impossible d enlever cette fichu d ecran bleu avec message w

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

impossible d enlever cette fichu d ecran bleu avec message w

Messagede francoisph » 15 Sep 2008, 00:22

impossible d enlever cette fichu d ecran bleu avec message warning spyware detected in your computer
j ai tout essaye, clamantivirus, antivir, spybot,malware bytes

Svp qqun pourrais m aider a supprimer ce message

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:10, on 14/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\Program Files\AutoShutdown\AutoShutdown.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
C:\Program Files\T-Mobile\Web'n'Walk Accelerator\bmoc.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Windows\System32\lphcccgj0er4u.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\T-Mobile\web'n'walk stick manager\web'n'walk stick manager.exe
C:\Program Files\Bill2's Process Manager\ProcessManager.exe
C:\Users\Phothirath François\AppData\Local\Temp\18B2.tmp.exe
C:\Windows\System32\ejankvuf.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Users\PHOTHI~1\AppData\Local\Temp\c.exe
C:\Program Files\Protector Suite QL\psqltray.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\T-Mobile\Web'n'Walk Accelerator\bmctl.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\T-Mobile\Web'n'Walk Accelerator\bmop.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\ejankvuf.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [AutoShutdown] C:\PROGRA~1\AUTOSH~2\AutoShutdown.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [tvjbmonitor] C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
O4 - HKLM\..\Run: [{2E9D28CD-006A-4969-AB92-63DD74B4CA59}] "C:\Program Files\T-Mobile\Web'n'Walk Accelerator\bmoc" -d
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [lphcccgj0er4u] C:\Windows\system32\lphcccgj0er4u.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\T-Mobile\web'n'walk stick manager\web'n'walk stick manager.exe"
O4 - HKCU\..\Run: [ProcessManager] C:\Program Files\Bill2's Process Manager\ProcessManager.exe -minimized
O4 - HKCU\..\Run: [Somefox] C:\Users\Phothirath François\AppData\Local\Temp\18B2.tmp.exe
O4 - HKCU\..\Run: [DscEnAdm] C:\Windows\system32\ejankvuf.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fich ... _0_4_9.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D5C7F15-A000-4774-8B37-128BD14B5415}: NameServer = 149.254.192.126 149.254.201.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\Windows\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo5\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate1c8e9c88cd7e7f0) (gupdate1c8e9c88cd7e7f0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SysPredic - Unknown owner - C:\Windows\system\SysPredic.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15257 bytes
francoisph
 
Messages: 2
Inscription: 15 Sep 2008, 00:18

Messagede nickW » 15 Sep 2008, 09:21

Bonjour,

Peux-tu faire ce qui suit:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur".


Étape 1: OTViewIt (de OldTimer), téléchargement
Télécharger OTViewIt.exe depuis http://oldtimer.geekstogo.com/OTViewIt.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Toolbar-S&D (de la Team IDN), téléchargement
Télécharger Toolbar-S&D via un clic droit sur le lien: http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Enregistrer le fichier sur le Bureau.


Étape 3: Navilog1 (de IL-MAFIOSO), téléchargement
Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.


Étape 4: Contrôle des comptes utilisateurs, désactivation
Désactiver l'UAC - User Account Control - contrôle des comptes utilisateurs:
Note importante: Ne pas oublier de le réactiver après la désinfection.
  • Démarrer ----> Panneau de Configuration
  • En mode d'affichage par défaut, cliquer sur Comptes d'utilisateurs; cliquer de nouveau sur Comptes d'utilisateurs
  • En mode d'affichage "Classique", faire un double clic sur Comptes d'utilisateurs
  • Cliquer sur Activer ou désactiver le contrôle des comptes d'utilisateurs (en bas)
  • Décocher la case située devant Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur
    Note: Si l'UAC était déjà désactivé, cliquer sur Annuler, quitter le Panneau de configuration et passer au téléchargement - pas de redémarrage requis
  • Cliquer sur OK pour valider.
  • Un message prévient que l'ordinateur doit redémarrer; cliquer sur OK. L'ordinateur doit maintenant redémarrer.


Étape 5: Désactivation des programmes de sécurité résidents
Désactiver les programmes de protection résidents (Antivirus , Anti-Spyware).
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "AntiVir Guard enable"
Image Windows Defender: Démarrer---->Tous les programmes---->Windows Defender; cliquer sur "Outils", puis sur "Options"; Sous "Options de protection en temps réel", désactiver la case à cocher "Utiliser la protection en temps réel (recommandé)", puis cliquer sur "Enregistrer"


Étape 6: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport.
Enregistrer ce fichier sur le Bureau sous le nom mbam1.txt
Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 7: Navilog1 (de IL-MAFIOSO), Installation
Faire un clic droit sur navilog1.exe (situé sur le Bureau) puis choisir "Exécuter en tant qu'Administrateur" afin de lancer l'installation.


Étape 8: Navilog1 (de IL-MAFIOSO), Option 1
Fermer toutes les applications actives (comme traitement de texte, navigateur).
Vérifier que l'UAC - User Account Control - contrôle des comptes utilisateurs - est bien désactivé.
Faire un clic droit sur le raccourci Navilog1 situé sur le Bureau et choisir "Exécuter en tant qu'Administrateur".

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir les options 2,3 ou 4 sans mon avis/accord)

Attendre jusqu'au message :
*** Analyse Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1.txt
Fermer le Bloc-notes.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)


Étape 9: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 10: OTViewIt (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.
Faire un double clic sur OTViewIt.exe pour lancer l'outil.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTViewIt.


Étape 11: Réactivation des programmes de sécurité résidents
Réactiver les programmes de protection résidents (Antivirus, Anti-Spyware).


Étape 12: Contrôle des comptes utilisateurs, réactivation
Réactiver le contrôle des comptes utilisateurs (UAC-User Account Control).


Étape 13: Résultat
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam1.txt situé sur le Bureau).
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1.txt)
*- le rapport de ToolBar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTViewIt (contenu des fichiers OTViewIt.txt et Extras.txt situés sur le Bureau).

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21696
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

impossible suppri warning spyware detected in your computer

Messagede francoisph » 15 Sep 2008, 17:55

navi1.txt

Search Navipromo version 3.6.5 commencé le 15/09/2008 à 17:31:57,84

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spéblurpte !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Phothirath François"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16711
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\phothi~1\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Phothirath Fran‡ois\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\Phothirath Fran‡ois\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Phothirath Fran‡ois\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Phothirath Fran‡ois\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\Phothirath Fran‡ois\AppData\Local" *

* Recherche dans "C:\Users\PHOTHI~2\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Phothirath Fran‡ois\AppData\Local\Microsoft" :


* Dans "C:\Users\Phothirath Fran‡ois\AppData\Local\virtualstore\windows\system32" :


* Dans "C:\Users\Phothirath Fran‡ois\AppData\Local" :


* Dans "C:\Users\PHOTHI~2\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 15/09/2008 à 17:40:16,80 ***
*************
TB.txt

-----------\\ ToolBar S&D 1.2.0 XP/Vista

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz )
BIOS : Ver 1.00PARTTBL
USER : Phothirath François ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total : 93 Go Free : 15 Go
D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
E:\ (Local Disk) - NTFS - Total : 91 Go Free : 2 Go
F:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
G:\ (Local Disk) - NTFS - Total : 232 Go Free : 26 Go
H:\ (USB)

"C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
Option : [1] ( 15/09/2008|17:42 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.google.co.uk/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"


--------------------\\ Recherche d'autres infections

C:\Program Files\WebMediaPlayer
C:\Program Files\WebMediaPlayer\Conditions g‚n‚rales.url
C:\Program Files\WebMediaPlayer\Confidentialit‚.url
C:\Program Files\WebMediaPlayer\resources
C:\Program Files\WebMediaPlayer\skins
C:\Program Files\WebMediaPlayer\sqlite3.dll
C:\Program Files\WebMediaPlayer\updates
C:\Program Files\WebMediaPlayer\Website.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Conditions g‚n‚rales.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Confidentialit‚.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Website.lnk
[b]==> EGDACCESS </b> 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 14/09/2008|23:37 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 14/09/2008|23:41 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 15/09/2008| 9:31 - Option : [2]
4 - "C:\ToolBar SD\TB_4.txt" - 15/09/2008|17:43 - Option : [1]

-----------\\ Fin du rapport a 17:43:08,22
**
OTViewIT

OTViewIt logfile created on: 15/09/2008 17:47:02 - Run 1
OTViewIt by OldTimer - Version 1.0.4.0 Folder = C:\Users\Phothirath François\Desktop
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,06% Memory free
4,00 Gb Paging File | 2,98 Gb Available in Paging File | 74,49% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 15,43 Gb Free Space | 16,57% Space Free | Partition Type: NTFS
Drive D: | 11,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 91,69 Gb Total Space | 2,90 Gb Free Space | 3,16% Space Free | Partition Type: NTFS
Drive F: | 70,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 232,88 Gb Total Space | 26,02 Gb Free Space | 11,17% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHOTHIRATH
Current User Name: Phothirath François
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

========== Processes - Non-Microsoft Only ==========

[12/03/2006 15:51:38 | 00,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
[11/06/2006 16:14:44 | 00,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
[06/20/2008 07:37:00 | 01,316,136 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[04/02/2003 14:56:34 | 00,131,072 | ---- | M] (Philips PC Cameras) -- C:\Program Files\Philips ToUcam Camera\VProperty.exe
[02/04/2007 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
[04/17/2008 11:50:00 | 06,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[04/03/2007 17:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[12/26/2006 17:08:48 | 00,053,248 | ---- | M] () -- C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe
[03/26/2007 15:49:46 | 00,069,632 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\bdagent.exe
[09/14/2008 13:25:22 | 00,199,168 | ---- | M] () -- C:\Windows\System32\lphcccgj0er4u.exe
[06/20/2008 07:14:00 | 00,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
[10/05/2006 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[09/12/2007 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
[04/03/2007 12:49:00 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\System32\bmwebcfg.exe
[05/04/2007 08:27:00 | 00,071,360 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
[12/03/2006 15:34:56 | 00,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
[05/28/2007 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
[12/18/2007 23:57:42 | 00,389,120 | ---- | M] () -- C:\Windows\system\SysPredic.exe
[08/23/2006 15:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[11/09/2006 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
[12/20/2006 17:33:08 | 00,081,920 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
[09/15/2008 17:11:46 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
[10/23/2007 14:38:26 | 00,466,944 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe
[08/07/2008 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
[08/05/2008 14:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
[06/20/2008 07:37:00 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
[08/05/2008 14:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
[08/05/2008 14:11:18 | 00,134,144 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
[04/22/2008 18:23:02 | 00,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
[09/15/2008 17:45:29 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\Phothirath François\Desktop\OTViewIt.exe

========== (O23) Win32 Services - Non-Microsoft Only ==========

[10/05/2006 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
[03/20/2007 02:19:14 | 00,263,168 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\chatServer.exe -- (AresChatServer [On_Demand | Stopped])
[09/12/2007 17:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[12/20/2006 17:33:08 | 00,081,920 | ---- | M] () -- C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe -- (bdss [Auto | Running])
[04/03/2007 12:49:00 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\System32\bmwebcfg.exe -- (bmwebcfg [Auto | Running])
File not found -- %SystemRoot%\system32\svchost.exe -- (CertPropSvc [Unknown | Stopped])
File not found -- %SystemRoot%\system32\svchost.exe -- (DcomLaunch [Unknown | Running])
File not found -- %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[09/15/2008 17:11:46 | 00,278,528 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
[09/12/2007 17:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate [On_Demand | Stopped])
[11/02/2006 14:04:14 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[05/04/2007 08:27:00 | 00,071,360 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
File not found -- %ProgramFiles%\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd [On_Demand | Stopped])
[04/22/2008 18:23:02 | 00,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv [Auto | Running])
File not found -- %systemroot%\system32\svchost.exe -- (Schedule [Unknown | Running])
File not found -- %SystemRoot%\system32\svchost.exe -- (SCPolicySvc [Unknown | Stopped])
[08/07/2008 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
[05/28/2007 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
[12/18/2007 23:57:42 | 00,389,120 | ---- | M] () -- C:\Windows\system\SysPredic.exe -- (SysPredic [Auto | Running])
File not found -- %SystemRoot%\servicing\TrustedInstaller.exe -- (TrustedInstaller [Unknown | Stopped])
[08/23/2006 15:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[10/23/2007 14:38:26 | 00,466,944 | ---- | M] (SOFTWIN S.R.L.) -- C:\Program Files\Softwin\BitDefender10\vsserv.exe -- (VSSERV [Auto | Running])
File not found -- %SystemRoot%\System32\svchost.exe -- (WdiServiceHost [Unknown | Stopped])
File not found -- %SystemRoot%\System32\svchost.exe -- (WdiSystemHost [Unknown | Running])
File not found -- %ProgramFiles%\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Stopped])
[11/09/2006 13:33:04 | 00,086,016 | ---- | M] (SOFTWIN S.R.L) -- C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])

========== Driver Services - Non-Microsoft Only ==========

[11/02/2006 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[11/02/2006 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[11/02/2006 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[11/02/2006 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[03/20/2007 15:13:38 | 00,300,544 | ---- | M] (AfaTech ) -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA [On_Demand | Running])
[02/23/2005 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys -- (Afc [On_Demand | Running])
[11/28/2006 15:11:00 | 01,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[11/02/2006 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[11/02/2006 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[11/02/2006 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[11/02/2006 08:30:52 | 00,467,456 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr [On_Demand | Stopped])
[06/01/2008 17:40:07 | 00,278,728 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt [Auto | Running])
File not found -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv [On_Demand | Stopped])
File not found -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv [On_Demand | Stopped])
File not found -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive [Disabled | Stopped])
[11/02/2006 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[11/02/2006 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[11/02/2006 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[11/02/2006 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[11/02/2006 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[11/02/2006 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[05/19/2004 01:38:08 | 00,253,909 | ---- | M] (Philips Components BU Imaging Solutions) -- C:\Windows\System32\drivers\camdrv21.sys -- (camvid20 [On_Demand | Stopped])
File not found -- -- (CLFS [Unknown | Running])
[03/06/2007 14:01:04 | 00,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR [Boot | Running])
File not found -- C:\Users\PHOTHI~1\AppData\Local\Temp\dbustrcm.sys -- (dbustrcm [On_Demand | Stopped])
[11/02/2006 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[04/03/1996 20:33:26 | 00,005,248 | ---- | M] () -- C:\Windows\System32\giveio.sys -- (giveio [Boot | Running])
[03/07/2007 12:27:26 | 00,038,448 | ---- | M] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3 [Boot | Running])
[12/11/2007 14:47:44 | 00,101,504 | R--- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard [On_Demand | Running])
[11/02/2006 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
File not found -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp [On_Demand | Stopped])
[11/02/2006 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[11/02/2006 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[03/03/2007 21:39:06 | 00,110,360 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys -- (kl1 [System | Running])
[06/01/2008 17:40:05 | 00,025,416 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[07/28/2006 15:25:26 | 00,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter [Boot | Running])
[05/07/2008 07:38:20 | 00,017,536 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd [On_Demand | Stopped])
[05/07/2008 07:38:20 | 00,020,864 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc [On_Demand | Stopped])
[02/01/2008 16:17:12 | 00,138,112 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu [On_Demand | Stopped])
[02/01/2008 16:17:06 | 00,008,320 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc [On_Demand | Stopped])
[11/06/2007 21:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\Windows\System32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[11/02/2006 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
File not found -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt [On_Demand | Stopped])
File not found -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd [On_Demand | Stopped])
[09/17/2007 15:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
[04/28/2008 19:25:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.09\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])
[04/30/2007 06:42:14 | 00,081,408 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
[03/10/2008 19:30:36 | 00,021,408 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys -- (SANDRA [On_Demand | Stopped])
[11/02/2006 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[11/02/2006 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[12/11/2007 23:58:27 | 00,685,816 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys -- (sptd [Boot | Running])
[03/01/2007 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[06/20/2008 07:37:00 | 00,200,112 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[04/03/2007 12:46:00 | 00,018,816 | ---- | M] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM [System | Running])
[12/03/2006 15:21:10 | 00,039,056 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[01/24/2007 13:44:06 | 00,290,304 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
File not found -- C:\Windows\System32\DRIVERS\TpChoice.sys -- (TpChoice [On_Demand | Stopped])
[04/26/2005 16:01:38 | 00,003,584 | ---- | M] (Trident Microsystem Inc.) -- C:\Windows\System32\drivers\Triddev.sys -- (TridDev [On_Demand | Stopped])
[04/04/2006 09:15:28 | 00,189,568 | ---- | M] (Trident Multimedia Technologies Co.,Ltd) -- C:\Windows\System32\drivers\TridVid.sys -- (TridVid [On_Demand | Stopped])
[11/02/2006 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[06/06/2008 09:24:44 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev [On_Demand | Stopped])
[05/07/2008 07:38:36 | 00,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt [On_Demand | Stopped])
[04/16/2007 10:19:10 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
[11/02/2006 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])


========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL" = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
"Default_Search_URL" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Default_Secondary_Page_URL" =
"Extensions Off Page" = about:NoAdd-ons
"Local Page" = C:\windows\system32\blank.htm
"Search Page" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Security Risk Page" = about:SecurityRisk
"Start Page" = http://www.msn.com/

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch" = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"SearchAssistant" = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Local Page" = C:\windows\system32\blank.htm
"Search Page" = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
"Start Page" = http://www.google.co.uk/
"StartPageCache" =

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"" = http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (262593 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9132 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Programmes\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Programmes\Java\jre1.6.0\bin\ssv.dll File not found
{77D7E795-33C5-4323-974D-A2A49AB75517} (HKLM) -- C:\Programmes\Google\Update\1.2.131.11\GoopdateBho.dll File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Programmes\Google\GoogleToolbar1.dll File not found
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} (HKLM) -- C:\Programmes\Free Download Manager\iefdm2.dll File not found

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Programmes\Google\GoogleToolbar1.dll File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{2E9D28CD-006A-4969-AB92-63DD74B4CA59}" = "C:\Program Files\T-Mobile\Web'n'Walk Accelerator\bmoc" -d File not found
"00TCrdMain" = %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe File not found
"AutoShutdown" = C:\PROGRA~1\AUTOSH~2\AutoShutdown.exe File not found
"BDAgent" = "C:\Program Files\Softwin\BitDefender10\bdagent.exe" File not found
"BDMCon" = "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg File not found
"Camera Assistant Software" = "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" File not found
"CanonMyPrinter" = C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon File not found
"CanonSolutionMenu" = C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon File not found
"Desktop SMS" = C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto File not found
"DU Meter" = C:\Program Files\DU Meter\DUMeter.exe File not found
"HSON" = %ProgramFiles%\TOSHIBA\TBS\HSON.exe File not found
"IAAnotif" = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File not found
"IaNvSrv" = C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe File not found
"KeNotify" = C:\Program Files\TOSHIBA\Utilities\KeNotify.exe File not found
"lphcccgj0er4u" = C:\Windows\system32\lphcccgj0er4u.exe ()
"NBKeyScan" = "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
"NDSTray.exe" = NDSTray.exe File not found
"NeroFilterCheck" = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe File not found
"NvCplDaemon" = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"OpwareSE4" = "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" File not found
"PSQLLauncher" = "C:\Program Files\Protector Suite QL\launcher.exe" /startup File not found
"RtHDVCpl" = RtHDVCpl.exe (Realtek Semiconductor)
"SmoothView" = %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe File not found
"SSBkgdUpdate" = "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot File not found
"SVPWUTIL" = C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL File not found
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
"topi" = C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup File not found
"Toshiba Registration" = C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe File not found
"ToUcamVProperty" = C:\PROGRA~1\PHILIP~1\VProperty.exe File not found
"TPwrMain" = %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE File not found
"tvjbmonitor" = C:\Program Files\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe File not found
"Windows Defender" = %ProgramFiles%\Windows Defender\MSASCui.exe -hide File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares" = "C:\Program Files\Ares\Ares.exe" -h File not found
"lphcccgj0er4u" = C:\Windows\system32\lphcccgj0er4u.exe ()
"Mobile Partner" = "C:\Program Files\T-Mobile\web'n'walk stick manager\web'n'walk stick manager.exe" File not found
"msnmsgr" = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File not found
"ProcessManager" = C:\Program Files\Bill2's Process Manager\ProcessManager.exe -minimized File not found

========== (O6 & O7) Current Version Policies ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin" = 2
"ConsentPromptBehaviorUser" = 1
"EnableInstallerDetection" = 1
"EnableLUA" = 1
"EnableSecureUIAPaths" = 1
"EnableVirtualization" = 1
"PromptOnSecureDesktop" = 1
"ValidateAdminCodeSignatures" = 0
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"scforceoption" = 0
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"FilterAdministratorToken" = 1
"DisableCAD" = 1



"CF_TEXT" = 1
"CF_BITMAP" = 2
"CF_OEMTEXT" = 7
"CF_DIB" = 8
"CF_PALETTE" = 9
"CF_UNICODETEXT" = 13
"CF_DIBV5" = 17


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"NoDispBackgroundPage" = 1
"NoDispScrSavPage" = 1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xporter vers Microsoft Excel: C:\Programmes\Microsoft Office\Office10\EXCEL.EXE File not found
Télécharger avec Free Download Manager: File not found
Télécharger la sélection avec Free Download Manager: File not found
Télécharger la vidéo avec Free Download Manager: File not found
Tout télécharger avec Free Download Manager: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Console Java (Sun) -- C:\Programmes\Java\jre1.6.0\bin\npjpi160.dll File not found
{36ECAF82-3300-8F84-092E-AFF36D6C7040}: Run WinHTTrack -- C:\Programmes\WinHTTrack\WinHTTrackIEBar.dll File not found
{36ECAF82-3300-8F84-092E-AFF36D6C7040}: Launch WinHTTrack -- C:\Programmes\WinHTTrack\WinHTTrackIEBar.dll File not found
{C08CAF1D-C0A3-40D5-9970-06D067EAC017}: eBay -- File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
"" = http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: -- Reg Error: Key does not exist or could not be opened.
{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}: http://fichiers.touslesdrivers.com/fich ... _0_4_9.cab -- Reg Error: Key does not exist or could not be opened.
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/fl ... rashim.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{46A267CA-22DC-4003-B2BE-67E77E841E62} (Servers: | Description: Intel(R) Wireless WiFi Link 4965AGN)
{634C0CD1-AAE5-4787-AAC0-3B626EC0C369} (Servers: | Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))
{DE2BDD37-FAB5-438A-972F-051484C40780} (Servers: | Description: )

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL" = vrlogon.dll
>[12/03/2006 15:52:36 | 00,631,808 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\vrlogon.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
psfus: "DllName" = C:\Windows\system32\psqlpwd.dll -- C:\Windows\System32\psqlpwd.dll (UPEK Inc.)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[09/18/2006 22:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

AutoRun.exe [MZ | ]
[07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) -- D:\AutoRun.exe -- [ CDFS ]

AUTORUN.INF [[AutoRun] | open=AutoRun.exe | icon=T-Mobile.ico | ]
[04/24/2007 06:39:04 | 00,000,048 | R--- | M] () -- D:\AUTORUN.INF -- [ CDFS ]

autoshutdown pro v5 0 0 0 cracked-nope.rar [Rar! | ]
[08/11/2008 00:23:25 | 01,433,611 | ---- | M] () -- E:\autoshutdown pro v5 0 0 0 cracked-nope.rar -- [ NTFS ]

Autorun.inf [[AUTORUN] | OPEN=SETUP.EXE | ]
[04/16/2005 02:05:24 | 00,000,027 | R--- | M] () -- F:\Autorun.inf -- [ CDFS ]

autoshutdown pro v5 0 0 0 cracked-nope.rar [Rar! | ]
[08/11/2008 00:23:25 | 01,433,611 | ---- | M] () -- G:\autoshutdown pro v5 0 0 0 cracked-nope.rar -- [ NTFS ]

autoshutdown pro v5 0 0 0.rar [Rar! | ]
[08/11/2008 00:33:48 | 01,422,631 | ---- | M] () -- G:\autoshutdown pro v5 0 0 0.rar -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b3c331b-7c21-11dd-afdc-001b381863b8}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b3c331b-7c21-11dd-afdc-001b381863b8}\Shell\AutoRun\command]
"" = G:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b3c3322-7c21-11dd-afdc-001b381863b8}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b3c3322-7c21-11dd-afdc-001b381863b8}\Shell\AutoRun\command]
"" = G:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b3c3329-7c21-11dd-afdc-001b381863b8}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b3c3329-7c21-11dd-afdc-001b381863b8}\Shell\AutoRun\command]
"" = G:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40e79a74-5cbb-11dc-9ed6-806e6f6e6963}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40e79a74-5cbb-11dc-9ed6-806e6f6e6963}\Shell\AutoRun\command]
"" = F:\SETUP.EXE -- [05/24/2006 21:10:42 | 00,455,600 | R--- | M] (Macrovision Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{686de88d-7c54-11dd-b821-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{686de88d-7c54-11dd-b821-0013e8443b95}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{686de89f-7c54-11dd-b821-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{686de89f-7c54-11dd-b821-0013e8443b95}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d0fe8ac-7e72-11dd-9399-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d0fe8ac-7e72-11dd-9399-0013e8443b95}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d0fe8be-7e72-11dd-9399-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d0fe8be-7e72-11dd-9399-0013e8443b95}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3177d19-7e6f-11dd-9954-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3177d19-7e6f-11dd-9954-0013e8443b95}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3177d37-7e6f-11dd-9954-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3177d37-7e6f-11dd-9954-0013e8443b95}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d691f631-7e76-11dd-9dda-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d691f631-7e76-11dd-9dda-0013e8443b95}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d691f64e-7e76-11dd-9dda-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d691f64e-7e76-11dd-9dda-0013e8443b95}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80cb4f0-7c0d-11dd-b262-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80cb4f0-7c0d-11dd-b262-0013e8443b95}\Shell\AutoRun\command]
"" = G:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80cb502-7c0d-11dd-b262-0013e8443b95}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80cb502-7c0d-11dd-b262-0013e8443b95}\Shell\AutoRun\command]
"" = G:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80cb517-7c0d-11dd-b262-001b381863b8}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d80cb517-7c0d-11dd-b262-001b381863b8}\Shell\AutoRun\command]
"" = G:\AutoRun.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df5ef758-7f60-11dd-a1ab-001b381863b8}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df5ef758-7f60-11dd-a1ab-001b381863b8}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df5ef759-7f60-11dd-a1ab-001b381863b8}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df5ef759-7f60-11dd-a1ab-001b381863b8}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df5ef76b-7f60-11dd-a1ab-001b381863b8}\Shell]
"" = AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df5ef76b-7f60-11dd-a1ab-001b381863b8}\Shell\AutoRun\command]
"" = D:\AutoRun.exe -- [07/03/2007 06:04:10 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)



========== Files/Folders - Created Within 30 days ==========

[2 C:\Windows\*.tmp files]
[4 C:\ProgramData\*.tmp files]
[08/25/2008 17:08:23 | 00,021,632 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[08/26/2008 21:25:08 | 00,011,776 | ---- | C] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS
[08/26/2008 22:28:40 | 00,220,517 | ---- | C] () -- C:\ProgramData\nvModes.dat
[08/26/2008 22:29:40 | 00,220,517 | ---- | C] () -- C:\ProgramData\nvModes.001
[08/30/2008 23:20:23 | 00,215,040 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM8T.DLL
[08/30/2008 23:30:30 | 00,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[08/30/2008 23:35:44 | 00,001,848 | ---- | C] () -- C:\Users\Public\Desktop\Enregistrement utilisateur de Canon MP220 series.LNK
[08/31/2008 10:35:17 | 00,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[08/31/2008 10:35:17 | 00,140,288 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[08/31/2008 10:35:17 | 00,155,648 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[08/31/2008 10:35:17 | 01,929,216 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[08/31/2008 10:35:18 | 06,111,232 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[08/31/2008 10:35:20 | 00,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[08/31/2008 10:35:20 | 00,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[08/31/2008 10:35:20 | 00,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[08/31/2008 10:35:21 | 01,773,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[08/31/2008 10:37:38 | 00,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[09/06/2008 14:36:22 | 00,027,648 | ---- | C] () -- C:\Users\Phothirath François\Desktop\T.doc
[09/07/2008 16:40:45 | 00,000,146 | ---- | C] () -- C:\Windows\DelMR.bat
[09/07/2008 20:38:47 | 00,098,304 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC220I.DLL
[09/07/2008 20:38:47 | 00,200,704 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC220L.DLL
[09/07/2008 20:38:47 | 01,400,832 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC220C.DLL
[09/07/2008 20:42:07 | 00,002,114 | ---- | C] () -- C:\Users\Public\Desktop\MP220 series Manuel en ligne.lnk
[09/07/2008 20:44:37 | 00,001,789 | ---- | C] () -- C:\Users\Public\Desktop\My Printer.lnk
[09/08/2008 21:31:53 | 00,300,544 | ---- | C] (AfaTech ) -- C:\Windows\System32\drivers\AF15BDA.sys
[09/08/2008 21:31:54 | 00,151,552 | ---- | C] (Meta Media Inc.) -- C:\Windows\System32\MPEG2VideoDMO.dll
[09/08/2008 21:33:09 | 00,000,196 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin
[09/08/2008 21:33:09 | 00,028,672 | ---- | C] (afa) -- C:\Windows\System32\AF15BDAEX.dll
[09/09/2008 15:20:48 | 00,039,424 | ---- | C] () -- C:\Users\Phothirath François\Desktop\cv_francois_uk.doc
[09/09/2008 22:20:15 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[09/10/2008 19:05:44 | 00,038,400 | ---- | C] () -- C:\Users\Phothirath François\Desktop\cv_francois_fr.doc
[09/11/2008 08:52:34 | 00,023,424 | R--- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[09/11/2008 08:52:34 | 00,101,504 | R--- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[09/12/2008 01:16:01 | 00,028,672 | ---- | C] () -- C:\Users\Phothirath François\Desktop\ABN- Exotic product.doc
[09/13/2008 15:28:13 | 00,068,267 | ---- | C] () -- C:\Users\Phothirath François\Desktop\dakota.gp4
[09/14/2008 13:25:22 | 00,199,168 | ---- | C] () -- C:\Windows\System32\lphcccgj0er4u.exe
[09/14/2008 19:06:23 | 00,118,784 | ---- | C] (Sysinternals) -- C:\Windows\System32\blphcccgj0er4u.scr
[09/14/2008 19:17:43 | 00,001,879 | ---- | C] () -- C:\Users\Phothirath François\Desktop\HijackThis.lnk
[09/14/2008 20:10:15 | 00,001,675 | ---- | C] () -- C:\Users\Phothirath François\Desktop\CCleaner.lnk
[09/14/2008 20:11:22 | 00,017,214 | ---- | C] () -- C:\Users\Phothirath François\Documents\cc_20080914_201120.reg
[09/14/2008 20:11:41 | 00,000,770 | ---- | C] () -- C:\Users\Phothirath François\Documents\cc_20080914_201139.reg
[09/14/2008 20:42:18 | 00,025,600 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[09/14/2008 20:42:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[09/14/2008 20:42:18 | 00,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[09/14/2008 20:42:18 | 00,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[09/14/2008 20:42:18 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[09/14/2008 20:42:18 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe
[09/14/2008 20:42:18 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe
[09/14/2008 20:42:18 | 00,086,528 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[09/14/2008 20:42:18 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\AntiXPVSTFix.exe
[09/14/2008 20:42:18 | 00,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[09/14/2008 20:42:18 | 00,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[09/14/2008 20:42:18 | 00,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[09/14/2008 20:46:52 | 00,000,035 | ---- | C] () -- C:\Users\Phothirath François\AppData\Roaming\SetValue.bat
[09/14/2008 20:46:52 | 00,000,691 | ---- | C] () -- C:\Users\Phothirath François\AppData\Roaming\GetValue.vbs
[09/14/2008 20:46:52 | 00,006,778 | ---- | C] () -- C:\Windows\System32\tmp.reg
[09/14/2008 21:42:25 | 00,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[09/14/2008 23:51:34 | 00,000,093 | ---- | C] () -- C:\Windows\wininit.ini
[09/14/2008 23:55:34 | 03,767,457 | -H-- | C] () -- C:\Users\Phothirath François\AppData\Local\IconCache.db
[09/15/2008 11:27:48 | 00,006,274 | ---- | C] () -- C:\Users\Phothirath François\Documents\cc_20080915_112745.reg
[09/15/2008 11:28:21 | 00,000,836 | ---- | C] () -- C:\Users\Phothirath François\Documents\cc_20080915_112819.reg
[09/15/2008 16:07:33 | 00,063,488 | ---- | C] () -- C:\Users\Phothirath François\Desktop\Interview_Technique.doc
[09/15/2008 16:07:53 | 00,060,225 | ---- | C] () -- C:\Users\Phothirath François\Desktop\City_Map.pdf
[09/15/2008 16:08:03 | 00,262,656 | ---- | C] () -- C:\Users\Phothirath François\Desktop\Registration_Form_UK.doc
[09/15/2008 16:55:45 | 00,001,944 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Free Edition v10.lnk
[09/15/2008 16:58:23 | 00,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[09/15/2008 17:16:34 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Users\Phothirath François\Desktop\OTViewIt.exe
[09/15/2008 17:16:48 | 00,358,448 | ---- | C] () -- C:\Users\Phothirath François\Desktop\ToolBarSD.exe
[09/15/2008 17:17:11 | 00,571,505 | ---- | C] (IL-MAFIOSO ) -- C:\Users\Phothirath François\Desktop\Navilog1.exe
[09/15/2008 17:21:02 | 00,000,757 | ---- | C] () -- C:\Users\Public\Desktop\Navilog1.lnk
[09/15/2008 17:23:07 | 00,035,328 | ---- | C] () -- C:\Users\Phothirath François\Desktop\Note.doc
[09/15/2008 17:26:30 | 00,625,208 | ---- | C] () -- C:\Windows\System32\phcccgj0er4u.bmp
[09/15/2008 17:30:42 | 00,000,162 | -H-- | C] () -- C:\Users\Phothirath François\Desktop\~$Note.doc

========== Files - Modified Within 30 days ==========

[2 C:\Windows\*.tmp files]
[4 C:\ProgramData\*.tmp files]
[08/18/2008 12:19:04 | 00,082,432 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[08/26/2008 21:35:58 | 00,216,749 | ---- | M] () -- C:\Users\Phothirath François\AppData\Roaming\nvModes.001
[08/30/2008 23:30:30 | 00,000,412 | ---- | M] () -- C:\Windows\MAXLINK.INI
[09/02/2008 16:51:48 | 00,086,528 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[09/06/2008 14:36:23 | 00,027,648 | ---- | M] () -- C:\Users\Phothirath François\Desktop\T.doc
[09/07/2008 10:50:45 | 00,114,752 | ---- | M] () -- C:\Users\Phothirath François\AppData\Roaming\GDIPFONTCACHEV1.DAT
[09/07/2008 16:40:45 | 00,000,146 | ---- | M] () -- C:\Windows\DelMR.bat
[09/07/2008 20:42:07 | 00,002,114 | ---- | M] () -- C:\Users\Public\Desktop\MP220 series Manuel en ligne.lnk
[09/07/2008 20:44:37 | 00,001,789 | ---- | M] () -- C:\Users\Public\Desktop\My Printer.lnk
[09/07/2008 20:49:23 | 00,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Enregistrement utilisateur de Canon MP220 series.LNK
[09/08/2008 23:38:56 | 00,088,576 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\AntiXPVSTFix.exe
[09/10/2008 00:03:56 | 00,017,200 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[09/10/2008 00:04:02 | 00,038,528 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[09/10/2008 19:32:14 | 00,038,400 | ---- | M] () -- C:\Users\Phothirath François\Desktop\cv_francois_fr.doc
[09/11/2008 10:55:26 | 00,039,424 | ---- | M] () -- C:\Users\Phothirath François\Desktop\cv_francois_uk.doc
[09/12/2008 01:16:01 | 00,028,672 | ---- | M] () -- C:\Users\Phothirath François\Desktop\ABN- Exotic product.doc
[09/13/2008 11:08:53 | 00,115,136 | ---- | M] () -- C:\Users\Phothirath François\AppData\Local\GDIPFONTCACHEV1.DAT
[09/13/2008 13:26:16 | 00,055,296 | ---- | M] () -- C:\Users\Phothirath François\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[09/13/2008 15:28:14 | 00,068,267 | ---- | M] () -- C:\Users\Phothirath François\Desktop\dakota.gp4
[09/13/2008 15:37:10 | 00,398,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[09/14/2008 11:26:31 | 00,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[09/14/2008 11:26:31 | 00,122,020 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[09/14/2008 11:26:31 | 00,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[09/14/2008 11:26:31 | 00,700,222 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[09/14/2008 11:26:31 | 01,538,854 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[09/14/2008 13:25:22 | 00,199,168 | ---- | M] () -- C:\Windows\System32\lphcccgj0er4u.exe
[09/14/2008 18:58:58 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe
[09/14/2008 19:17:43 | 00,001,879 | ---- | M] () -- C:\Users\Phothirath François\Desktop\HijackThis.lnk
[09/14/2008 20:10:15 | 00,001,675 | ---- | M] () -- C:\Users\Phothirath François\Desktop\CCleaner.lnk
[09/14/2008 20:11:26 | 00,017,214 | ---- | M] () -- C:\Users\Phothirath François\Documents\cc_20080914_201120.reg
[09/14/2008 20:11:43 | 00,000,770 | ---- | M] () -- C:\Users\Phothirath François\Documents\cc_20080914_201139.reg
[09/14/2008 20:51:46 | 00,218,765 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20080914-212805.backup
[09/14/2008 21:42:25 | 00,001,152 | ---- | M] () -- C:\Windows\System32\windrv.sys
[09/14/2008 22:29:15 | 00,006,778 | ---- | M] () -- C:\Windows\System32\tmp.reg
[09/14/2008 22:29:16 | 00,000,035 | ---- | M] () -- C:\Users\Phothirath François\AppData\Roaming\SetValue.bat
[09/14/2008 22:29:16 | 00,000,691 | ---- | M] () -- C:\Users\Phothirath François\AppData\Roaming\GetValue.vbs
[09/14/2008 22:58:33 | 00,220,517 | ---- | M] () -- C:\ProgramData\nvModes.dat
[09/14/2008 23:30:39 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20080914-235305.backup
[09/14/2008 23:51:34 | 00,000,093 | ---- | M] () -- C:\Windows\wininit.ini
[09/14/2008 23:53:05 | 00,262,593 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[09/15/2008 11:27:51 | 00,006,274 | ---- | M] () -- C:\Users\Phothirath François\Documents\cc_20080915_112745.reg
[09/15/2008 11:28:23 | 00,000,836 | ---- | M] () -- C:\Users\Phothirath François\Documents\cc_20080915_112819.reg
[09/15/2008 16:07:34 | 00,063,488 | ---- | M] () -- C:\Users\Phothirath François\Desktop\Interview_Technique.doc
[09/15/2008 16:07:54 | 00,060,225 | ---- | M] () -- C:\Users\Phothirath François\Desktop\City_Map.pdf
[09/15/2008 16:08:15 | 00,262,656 | ---- | M] () -- C:\Users\Phothirath François\Desktop\Registration_Form_UK.doc
[09/15/2008 16:55:45 | 00,001,944 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Free Edition v10.lnk
[09/15/2008 17:16:50 | 00,358,448 | ---- | M] () -- C:\Users\Phothirath François\Desktop\ToolBarSD.exe
[09/15/2008 17:17:15 | 00,571,505 | ---- | M] (IL-MAFIOSO ) -- C:\Users\Phothirath François\Desktop\Navilog1.exe
[09/15/2008 17:21:02 | 00,000,757 | ---- | M] () -- C:\Users\Public\Desktop\Navilog1.lnk
[09/15/2008 17:23:08 | 00,035,328 | ---- | M] () -- C:\Users\Phothirath François\Desktop\Note.doc
[09/15/2008 17:23:56 | 03,767,457 | -H-- | M] () -- C:\Users\Phothirath François\AppData\Local\IconCache.db
[09/15/2008 17:25:41 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[09/15/2008 17:25:43 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[09/15/2008 17:25:45 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[09/15/2008 17:25:45 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[09/15/2008 17:26:32 | 00,625,208 | ---- | M] () -- C:\Windows\System32\phcccgj0er4u.bmp
[09/15/2008 17:26:33 | 00,118,784 | ---- | M] (Sysinternals) -- C:\Windows\System32\blphcccgj0er4u.scr
[09/15/2008 17:27:16 | 00,220,517 | ---- | M] () -- C:\ProgramData\nvModes.001
[09/15/2008 17:27:42 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[09/15/2008 17:30:42 | 00,000,162 | -H-- | M] () -- C:\Users\Phothirath François\Desktop\~$Note.doc
[09/15/2008 17:37:35 | 00,000,522 | ---- | M] () -- C:\Users\Phothirath François\Documents\Mes dossiers de partage.lnk
[09/15/2008 17:45:29 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Users\Phothirath François\Desktop\OTViewIt.exe
[09/15/2008 17:46:55 | 00,081,984 | ---- | M] () -- C:\Windows\System32\bdod.bin
[09/15/2008 17:47:14 | 00,000,000 | ---- | M] () -- C:\Windows\System32\PredictionDLL.dll

<End>
**

Extras

OTViewIt Extras logfile created on: 15/09/2008 17:47:02 - Run 1
OTViewIt by OldTimer - Version 1.0.4.0 Folder = C:\Users\Phothirath François\Desktop
Windows Vista (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,06% Memory free
4,00 Gb Paging File | 2,98 Gb Available in Paging File | 74,49% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 15,43 Gb Free Space | 16,57% Space Free | Partition Type: NTFS
Drive D: | 11,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 91,69 Gb Total Space | 2,90 Gb Free Space | 3,16% Space Free | Partition Type: NTFS
Drive F: | 70,11 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 232,88 Gb Total Space | 26,02 Gb Free Space | 11,17% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value does not exist or could not be read.] -- Reg Error: Key does not exist or could not be opened. File not found
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -- File not found

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
File not found C:\Programmes\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])
File not found C:\Programmes\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
File not found C:\Programmes\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
File not found C:\Programmes\C
francoisph
 
Messages: 2
Inscription: 15 Sep 2008, 00:18

Messagede nickW » 15 Sep 2008, 23:37

Bonsoir,


1/ Où est le log de Malwarebytes' Anti-Malware?
Note:
Il fallait exécuter Malwarebytes' Anti-Malware avant les autres outils.
Si tu ne l'as pas fait, il faut recommencer les étapes 4, 5, 6, 8, 9 ... 13 de la procédure précédente.


2/ J'ai bien écrit
Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs) :
*- les deux rapports de OTViewIt (contenu des fichiers OTViewIt.txt et Extras.txt situés sur le Bureau).

Le dernier log n'est pas complet!

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21696
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 24 invités