System32 Non Valide
Résolu/Fermé
kev-graph
Messages postés
71
Date d'inscription
samedi 18 octobre 2008
Statut
Membre
Dernière intervention
16 février 2010
-
18 oct. 2008 à 14:50
kev-graph Messages postés 71 Date d'inscription samedi 18 octobre 2008 Statut Membre Dernière intervention 16 février 2010 - 25 oct. 2008 à 20:23
kev-graph Messages postés 71 Date d'inscription samedi 18 octobre 2008 Statut Membre Dernière intervention 16 février 2010 - 25 oct. 2008 à 20:23
A voir également:
- System32 Non Valide
- Ethernet n'a pas de configuration ip valide - Guide
- Code ihm non valide ✓ - Forum Huawei
- Ora-00904 identificateur non valide ✓ - Forum Bases de données
- Pdf non valide ✓ - Forum Samsung
- Adresse électronique non valide a2 ✓ - Forum Messagerie
88 réponses
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
18 oct. 2008 à 16:21
18 oct. 2008 à 16:21
Ok.
kev-graph
Messages postés
71
Date d'inscription
samedi 18 octobre 2008
Statut
Membre
Dernière intervention
16 février 2010
14
24 oct. 2008 à 19:50
24 oct. 2008 à 19:50
Bonjour et désolé du retard, mais l'analyse a souvznt beuger ou a etait tres longue, l'autre jours plus de 10h et encore elle a beuguer, donc je ne sais pas si ce rapport est correcte mais sinon il m'a trouvé pas mal de truc :
Malwarebytes' Anti-Malware 1.29
Database version: 1305
Windows 5.1.2600 Service Pack 2
24/10/2008 19:41:28
mbam-log-2008-10-24 (19-41-28).txt
Scan type: Full Scan (C:\|D:\|J:\|)
Objects scanned: 101210
Time elapsed: 1 hour(s), 30 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.29
Database version: 1305
Windows 5.1.2600 Service Pack 2
24/10/2008 19:41:28
mbam-log-2008-10-24 (19-41-28).txt
Scan type: Full Scan (C:\|D:\|J:\|)
Objects scanned: 101210
Time elapsed: 1 hour(s), 30 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
24 oct. 2008 à 20:29
24 oct. 2008 à 20:29
---> Relance MBAM, va dans Quarantaine et supprime tout.
---> Restaure le mode sans échec avec ceci :
https://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe
---> Essaie de faire la manip' avec SDFix.
---> Restaure le mode sans échec avec ceci :
https://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe
---> Essaie de faire la manip' avec SDFix.
kev-graph
Messages postés
71
Date d'inscription
samedi 18 octobre 2008
Statut
Membre
Dernière intervention
16 février 2010
14
24 oct. 2008 à 23:34
24 oct. 2008 à 23:34
[b]SDFix: Version 1.236 [/b]
Run by BABETH on 24/10/2008 at 23:18
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Program Files\Fichiers communs\FDEUnInstaller.exe - Deleted
C:\Documents and Settings\BABETH\Application Data\GDIPFONTCACHEV1.DAT - Deleted
C:\Documents and Settings\BABETH\Application Data\wklnhst.dat - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMP1D.tmp - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMP56.tmp - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMPD.tmp - Deleted
C:\smp.bat - Deleted
Run by BABETH on 24/10/2008 at 23:18
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Program Files\Fichiers communs\FDEUnInstaller.exe - Deleted
C:\Documents and Settings\BABETH\Application Data\GDIPFONTCACHEV1.DAT - Deleted
C:\Documents and Settings\BABETH\Application Data\wklnhst.dat - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMP1D.tmp - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMP56.tmp - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMPD.tmp - Deleted
C:\smp.bat - Deleted
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
24 oct. 2008 à 23:39
24 oct. 2008 à 23:39
Le rapport n'est pas complet.
kev-graph
Messages postés
71
Date d'inscription
samedi 18 octobre 2008
Statut
Membre
Dernière intervention
16 février 2010
14
24 oct. 2008 à 23:50
24 oct. 2008 à 23:50
[b]SDFix: Version 1.236 [/b]
Run by BABETH on 24/10/2008 at 23:18
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Program Files\Fichiers communs\FDEUnInstaller.exe - Deleted
C:\Documents and Settings\BABETH\Application Data\GDIPFONTCACHEV1.DAT - Deleted
C:\Documents and Settings\BABETH\Application Data\wklnhst.dat - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMP1D.tmp - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMP56.tmp - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMPD.tmp - Deleted
C:\smp.bat - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 23:29:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0012d203029b"=hex:5f,e6,72,3e,83,7d,cb,98,3d,92,4c,47,65,ac,06,e8
"0800284ed99c"=hex:22,2b,35,0b,38,a3,01,aa,43,6c,82,f6,e1,88,2c,57
"0017e37d5fa9"=hex:a2,17,5e,08,34,66,3d,32,f1,2c,ea,7b,08,1c,64,84
"0012d168053c"=hex:5e,e6,b9,09,46,8c,93,ac,38,29,f9,5b,58,79,7b,b9
"001e459487a2"=hex:f3,13,51,e3,aa,e8,ce,5c,1a,71,62,58,a4,67,cd,a3
"001df6c88a7b"=hex:0c,c1,4d,a6,0d,e3,2d,81,cf,45,d4,15,5b,53,7b,e2
"0017e364588d"=hex:e3,11,d1,e5,52,1c,1c,bf,eb,3c,ea,71,8a,b5,74,82
"001df6208d5f"=hex:02,84,b5,45,d9,87,a7,5c,a0,da,a1,e9,70,e4,4c,d8
"001d28694725"=hex:33,5c,aa,eb,1f,b4,e8,fd,11,ed,c7,48,15,44,cc,03
"001c43becdbb"=hex:e7,be,87,63,39,46,c1,48,50,9e,8c,da,9d,44,2e,ad
"0021d10a64ab"=hex:b4,87,c2,64,53,ce,16,cb,c0,43,ae,b2,6e,d8,4f,87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0012d203029b"=hex:5f,e6,72,3e,83,7d,cb,98,3d,92,4c,47,65,ac,06,e8
"0800284ed99c"=hex:22,2b,35,0b,38,a3,01,aa,43,6c,82,f6,e1,88,2c,57
"0017e37d5fa9"=hex:a2,17,5e,08,34,66,3d,32,f1,2c,ea,7b,08,1c,64,84
"0012d168053c"=hex:5e,e6,b9,09,46,8c,93,ac,38,29,f9,5b,58,79,7b,b9
"001e459487a2"=hex:f3,13,51,e3,aa,e8,ce,5c,1a,71,62,58,a4,67,cd,a3
"001df6c88a7b"=hex:0c,c1,4d,a6,0d,e3,2d,81,cf,45,d4,15,5b,53,7b,e2
"0017e364588d"=hex:e3,11,d1,e5,52,1c,1c,bf,eb,3c,ea,71,8a,b5,74,82
"001df6208d5f"=hex:02,84,b5,45,d9,87,a7,5c,a0,da,a1,e9,70,e4,4c,d8
"001d28694725"=hex:33,5c,aa,eb,1f,b4,e8,fd,11,ed,c7,48,15,44,cc,03
"001c43becdbb"=hex:e7,be,87,63,39,46,c1,48,50,9e,8c,da,9d,44,2e,ad
"0021d10a64ab"=hex:b4,87,c2,64,53,ce,16,cb,c0,43,ae,b2,6e,d8,4f,87
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0012d203029b"=hex:5f,e6,72,3e,83,7d,cb,98,3d,92,4c,47,65,ac,06,e8
"0800284ed99c"=hex:22,2b,35,0b,38,a3,01,aa,43,6c,82,f6,e1,88,2c,57
"0017e37d5fa9"=hex:a2,17,5e,08,34,66,3d,32,f1,2c,ea,7b,08,1c,64,84
"0012d168053c"=hex:5e,e6,b9,09,46,8c,93,ac,38,29,f9,5b,58,79,7b,b9
"001e459487a2"=hex:f3,13,51,e3,aa,e8,ce,5c,1a,71,62,58,a4,67,cd,a3
"001df6c88a7b"=hex:0c,c1,4d,a6,0d,e3,2d,81,cf,45,d4,15,5b,53,7b,e2
"0017e364588d"=hex:e3,11,d1,e5,52,1c,1c,bf,eb,3c,ea,71,8a,b5,74,82
"001df6208d5f"=hex:02,84,b5,45,d9,87,a7,5c,a0,da,a1,e9,70,e4,4c,d8
"001d28694725"=hex:33,5c,aa,eb,1f,b4,e8,fd,11,ed,c7,48,15,44,cc,03
"001c43becdbb"=hex:e7,be,87,63,39,46,c1,48,50,9e,8c,da,9d,44,2e,ad
"0021d10a64ab"=hex:b4,87,c2,64,53,ce,16,cb,c0,43,ae,b2,6e,d8,4f,87
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000a30
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FBAFF8A-C4CF-FDFD-40B4-66D246895FD3}]
"ianenemjaccpabgell"=hex:6a,61,67,66,66,66,6c,64,6d,70,62,6c,65,61,65,6f,63,63,6a,63,00,..
"haledeckalniccpg"=hex:69,61,67,66,64,67,6c,64,6e,70,6b,6e,70,67,67,62,63,68,00,00
"iabebjgfnipgipngfp"=hex:63,61,64,67,64,64,00,7c
scanning hidden files ...
C:\Documents and Settings\HP_Propriétaire\Bureau\tout dossier\photo bab\fichier kevin\Harry potter ecole_fichiers\Plus-Belle-La-Vie_fichiers\Commande N°26 Plus Belle La Vie_fichiers\Thème plus belle la vie n°26 [ Asagi ]_fichiers\Plus belle la vie_fichiers\CAVAEXR7_fichiers\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\HP_Propriétaire\Bureau\tout dossier\photo bab\fichier kevin\Harry potter ecole_fichiers\Plus-Belle-La-Vie_fichiers\Commande N°26 Plus Belle La Vie_fichiers\Thème plus belle la vie n°26 [ Asagi ]_fichiers\Plus belle la vie_fichiers\Thumbs.db:encryptable 0 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\hh.exe"="C:\\WINDOWS\\hh.exe:*:Enabled:Microsoft© HTML Help Executable"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\WINSOS\\winsos.exe"="C:\\Program Files\\Winsos\\winsos.exe:*:Enabled:Winsos"
"C:\\Program Files\\WINSOS\\anti-spy.exe"="C:\\Program Files\\Winsos\\anti-spy.exe:*:Enabled:anti-spy Winsos"
"C:\\Program Files\\WINSOS\\help.exe"="C:\\Program Files\\Winsos\\help.exe:*:Enabled:Winsos Help"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Documents and Settings\\HP_Propri‚taire\\Application Data\\tmp3C.tmp.exe"="C:\\Documents and Settings\\HP_Propri‚taire\\A"
"C:\\Program Files\\OneMX\\OneMX.exe"="C:\\Program Files\\OneMX\\OneMX.exe:*:Enabled:OneMX"
"C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe"="C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Kamzy FTP\\Kamzy Ftp.exe"="C:\\Program Files\\Kamzy FTP\\Kamzy Ftp.exe:*:Enabled:Kamzy FTP "
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\aMule\\amule.exe"="C:\\Program Files\\aMule\\amule.exe:*:Disabled:amule"
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"="C:\\Program Files\\SHOUTcast\\sc_serv.exe:*:Enabled:sc_serv"
"C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"="C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe:*:Enabled:SAMBC"
"C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temp\\R‚pertoire temporaire 1 pour eMule_PRO_Ultra3_0.48a_mod.zip\\emule.exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temp\\R‚pertoire temporaire 1 pour eMule_PRO_Ultra3_0.48a_mod.zip\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"C:\\Program Files\\FRoG Creator V0.4\\Serveur\\Server.exe"="C:\\Program Files\\FRoG Creator V0.4\\Serveur\\Server.exe:*:Enabled:Server"
"C:\\Program Files\\Micro Application\\aom.exe"="C:\\Program Files\\Micro Application\\aom.exe:*:Enabled:Age of Mythology"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"="C:\\Program Files\\IncrediMail\\bin\\ImPackr.exe:*:Enabled:IncrediMail"
"C:\\WINDOWS\\system32\\1025\\svchost.exe"="C:\\WINDOWS\\system32\\1025\\svchost.exe:*:Disabled:TightVNC Win32 Server"
"C:\\Program Files\\TightVNC\\WinVNC.exe"="C:\\Program Files\\TightVNC\\WinVNC.exe:*:Disabled:TightVNC Win32 Server"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Disabled:VNC server for Win32"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Wed 28 Sep 2005 218 ..SH. --- "C:\BOOT.BAK"
Thu 31 May 2007 864 A.SH. --- "C:\v40fao30.sys"
Mon 16 Apr 2007 864 A.SH. --- "C:\v40jaw3o.sys"
Tue 5 Sep 2006 14 ..SH. --- "C:\WINDOWS\mswtpdxp.dll"
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Tue 5 Sep 2006 21 ..SH. --- "C:\WINDOWS\prwttrxp.dll"
Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 15 Mar 2008 88 ..SHR --- "C:\WINDOWS\system32\9A5484A7BB.sys"
Sat 15 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\BBA784549A.sys"
Tue 5 Sep 2006 21 ..SH. --- "C:\WINDOWS\system32\dpwttaxp.dll"
Mon 7 Jul 2008 5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 5 Sep 2006 14 ..SH. --- "C:\WINDOWS\system32\mswtpaxp.dll"
Tue 5 Sep 2006 2 ..SH. --- "C:\WINDOWS\system32\verwttxp.dll"
Thu 2 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 19 Oct 2005 44,032 ...H. --- "C:\Documents and Settings\BABETH\Mes documents\~WRL0001.tmp"
Tue 8 Apr 2008 14,363 ...H. --- "C:\Documents and Settings\BABETH\Mes documents\~WRL2016.tmp"
Mon 5 Feb 2001 34,331 A..H. --- "C:\swsetup\Monitors\vs17\INSTALL.EXE"
Mon 8 Nov 2004 21,659 A..H. --- "C:\swsetup\Monitors\vs17\SETMON.EXE"
Mon 26 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 31 May 2005 249,856 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\IMailDll.dll"
Tue 25 Sep 2007 2,453,504 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\SkypadMain.exe"
Wed 16 May 2007 143,360 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\TaskKeyHook.dll"
Mon 19 Aug 2002 397,856 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\XceedZip.dll"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT39.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT3B.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT3D.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT38.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3A.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT36.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\78670cbd6a90baaa408a8a72f52fdce2\BIT35.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT3C.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5ceb6274f4d7fd206d6adab3df8e834\BIT3.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT37.tmp"
Tue 31 May 2005 249,856 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\tmp\IMailDll.dll"
Tue 25 Sep 2007 2,453,504 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\tmp\SkypadMain.exe"
Wed 16 May 2007 143,360 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\tmp\TaskKeyHook.dll"
Mon 19 Aug 2002 397,856 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\tmp\XceedZip.dll"
Mon 7 Jul 2008 65,536 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\Microsoft\Outlook\~Outlookwanadoo-00000006.pst.tmp"
[b]Finished![/b]
Run by BABETH on 24/10/2008 at 23:18
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Program Files\Fichiers communs\FDEUnInstaller.exe - Deleted
C:\Documents and Settings\BABETH\Application Data\GDIPFONTCACHEV1.DAT - Deleted
C:\Documents and Settings\BABETH\Application Data\wklnhst.dat - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMP1D.tmp - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMP56.tmp - Deleted
C:\DOCUME~1\BABETH\LOCALS~1\Temp\TMPD.tmp - Deleted
C:\smp.bat - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-24 23:29:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0012d203029b"=hex:5f,e6,72,3e,83,7d,cb,98,3d,92,4c,47,65,ac,06,e8
"0800284ed99c"=hex:22,2b,35,0b,38,a3,01,aa,43,6c,82,f6,e1,88,2c,57
"0017e37d5fa9"=hex:a2,17,5e,08,34,66,3d,32,f1,2c,ea,7b,08,1c,64,84
"0012d168053c"=hex:5e,e6,b9,09,46,8c,93,ac,38,29,f9,5b,58,79,7b,b9
"001e459487a2"=hex:f3,13,51,e3,aa,e8,ce,5c,1a,71,62,58,a4,67,cd,a3
"001df6c88a7b"=hex:0c,c1,4d,a6,0d,e3,2d,81,cf,45,d4,15,5b,53,7b,e2
"0017e364588d"=hex:e3,11,d1,e5,52,1c,1c,bf,eb,3c,ea,71,8a,b5,74,82
"001df6208d5f"=hex:02,84,b5,45,d9,87,a7,5c,a0,da,a1,e9,70,e4,4c,d8
"001d28694725"=hex:33,5c,aa,eb,1f,b4,e8,fd,11,ed,c7,48,15,44,cc,03
"001c43becdbb"=hex:e7,be,87,63,39,46,c1,48,50,9e,8c,da,9d,44,2e,ad
"0021d10a64ab"=hex:b4,87,c2,64,53,ce,16,cb,c0,43,ae,b2,6e,d8,4f,87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0012d203029b"=hex:5f,e6,72,3e,83,7d,cb,98,3d,92,4c,47,65,ac,06,e8
"0800284ed99c"=hex:22,2b,35,0b,38,a3,01,aa,43,6c,82,f6,e1,88,2c,57
"0017e37d5fa9"=hex:a2,17,5e,08,34,66,3d,32,f1,2c,ea,7b,08,1c,64,84
"0012d168053c"=hex:5e,e6,b9,09,46,8c,93,ac,38,29,f9,5b,58,79,7b,b9
"001e459487a2"=hex:f3,13,51,e3,aa,e8,ce,5c,1a,71,62,58,a4,67,cd,a3
"001df6c88a7b"=hex:0c,c1,4d,a6,0d,e3,2d,81,cf,45,d4,15,5b,53,7b,e2
"0017e364588d"=hex:e3,11,d1,e5,52,1c,1c,bf,eb,3c,ea,71,8a,b5,74,82
"001df6208d5f"=hex:02,84,b5,45,d9,87,a7,5c,a0,da,a1,e9,70,e4,4c,d8
"001d28694725"=hex:33,5c,aa,eb,1f,b4,e8,fd,11,ed,c7,48,15,44,cc,03
"001c43becdbb"=hex:e7,be,87,63,39,46,c1,48,50,9e,8c,da,9d,44,2e,ad
"0021d10a64ab"=hex:b4,87,c2,64,53,ce,16,cb,c0,43,ae,b2,6e,d8,4f,87
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0012d203029b"=hex:5f,e6,72,3e,83,7d,cb,98,3d,92,4c,47,65,ac,06,e8
"0800284ed99c"=hex:22,2b,35,0b,38,a3,01,aa,43,6c,82,f6,e1,88,2c,57
"0017e37d5fa9"=hex:a2,17,5e,08,34,66,3d,32,f1,2c,ea,7b,08,1c,64,84
"0012d168053c"=hex:5e,e6,b9,09,46,8c,93,ac,38,29,f9,5b,58,79,7b,b9
"001e459487a2"=hex:f3,13,51,e3,aa,e8,ce,5c,1a,71,62,58,a4,67,cd,a3
"001df6c88a7b"=hex:0c,c1,4d,a6,0d,e3,2d,81,cf,45,d4,15,5b,53,7b,e2
"0017e364588d"=hex:e3,11,d1,e5,52,1c,1c,bf,eb,3c,ea,71,8a,b5,74,82
"001df6208d5f"=hex:02,84,b5,45,d9,87,a7,5c,a0,da,a1,e9,70,e4,4c,d8
"001d28694725"=hex:33,5c,aa,eb,1f,b4,e8,fd,11,ed,c7,48,15,44,cc,03
"001c43becdbb"=hex:e7,be,87,63,39,46,c1,48,50,9e,8c,da,9d,44,2e,ad
"0021d10a64ab"=hex:b4,87,c2,64,53,ce,16,cb,c0,43,ae,b2,6e,d8,4f,87
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000a30
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FBAFF8A-C4CF-FDFD-40B4-66D246895FD3}]
"ianenemjaccpabgell"=hex:6a,61,67,66,66,66,6c,64,6d,70,62,6c,65,61,65,6f,63,63,6a,63,00,..
"haledeckalniccpg"=hex:69,61,67,66,64,67,6c,64,6e,70,6b,6e,70,67,67,62,63,68,00,00
"iabebjgfnipgipngfp"=hex:63,61,64,67,64,64,00,7c
scanning hidden files ...
C:\Documents and Settings\HP_Propriétaire\Bureau\tout dossier\photo bab\fichier kevin\Harry potter ecole_fichiers\Plus-Belle-La-Vie_fichiers\Commande N°26 Plus Belle La Vie_fichiers\Thème plus belle la vie n°26 [ Asagi ]_fichiers\Plus belle la vie_fichiers\CAVAEXR7_fichiers\Thumbs.db:encryptable 0 bytes hidden from API
C:\Documents and Settings\HP_Propriétaire\Bureau\tout dossier\photo bab\fichier kevin\Harry potter ecole_fichiers\Plus-Belle-La-Vie_fichiers\Commande N°26 Plus Belle La Vie_fichiers\Thème plus belle la vie n°26 [ Asagi ]_fichiers\Plus belle la vie_fichiers\Thumbs.db:encryptable 0 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\hh.exe"="C:\\WINDOWS\\hh.exe:*:Enabled:Microsoft© HTML Help Executable"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\WINSOS\\winsos.exe"="C:\\Program Files\\Winsos\\winsos.exe:*:Enabled:Winsos"
"C:\\Program Files\\WINSOS\\anti-spy.exe"="C:\\Program Files\\Winsos\\anti-spy.exe:*:Enabled:anti-spy Winsos"
"C:\\Program Files\\WINSOS\\help.exe"="C:\\Program Files\\Winsos\\help.exe:*:Enabled:Winsos Help"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Documents and Settings\\HP_Propri‚taire\\Application Data\\tmp3C.tmp.exe"="C:\\Documents and Settings\\HP_Propri‚taire\\A"
"C:\\Program Files\\OneMX\\OneMX.exe"="C:\\Program Files\\OneMX\\OneMX.exe:*:Enabled:OneMX"
"C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe"="C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Kamzy FTP\\Kamzy Ftp.exe"="C:\\Program Files\\Kamzy FTP\\Kamzy Ftp.exe:*:Enabled:Kamzy FTP "
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\aMule\\amule.exe"="C:\\Program Files\\aMule\\amule.exe:*:Disabled:amule"
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"="C:\\Program Files\\SHOUTcast\\sc_serv.exe:*:Enabled:sc_serv"
"C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"="C:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe:*:Enabled:SAMBC"
"C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temp\\R‚pertoire temporaire 1 pour eMule_PRO_Ultra3_0.48a_mod.zip\\emule.exe"="C:\\Documents and Settings\\HP_Propri‚taire\\Local Settings\\Temp\\R‚pertoire temporaire 1 pour eMule_PRO_Ultra3_0.48a_mod.zip\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"C:\\Program Files\\FRoG Creator V0.4\\Serveur\\Server.exe"="C:\\Program Files\\FRoG Creator V0.4\\Serveur\\Server.exe:*:Enabled:Server"
"C:\\Program Files\\Micro Application\\aom.exe"="C:\\Program Files\\Micro Application\\aom.exe:*:Enabled:Age of Mythology"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"="C:\\Program Files\\IncrediMail\\bin\\ImPackr.exe:*:Enabled:IncrediMail"
"C:\\WINDOWS\\system32\\1025\\svchost.exe"="C:\\WINDOWS\\system32\\1025\\svchost.exe:*:Disabled:TightVNC Win32 Server"
"C:\\Program Files\\TightVNC\\WinVNC.exe"="C:\\Program Files\\TightVNC\\WinVNC.exe:*:Disabled:TightVNC Win32 Server"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Disabled:VNC server for Win32"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Wed 28 Sep 2005 218 ..SH. --- "C:\BOOT.BAK"
Thu 31 May 2007 864 A.SH. --- "C:\v40fao30.sys"
Mon 16 Apr 2007 864 A.SH. --- "C:\v40jaw3o.sys"
Tue 5 Sep 2006 14 ..SH. --- "C:\WINDOWS\mswtpdxp.dll"
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Tue 5 Sep 2006 21 ..SH. --- "C:\WINDOWS\prwttrxp.dll"
Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 15 Mar 2008 88 ..SHR --- "C:\WINDOWS\system32\9A5484A7BB.sys"
Sat 15 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\BBA784549A.sys"
Tue 5 Sep 2006 21 ..SH. --- "C:\WINDOWS\system32\dpwttaxp.dll"
Mon 7 Jul 2008 5,852 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 5 Sep 2006 14 ..SH. --- "C:\WINDOWS\system32\mswtpaxp.dll"
Tue 5 Sep 2006 2 ..SH. --- "C:\WINDOWS\system32\verwttxp.dll"
Thu 2 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 19 Oct 2005 44,032 ...H. --- "C:\Documents and Settings\BABETH\Mes documents\~WRL0001.tmp"
Tue 8 Apr 2008 14,363 ...H. --- "C:\Documents and Settings\BABETH\Mes documents\~WRL2016.tmp"
Mon 5 Feb 2001 34,331 A..H. --- "C:\swsetup\Monitors\vs17\INSTALL.EXE"
Mon 8 Nov 2004 21,659 A..H. --- "C:\swsetup\Monitors\vs17\SETMON.EXE"
Mon 26 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 31 May 2005 249,856 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\IMailDll.dll"
Tue 25 Sep 2007 2,453,504 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\SkypadMain.exe"
Wed 16 May 2007 143,360 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\TaskKeyHook.dll"
Mon 19 Aug 2002 397,856 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\XceedZip.dll"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT39.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT3B.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT3D.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT38.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3A.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4844df1d57a292079101da42a26d7d72\BIT36.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\78670cbd6a90baaa408a8a72f52fdce2\BIT35.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT3C.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5ceb6274f4d7fd206d6adab3df8e834\BIT3.tmp"
Sat 18 Oct 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT37.tmp"
Tue 31 May 2005 249,856 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\tmp\IMailDll.dll"
Tue 25 Sep 2007 2,453,504 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\tmp\SkypadMain.exe"
Wed 16 May 2007 143,360 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\tmp\TaskKeyHook.dll"
Mon 19 Aug 2002 397,856 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Skypad\tmp\XceedZip.dll"
Mon 7 Jul 2008 65,536 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Local Settings\Application Data\Microsoft\Outlook\~Outlookwanadoo-00000006.pst.tmp"
[b]Finished![/b]
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
24 oct. 2008 à 23:58
24 oct. 2008 à 23:58
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
kev-graph
Messages postés
71
Date d'inscription
samedi 18 octobre 2008
Statut
Membre
Dernière intervention
16 février 2010
14
25 oct. 2008 à 00:11
25 oct. 2008 à 00:11
J'ai voulu installer le logiciel Panda internet security 2008 mais pendant le chargement d'installation vers le debut il va me mettre :
Fonctionnalité : NT
Composants : ResidenteFicherosNTPAV
Fichier : C:\Windows\System32\PAV\
Erreur : Accès refusé
Aurai tu une solution a me proposer pendant que le scan se fini ? ( ordinateur concerné : windows XP )
Merci d'avance
Fonctionnalité : NT
Composants : ResidenteFicherosNTPAV
Fichier : C:\Windows\System32\PAV\
Erreur : Accès refusé
Aurai tu une solution a me proposer pendant que le scan se fini ? ( ordinateur concerné : windows XP )
Merci d'avance