Analyse hisjackthis - Page 3
Résolu
Précédent
- 1
- 2
- 3
On va essayer un truc avant.
---> Télécharge SDFix (créé par AndyManchesta) sur ton Bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
- Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
- Redémarre ton ordinateur en mode sans échec.
---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.
---> Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
---> Télécharge SDFix (créé par AndyManchesta) sur ton Bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
- Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
- Redémarre ton ordinateur en mode sans échec.
---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.
---> Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
voici le rapport
[b]SDFix: Version 1.240 [/b]
Run by Tourolle Micha‰l on 13/12/2008 at 11:56
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\-10579~1 - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 12:32:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:80d41fb0
"s2"=dword:e86e1313
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,e8,84,1d,3a,33,6b,36,73,10,2d,bb,2f,25,0e,64,81,c7,..
"ljej40"=hex:f5,db,3b,f9,af,71,ad,5b,37,52,73,f5,54,76,bc,61,ac,9b,34,89,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg41]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="1965ACE0A6FB6E4373FE37A27C653883BBD9C52118981935647DFE115696DD03B158F43C60BFBF254BF9D7DA2CE2C2C3A16E0475C8D4695E2116D85E799BAFD2B6215DB7A42760E5A68CBF0A0B20B3E22E3A17E7DABE3FCDFA8BFEA98AB4B91A6B9A8030FEAC8584A6F9CB3C91CE95E30087BCD4565E1D242CCF35BF3A6512BDC4FEC783F06B77441DE42CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339363C8612163EF0B9A2C44AAF81F718C3020C50D90C3C6A8B7C14E818275302DB8AE4ECA5F85B11DE8965DC03C479DA83DF1817852B0247A958D9231AB56F1CDEEEA1C91632B69D4ACEA5C3FF11460F36E4BCEB78F51F349F46F43071EAB6C069B030D44A801AB15DDE0B7667792B516EAD2DA5E262CBEA1CE1C678DD69ACDE8AA58200370E9F095F726090C6C0180895F23F698B5806D63A1392AE498FC2A5A0A3E7900BA7C95DF7B5B0A1BB452059F7EC998A425BCCFC5ED635AC0E8DF7894ACFDE286D104D9D1EA941E0EF82F6CFAF948DAD39D0718CE3A28EBE71306942789D146F0BD7E6321CDDBC87724F245948D947B8C0BB7DB5C8F8A73B524E33FF21A6A342F509E38D1B12FB3FC682D8037F31A5CC91F5995207C812D19EE23982C5E6BE1C69B4BC541A3FDAC57B7A17302EDB58399CE2EA31E92F878960A222BDED76EA44FF51EDD9B3AADA2D4CB4757EAC0BA1A1E53AA49AD66CFD6C34E7160670EFDF9757B65B2648A182C5520C94AB735ECED0E2A772DFD9258F0CC5B5688770B1B01F90CA5DEF3310980CD75084C85170871B314EE588EB35A10EF91CB5696DDB7FE2F49935DF3CD427EC9CF17444337BA3BEB16A4B934EC90A403197E621C1ABE5AFE1B1A0EE105F82664763D7B356BA4832AF95CA398E2A9406A5B4F27B7540B1F66AC58B6927C561BD076779D738BDD2AF44D0E4D373FC999248455846AA76BFEF2EC207F2CE1F5A8529F72BD68F2702F66DFE5CF62B0858DBC0A573D0AB3A54CCB0FF77429E2EA3A43069451D48458B9ABC7442A3DE7EB195820D679419BF17E288A9A06D7B4B8E09002F4B04C238914095D3FBFC19AF760AF4102C38B85F9B2D29AF688DC0FD8D13CAFDC1A37B96AA9D23F1E55BB821F298CAB400CBC1ADFA82EBD2F342DACB7E55AEF4E2ED032528F744C5D964C5D475FCFE1A926F90BB6C32EB71AA514CC38991565FCF3A87E12F96C2C2D91686CCC116AA80DC83D09870C5A0F425EAF34AD0E2A78CD5322146AC24CC6F338D976FB72640C6B0FD4CACDADCE8F65C074AAE008E9575E1A76E992683A4949603C431BD85AD97A7A600CF8F73DC77696A8FA90F13A6FFD7930FDB18C70A4F74600A2DF3F7BA2246BD88B6DDE688B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=str(2):"CLKERN.DLL"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Program Files\\V-Gear BEE\\VBService.exe"="C:\\Program Files\\V-Gear BEE\\VBService.exe:*:Enabled:V-Gear Bee Service"
"D:\\programmes\\LimeWire\\LimeWire.exe"="D:\\programmes\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\eChanblard 2.0\\emule.exe"="C:\\Program Files\\eChanblard 2.0\\emule.exe:*:Enabled:eChanblard"
"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"C:\\Program Files\\TribalWeb\\tribalweb.exe"="C:\\Program Files\\TribalWeb\\tribalweb.exe:*:Enabled:tribalweb"
"C:\\Program Files\\2015\\Men of Valor\\VIETNAM\\SYSTEM\\UCC.exe"="C:\\Program Files\\2015\\Men of Valor\\VIETNAM\\SYSTEM\\UCC.exe:*:Enabled:UCC"
"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Enabled:Zapu Control"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Program Files\\Lphant\\eLePhantClient.exe"="C:\\Program Files\\Lphant\\eLePhantClient.exe:*:Enabled:Lphant"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Sat 23 Aug 2008 10,646 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 25 Jun 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 25 Jun 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 25 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 25 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 25 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat 9 Aug 2008 88 ..SHR --- "C:\Documents and Settings\All Users\Application Data\C54C28AAD0.sys"
Sat 9 Aug 2008 2,828 A.SH. --- "C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys"
Thu 13 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 13 Oct 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Sun 23 Apr 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Thu 13 Oct 2005 312 A.SH. --- "C:\Documents and Settings\Tourolle Micha‰l\Mes documents\drmv2key.bak"
Sun 19 Dec 2004 31,232 A..H. --- "C:\Program Files\Ad-remover\TOOLS\cmdow.exe"
Thu 2 Nov 2006 13,312 A..H. --- "C:\Program Files\Ad-remover\TOOLS\find.exe"
Thu 2 Nov 2006 60,928 A..H. --- "C:\Program Files\Ad-remover\TOOLS\findstr.exe"
Thu 7 Aug 2008 33,280 A..H. --- "C:\Program Files\Ad-remover\TOOLS\isadmin.exe"
Wed 25 Jun 2008 29,184 A..H. --- "C:\Program Files\Ad-remover\TOOLS\nircmd.exe"
Thu 5 Jun 2003 53,248 A..H. --- "C:\Program Files\Ad-remover\TOOLS\Process.exe"
Sun 23 Mar 2008 73,728 A..H. --- "C:\Program Files\Ad-remover\TOOLS\Pv.exe"
Thu 2 Nov 2006 31,744 A..H. --- "C:\Program Files\Ad-remover\TOOLS\sc.exe"
Wed 3 Sep 2008 278,016 A..H. --- "C:\Program Files\Ad-remover\TOOLS\swreg.exe"
Thu 4 Sep 2008 135,168 A..H. --- "C:\Program Files\Ad-remover\TOOLS\timer.exe"
Mon 4 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sat 24 Dec 2005 6,838 A..H. --- "C:\Documents and Settings\Tourolle Micha‰l\Application Data\Microsoft\Office\Shortcut Bar\Off6B.tmp"
[b]Finished![/b]
[b]SDFix: Version 1.240 [/b]
Run by Tourolle Micha‰l on 13/12/2008 at 11:56
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\-10579~1 - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 12:32:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:80d41fb0
"s2"=dword:e86e1313
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
"ujdew"=hex:20,02,00,00,e8,84,1d,3a,33,6b,36,73,10,2d,bb,2f,25,0e,64,81,c7,..
"ljej40"=hex:f5,db,3b,f9,af,71,ad,5b,37,52,73,f5,54,76,bc,61,ac,9b,34,89,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg41]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:32,3b,41,4f,5e,0c,a0,7d,47,da,5a,c0,ce,69,79,6c,a6,f0,d4,3c,e9,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,9f,c2,8a,bd,e5,67,8c,19,3b,ba,4f,35,21,02,14,8b,c1,..
"khjeh"=hex:50,9f,43,ff,60,99,17,4c,76,f9,c9,a6,f8,4a,f4,17,90,ca,99,e4,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bc,cb,c4,4d,eb,d6,3a,71,f2,04,32,99,91,28,02,0b,f1,0e,cd,25,35,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="1965ACE0A6FB6E4373FE37A27C653883BBD9C52118981935647DFE115696DD03B158F43C60BFBF254BF9D7DA2CE2C2C3A16E0475C8D4695E2116D85E799BAFD2B6215DB7A42760E5A68CBF0A0B20B3E22E3A17E7DABE3FCDFA8BFEA98AB4B91A6B9A8030FEAC8584A6F9CB3C91CE95E30087BCD4565E1D242CCF35BF3A6512BDC4FEC783F06B77441DE42CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79339363C8612163EF0B9A2C44AAF81F718C3020C50D90C3C6A8B7C14E818275302DB8AE4ECA5F85B11DE8965DC03C479DA83DF1817852B0247A958D9231AB56F1CDEEEA1C91632B69D4ACEA5C3FF11460F36E4BCEB78F51F349F46F43071EAB6C069B030D44A801AB15DDE0B7667792B516EAD2DA5E262CBEA1CE1C678DD69ACDE8AA58200370E9F095F726090C6C0180895F23F698B5806D63A1392AE498FC2A5A0A3E7900BA7C95DF7B5B0A1BB452059F7EC998A425BCCFC5ED635AC0E8DF7894ACFDE286D104D9D1EA941E0EF82F6CFAF948DAD39D0718CE3A28EBE71306942789D146F0BD7E6321CDDBC87724F245948D947B8C0BB7DB5C8F8A73B524E33FF21A6A342F509E38D1B12FB3FC682D8037F31A5CC91F5995207C812D19EE23982C5E6BE1C69B4BC541A3FDAC57B7A17302EDB58399CE2EA31E92F878960A222BDED76EA44FF51EDD9B3AADA2D4CB4757EAC0BA1A1E53AA49AD66CFD6C34E7160670EFDF9757B65B2648A182C5520C94AB735ECED0E2A772DFD9258F0CC5B5688770B1B01F90CA5DEF3310980CD75084C85170871B314EE588EB35A10EF91CB5696DDB7FE2F49935DF3CD427EC9CF17444337BA3BEB16A4B934EC90A403197E621C1ABE5AFE1B1A0EE105F82664763D7B356BA4832AF95CA398E2A9406A5B4F27B7540B1F66AC58B6927C561BD076779D738BDD2AF44D0E4D373FC999248455846AA76BFEF2EC207F2CE1F5A8529F72BD68F2702F66DFE5CF62B0858DBC0A573D0AB3A54CCB0FF77429E2EA3A43069451D48458B9ABC7442A3DE7EB195820D679419BF17E288A9A06D7B4B8E09002F4B04C238914095D3FBFC19AF760AF4102C38B85F9B2D29AF688DC0FD8D13CAFDC1A37B96AA9D23F1E55BB821F298CAB400CBC1ADFA82EBD2F342DACB7E55AEF4E2ED032528F744C5D964C5D475FCFE1A926F90BB6C32EB71AA514CC38991565FCF3A87E12F96C2C2D91686CCC116AA80DC83D09870C5A0F425EAF34AD0E2A78CD5322146AC24CC6F338D976FB72640C6B0FD4CACDADCE8F65C074AAE008E9575E1A76E992683A4949603C431BD85AD97A7A600CF8F73DC77696A8FA90F13A6FFD7930FDB18C70A4F74600A2DF3F7BA2246BD88B6DDE688B"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=str(2):"CLKERN.DLL"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Program Files\\V-Gear BEE\\VBService.exe"="C:\\Program Files\\V-Gear BEE\\VBService.exe:*:Enabled:V-Gear Bee Service"
"D:\\programmes\\LimeWire\\LimeWire.exe"="D:\\programmes\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\eChanblard 2.0\\emule.exe"="C:\\Program Files\\eChanblard 2.0\\emule.exe:*:Enabled:eChanblard"
"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"C:\\Program Files\\TribalWeb\\tribalweb.exe"="C:\\Program Files\\TribalWeb\\tribalweb.exe:*:Enabled:tribalweb"
"C:\\Program Files\\2015\\Men of Valor\\VIETNAM\\SYSTEM\\UCC.exe"="C:\\Program Files\\2015\\Men of Valor\\VIETNAM\\SYSTEM\\UCC.exe:*:Enabled:UCC"
"C:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="C:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Enabled:Zapu Control"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"
"C:\\Program Files\\Lphant\\eLePhantClient.exe"="C:\\Program Files\\Lphant\\eLePhantClient.exe:*:Enabled:Lphant"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 3 Mar 2008 5,702 A..H. --- "C:\WINDOWS\nod32restoretemdono.reg"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Sat 23 Aug 2008 10,646 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 25 Jun 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 25 Jun 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 25 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 25 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 25 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat 9 Aug 2008 88 ..SHR --- "C:\Documents and Settings\All Users\Application Data\C54C28AAD0.sys"
Sat 9 Aug 2008 2,828 A.SH. --- "C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys"
Thu 13 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 13 Oct 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Sun 23 Apr 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Thu 13 Oct 2005 312 A.SH. --- "C:\Documents and Settings\Tourolle Micha‰l\Mes documents\drmv2key.bak"
Sun 19 Dec 2004 31,232 A..H. --- "C:\Program Files\Ad-remover\TOOLS\cmdow.exe"
Thu 2 Nov 2006 13,312 A..H. --- "C:\Program Files\Ad-remover\TOOLS\find.exe"
Thu 2 Nov 2006 60,928 A..H. --- "C:\Program Files\Ad-remover\TOOLS\findstr.exe"
Thu 7 Aug 2008 33,280 A..H. --- "C:\Program Files\Ad-remover\TOOLS\isadmin.exe"
Wed 25 Jun 2008 29,184 A..H. --- "C:\Program Files\Ad-remover\TOOLS\nircmd.exe"
Thu 5 Jun 2003 53,248 A..H. --- "C:\Program Files\Ad-remover\TOOLS\Process.exe"
Sun 23 Mar 2008 73,728 A..H. --- "C:\Program Files\Ad-remover\TOOLS\Pv.exe"
Thu 2 Nov 2006 31,744 A..H. --- "C:\Program Files\Ad-remover\TOOLS\sc.exe"
Wed 3 Sep 2008 278,016 A..H. --- "C:\Program Files\Ad-remover\TOOLS\swreg.exe"
Thu 4 Sep 2008 135,168 A..H. --- "C:\Program Files\Ad-remover\TOOLS\timer.exe"
Mon 4 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sat 24 Dec 2005 6,838 A..H. --- "C:\Documents and Settings\Tourolle Micha‰l\Application Data\Microsoft\Office\Shortcut Bar\Off6B.tmp"
[b]Finished![/b]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Précédent
- 1
- 2
- 3
