Log HijackThis et Mbam : aide
Utilisateur anonyme
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
J'aurai besoin de votre aide pour analyser les logs ci contre : mon ordinateur est très très ralenti, ce qui m'a poussé à
faire une analyse HijackThis et Malwaresbytes' Anti-Malwares.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:13, on 07/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\céline nguyen\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S80.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/099a225952c28f9df515/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Filter hijack: text/html - {EEC5D5B0-1FC8-4CD8-AF1E-E65D0E6EE48D} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
J'aurai besoin de votre aide pour analyser les logs ci contre : mon ordinateur est très très ralenti, ce qui m'a poussé à
faire une analyse HijackThis et Malwaresbytes' Anti-Malwares.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:13, on 07/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\céline nguyen\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S80.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/099a225952c28f9df515/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Filter hijack: text/html - {EEC5D5B0-1FC8-4CD8-AF1E-E65D0E6EE48D} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- Log HijackThis et Mbam : aide
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Vpn no log - Guide
- Andie veut accéder à internet dans son nouveau logement. que doit-elle faire pour avoir une box (modem) et pouvoir se connecter à internet - Forum SFR
- Andie veut accéder à internet dans son nouveau logement. que doit-elle faire pour avoir une box (modem) et pouvoir se connecter à internet ? - Forum Réseaux sociaux
- View rescue log traduction - Guide
6 réponses
supprime tout ce que t a trouver malware ainsi que ce qui est en quarantaine,ensuite refais un hijack.
j espere que tu les as bien supprime car sur ton rapport malwarebyte il est ecris no action taken(aucune action de prise).
ensuite
*Télécharge SDFix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
*Double-clique sur SDFix.exe
*Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
*Redémarre en mode sans échec
*Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
*Double clique sur RunThis.bat pour lancer le script. (Le .bat peut ne pas apparaître)
*Appuie sur Y pour commencer le processus de nettoyage.
*Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
*Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
*Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
*Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
*Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
*Copie/colle le contenu
*Si Sdfix ne se lance pas
* Clique sur Démarrer > Exécuter
*Copie/colle ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clique sur Ok.
*Redémarre et essaie de relance SDFix.
ensuite
*Télécharge SDFix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
*Double-clique sur SDFix.exe
*Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
*Redémarre en mode sans échec
*Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
*Double clique sur RunThis.bat pour lancer le script. (Le .bat peut ne pas apparaître)
*Appuie sur Y pour commencer le processus de nettoyage.
*Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
*Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
*Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
*Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
*Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
*Copie/colle le contenu
*Si Sdfix ne se lance pas
* Clique sur Démarrer > Exécuter
*Copie/colle ceci: %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
*Clique sur Ok.
*Redémarre et essaie de relance SDFix.
[b]SDFix: Version 1.207 [/b]
Run by c‚line SSS on 07/20/2008 at 21:25
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\CLINEN~1\Bureau\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 21:41:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\qwerty12.exe"="C:\\WINDOWS\\system32\\qwe"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"
Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"
Fri 28 Mar 2008 8 ..SHR --- "C:\WINDOWS\system32\7AB62A705F.sys"
Tue 6 May 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 26 Dec 2002 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Dec 2002 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Sun 1 May 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sun 1 May 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Tue 21 Nov 2000 18,192 A..H. --- "C:\Documents and Settings\SSS SSS SSS\Bureau\psapi.dll"
Sun 16 Nov 2003 18,520 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Mes documents\~WRL2378.tmp"
Sun 16 Nov 2003 39,205 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Mes documents\~WRL3017.tmp"
Wed 11 Feb 2004 15,819 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Mes documents\~WRL3472.tmp"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP486\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP486\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP487\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP487\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP488\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP488\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP489\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP489\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP490\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP490\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP491\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP491\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP492\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP492\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP494\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP494\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP495\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP495\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP496\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP496\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP497\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP497\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP498\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP498\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP499\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP499\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP500\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP500\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP501\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP501\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP502\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP502\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP503\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP503\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP504\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP504\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP505\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP505\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Sun 20 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT3.tmp"
Sun 20 Jul 2008 251,597 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e09fe9fb23931659fee8175518ca0d14\BIT2.tmp"
Thu 22 Feb 2007 68,096 ...H. --- "C:\Documents and Settings\c‚line SSS\Application Data\Microsoft\Word\~WRL0005.tmp"
Sat 15 Nov 2003 76,288 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Application Data\Microsoft\ModŠles\~WRL1388.tmp"
Sun 16 Nov 2003 78,848 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Application Data\Microsoft\ModŠles\~WRL2703.tmp"
[b]Finished![/b]
Run by c‚line SSS on 07/20/2008 at 21:25
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\CLINEN~1\Bureau\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 21:41:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\qwerty12.exe"="C:\\WINDOWS\\system32\\qwe"
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Fri 13 May 2005 217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"
Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"
Fri 28 Mar 2008 8 ..SHR --- "C:\WINDOWS\system32\7AB62A705F.sys"
Tue 6 May 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 26 Dec 2002 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Dec 2002 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Sun 1 May 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sun 1 May 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Tue 21 Nov 2000 18,192 A..H. --- "C:\Documents and Settings\SSS SSS SSS\Bureau\psapi.dll"
Sun 16 Nov 2003 18,520 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Mes documents\~WRL2378.tmp"
Sun 16 Nov 2003 39,205 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Mes documents\~WRL3017.tmp"
Wed 11 Feb 2004 15,819 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Mes documents\~WRL3472.tmp"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP486\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP486\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP487\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP487\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP488\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP488\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP489\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP489\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP490\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP490\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP491\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP491\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP492\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP492\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP494\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP494\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP495\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP495\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP496\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP496\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP497\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP497\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP498\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP498\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP499\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP499\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP500\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP500\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP501\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP501\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP502\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP502\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP503\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP503\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP504\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP504\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 11 Apr 2008 6,553,600 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP505\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Fri 16 Feb 2007 262,144 A..H. --- "C:\System Volume Information\_restore{81FA5C7A-E834-43A1-9A67-A9268E59CEE2}\RP505\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1749521121-3244783744-1582333133-1017.bak"
Sun 20 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT3.tmp"
Sun 20 Jul 2008 251,597 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e09fe9fb23931659fee8175518ca0d14\BIT2.tmp"
Thu 22 Feb 2007 68,096 ...H. --- "C:\Documents and Settings\c‚line SSS\Application Data\Microsoft\Word\~WRL0005.tmp"
Sat 15 Nov 2003 76,288 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Application Data\Microsoft\ModŠles\~WRL1388.tmp"
Sun 16 Nov 2003 78,848 A..H. --- "C:\Documents and Settings\SSS SSS.SIEMENS\Application Data\Microsoft\ModŠles\~WRL2703.tmp"
[b]Finished![/b]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
pour avancer:
colle le rapport d'un scan en ligne
avec un des suivants:
(désactive avast le temps du scan)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
colle le rapport d'un scan en ligne
avec un des suivants:
(désactive avast le temps du scan)
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
