04:45 -------- d--h--r C:\DOCUME~1\cuyugan\APPLIC~1\yahoo!
2007-07-12 21:03:41 -------- d-----w C:\Program Files\Yahoo!
2007-07-10 17:37:23 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\Orbit
2007-07-10 17:36:27 -------- d-----w C:\Program Files\Orbitdownloader
2007-07-10 13:49:53 -------- d-----w C:\Program Files\DivX
2007-07-09 17:14:31 -------- d-----w C:\Program Files\Apple Software Update
2007-06-23 09:34:39 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\PLAux
2007-06-19 18:33:11 -------- d-----w C:\Program Files\iTunes
2007-06-19 18:32:28 -------- d-----w C:\Program Files\iPod
2007-06-05 12:15:23 -------- d-----w C:\Program Files\Springhouse
2007-05-25 16:43:59 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\Nokia
2007-05-24 10:52:17 -------- d-----w C:\Program Files\Nokia
2007-05-24 02:21:57 -------- d-----w C:\Program Files\QuickTime
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 14:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 14:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 14:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 14:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 14:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 14:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
2007-06-18 13:33 122880 --a------ C:\Program Files\Orbitdownloader\orbitcth.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 23:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=0000000000000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjh]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0779bb88-7174-11db-af8d-806d6172696f}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1552cf85-1fb5-11dc-b0f0-0016d418f3d9}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c74c63c-7ad6-11db-afd7-0016d418f3d9}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
é_†™\command- G:\NETSVCS.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c4f2389-302b-11dc-b15d-0016d418f3d9}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b819cb2e-81fd-11db-aff4-0016d418f3d9}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
é_†™\command- NETSVCS.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0606bf6-ac7a-11db-b070-0016d418f3d9}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0606bf7-ac7a-11db-b070-0016d418f3d9}]
AutoRun\command- H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5b3d785-8056-11db-afef-0016d418f3d9}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
é_†™\command- NETSVCS.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2471cb4-2ba1-11dc-b141-0016d418f3d9}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-15 13:08:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-15 13:09:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-15 13:09
--- E O F ---
--------------------------------------------------------------------------------------------------------------------------
ET ENFIN AVG :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 2:23:46 PM 7/15/2007
+ Résultat de l'analyse:
D:\PC SOFTWARE\adobe_photoshop_(cs2)_9.0.rar/keygen.exe -> Adware.Virtumonde : Nettoyé.
D:\PC SOFTWARE\adobe_photoshop_(cs2)_9.0.rar/patch.exe -> Downloader.LoadAdv : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\aafxfwkv.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\cmciincg.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgkmvlrm.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\kfgdjqac.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\ldvlutte.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\lmkbwqjh.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\lovhqidg.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\qwylvkhk.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\ujqfdbip.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\vlcypdir.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\vqxavmym.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\vxuyjhaq.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\yilpuugd.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\Documents and Settings\cuyugan\My Documents\all nokia\MobiSystems.MSDict.Viewer.v2.40.S60.SymbianOS.Cracked-SyMPDA.rar/run.exe -> Downloader.Zlob.bbj : Nettoyé.
:mozilla.30:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.31:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.32:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\cuyugan\Cookies\cuyugan@3.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\cuyugan\Cookies\cuyugan@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\cuyugan\Cookies\cuyugan@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.42:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
D:\PC SOFTWARE\adobe_photoshop_(cs2)_9.0.rar/crack.exe -> Trojan.Agent.qt : Nettoyé.
Fin du rapport
Bon, ben, je vous souhaite bon courage !!!!!
Laurent.
Voici les logs generes par tout vos petits outils :
HIJACKTHIS :
Logfile of HijackThis v1.99.1
Scan saved at 12:58:31 PM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis Version Française\hijackthis vf.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: jkkjh - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)
--------------------------------------------------------------------------------------------------------------------------
SDFIX :
SDFix: Version 1.91
Run by cuyugan on Sun 07/15/2007 at 12:46 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\cuyugan\Desktop\sdfix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\UTSCSI.EXE - Deleted
C:\WINDOWS\system32\crss.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\PC SOFTWARE\\utorrent.exe"="D:\\PC SOFTWARE\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\cuyugan\Desktop\sdfix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\cuyugan\Local Settings\Application Data\Microsoft\Messenger\meekee76@hotmail.com\Sharing Folders\vinali@free.fr\Thumbs.db
C:\WINDOWS\Temp\_ISTMPI.DIR\mmc32.exe
C:\WINDOWS\system32\aybeg.tmp
C:\WINDOWS\system32\ovsaepfp.tmp
C:\WINDOWS\system32\sbtkfugm.tmp
Finished
-------------------------------------------------------------------------------------------------------------------------
COMBOFIX :
"cuyugan" - 2007-07-15 13:02:29 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\aafxfwkv.exe
C:\WINDOWS\system32\cmciincg.exe
C:\WINDOWS\system32\hgkmvlrm.exe
C:\WINDOWS\system32\kfgdjqac.exe
C:\WINDOWS\system32\ldvlutte.exe
C:\WINDOWS\system32\lmkbwqjh.exe
C:\WINDOWS\system32\lovhqidg.exe
C:\WINDOWS\system32\qwylvkhk.exe
C:\WINDOWS\system32\ujqfdbip.exe
C:\WINDOWS\system32\vlcypdir.exe
C:\WINDOWS\system32\vqxavmym.exe
C:\WINDOWS\system32\vxuyjhaq.exe
C:\WINDOWS\system32\yilpuugd.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\cuyugan\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\dnscon70.dll
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\mstcpcon20.dll
C:\WINDOWS\system32\netmanage.dll
C:\WINDOWS\system32\netused.dll
C:\WINDOWS\system32\sr1000r.dll
C:\WINDOWS\temp\_istmpi.dir
C:\WINDOWS\temp\_istmpi.dir\mmc32.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DNSCON
-------\LEGACY_NETMANAGER
-------\LEGACY_SFSYNC02
-------\dnscon
-------\NetManager
-------\sfsync02
((((((((((((((((((((((((( Files Created from 2007-06-15 to 2007-07-15 )))))))))))))))))))))))))))))))
2007-07-15 13:04 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-07-15 13:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 12:45 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-15 12:33 146,432 --a------ C:\regedit.exe
2007-07-15 11:09 <DIR> d-------- C:\VundoFix Backups
2007-07-13 05:16 <DIR> d-------- C:\Program Files\ToniArts
2007-07-13 04:57 <DIR> d-------- C:\Program Files\RegCleaner
2007-07-13 03:31 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-07-13 02:50 <DIR> d-------- C:\Hijackthis Version Fran‡aise
2007-07-13 02:48 <DIR> d-------- C:\hijacakthis
2007-07-12 22:01 <DIR> d-------- C:\WINDOWS\pss
2007-07-12 21:53 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-11 19:20 73,728 --a------ C:\WINDOWS\system32\vsnp2std.dll
2007-07-11 19:20 61,440 --a------ C:\WINDOWS\system32\csnp2std.dll
2007-07-11 19:20 40,960 --a------ C:\WINDOWS\system32\SNCTRL.exe
2007-07-11 19:20 339,968 --a------ C:\WINDOWS\vsnp2std.exe
2007-07-11 19:20 24,832 --a------ C:\WINDOWS\system32\drivers\sncamd.sys
2007-07-11 19:20 20,480 --a------ C:\WINDOWS\usnp2std.exe
2007-07-11 19:20 126,976 --a------ C:\WINDOWS\system32\tsnp2std.exe
2007-07-11 19:20 122,880 --a------ C:\WINDOWS\system32\rsnp2std.dll
2007-07-11 19:20 10,446,592 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys
2007-07-11 19:20 <DIR> d-------- C:\Program Files\Common Files\snp2std
2007-07-11 02:24 <DIR> d-------- C:\Program Files\a-squared Free
2007-07-11 02:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-07-10 20:30 <DIR> d-------- C:\unzipped
2007-07-10 14:55 <DIR> d-------- C:\DOCUME~1\cuyugan\Contacts
2007-07-10 14:49 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-07 00:15 <DIR> d-------- C:\DOCUME~1\cuyugan\APPLIC~1\Help
2007-07-07 00:13 <DIR> d-------- C:\Program Files\IrfanView
2007-07-06 22:09 <DIR> d-------- C:\Program Files\CCleaner
2007-07-03 13:09 934,810 ---hs---- C:\WINDOWS\system32\aybeg.bak2
2007-07-03 03:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-03 03:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-02 13:09 932,126 ---hs---- C:\WINDOWS\system32\aybeg.bak1
2007-07-01 13:51 999,927 ---hs---- C:\WINDOWS\system32\ghswinjh.ini2
2007-06-30 16:19 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-28 19:58 932,291 ---hs---- C:\WINDOWS\system32\aybeg.ini2
2007-06-28 11:40 405 ---hs---- C:\WINDOWS\system32\sbtkfugm.ini2
2007-06-28 03:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-27 18:00 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-25 17:04 <DIR> d-------- C:\Program Files\RegSeeker
2007-06-23 15:06 936,853 ---hs---- C:\WINDOWS\system32\hjkkj.bak2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-15 04:52:04 9,811 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-07-14 12:48:02 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\uTorrent
2007-07-12 21:16:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-12 21:04:45 -------- d--h--r C:\DOCUME~1\cuyugan\APPLIC~1\yahoo!
2007-07-12 21:03:41 -------- d-----w C:\Program Files\Yahoo!
2007-07-10 17:37:23 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\Orbit
2007-07-10 17:36:27 -------- d-----w C:\Program Files\Orbitdownloader
2007-07-10 13:49:53 -------- d-----w C:\Program Files\DivX
2007-07-09 17:14:31 -------- d-----w C:\Program Files\Apple Software Update
2007-06-23 09:34:39 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\PLAux
2007-06-19 18:33:11 -------- d-----w C:\Program Files\iTunes
2007-06-19 18:32:28 -------- d-----w C:\Program Files\iPod
2007-06-05 12:15:23 -------- d-----w C:\Program Files\Springhouse
2007-05-25 16:43:59 -------- d-----w C:\DOCUME~1\cuyugan\APPLIC~1\Nokia
2007-05-24 10:52:17 -------- d-----w C:\Program Files\Nokia
2007-05-24 02:21:57 -------- d-----w C:\Program Files\QuickTime
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 14:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 14:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 14:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 14:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 14:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 14:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 14:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 14:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 14:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
2007-06-18 13:33 122880 --a------ C:\Program Files\Orbitdownloader\orbitcth.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 23:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=0000000000000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjh]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0779bb88-7174-11db-af8d-806d6172696f}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1552cf85-1fb5-11dc-b0f0-0016d418f3d9}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c74c63c-7ad6-11db-afd7-0016d418f3d9}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
é_†™\command- G:\NETSVCS.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c4f2389-302b-11dc-b15d-0016d418f3d9}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b819cb2e-81fd-11db-aff4-0016d418f3d9}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
é_†™\command- NETSVCS.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0606bf6-ac7a-11db-b070-0016d418f3d9}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0606bf7-ac7a-11db-b070-0016d418f3d9}]
AutoRun\command- H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5b3d785-8056-11db-afef-0016d418f3d9}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXE
é_†™\command- NETSVCS.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2471cb4-2ba1-11dc-b141-0016d418f3d9}]
Auto\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
Browser\command- G:\RECYCLER\S-1-5-21-1078073611-1993962763-839522115-1003\mmc32.EXE
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-15 13:08:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-15 13:09:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-15 13:09
--- E O F ---
--------------------------------------------------------------------------------------------------------------------------
ET ENFIN AVG :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 2:23:46 PM 7/15/2007
+ Résultat de l'analyse:
D:\PC SOFTWARE\adobe_photoshop_(cs2)_9.0.rar/keygen.exe -> Adware.Virtumonde : Nettoyé.
D:\PC SOFTWARE\adobe_photoshop_(cs2)_9.0.rar/patch.exe -> Downloader.LoadAdv : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\aafxfwkv.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\cmciincg.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgkmvlrm.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\kfgdjqac.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\ldvlutte.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\lmkbwqjh.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\lovhqidg.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\qwylvkhk.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\ujqfdbip.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\vlcypdir.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\vqxavmym.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\vxuyjhaq.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\QooBox\Quarantine\C\WINDOWS\system32\yilpuugd.exe.vir -> Downloader.Tiny.id : Nettoyé.
C:\Documents and Settings\cuyugan\My Documents\all nokia\MobiSystems.MSDict.Viewer.v2.40.S60.SymbianOS.Cracked-SyMPDA.rar/run.exe -> Downloader.Zlob.bbj : Nettoyé.
:mozilla.30:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.31:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.32:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\cuyugan\Cookies\cuyugan@3.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\cuyugan\Cookies\cuyugan@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\cuyugan\Cookies\cuyugan@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.42:C:\Documents and Settings\cuyugan\Application Data\Mozilla\Firefox\Profiles\6385ueld.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
D:\PC SOFTWARE\adobe_photoshop_(cs2)_9.0.rar/crack.exe -> Trojan.Agent.qt : Nettoyé.
Fin du rapport
Bon, ben, je vous souhaite bon courage !!!!!
Laurent.
moK´s@
Messages postés
4399
Date d'inscription
mardi 18 octobre 2005
Statut
Membre
Dernière intervention
2 novembre 2007
89
15 juil. 2007 à 14:26
15 juil. 2007 à 14:26
salut laudela38
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
puis rends toi sur ce site et fais analyser les dossier ci dessous:
http://virusscan.jotti.org/de/
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\sbtkfugm.ini2
C:\WINDOWS\system32\sfsync02.dll
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\system32\rsnp2std.dll
C:\Program Files\Common Files\snp2std
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\jkkjh
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg
@+
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer !
puis rends toi sur ce site et fais analyser les dossier ci dessous:
http://virusscan.jotti.org/de/
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\sbtkfugm.ini2
C:\WINDOWS\system32\sfsync02.dll
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\system32\rsnp2std.dll
C:\Program Files\Common Files\snp2std
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\jkkjh
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg
@+
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
77
15 juil. 2007 à 21:22
15 juil. 2007 à 21:22
salut
tu te mok s@ c sure loool
merci a toi ^^
tu te mok s@ c sure loool
merci a toi ^^
moK´s@
Messages postés
4399
Date d'inscription
mardi 18 octobre 2005
Statut
Membre
Dernière intervention
2 novembre 2007
89
15 juil. 2007 à 22:50
15 juil. 2007 à 22:50
je me mok´ de ki s@?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
77
15 juil. 2007 à 22:58
15 juil. 2007 à 22:58
de lote la tu c!!! la ral ki va dans lbol!!! merde c bidon ca mdrrrrrrrrrrrrrrrrrrrrrrr
bizoux
bizoux
moK´s@
Messages postés
4399
Date d'inscription
mardi 18 octobre 2005
Statut
Membre
Dernière intervention
2 novembre 2007
89
15 juil. 2007 à 23:54
15 juil. 2007 à 23:54
c´est la goutte ki fait deborder le bol...
raleuboleu
Messages postés
5022
Date d'inscription
mercredi 13 décembre 2006
Statut
Membre
Dernière intervention
14 mars 2012
77
16 juil. 2007 à 00:22
16 juil. 2007 à 00:22
mais nannnnnnnnnnnnnnnnnnnnnn la tasse loool
bizoux
bizoux