[vista] crash explorer.exe
Résolu/Fermé
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
-
12 juil. 2008 à 20:50
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 - 18 juil. 2008 à 07:17
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 - 18 juil. 2008 à 07:17
A voir également:
- [vista] crash explorer.exe
- Explorer.exe - Télécharger - Divers Utilitaires
- Windows vista - Télécharger - Divers Utilitaires
- Windows crash - Guide
- Windows Vista SP1 - Télécharger - Divers Utilitaires
- Pc crash - Guide
24 réponses
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
13 juil. 2008 à 10:17
13 juil. 2008 à 10:17
salut,
Télécharge VundoFix:
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe pour le lancer
lorsque il se lance à nouveau , clique sur [Scan for Vundo]
à la fin du scan , clique sur [Remove Vundo]
il te demandera si tu veux supprimer les fichiers , clique sur [YES]
ton Bureau va disparaitre lors de la suppression des fichiers
ensuite , il va t'annoncer que ton PC va s'éteindre , clique [OK]
Redémarre ton PC
Copie/colle le rapport ( C:\vundofix.txt )
et un nouveau rapport HijackThis
Il est possible que VundoFix ne puisse pas supprimer un fichier ,
dans ce cas, il se relancera au prochain redémarrage ,
il suffit de recommencer à partir de clique sur [Scan for Vundo]
Télécharge VundoFix:
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe pour le lancer
lorsque il se lance à nouveau , clique sur [Scan for Vundo]
à la fin du scan , clique sur [Remove Vundo]
il te demandera si tu veux supprimer les fichiers , clique sur [YES]
ton Bureau va disparaitre lors de la suppression des fichiers
ensuite , il va t'annoncer que ton PC va s'éteindre , clique [OK]
Redémarre ton PC
Copie/colle le rapport ( C:\vundofix.txt )
et un nouveau rapport HijackThis
Il est possible que VundoFix ne puisse pas supprimer un fichier ,
dans ce cas, il se relancera au prochain redémarrage ,
il suffit de recommencer à partir de clique sur [Scan for Vundo]
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
13 juil. 2008 à 13:12
13 juil. 2008 à 13:12
Je l'avais déja fais hier car j'ai fais le tour des posts , cependant il n'a trouvé aucun fichier infecté!
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
14 juil. 2008 à 02:53
14 juil. 2008 à 02:53
salut,
Télécharge ComboFix (de sUBs) sur ton Bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge ComboFix (de sUBs) sur ton Bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Aide : Comment utiliser ComboFix.
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Utilisateur anonyme
14 juil. 2008 à 03:06
14 juil. 2008 à 03:06
bonsoir ludsfa
pouvez vous m indiqué l infection vundo sur le rapport hijackthis c est pour mes infos perso merci
pouvez vous m indiqué l infection vundo sur le rapport hijackthis c est pour mes infos perso merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
14 juil. 2008 à 03:08
14 juil. 2008 à 03:08
Bonsoir ludsfa,
Mais il est ouuu ouuu ouuuu ouuuu ouuuu le vundo a son kiki ?
ha ha`
Mais il est ouuu ouuu ouuuu ouuuu ouuuu le vundo a son kiki ?
ha ha`
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
14 juil. 2008 à 08:53
14 juil. 2008 à 08:53
C'est fait , j'en ai marre ca marche toujours pas! , une autre solutioon ?!
Mais lOooooool! T'es trop fort mec , génial ca a marché juste après l'analyse meme pas besoin de redemarrage !
Un grand bravo à Ludsfa et merci à tous
ComboFix 08-07-13.8 - YoYo 2008-07-14 8:39:26.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1185 [GMT 2:00]
Endroit: C:\Users\YoYo\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\YoYo\Desktop\SUPER P0RN.url
C:\Windows\system32\Ultra.dll
C:\Windows\system32\vav.cpl
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))))))
.
2008-07-14 08:35 . 2008-07-14 08:36 <REP> d-------- C:\327882R2FWJFW
2008-07-13 21:13 . 2008-07-13 21:13 2,039,296 --a------ C:\360FW-Toolbox-46.rar.bc!
2008-07-13 21:12 . 2008-07-13 21:12 <REP> d-------- C:\X360 Backup & Firmware ToolBox (02-2008)
2008-07-13 21:00 . 2008-07-13 21:00 <REP> d-------- C:\Windows\System32\360fwtoolbox_30
2008-07-13 20:54 . 2008-07-13 20:54 <REP> d-------- C:\zbin
2008-07-13 20:10 . 2008-07-13 20:10 <REP> d-------- C:\usbfile
2008-07-13 20:08 . 2008-07-13 20:08 <REP> d-------- C:\DriveKey
2008-07-13 19:43 . 2008-07-13 19:43 <REP> d-------- C:\dosflash14b
2008-07-13 15:38 . 2008-07-13 15:48 <REP> d-------- C:\BenQ_TooLs
2008-07-13 15:23 . 2008-07-13 15:23 <REP> d-------- C:\C4EVA_iXTRM-Benq V1.41 Benq iXtreme v1.41
2008-07-13 15:16 . 2008-07-13 15:19 386,647 --a------ C:\C4EVA_iXTRM-Benq V1.41 Benq iXtreme v1.41.rar
2008-07-13 15:07 . 2008-07-13 15:07 <REP> d-------- C:\Program Files\X-Projects
2008-07-13 15:01 . 2008-07-13 15:01 <REP> d--h----- C:\Windows\PIF
2008-07-13 14:43 . 2008-07-13 14:47 <REP> d-------- C:\all.fw.tools.r2c
2008-07-13 14:40 . 2008-07-13 14:40 <REP> d-------- C:\BenQ iXtremev1.1
2008-07-13 14:38 . 2008-07-13 14:38 79,386 --a------ C:\BenQ iXtremev1.1.rar
2008-07-13 14:13 . 2008-07-13 14:13 <REP> d-------- C:\Program Files\AxBx
2008-07-12 21:01 . 2008-07-12 21:01 <REP> d-------- C:\VundoFix Backups
2008-07-12 20:11 . 2008-07-12 20:12 <REP> d-------- C:\Uniblue RegistryBooster 2
2008-07-11 20:56 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-07-11 18:27 . 2008-07-11 18:27 <REP> d-------- C:\Windows\Google Earth Pro 4.2
2008-07-11 18:27 . 2008-07-11 18:29 <REP> d-------- C:\Program Files\Google Earth Pro 4.2
2008-07-11 18:24 . 2008-07-11 18:25 <REP> d-------- C:\Google Earth Pro 4.2
2008-07-10 02:04 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-10 02:04 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-10 02:04 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-07 00:15 . 2007-07-20 01:55 233,888 --a------ C:\Windows\System32\DreamScene.dll
2008-07-06 20:08 . 2008-07-06 20:24 2,367,633 --a------ C:\Error Doctor 2008 v1.5 + serial.rar
2008-07-06 20:02 . 2008-07-06 20:02 <REP> d-------- C:\ErrorDoctor 2008 + serial
2008-07-06 19:57 . 2008-07-06 19:57 3,445,248 --a------ C:\Error Doctor PC Fix 2008.zip.bc!
2008-07-06 19:46 . 2008-07-06 20:05 2,465,006 --a------ C:\Error Doctor 2008 version with serial number.rar.bc!
2008-07-06 19:44 . 2008-07-06 19:44 <REP> d-------- C:\Program Files\SoftwareDoctor
2008-07-06 19:40 . 2008-07-06 19:43 6,214,069 --a------ C:\Error Doctor 2008 v1 5 Fix Your PC.rar
2008-07-06 17:40 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-07-06 16:09 . 2008-07-06 16:09 <REP> d-------- C:\Program Files\Realtek AC97
2008-07-06 16:07 . 2008-07-06 16:07 <REP> d-------- C:\pilote_audio_realtek_ac97_6.0.1.6251_4321
2008-07-05 18:01 . 2008-07-05 18:01 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-07-05 14:32 . 2008-07-05 14:32 <REP> d-------- C:\Users\All Users\Uniblue
2008-07-05 14:32 . 2008-07-05 14:32 <REP> d-------- C:\ProgramData\Uniblue
2008-07-05 13:02 . 2008-07-05 13:21 <REP> d-------- C:\Program Files\RegCure
2008-07-04 21:41 . 2008-07-04 21:46 47 --a------ C:\Windows\System32\[u]0/u9wutili.sys
2008-07-04 21:39 . 2008-07-04 21:46 <REP> d-------- C:\Program Files\WinUtilities
2008-07-04 21:28 . 2008-07-04 21:28 <REP> d-------- C:\Program Files\CleanUp!
2008-07-04 11:02 . 2008-07-04 11:02 <REP> d-------- C:\!KillBox
2008-07-04 10:33 . 2008-07-04 10:33 <REP> d-------- C:\Users\All Users\ATI
2008-07-04 10:33 . 2008-07-04 10:33 <REP> d-------- C:\ProgramData\ATI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\Users\All Users\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\ProgramData\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\Program Files\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 17,408 --a------ C:\Windows\System32\drivers\pxark.sys
2008-07-04 01:12 . 2008-07-03 22:41 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-07-04 01:12 . 2008-07-03 22:41 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-07-04 00:57 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-07-04 00:57 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-07-04 00:55 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-07-04 00:54 . 2008-01-18 23:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-07-04 00:53 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-07-04 00:51 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-07-04 00:48 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-07-04 00:13 . 2008-07-04 00:13 <REP> d-------- C:\Program Files\Trend Micro
2008-07-04 00:09 . 2008-07-04 00:09 <REP> d-------- C:\Deckard
2008-07-03 22:41 . 2008-07-04 01:17 196,608 --a------ C:\Windows\SPInstall.etl
2008-07-03 19:19 . 2008-07-03 19:19 988,216 --a------ C:\Windows\System32\winload.exe
2008-07-03 19:19 . 2008-07-03 19:19 927,288 --a------ C:\Windows\System32\winresume.exe
2008-07-03 19:19 . 2008-07-03 19:19 615,992 --a------ C:\Windows\System32\ci.dll
2008-07-03 19:19 . 2008-07-03 19:19 378,368 --a------ C:\Windows\System32\srcore.dll
2008-07-03 19:19 . 2008-07-03 19:19 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-07-03 19:19 . 2008-07-03 19:19 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-07-03 19:19 . 2008-07-03 19:19 40,960 --a------ C:\Windows\System32\srclient.dll
2008-07-03 19:19 . 2008-07-03 19:19 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-07-03 19:19 . 2008-07-03 19:19 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-07-03 19:19 . 2008-07-03 19:19 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-07-03 17:46 . 2008-07-03 18:45 <REP> d-------- C:\Users\YoYo\.homeplayer
2008-07-03 17:46 . 2008-07-03 17:47 <REP> d-------- C:\Program Files\HomePlayer
2008-07-03 14:39 . 2008-07-03 14:39 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-07-02 23:43 . 2008-07-02 23:43 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-07-02 23:34 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-07-02 23:34 . 2006-11-02 01:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-07-02 23:33 . 2008-07-02 23:33 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-07-02 23:31 . 2008-07-02 23:31 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-02 23:31 . 2008-07-02 23:31 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-07-02 23:30 . 2008-07-02 23:30 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-02 23:30 . 2008-07-02 23:30 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-07-02 23:30 . 2008-07-02 23:30 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-07-02 23:29 . 2008-07-02 23:29 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-07-02 23:29 . 2008-07-02 23:29 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-07-02 23:29 . 2008-07-02 23:29 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-02 23:29 . 2008-07-02 23:29 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-02 23:29 . 2008-07-02 23:29 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-02 23:29 . 2008-07-02 23:29 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-02 23:01 . 2008-07-02 23:01 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-07-02 23:01 . 2008-07-02 23:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-07-02 17:05 . 2008-07-03 00:06 <REP> d-------- C:\Windows\Panther
2008-07-02 17:05 . 2006-09-12 21:00 197,632 --a------ C:\Windows\System32\CNMLM7L.DLL
2008-07-02 17:05 . 2006-07-28 08:09 194,048 --a------ C:\Windows\System32\CNCC500.DLL
2008-07-02 17:05 . 2005-05-30 11:47 139,264 --a------ C:\Windows\System32\CNCL500.DLL
2008-07-02 17:05 . 2006-06-29 06:29 106,496 --a------ C:\Windows\System32\cncisco.dll
2008-07-02 17:05 . 2005-12-02 23:49 64,352 --a------ C:\Windows\System32\drivers\ativmc20.cod
2008-07-02 17:05 . 2006-07-28 08:08 37,888 --a------ C:\Windows\System32\CNCI500.DLL
2008-07-02 17:03 . 2008-07-10 02:05 <REP> d-------- C:\Windows\Debug
2008-07-02 16:54 . 2008-07-02 16:54 <REP> d-------- C:\Users\Default\video
2008-07-02 16:45 . 2008-07-02 16:45 <REP> d--h----- C:\$WINDOWS.~Q
2008-07-02 16:34 . 2008-07-02 16:38 <REP> d--h----- C:\$INPLACE.~TR
2008-07-02 16:20 . 2008-07-02 16:53 <REP> dr------- C:\Users\YoYo\Videos
2008-07-02 16:20 . 2008-07-02 16:53 <REP> dr------- C:\Users\YoYo\Saved Games
2008-07-02 16:20 . 2008-07-07 00:04 <REP> dr------- C:\Users\YoYo\Pictures
2008-07-02 16:20 . 2008-07-05 13:21 <REP> dr------- C:\Users\YoYo\Links
2008-07-02 16:20 . 2006-11-02 14:35 <REP> d-------- C:\Users\YoYo\AppData\Roaming\Media Center Programs
2008-07-02 16:20 . 2008-07-02 16:52 <REP> d--h----- C:\Users\YoYo\AppData
2008-07-02 16:20 . 2008-07-06 17:20 <REP> d-------- C:\Users\YoYo
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Videos
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Videos
2008-07-02 16:20 . 2008-07-02 16:50 <REP> d-------- C:\Users\Invité\Saved Games
2008-07-02 16:20 . 2008-07-02 16:50 <REP> d-------- C:\Users\Invité\Saved Games
2008-07-02 16:20 . 2006-11-02 12:23 <REP> dr------- C:\Users\Invité\Pictures
2008-07-02 16:20 . 2006-11-02 12:23 <REP> dr------- C:\Users\Invité\Pictures
2008-07-02 16:20 . 2006-11-02 12:23 <REP> dr------- C:\Users\Invité\Music
2008-07-02 16:20 . 2006-11-02 12:23 <REP> dr------- C:\Users\Invité\Music
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Links
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Links
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Favorites
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Favorites
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Downloads
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Downloads
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Documents
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 06:38 3,932,160 --sha-w C:\Users\Invité\NTUSER.DAT
2008-07-14 06:38 3,932,160 --sha-w C:\Users\Invité\NTUSER.DAT
2008-07-14 06:36 5,656 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-07-13 19:27 10,705,440 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-13 19:26 85,764 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-13 19:26 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-13 19:23 1,048,608 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-07-13 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 21:01 --------- d-----w C:\Program Files\Opera
2008-07-12 20:58 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-12 18:10 --------- d-----w C:\Users\YoYo\AppData\Roaming\Uniblue
2008-07-12 18:10 --------- d-----w C:\Program Files\Uniblue
2008-07-12 14:15 --------- d-----w C:\Program Files\Steam
2008-07-11 18:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 01:06 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 16:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 15:59 --------- d-----w C:\Program Files\Ubisoft
2008-07-06 15:58 --------- d-----w C:\Program Files\Electronic Arts
2008-07-06 15:54 --------- d-----w C:\Program Files\A123 YouTube FLV to AVI iPod Converter
2008-07-06 14:15 --------- d-----w C:\Program Files\ATI
2008-07-06 13:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-05 13:46 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-04 09:02 4,196 ----a-w C:\Windows\System32\tmp.reg
2008-07-04 08:27 --------- d-----w C:\Program Files\ATI Technologies
2008-07-03 23:47 174 --sha-w C:\Program Files\desktop.ini
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Defender
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Calendar
2008-07-03 23:23 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-03 23:22 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-02 21:30 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-02 21:30 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-02 21:30 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-02 21:30 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-02 21:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-02 19:29 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-02 19:29 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Modèles
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Favoris
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Bureau
2008-07-02 15:22 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-02 14:36 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-02 14:35 --------- d-----w C:\ProgramData\Logitech
2008-07-02 14:34 --------- d-----w C:\Program Files\Windows Live
2008-07-02 14:34 --------- d-----w C:\Program Files\Winamp
2008-07-02 14:34 --------- d-----w C:\Program Files\VirtualDJ
2008-07-02 14:34 --------- d-----w C:\Program Files\VideoLAN
2008-07-02 14:34 --------- d-----w C:\Program Files\Video Converter
2008-07-02 14:34 --------- d-----w C:\Program Files\URUSoft
2008-07-02 14:34 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-02 14:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-02 14:34 --------- d-----w C:\Program Files\SubMagic
2008-07-02 14:34 --------- d-----w C:\Program Files\STOIK Imaging
2008-07-02 14:34 --------- d-----w C:\Program Files\STK014
2008-07-02 14:34 --------- d-----w C:\Program Files\Stardock
2008-07-02 14:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-02 14:32 --------- d-----w C:\Program Files\Microsoft Games
2008-07-02 14:31 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 14:27 --------- d--h--w C:\Program Files\CanonBJ
2008-06-05 20:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-04 18:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-03 06:22 3,695,104 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-06-03 03:35 413,696 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-06-03 03:35 327,680 ----a-w C:\Windows\System32\atipdlxx.dll
2008-06-03 03:35 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-06-03 03:34 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-06-03 03:34 266,240 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-06-03 03:34 262,144 ----a-w C:\Windows\System32\Oemdspif.dll
2008-06-03 03:33 684,032 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-06-03 03:19 3,401,216 ----a-w C:\Windows\System32\atiumdag.dll
2008-06-03 03:02 4,398,080 ----a-w C:\Windows\System32\atiumdva.dll
2008-06-03 02:50 49,664 ----a-w C:\Windows\System32\amdpcom32.dll
2008-06-03 02:49 32,256 ----a-w C:\Windows\System32\atiadlxx.dll
2008-06-03 02:48 10,043,392 ----a-w C:\Windows\System32\atioglxx.dll
2008-06-03 02:34 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-06-01 11:54 --------- d-----w C:\ProgramData\iolo
2008-06-01 10:38 354,560 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-06-01 10:34 14,175,488 ----a-w C:\Windows\System32\TU2008TrialFR.exe
2008-06-01 10:23 74,703 ----a-w C:\Windows\System32\mfc45.dll
2008-06-01 10:22 --------- d-----w C:\Users\YoYo\AppData\Roaming\iolo
2008-05-23 20:24 1,082,880 ----a-w C:\Windows\System32\AutoPartNt.exe
2008-05-23 18:45 99,776 ----a-w C:\Windows\system32\drivers\snapman.sys
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-15 01:20 175,488 ----a-w C:\Windows\system32\drivers\atinavt2.sys
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-28 06:52 2,121,235 ----a-w C:\Windows\System32\x264vfw.dll
2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-25 17:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-04-18 23:24 2,560 ----a-w C:\Windows\System32\bitcometres.dll
2007-11-13 19:37 842 ----a-w C:\Users\YoYo\AppData\Roaming\waver_2.95.dat
2006-05-03 09:06 163,328 --sha-r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-05-05 13:01 99608]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 13:21 563080]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2007-05-10 13:18 835584]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-28 23:01 2512128]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-18 11:55 1132056]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-18 11:34 774168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 19:21 201992]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-14 15:21:08 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DontDisplayLogonHoursWarnings"= 1 (0x1)
"LogonHoursAction"= 2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.X264"= x264vfw.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-04-25 19:21 201992 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{135D8AB3-ACE5-4389-9B40-2772EA33E2DE}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{7971196E-11C8-4FD8-ADEB-AA3067ED05A2}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{09E4FCC6-B8AB-431A-96A5-A63DABD911B7}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{85D76D5F-51A3-482A-B98B-84EF62B432EF}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{A13D2A12-2DBC-40F4-83C2-7FF7BF0AA9EC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{98BEB660-0E6A-4F4C-BE4F-242C085D3400}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{9B164E68-4D00-42D0-A819-60A21E7B7501}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{437131F0-EBD9-43B3-849C-944F5F296810}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{71A28A76-C9BB-4C03-9D4A-FE13D1554E53}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0B1923BF-840E-47DF-B976-6403DB20C685}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A6AD2B90-4607-4270-B3F6-799D3B126486}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6734EEA1-9AAE-46A5-92D6-9F88430468E0}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{989BB491-619F-4205-AA12-1C10A359D854}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EE23FF41-3831-4F92-ADA9-67CC1FC1741D}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{45069129-3271-49A9-9E31-2B190A178BD8}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{E61CF6CF-5EF3-4AC9-B321-568E47E696DC}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{F16089B3-2A3A-4F88-93EF-32AB8DC242CD}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{1AED7AFD-BC9D-46F9-9A9F-A6745993DCBC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{073D913E-B1CE-4453-A484-D2ECEB98700A}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{3E70A04D-B1E6-4159-80A1-37A2F2A3F81B}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{3361D756-F93B-4BAA-8E77-8F24E8B636CF}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{CC1B6C5A-251A-4F5F-B735-4E44BF545BFF}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{1F80D8B3-884E-4083-B0C2-7285339D5758}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{48F79BB4-16CC-4F7A-BD48-CD6CC7F5DB6F}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{39777A7F-DAD9-4AF0-BCE2-9A49137800DD}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{30454EC8-A315-44EE-AD63-C49B9DEE66CA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"UDP Query User{07F47A02-415C-4861-BEC7-61B493F5D97A}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"TCP Query User{37851D6C-C2E9-4195-810A-5BAB05198C5B}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"{FBE87BB8-615D-409E-9C4E-68698D207DBC}"= Disabled:TCP:G:\incredimail_install(3).exe:IncrediMail Installer
"{CF84D3F6-648B-4099-99FC-FB2BCECFD2E1}"= Disabled:UDP:G:\incredimail_install(3).exe:IncrediMail Installer
"{B61838A7-73B8-49C4-B8DF-484B654FFB27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F583F07-8BF0-4D19-B56A-3B897F4F0EF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{64CDC495-843A-44D0-A656-3212E19F9D0B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DB0EF69C-E964-4E6D-9ACB-85819E715F83}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5B8CF2A4-CE84-413C-9031-ECB5A879FE7C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FE811146-B55E-4F74-B113-43F8D289FED9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5F9E0658-52BC-4CDA-9CE4-F0DF9C6FF2ED}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{A405D797-85BB-4B8D-A803-6FC71A15514E}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{553A0253-4AE6-45A7-9EA7-DA525A4C9CCD}"= UDP:50901:Adobe Version Cue CS3 Server
"{0DA8F27D-AB28-4A58-A863-CFC1FC9B8474}"= UDP:50900:Adobe Version Cue CS3 Server
"{7136EA44-6FF3-4B5D-B98D-EDFCB13C5367}"= UDP:3704:Adobe Version Cue CS3 Server
"{0667449A-9061-4356-A862-A524343618A7}"= UDP:3703:Adobe Version Cue CS3 Server
"UDP Query User{95ABAEDE-8F4F-4729-9205-7393F4104FE4}C:\\program files\\gigabyte\\et5\\update.exe"= TCP:C:\program files\gigabyte\et5\update.exe:ftptest
"TCP Query User{A2711FC7-A16D-44C3-A632-D4A727F5A64E}C:\\program files\\gigabyte\\et5\\update.exe"= UDP:C:\program files\gigabyte\et5\update.exe:ftptest
"{5C481AA7-E70D-4FFC-AAE2-4C617C8B1B06}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F12FB478-B603-4FF3-AF5B-77A82D2BF741}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4C649156-6750-4702-AFBC-E6C739BECFA8}"= TCP:17598:BitComet 17598 UDP
"{0BFB8182-E7BF-4B22-840E-04A05F7CAADF}"= UDP:17598:BitComet 17598 TCP
"{E0D112A2-A226-4449-ADEB-70E8A7EF55D3}"= TCP:11507:BitComet 11507 UDP
"{B67351A4-0750-4B61-A9D5-F6D5E70BC217}"= UDP:11507:BitComet 11507 TCP
"{D7703C8F-AC49-4A1E-8827-4FCC44E91434}"= TCP:11507:BitComet 11507 UDP
"{87E58A77-D1F6-4135-BE85-7AE0F77FF3A2}"= UDP:11507:BitComet 11507 TCP
"{15D5C4BA-09FE-4674-AD86-108445B48F0F}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"{E3451934-F27A-4D1F-81D3-1E3505B9A5CB}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{7545109D-C36B-4909-B617-37FA22A23BE6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5C78FA5D-32AE-4DE7-B7F2-35D4FEE0C288}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9EE7C5F6-0DFD-4F91-85FB-AFA45A27A648}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17883C27-7B52-4ACC-A695-D6895BBD3E90}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A19D4FF3-47CA-4DC2-B60A-9890B08F6CC9}"= TCP:9375:BitComet 9375 UDP
"{ABD20516-970E-4069-A1A6-B32D24FAEDAF}"= UDP:9375:BitComet 9375 TCP
"{B9577DFE-CA7E-47B1-A88D-F137A833232F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisabledInterfaces"= {77CC3A99-24E8-432E-8750-125B46242B15},{CCC70AB2-9676-40B2-A47A-4B6A4952C20A}
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 19:29]
R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-07-04 10:19]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 08:22]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 20:02]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 16:46]
S2 TimerStop;TimerStop;C:\Windows\system32\timerstop.sys [2007-01-02 19:06]
S2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\Windows\system32\DRIVERS\BTCamDrv.sys [2006-11-01 20:45]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2007-01-12 18:34]
S3 OABXTMG;OABXTMG;C:\Users\YoYo\AppData\Local\Temp\OABXTMG.exe []
S3 PRODIGY;PRODIGY;C:\Windows\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-15 11:57]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-01 12:38]
*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-11 15:16:48 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-07-13 19:25:38 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-10 01:06:32 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-05 15:30:31 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-05 11:28:49 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-05 12:37:16 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-07-14 00:07:49 C:\Windows\Tasks\User_Feed_Synchronization-{AA6DE61B-8532-452B-BCFC-0B0D05E38307}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-07-14 06:45:00 C:\Windows\Tasks\User_Feed_Synchronization-{F66F6557-DF8E-4E3C-BAA8-EEEA8AE5C498}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 08:43:57
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 8:45:49
ComboFix-quarantined-files.txt 2008-07-14 06:45:27
Pre-Run: 22,379,503,616 octets libres
Post-Run: 22,191,960,064 octets libres
414 --- E O F --- 2008-07-12 08:07:57
Mais lOooooool! T'es trop fort mec , génial ca a marché juste après l'analyse meme pas besoin de redemarrage !
Un grand bravo à Ludsfa et merci à tous
ComboFix 08-07-13.8 - YoYo 2008-07-14 8:39:26.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1185 [GMT 2:00]
Endroit: C:\Users\YoYo\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\YoYo\Desktop\SUPER P0RN.url
C:\Windows\system32\Ultra.dll
C:\Windows\system32\vav.cpl
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))))))
.
2008-07-14 08:35 . 2008-07-14 08:36 <REP> d-------- C:\327882R2FWJFW
2008-07-13 21:13 . 2008-07-13 21:13 2,039,296 --a------ C:\360FW-Toolbox-46.rar.bc!
2008-07-13 21:12 . 2008-07-13 21:12 <REP> d-------- C:\X360 Backup & Firmware ToolBox (02-2008)
2008-07-13 21:00 . 2008-07-13 21:00 <REP> d-------- C:\Windows\System32\360fwtoolbox_30
2008-07-13 20:54 . 2008-07-13 20:54 <REP> d-------- C:\zbin
2008-07-13 20:10 . 2008-07-13 20:10 <REP> d-------- C:\usbfile
2008-07-13 20:08 . 2008-07-13 20:08 <REP> d-------- C:\DriveKey
2008-07-13 19:43 . 2008-07-13 19:43 <REP> d-------- C:\dosflash14b
2008-07-13 15:38 . 2008-07-13 15:48 <REP> d-------- C:\BenQ_TooLs
2008-07-13 15:23 . 2008-07-13 15:23 <REP> d-------- C:\C4EVA_iXTRM-Benq V1.41 Benq iXtreme v1.41
2008-07-13 15:16 . 2008-07-13 15:19 386,647 --a------ C:\C4EVA_iXTRM-Benq V1.41 Benq iXtreme v1.41.rar
2008-07-13 15:07 . 2008-07-13 15:07 <REP> d-------- C:\Program Files\X-Projects
2008-07-13 15:01 . 2008-07-13 15:01 <REP> d--h----- C:\Windows\PIF
2008-07-13 14:43 . 2008-07-13 14:47 <REP> d-------- C:\all.fw.tools.r2c
2008-07-13 14:40 . 2008-07-13 14:40 <REP> d-------- C:\BenQ iXtremev1.1
2008-07-13 14:38 . 2008-07-13 14:38 79,386 --a------ C:\BenQ iXtremev1.1.rar
2008-07-13 14:13 . 2008-07-13 14:13 <REP> d-------- C:\Program Files\AxBx
2008-07-12 21:01 . 2008-07-12 21:01 <REP> d-------- C:\VundoFix Backups
2008-07-12 20:11 . 2008-07-12 20:12 <REP> d-------- C:\Uniblue RegistryBooster 2
2008-07-11 20:56 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-07-11 18:27 . 2008-07-11 18:27 <REP> d-------- C:\Windows\Google Earth Pro 4.2
2008-07-11 18:27 . 2008-07-11 18:29 <REP> d-------- C:\Program Files\Google Earth Pro 4.2
2008-07-11 18:24 . 2008-07-11 18:25 <REP> d-------- C:\Google Earth Pro 4.2
2008-07-10 02:04 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-10 02:04 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-10 02:04 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-07 00:15 . 2007-07-20 01:55 233,888 --a------ C:\Windows\System32\DreamScene.dll
2008-07-06 20:08 . 2008-07-06 20:24 2,367,633 --a------ C:\Error Doctor 2008 v1.5 + serial.rar
2008-07-06 20:02 . 2008-07-06 20:02 <REP> d-------- C:\ErrorDoctor 2008 + serial
2008-07-06 19:57 . 2008-07-06 19:57 3,445,248 --a------ C:\Error Doctor PC Fix 2008.zip.bc!
2008-07-06 19:46 . 2008-07-06 20:05 2,465,006 --a------ C:\Error Doctor 2008 version with serial number.rar.bc!
2008-07-06 19:44 . 2008-07-06 19:44 <REP> d-------- C:\Program Files\SoftwareDoctor
2008-07-06 19:40 . 2008-07-06 19:43 6,214,069 --a------ C:\Error Doctor 2008 v1 5 Fix Your PC.rar
2008-07-06 17:40 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-07-06 16:09 . 2008-07-06 16:09 <REP> d-------- C:\Program Files\Realtek AC97
2008-07-06 16:07 . 2008-07-06 16:07 <REP> d-------- C:\pilote_audio_realtek_ac97_6.0.1.6251_4321
2008-07-05 18:01 . 2008-07-05 18:01 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-07-05 14:32 . 2008-07-05 14:32 <REP> d-------- C:\Users\All Users\Uniblue
2008-07-05 14:32 . 2008-07-05 14:32 <REP> d-------- C:\ProgramData\Uniblue
2008-07-05 13:02 . 2008-07-05 13:21 <REP> d-------- C:\Program Files\RegCure
2008-07-04 21:41 . 2008-07-04 21:46 47 --a------ C:\Windows\System32\[u]0/u9wutili.sys
2008-07-04 21:39 . 2008-07-04 21:46 <REP> d-------- C:\Program Files\WinUtilities
2008-07-04 21:28 . 2008-07-04 21:28 <REP> d-------- C:\Program Files\CleanUp!
2008-07-04 11:02 . 2008-07-04 11:02 <REP> d-------- C:\!KillBox
2008-07-04 10:33 . 2008-07-04 10:33 <REP> d-------- C:\Users\All Users\ATI
2008-07-04 10:33 . 2008-07-04 10:33 <REP> d-------- C:\ProgramData\ATI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\Users\All Users\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\ProgramData\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\Program Files\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 17,408 --a------ C:\Windows\System32\drivers\pxark.sys
2008-07-04 01:12 . 2008-07-03 22:41 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-07-04 01:12 . 2008-07-03 22:41 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-07-04 00:57 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-07-04 00:57 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-07-04 00:55 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-07-04 00:54 . 2008-01-18 23:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-07-04 00:53 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-07-04 00:51 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-07-04 00:48 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-07-04 00:13 . 2008-07-04 00:13 <REP> d-------- C:\Program Files\Trend Micro
2008-07-04 00:09 . 2008-07-04 00:09 <REP> d-------- C:\Deckard
2008-07-03 22:41 . 2008-07-04 01:17 196,608 --a------ C:\Windows\SPInstall.etl
2008-07-03 19:19 . 2008-07-03 19:19 988,216 --a------ C:\Windows\System32\winload.exe
2008-07-03 19:19 . 2008-07-03 19:19 927,288 --a------ C:\Windows\System32\winresume.exe
2008-07-03 19:19 . 2008-07-03 19:19 615,992 --a------ C:\Windows\System32\ci.dll
2008-07-03 19:19 . 2008-07-03 19:19 378,368 --a------ C:\Windows\System32\srcore.dll
2008-07-03 19:19 . 2008-07-03 19:19 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-07-03 19:19 . 2008-07-03 19:19 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-07-03 19:19 . 2008-07-03 19:19 40,960 --a------ C:\Windows\System32\srclient.dll
2008-07-03 19:19 . 2008-07-03 19:19 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-07-03 19:19 . 2008-07-03 19:19 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-07-03 19:19 . 2008-07-03 19:19 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-07-03 17:46 . 2008-07-03 18:45 <REP> d-------- C:\Users\YoYo\.homeplayer
2008-07-03 17:46 . 2008-07-03 17:47 <REP> d-------- C:\Program Files\HomePlayer
2008-07-03 14:39 . 2008-07-03 14:39 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-07-02 23:43 . 2008-07-02 23:43 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-07-02 23:34 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-07-02 23:34 . 2006-11-02 01:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-07-02 23:33 . 2008-07-02 23:33 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-07-02 23:31 . 2008-07-02 23:31 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-02 23:31 . 2008-07-02 23:31 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-07-02 23:30 . 2008-07-02 23:30 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-02 23:30 . 2008-07-02 23:30 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-07-02 23:30 . 2008-07-02 23:30 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-07-02 23:29 . 2008-07-02 23:29 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-07-02 23:29 . 2008-07-02 23:29 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-07-02 23:29 . 2008-07-02 23:29 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-02 23:29 . 2008-07-02 23:29 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-02 23:29 . 2008-07-02 23:29 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-02 23:29 . 2008-07-02 23:29 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-02 23:01 . 2008-07-02 23:01 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-07-02 23:01 . 2008-07-02 23:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-07-02 17:05 . 2008-07-03 00:06 <REP> d-------- C:\Windows\Panther
2008-07-02 17:05 . 2006-09-12 21:00 197,632 --a------ C:\Windows\System32\CNMLM7L.DLL
2008-07-02 17:05 . 2006-07-28 08:09 194,048 --a------ C:\Windows\System32\CNCC500.DLL
2008-07-02 17:05 . 2005-05-30 11:47 139,264 --a------ C:\Windows\System32\CNCL500.DLL
2008-07-02 17:05 . 2006-06-29 06:29 106,496 --a------ C:\Windows\System32\cncisco.dll
2008-07-02 17:05 . 2005-12-02 23:49 64,352 --a------ C:\Windows\System32\drivers\ativmc20.cod
2008-07-02 17:05 . 2006-07-28 08:08 37,888 --a------ C:\Windows\System32\CNCI500.DLL
2008-07-02 17:03 . 2008-07-10 02:05 <REP> d-------- C:\Windows\Debug
2008-07-02 16:54 . 2008-07-02 16:54 <REP> d-------- C:\Users\Default\video
2008-07-02 16:45 . 2008-07-02 16:45 <REP> d--h----- C:\$WINDOWS.~Q
2008-07-02 16:34 . 2008-07-02 16:38 <REP> d--h----- C:\$INPLACE.~TR
2008-07-02 16:20 . 2008-07-02 16:53 <REP> dr------- C:\Users\YoYo\Videos
2008-07-02 16:20 . 2008-07-02 16:53 <REP> dr------- C:\Users\YoYo\Saved Games
2008-07-02 16:20 . 2008-07-07 00:04 <REP> dr------- C:\Users\YoYo\Pictures
2008-07-02 16:20 . 2008-07-05 13:21 <REP> dr------- C:\Users\YoYo\Links
2008-07-02 16:20 . 2006-11-02 14:35 <REP> d-------- C:\Users\YoYo\AppData\Roaming\Media Center Programs
2008-07-02 16:20 . 2008-07-02 16:52 <REP> d--h----- C:\Users\YoYo\AppData
2008-07-02 16:20 . 2008-07-06 17:20 <REP> d-------- C:\Users\YoYo
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Videos
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Videos
2008-07-02 16:20 . 2008-07-02 16:50 <REP> d-------- C:\Users\Invité\Saved Games
2008-07-02 16:20 . 2008-07-02 16:50 <REP> d-------- C:\Users\Invité\Saved Games
2008-07-02 16:20 . 2006-11-02 12:23 <REP> dr------- C:\Users\Invité\Pictures
2008-07-02 16:20 . 2006-11-02 12:23 <REP> dr------- C:\Users\Invité\Pictures
2008-07-02 16:20 . 2006-11-02 12:23 <REP> dr------- C:\Users\Invité\Music
2008-07-02 16:20 . 2006-11-02 12:23 <REP> dr------- C:\Users\Invité\Music
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Links
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Links
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Favorites
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Favorites
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Downloads
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Downloads
2008-07-02 16:20 . 2008-07-02 16:50 <REP> dr------- C:\Users\Invité\Documents
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 06:38 3,932,160 --sha-w C:\Users\Invité\NTUSER.DAT
2008-07-14 06:38 3,932,160 --sha-w C:\Users\Invité\NTUSER.DAT
2008-07-14 06:36 5,656 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-07-13 19:27 10,705,440 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-13 19:26 85,764 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-13 19:26 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-13 19:23 1,048,608 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-07-13 18:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 21:01 --------- d-----w C:\Program Files\Opera
2008-07-12 20:58 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-12 18:10 --------- d-----w C:\Users\YoYo\AppData\Roaming\Uniblue
2008-07-12 18:10 --------- d-----w C:\Program Files\Uniblue
2008-07-12 14:15 --------- d-----w C:\Program Files\Steam
2008-07-11 18:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 01:06 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 16:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 15:59 --------- d-----w C:\Program Files\Ubisoft
2008-07-06 15:58 --------- d-----w C:\Program Files\Electronic Arts
2008-07-06 15:54 --------- d-----w C:\Program Files\A123 YouTube FLV to AVI iPod Converter
2008-07-06 14:15 --------- d-----w C:\Program Files\ATI
2008-07-06 13:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-05 13:46 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-04 09:02 4,196 ----a-w C:\Windows\System32\tmp.reg
2008-07-04 08:27 --------- d-----w C:\Program Files\ATI Technologies
2008-07-03 23:47 174 --sha-w C:\Program Files\desktop.ini
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Defender
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Calendar
2008-07-03 23:23 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-03 23:22 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-02 21:30 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-02 21:30 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-02 21:30 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-02 21:30 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-02 21:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-02 19:29 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-02 19:29 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Modèles
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Favoris
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Bureau
2008-07-02 15:22 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-02 14:36 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-07-02 14:35 --------- d-----w C:\ProgramData\Logitech
2008-07-02 14:34 --------- d-----w C:\Program Files\Windows Live
2008-07-02 14:34 --------- d-----w C:\Program Files\Winamp
2008-07-02 14:34 --------- d-----w C:\Program Files\VirtualDJ
2008-07-02 14:34 --------- d-----w C:\Program Files\VideoLAN
2008-07-02 14:34 --------- d-----w C:\Program Files\Video Converter
2008-07-02 14:34 --------- d-----w C:\Program Files\URUSoft
2008-07-02 14:34 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-02 14:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-02 14:34 --------- d-----w C:\Program Files\SubMagic
2008-07-02 14:34 --------- d-----w C:\Program Files\STOIK Imaging
2008-07-02 14:34 --------- d-----w C:\Program Files\STK014
2008-07-02 14:34 --------- d-----w C:\Program Files\Stardock
2008-07-02 14:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-02 14:32 --------- d-----w C:\Program Files\Microsoft Games
2008-07-02 14:31 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 14:27 --------- d--h--w C:\Program Files\CanonBJ
2008-06-05 20:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-04 18:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-03 06:22 3,695,104 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-06-03 03:35 413,696 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-06-03 03:35 327,680 ----a-w C:\Windows\System32\atipdlxx.dll
2008-06-03 03:35 159,744 ----a-w C:\Windows\System32\atitmmxx.dll
2008-06-03 03:34 43,520 ----a-w C:\Windows\System32\ati2edxx.dll
2008-06-03 03:34 266,240 ----a-w C:\Windows\System32\Ati2evxx.dll
2008-06-03 03:34 262,144 ----a-w C:\Windows\System32\Oemdspif.dll
2008-06-03 03:33 684,032 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-06-03 03:19 3,401,216 ----a-w C:\Windows\System32\atiumdag.dll
2008-06-03 03:02 4,398,080 ----a-w C:\Windows\System32\atiumdva.dll
2008-06-03 02:50 49,664 ----a-w C:\Windows\System32\amdpcom32.dll
2008-06-03 02:49 32,256 ----a-w C:\Windows\System32\atiadlxx.dll
2008-06-03 02:48 10,043,392 ----a-w C:\Windows\System32\atioglxx.dll
2008-06-03 02:34 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-06-01 11:54 --------- d-----w C:\ProgramData\iolo
2008-06-01 10:38 354,560 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-06-01 10:34 14,175,488 ----a-w C:\Windows\System32\TU2008TrialFR.exe
2008-06-01 10:23 74,703 ----a-w C:\Windows\System32\mfc45.dll
2008-06-01 10:22 --------- d-----w C:\Users\YoYo\AppData\Roaming\iolo
2008-05-23 20:24 1,082,880 ----a-w C:\Windows\System32\AutoPartNt.exe
2008-05-23 18:45 99,776 ----a-w C:\Windows\system32\drivers\snapman.sys
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-15 01:20 175,488 ----a-w C:\Windows\system32\drivers\atinavt2.sys
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-28 06:52 2,121,235 ----a-w C:\Windows\System32\x264vfw.dll
2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-25 17:22 206,088 ----a-w C:\Windows\System32\klogon.dll
2008-04-18 23:24 2,560 ----a-w C:\Windows\System32\bitcometres.dll
2007-11-13 19:37 842 ----a-w C:\Users\YoYo\AppData\Roaming\waver_2.95.dat
2006-05-03 09:06 163,328 --sha-r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [2008-05-05 13:01 99608]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 13:21 563080]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2007-05-10 13:18 835584]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-28 23:01 2512128]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-18 11:55 1132056]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-18 11:34 774168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 19:21 201992]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-14 15:21:08 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DontDisplayLogonHoursWarnings"= 1 (0x1)
"LogonHoursAction"= 2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.X264"= x264vfw.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-04-25 19:21 201992 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{135D8AB3-ACE5-4389-9B40-2772EA33E2DE}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{7971196E-11C8-4FD8-ADEB-AA3067ED05A2}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{09E4FCC6-B8AB-431A-96A5-A63DABD911B7}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{85D76D5F-51A3-482A-B98B-84EF62B432EF}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{A13D2A12-2DBC-40F4-83C2-7FF7BF0AA9EC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{98BEB660-0E6A-4F4C-BE4F-242C085D3400}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{9B164E68-4D00-42D0-A819-60A21E7B7501}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{437131F0-EBD9-43B3-849C-944F5F296810}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{71A28A76-C9BB-4C03-9D4A-FE13D1554E53}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0B1923BF-840E-47DF-B976-6403DB20C685}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A6AD2B90-4607-4270-B3F6-799D3B126486}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6734EEA1-9AAE-46A5-92D6-9F88430468E0}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{989BB491-619F-4205-AA12-1C10A359D854}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EE23FF41-3831-4F92-ADA9-67CC1FC1741D}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{45069129-3271-49A9-9E31-2B190A178BD8}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{E61CF6CF-5EF3-4AC9-B321-568E47E696DC}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{F16089B3-2A3A-4F88-93EF-32AB8DC242CD}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{1AED7AFD-BC9D-46F9-9A9F-A6745993DCBC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{073D913E-B1CE-4453-A484-D2ECEB98700A}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{3E70A04D-B1E6-4159-80A1-37A2F2A3F81B}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{3361D756-F93B-4BAA-8E77-8F24E8B636CF}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{CC1B6C5A-251A-4F5F-B735-4E44BF545BFF}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{1F80D8B3-884E-4083-B0C2-7285339D5758}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{48F79BB4-16CC-4F7A-BD48-CD6CC7F5DB6F}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{39777A7F-DAD9-4AF0-BCE2-9A49137800DD}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{30454EC8-A315-44EE-AD63-C49B9DEE66CA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"UDP Query User{07F47A02-415C-4861-BEC7-61B493F5D97A}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"TCP Query User{37851D6C-C2E9-4195-810A-5BAB05198C5B}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"{FBE87BB8-615D-409E-9C4E-68698D207DBC}"= Disabled:TCP:G:\incredimail_install(3).exe:IncrediMail Installer
"{CF84D3F6-648B-4099-99FC-FB2BCECFD2E1}"= Disabled:UDP:G:\incredimail_install(3).exe:IncrediMail Installer
"{B61838A7-73B8-49C4-B8DF-484B654FFB27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F583F07-8BF0-4D19-B56A-3B897F4F0EF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{64CDC495-843A-44D0-A656-3212E19F9D0B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DB0EF69C-E964-4E6D-9ACB-85819E715F83}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5B8CF2A4-CE84-413C-9031-ECB5A879FE7C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FE811146-B55E-4F74-B113-43F8D289FED9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5F9E0658-52BC-4CDA-9CE4-F0DF9C6FF2ED}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{A405D797-85BB-4B8D-A803-6FC71A15514E}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{553A0253-4AE6-45A7-9EA7-DA525A4C9CCD}"= UDP:50901:Adobe Version Cue CS3 Server
"{0DA8F27D-AB28-4A58-A863-CFC1FC9B8474}"= UDP:50900:Adobe Version Cue CS3 Server
"{7136EA44-6FF3-4B5D-B98D-EDFCB13C5367}"= UDP:3704:Adobe Version Cue CS3 Server
"{0667449A-9061-4356-A862-A524343618A7}"= UDP:3703:Adobe Version Cue CS3 Server
"UDP Query User{95ABAEDE-8F4F-4729-9205-7393F4104FE4}C:\\program files\\gigabyte\\et5\\update.exe"= TCP:C:\program files\gigabyte\et5\update.exe:ftptest
"TCP Query User{A2711FC7-A16D-44C3-A632-D4A727F5A64E}C:\\program files\\gigabyte\\et5\\update.exe"= UDP:C:\program files\gigabyte\et5\update.exe:ftptest
"{5C481AA7-E70D-4FFC-AAE2-4C617C8B1B06}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F12FB478-B603-4FF3-AF5B-77A82D2BF741}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4C649156-6750-4702-AFBC-E6C739BECFA8}"= TCP:17598:BitComet 17598 UDP
"{0BFB8182-E7BF-4B22-840E-04A05F7CAADF}"= UDP:17598:BitComet 17598 TCP
"{E0D112A2-A226-4449-ADEB-70E8A7EF55D3}"= TCP:11507:BitComet 11507 UDP
"{B67351A4-0750-4B61-A9D5-F6D5E70BC217}"= UDP:11507:BitComet 11507 TCP
"{D7703C8F-AC49-4A1E-8827-4FCC44E91434}"= TCP:11507:BitComet 11507 UDP
"{87E58A77-D1F6-4135-BE85-7AE0F77FF3A2}"= UDP:11507:BitComet 11507 TCP
"{15D5C4BA-09FE-4674-AD86-108445B48F0F}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"{E3451934-F27A-4D1F-81D3-1E3505B9A5CB}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{7545109D-C36B-4909-B617-37FA22A23BE6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5C78FA5D-32AE-4DE7-B7F2-35D4FEE0C288}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9EE7C5F6-0DFD-4F91-85FB-AFA45A27A648}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17883C27-7B52-4ACC-A695-D6895BBD3E90}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A19D4FF3-47CA-4DC2-B60A-9890B08F6CC9}"= TCP:9375:BitComet 9375 UDP
"{ABD20516-970E-4069-A1A6-B32D24FAEDAF}"= UDP:9375:BitComet 9375 TCP
"{B9577DFE-CA7E-47B1-A88D-F137A833232F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisabledInterfaces"= {77CC3A99-24E8-432E-8750-125B46242B15},{CCC70AB2-9676-40B2-A47A-4B6A4952C20A}
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 19:29]
R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-07-04 10:19]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 08:22]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 20:02]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 16:46]
S2 TimerStop;TimerStop;C:\Windows\system32\timerstop.sys [2007-01-02 19:06]
S2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\Windows\system32\DRIVERS\BTCamDrv.sys [2006-11-01 20:45]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2007-01-12 18:34]
S3 OABXTMG;OABXTMG;C:\Users\YoYo\AppData\Local\Temp\OABXTMG.exe []
S3 PRODIGY;PRODIGY;C:\Windows\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-15 11:57]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-01 12:38]
*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-11 15:16:48 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-07-13 19:25:38 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-10 01:06:32 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-05 15:30:31 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-05 11:28:49 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-05 12:37:16 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-07-14 00:07:49 C:\Windows\Tasks\User_Feed_Synchronization-{AA6DE61B-8532-452B-BCFC-0B0D05E38307}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-07-14 06:45:00 C:\Windows\Tasks\User_Feed_Synchronization-{F66F6557-DF8E-4E3C-BAA8-EEEA8AE5C498}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 08:43:57
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 8:45:49
ComboFix-quarantined-files.txt 2008-07-14 06:45:27
Pre-Run: 22,379,503,616 octets libres
Post-Run: 22,191,960,064 octets libres
414 --- E O F --- 2008-07-12 08:07:57
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
14 juil. 2008 à 09:43
14 juil. 2008 à 09:43
Une dernière question au passage , ce log révèlerait t'il d'autres problèmes sous jacents?!
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
14 juil. 2008 à 10:29
14 juil. 2008 à 10:29
salut,
on à pas finit il va falloir faire un script.
reste par la je vais préparer ça.
attention au crak supprime déjà spyware doctor.
on à pas finit il va falloir faire un script.
reste par la je vais préparer ça.
attention au crak supprime déjà spyware doctor.
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
14 juil. 2008 à 11:12
14 juil. 2008 à 11:12
bien,
séléctionne tout le texte en gras ci-dessous:
file::
C:\Windows\System32\gpprefcl.dll
C:\Windows\System32\DreamScene.dll
folder::
C:\VundoFix Backups
C:\Uniblue RegistryBooster 2
C:\Windows\System32\gpprefcl.dll
C:\Error Doctor 2008 v1.5 + serial.rar
C:\ErrorDoctor 2008 + serial
C:\Error Doctor PC Fix 2008.zip.bc!
C:\Error Doctor 2008 version with serial number.rar.bc!
C:\Program Files\SoftwareDoctor
C:\Error Doctor 2008 v1 5 Fix Your PC.rar
C:\grldr
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Uniblue RegistryBooster 2-
* Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
* Enregistre le sous sur ton bureau sous le nom de CFScript.txt
* Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
* Cela va relancer Combofix.
un rapport va être créer envois le moi.
séléctionne tout le texte en gras ci-dessous:
file::
C:\Windows\System32\gpprefcl.dll
C:\Windows\System32\DreamScene.dll
folder::
C:\VundoFix Backups
C:\Uniblue RegistryBooster 2
C:\Windows\System32\gpprefcl.dll
C:\Error Doctor 2008 v1.5 + serial.rar
C:\ErrorDoctor 2008 + serial
C:\Error Doctor PC Fix 2008.zip.bc!
C:\Error Doctor 2008 version with serial number.rar.bc!
C:\Program Files\SoftwareDoctor
C:\Error Doctor 2008 v1 5 Fix Your PC.rar
C:\grldr
registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Uniblue RegistryBooster 2-
* Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
* Enregistre le sous sur ton bureau sous le nom de CFScript.txt
* Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
* Cela va relancer Combofix.
un rapport va être créer envois le moi.
Utilisateur anonyme
14 juil. 2008 à 13:03
14 juil. 2008 à 13:03
salut enleve cette dll du CFScript : C:\Windows\System32\DreamScene.dll
elle est legitime elle sert a mettre des video en fond d ecran
elle est legitime elle sert a mettre des video en fond d ecran
Utilisateur anonyme
14 juil. 2008 à 13:18
14 juil. 2008 à 13:18
Salut ,
Surtout que le CFScript est incorrect.
Combofix n'est pas le premier outil venu , si tu ne sais pas faire un CFSCript , tu demandes et tu ne fait pas au pif.
Surtout que le CFScript est incorrect.
Combofix n'est pas le premier outil venu , si tu ne sais pas faire un CFSCript , tu demandes et tu ne fait pas au pif.
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
14 juil. 2008 à 20:36
14 juil. 2008 à 20:36
salut,
quoi???
quoi???
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
14 juil. 2008 à 14:18
14 juil. 2008 à 14:18
J'ai enlevé dreamscene.dll de la liste , voici le rapport d'analyse ^^
Par contre le pc s'est redemarré tout seul au cours de l'analyse et c'est poursuivie direct au reboot !
ComboFix 08-07-13.8 - YoYo 2008-07-14 13:59:11.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1058 [GMT 2:00]
Endroit: C:\Users\YoYo\Desktop\ComboFix.exe
Command switches used :: C:\Users\YoYo\Desktop\CFScript.txt .txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\System32\gpprefcl.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Error Doctor 2008 v1 5 Fix Your PC.rar\
C:\Error Doctor 2008 version with serial number.rar.bc!\
C:\Error Doctor PC Fix 2008.zip.bc!\
C:\ErrorDoctor 2008 + serial
C:\ErrorDoctor 2008 + serial\sn.txt.bc!
C:\grldr\
C:\Program Files\SoftwareDoctor
C:\Program Files\SoftwareDoctor\ErrorDoctor\ignore.lst
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2008-07-06_20-26-33.reg
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2008-07-06_20-38-19.reg
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2008-07-06_20-42-28.reg
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2008-07-06_20-53-25.reg
C:\Uniblue RegistryBooster 2
C:\Uniblue RegistryBooster 2\serial.txt
C:\VundoFix Backups
C:\Windows\System32\gpprefcl.dll\
C:\Windows\System32\gpprefcl.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))))))
.
2008-07-14 09:49 . 2008-07-14 09:49 <REP> d-------- C:\Windows\System32\Adobe
2008-07-14 08:35 . 2008-07-14 13:58 <REP> d-------- C:\327882R2FWJFW
2008-07-13 21:13 . 2008-07-13 21:13 2,039,296 --a------ C:\360FW-Toolbox-46.rar.bc!
2008-07-13 21:12 . 2008-07-13 21:12 <REP> d-------- C:\X360 Backup & Firmware ToolBox (02-2008)
2008-07-13 21:00 . 2008-07-13 21:00 <REP> d-------- C:\Windows\System32\360fwtoolbox_30
2008-07-13 20:54 . 2008-07-13 20:54 <REP> d-------- C:\zbin
2008-07-13 20:10 . 2008-07-13 20:10 <REP> d-------- C:\usbfile
2008-07-13 20:08 . 2008-07-13 20:08 <REP> d-------- C:\DriveKey
2008-07-13 19:43 . 2008-07-13 19:43 <REP> d-------- C:\dosflash14b
2008-07-13 15:38 . 2008-07-13 15:48 <REP> d-------- C:\BenQ_TooLs
2008-07-13 15:23 . 2008-07-13 15:23 <REP> d-------- C:\C4EVA_iXTRM-Benq V1.41 Benq iXtreme v1.41
2008-07-13 15:16 . 2008-07-13 15:19 386,647 --a------ C:\C4EVA_iXTRM-Benq V1.41 Benq iXtreme v1.41.rar
2008-07-13 15:07 . 2008-07-13 15:07 <REP> d-------- C:\Program Files\X-Projects
2008-07-13 15:01 . 2008-07-13 15:01 <REP> d--h----- C:\Windows\PIF
2008-07-13 14:43 . 2008-07-13 14:47 <REP> d-------- C:\all.fw.tools.r2c
2008-07-13 14:40 . 2008-07-13 14:40 <REP> d-------- C:\BenQ iXtremev1.1
2008-07-13 14:38 . 2008-07-13 14:38 79,386 --a------ C:\BenQ iXtremev1.1.rar
2008-07-11 20:56 . 2008-07-14 14:03 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-07-11 18:27 . 2008-07-11 18:27 <REP> d-------- C:\Windows\Google Earth Pro 4.2
2008-07-11 18:27 . 2008-07-11 18:29 <REP> d-------- C:\Program Files\Google Earth Pro 4.2
2008-07-11 18:24 . 2008-07-11 18:25 <REP> d-------- C:\Google Earth Pro 4.2
2008-07-10 02:04 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-10 02:04 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-10 02:04 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-07 00:15 . 2007-07-20 01:55 233,888 --a------ C:\Windows\System32\DreamScene.dll
2008-07-06 20:08 . 2008-07-06 20:24 2,367,633 --a------ C:\Error Doctor 2008 v1.5 + serial.rar
2008-07-06 19:57 . 2008-07-06 19:57 3,445,248 --a------ C:\Error Doctor PC Fix 2008.zip.bc!
2008-07-06 19:46 . 2008-07-06 20:05 2,465,006 --a------ C:\Error Doctor 2008 version with serial number.rar.bc!
2008-07-06 19:40 . 2008-07-06 19:43 6,214,069 --a------ C:\Error Doctor 2008 v1 5 Fix Your PC.rar
2008-07-06 17:40 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-07-06 16:09 . 2008-07-06 16:09 <REP> d-------- C:\Program Files\Realtek AC97
2008-07-06 16:07 . 2008-07-06 16:07 <REP> d-------- C:\pilote_audio_realtek_ac97_6.0.1.6251_4321
2008-07-05 18:01 . 2008-07-05 18:01 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-07-05 14:32 . 2008-07-05 14:32 <REP> d-------- C:\Users\All Users\Uniblue
2008-07-05 14:32 . 2008-07-05 14:32 <REP> d-------- C:\ProgramData\Uniblue
2008-07-05 13:02 . 2008-07-05 13:21 <REP> d-------- C:\Program Files\RegCure
2008-07-04 21:41 . 2008-07-04 21:46 47 --a------ C:\Windows\System32\[u]0/u9wutili.sys
2008-07-04 21:39 . 2008-07-04 21:46 <REP> d-------- C:\Program Files\WinUtilities
2008-07-04 21:28 . 2008-07-04 21:28 <REP> d-------- C:\Program Files\CleanUp!
2008-07-04 11:02 . 2008-07-04 11:02 <REP> d-------- C:\!KillBox
2008-07-04 10:33 . 2008-07-04 10:33 <REP> d-------- C:\Users\All Users\ATI
2008-07-04 10:33 . 2008-07-04 10:33 <REP> d-------- C:\ProgramData\ATI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\Users\All Users\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\ProgramData\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\Program Files\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 17,408 --a------ C:\Windows\System32\drivers\pxark.sys
2008-07-04 01:12 . 2008-07-03 22:41 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-07-04 01:12 . 2008-07-03 22:41 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-07-04 00:57 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-07-04 00:57 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-07-04 00:55 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-07-04 00:54 . 2008-01-18 23:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-07-04 00:53 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-07-04 00:51 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-07-04 00:48 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-07-04 00:13 . 2008-07-04 00:13 <REP> d-------- C:\Program Files\Trend Micro
2008-07-04 00:09 . 2008-07-04 00:09 <REP> d-------- C:\Deckard
2008-07-03 22:41 . 2008-07-04 01:17 196,608 --a------ C:\Windows\SPInstall.etl
2008-07-03 19:19 . 2008-07-03 19:19 988,216 --a------ C:\Windows\System32\winload.exe
2008-07-03 19:19 . 2008-07-03 19:19 927,288 --a------ C:\Windows\System32\winresume.exe
2008-07-03 19:19 . 2008-07-03 19:19 615,992 --a------ C:\Windows\System32\ci.dll
2008-07-03 19:19 . 2008-07-03 19:19 378,368 --a------ C:\Windows\System32\srcore.dll
2008-07-03 19:19 . 2008-07-03 19:19 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-07-03 19:19 . 2008-07-03 19:19 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-07-03 19:19 . 2008-07-03 19:19 40,960 --a------ C:\Windows\System32\srclient.dll
2008-07-03 19:19 . 2008-07-03 19:19 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-07-03 19:19 . 2008-07-03 19:19 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-07-03 19:19 . 2008-07-03 19:19 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-07-03 17:46 . 2008-07-03 18:45 <REP> d-------- C:\Users\YoYo\.homeplayer
2008-07-03 17:46 . 2008-07-03 17:47 <REP> d-------- C:\Program Files\HomePlayer
2008-07-03 14:39 . 2008-07-03 14:39 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-07-02 23:43 . 2008-07-02 23:43 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-07-02 23:34 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-07-02 23:34 . 2006-11-02 01:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-07-02 23:33 . 2008-07-02 23:33 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-07-02 23:31 . 2008-07-02 23:31 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-02 23:31 . 2008-07-02 23:31 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-07-02 23:30 . 2008-07-02 23:30 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-02 23:30 . 2008-07-02 23:30 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-07-02 23:30 . 2008-07-02 23:30 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-07-02 23:29 . 2008-07-02 23:29 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-07-02 23:29 . 2008-07-02 23:29 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-07-02 23:29 . 2008-07-02 23:29 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-02 23:29 . 2008-07-02 23:29 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-02 23:29 . 2008-07-02 23:29 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-02 23:29 . 2008-07-02 23:29 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-02 23:01 . 2008-07-02 23:01 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-07-02 23:01 . 2008-07-02 23:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-07-02 17:05 . 2008-07-03 00:06 <REP> d-------- C:\Windows\Panther
2008-07-02 17:05 . 2006-09-12 21:00 197,632 --a------ C:\Windows\System32\CNMLM7L.DLL
2008-07-02 17:05 . 2006-07-28 08:09 194,048 --a------ C:\Windows\System32\CNCC500.DLL
2008-07-02 17:05 . 2005-05-30 11:47 139,264 --a------ C:\Windows\System32\CNCL500.DLL
2008-07-02 17:05 . 2006-06-29 06:29 106,496 --a------ C:\Windows\System32\cncisco.dll
2008-07-02 17:05 . 2005-12-02 23:49 64,352 --a------ C:\Windows\System32\drivers\ativmc20.cod
2008-07-02 17:05 . 2006-07-28 08:08 37,888 --a------ C:\Windows\System32\CNCI500.DLL
2008-07-02 17:03 . 2008-07-14 08:57 <REP> d-------- C:\Windows\Debug
2008-07-02 16:54 . 2008-07-02 16:54 <REP> d-------- C:\Users\Default\video
2008-07-02 16:45 . 2008-07-02 16:45 <REP> d--h----- C:\$WINDOWS.~Q
2008-07-02 16:34 . 2008-07-02 16:38 <REP> d--h----- C:\$INPLACE.~TR
2008-07-02 16:20 . 2008-07-14 09:16 <REP> dr------- C:\Users\YoYo\Videos
2008-07-02 16:20 . 2008-07-02 16:53 <REP> dr------- C:\Users\YoYo\Saved Games
2008-07-02 16:20 . 2008-07-14 08:56 <REP> dr------- C:\Users\YoYo\Pictures
2008-07-02 16:20 . 2008-07-05 13:21 <REP> dr------- C:\Users\YoYo\Links
2008-07-02 16:20 . 2006-11-02 14:35 <REP> d-------- C:\Users\YoYo\AppData\Roaming\Media Center Programs
2008-07-02 16:20 . 2008-07-02 16:52 <REP> d--h----- C:\Users\YoYo\AppData
2008-07-02 16:20 . 2008-07-06 17:20 <REP> d-------- C:\Users\YoYo
2008-07-02 16:20 . 2008-07-02 16:50 <REP> d-------- C:\Users\Invit‚
2008-07-02 16:18 . 2008-07-02 16:18 <REP> d--h----- C:\Users\All Users\CanonBJ
2008-07-02 16:18 . 2008-07-02 16:18 <REP> d--h----- C:\ProgramData\CanonBJ
2008-07-02 16:18 . 2008-07-02 16:18 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-02 16:17 . 2008-07-02 16:17 0 --a------ C:\Windows\ativpsrm.bin
2008-07-02 16:15 . 2008-07-10 03:00 <REP> d-------- C:\Windows\System32\catroot2
2008-07-01 23:56 . 2008-07-01 23:56 <REP> d-------- C:\Kaspersky AntiVirus 2009 8.0.0.357 + No Blacklist Key
2008-07-01 21:50 . 2008-07-01 21:50 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-07-01 19:34 . 2008-07-01 19:36 2,719,575 --a------ C:\Magic ISO Maker 5.4 with serial.rar
2008-07-01 18:51 . 2008-07-01 20:00 <REP> d-------- C:\Adobe After Effects CS3 Professional 2008 PC + Crack
2008-07-01 16:33 . 2008-07-01 16:43 10,353,408 --a------ C:\Spybot_Search_Destroy_1_6_0_beta2.exe
2008-06-27 22:57 . 2008-06-27 22:57 <REP> d-------- C:\deluxe route
2008-06-26 17:36 . 2008-07-05 13:35 <REP> d-------- C:\dede
2008-06-26 17:34 . 2008-06-26 17:34 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-06-26 10:25 . 2008-06-27 09:50 <REP> d-------- C:\The.Forbidden.Kingdom.R5.LiNE.x264.AC3-TLo
2008-06-26 10:01 . 2008-07-02 16:35 <REP> d-------- C:\Users\All Users\Lavasoft
2008-06-26 10:01 . 2008-07-02 16:35 <REP> d-------- C:\ProgramData\Lavasoft
2008-06-26 10:01 . 2008-07-02 16:32 <REP> d-------- C:\Program Files\Lavasoft
2008-06-26 09:55 . 2008-06-27 09:39 <REP> d-------- C:\The.Forbidden.Kingdom.R5.REPACK.DVDR-DREAMLiGHT
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 12:04 85,792 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-14 12:04 5,824 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-07-14 12:04 10,709,024 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-14 12:04 1,081,376 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-07-14 07:21 --------- d-----w C:\Program Files\NeoSmart Technologies
2008-07-14 07:06 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-14 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-14 06:55 --------- d-----w C:\Program Files\Yahoo!
2008-07-12 21:01 --------- d-----w C:\Program Files\Opera
2008-07-12 20:58 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-12 18:10 --------- d-----w C:\Users\YoYo\AppData\Roaming\Uniblue
2008-07-12 18:10 --------- d-----w C:\Program Files\Uniblue
2008-07-12 14:15 --------- d-----w C:\Program Files\Steam
2008-07-11 18:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 01:06 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 16:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 15:59 --------- d-----w C:\Program Files\Ubisoft
2008-07-06 15:58 --------- d-----w C:\Program Files\Electronic Arts
2008-07-06 15:54 --------- d-----w C:\Program Files\A123 YouTube FLV to AVI iPod Converter
2008-07-06 14:15 --------- d-----w C:\Program Files\ATI
2008-07-06 13:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-05 13:46 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-04 08:27 --------- d-----w C:\Program Files\ATI Technologies
2008-07-03 23:47 174 --sha-w C:\Program Files\desktop.ini
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Defender
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Calendar
2008-07-02 21:30 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-02 21:30 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-02 21:30 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-02 21:30 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-02 21:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-02 19:29 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-02 19:29 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Modèles
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Favoris
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Bureau
2008-07-02 15:22 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-02 14:36 --------- d-----w C:\ProgramData\Yahoo!
2008-07-02 14:35 --------- d-----w C:\ProgramData\Logitech
2008-07-02 14:34 --------- d-----w C:\Program Files\Windows Live
2008-07-02 14:34 --------- d-----w C:\Program Files\Winamp
2008-07-02 14:34 --------- d-----w C:\Program Files\VirtualDJ
2008-07-02 14:34 --------- d-----w C:\Program Files\VideoLAN
2008-07-02 14:34 --------- d-----w C:\Program Files\Video Converter
2008-07-02 14:34 --------- d-----w C:\Program Files\URUSoft
2008-07-02 14:34 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-02 14:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-02 14:34 --------- d-----w C:\Program Files\SubMagic
2008-07-02 14:34 --------- d-----w C:\Program Files\STOIK Imaging
2008-07-02 14:34 --------- d-----w C:\Program Files\STK014
2008-07-02 14:34 --------- d-----w C:\Program Files\Stardock
2008-07-02 14:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-02 14:32 --------- d-----w C:\Program Files\Microsoft Games
2008-07-02 14:31 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 14:27 --------- d--h--w C:\Program Files\CanonBJ
2008-06-05 20:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-04 18:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-03 06:22 3,695,104 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-06-03 02:34 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-06-01 11:54 --------- d-----w C:\ProgramData\iolo
2008-06-01 10:22 --------- d-----w C:\Users\YoYo\AppData\Roaming\iolo
2008-05-23 18:45 99,776 ----a-w C:\Windows\system32\drivers\snapman.sys
2008-05-15 01:20 175,488 ----a-w C:\Windows\system32\drivers\atinavt2.sys
2007-11-13 19:37 842 ----a-w C:\Users\YoYo\AppData\Roaming\waver_2.95.dat
2006-05-03 09:06 163,328 --sha-r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-14_ 8.44.42.69 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 19:25:14 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-14 12:05:33 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-07-13 19:27:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-14 12:06:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-14 12:06:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-13 19:27:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-14 12:06:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-14 12:06:04 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-06-17 14:12:42 114,688 ----a-w C:\Windows\System32\Adobe\Director\np32dsw.dll
+ 2008-06-17 14:23:02 202,168 ----a-w C:\Windows\System32\Adobe\Director\SwDir.dll
+ 2008-06-17 14:13:22 487,424 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Control.dll
+ 2008-06-17 13:36:00 1,798,144 ----a-w C:\Windows\System32\Adobe\Shockwave 11\dirapi.dll
+ 2008-06-17 14:13:26 9,216 ----a-w C:\Windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-06-17 13:25:58 697,344 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gi.dll
+ 2008-06-17 13:26:00 1,145,896 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gt.exe
+ 2008-06-17 13:25:58 52,288 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gtapi.dll
+ 2008-06-17 13:32:18 892,928 ----a-w C:\Windows\System32\Adobe\Shockwave 11\iml32.dll
+ 2008-06-17 14:11:56 253,952 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Plugin.dll
+ 2008-06-17 14:15:00 446,464 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Proj.dll
+ 2008-06-17 14:22:46 439,736 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100458.exe
+ 2008-06-17 14:15:44 114,688 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwInit.exe
+ 2008-06-17 14:11:44 94,208 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-06-17 13:25:58 50,808 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 08:55:30 149,504 ----a-w C:\Windows\System32\Adobe\Shockwave 11\UNWISE.EXE
+ 2008-07-14 09:30:46 203,537 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin
- 2008-07-10 00:07:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-14 07:14:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-10 00:07:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-14 07:14:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-10 00:07:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-14 07:14:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-13 19:31:07 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-14 09:41:42 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-13 19:31:07 123,350 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-07-14 09:41:42 123,350 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-07-13 19:31:07 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-14 09:41:42 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-13 19:31:07 669,340 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-07-14 09:41:42 669,340 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-07-13 19:27:53 6,880 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3465875824-3392229113-3859714596-1000_UserData.bin
+ 2008-07-14 07:07:51 7,326 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3465875824-3392229113-3859714596-1000_UserData.bin
- 2008-07-13 19:27:52 55,028 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-14 07:07:51 55,412 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 13:21 563080]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2007-05-10 13:18 835584]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-28 23:01 2512128]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-18 11:55 1132056]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-18 11:34 774168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 19:21 201992]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-14 15:21:08 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DontDisplayLogonHoursWarnings"= 1 (0x1)
"LogonHoursAction"= 2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.X264"= x264vfw.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-04-25 19:21 201992 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{135D8AB3-ACE5-4389-9B40-2772EA33E2DE}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{7971196E-11C8-4FD8-ADEB-AA3067ED05A2}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{09E4FCC6-B8AB-431A-96A5-A63DABD911B7}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{85D76D5F-51A3-482A-B98B-84EF62B432EF}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{A13D2A12-2DBC-40F4-83C2-7FF7BF0AA9EC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{98BEB660-0E6A-4F4C-BE4F-242C085D3400}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{9B164E68-4D00-42D0-A819-60A21E7B7501}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{437131F0-EBD9-43B3-849C-944F5F296810}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{71A28A76-C9BB-4C03-9D4A-FE13D1554E53}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0B1923BF-840E-47DF-B976-6403DB20C685}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A6AD2B90-4607-4270-B3F6-799D3B126486}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6734EEA1-9AAE-46A5-92D6-9F88430468E0}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{989BB491-619F-4205-AA12-1C10A359D854}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EE23FF41-3831-4F92-ADA9-67CC1FC1741D}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{45069129-3271-49A9-9E31-2B190A178BD8}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{E61CF6CF-5EF3-4AC9-B321-568E47E696DC}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{F16089B3-2A3A-4F88-93EF-32AB8DC242CD}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{1AED7AFD-BC9D-46F9-9A9F-A6745993DCBC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{073D913E-B1CE-4453-A484-D2ECEB98700A}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{3E70A04D-B1E6-4159-80A1-37A2F2A3F81B}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{3361D756-F93B-4BAA-8E77-8F24E8B636CF}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{CC1B6C5A-251A-4F5F-B735-4E44BF545BFF}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{1F80D8B3-884E-4083-B0C2-7285339D5758}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{48F79BB4-16CC-4F7A-BD48-CD6CC7F5DB6F}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{39777A7F-DAD9-4AF0-BCE2-9A49137800DD}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{30454EC8-A315-44EE-AD63-C49B9DEE66CA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"UDP Query User{07F47A02-415C-4861-BEC7-61B493F5D97A}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"TCP Query User{37851D6C-C2E9-4195-810A-5BAB05198C5B}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"{FBE87BB8-615D-409E-9C4E-68698D207DBC}"= Disabled:TCP:G:\incredimail_install(3).exe:IncrediMail Installer
"{CF84D3F6-648B-4099-99FC-FB2BCECFD2E1}"= Disabled:UDP:G:\incredimail_install(3).exe:IncrediMail Installer
"{B61838A7-73B8-49C4-B8DF-484B654FFB27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F583F07-8BF0-4D19-B56A-3B897F4F0EF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{64CDC495-843A-44D0-A656-3212E19F9D0B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DB0EF69C-E964-4E6D-9ACB-85819E715F83}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5B8CF2A4-CE84-413C-9031-ECB5A879FE7C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FE811146-B55E-4F74-B113-43F8D289FED9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5F9E0658-52BC-4CDA-9CE4-F0DF9C6FF2ED}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{A405D797-85BB-4B8D-A803-6FC71A15514E}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{553A0253-4AE6-45A7-9EA7-DA525A4C9CCD}"= UDP:50901:Adobe Version Cue CS3 Server
"{0DA8F27D-AB28-4A58-A863-CFC1FC9B8474}"= UDP:50900:Adobe Version Cue CS3 Server
"{7136EA44-6FF3-4B5D-B98D-EDFCB13C5367}"= UDP:3704:Adobe Version Cue CS3 Server
"{0667449A-9061-4356-A862-A524343618A7}"= UDP:3703:Adobe Version Cue CS3 Server
"UDP Query User{95ABAEDE-8F4F-4729-9205-7393F4104FE4}C:\\program files\\gigabyte\\et5\\update.exe"= TCP:C:\program files\gigabyte\et5\update.exe:ftptest
"TCP Query User{A2711FC7-A16D-44C3-A632-D4A727F5A64E}C:\\program files\\gigabyte\\et5\\update.exe"= UDP:C:\program files\gigabyte\et5\update.exe:ftptest
"{5C481AA7-E70D-4FFC-AAE2-4C617C8B1B06}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F12FB478-B603-4FF3-AF5B-77A82D2BF741}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4C649156-6750-4702-AFBC-E6C739BECFA8}"= TCP:17598:BitComet 17598 UDP
"{0BFB8182-E7BF-4B22-840E-04A05F7CAADF}"= UDP:17598:BitComet 17598 TCP
"{E0D112A2-A226-4449-ADEB-70E8A7EF55D3}"= TCP:11507:BitComet 11507 UDP
"{B67351A4-0750-4B61-A9D5-F6D5E70BC217}"= UDP:11507:BitComet 11507 TCP
"{D7703C8F-AC49-4A1E-8827-4FCC44E91434}"= TCP:11507:BitComet 11507 UDP
"{87E58A77-D1F6-4135-BE85-7AE0F77FF3A2}"= UDP:11507:BitComet 11507 TCP
"{15D5C4BA-09FE-4674-AD86-108445B48F0F}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"{E3451934-F27A-4D1F-81D3-1E3505B9A5CB}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{7545109D-C36B-4909-B617-37FA22A23BE6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5C78FA5D-32AE-4DE7-B7F2-35D4FEE0C288}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9EE7C5F6-0DFD-4F91-85FB-AFA45A27A648}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17883C27-7B52-4ACC-A695-D6895BBD3E90}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A19D4FF3-47CA-4DC2-B60A-9890B08F6CC9}"= TCP:9375:BitComet 9375 UDP
"{ABD20516-970E-4069-A1A6-B32D24FAEDAF}"= UDP:9375:BitComet 9375 TCP
"{B9577DFE-CA7E-47B1-A88D-F137A833232F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisabledInterfaces"= {77CC3A99-24E8-432E-8750-125B46242B15},{CCC70AB2-9676-40B2-A47A-4B6A4952C20A}
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 19:29]
R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-07-04 10:19]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 16:46]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 08:22]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 20:02]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S2 TimerStop;TimerStop;C:\Windows\system32\timerstop.sys [2007-01-02 19:06]
S2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\Windows\system32\DRIVERS\BTCamDrv.sys [2006-11-01 20:45]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2007-01-12 18:34]
S3 OABXTMG;OABXTMG;C:\Users\YoYo\AppData\Local\Temp\OABXTMG.exe []
S3 PRODIGY;PRODIGY;C:\Windows\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-15 11:57]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-01 12:38]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-11 15:16:48 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-07-14 12:05:54 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-10 01:06:32 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-05 15:30:31 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-05 11:28:49 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-05 12:37:16 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-07-14 00:07:49 C:\Windows\Tasks\User_Feed_Synchronization-{AA6DE61B-8532-452B-BCFC-0B0D05E38307}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-07-14 12:10:05 C:\Windows\Tasks\User_Feed_Synchronization-{F66F6557-DF8E-4E3C-BAA8-EEEA8AE5C498}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 14:06:09
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\conime.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 14:15:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 12:14:55
ComboFix2.txt 2008-07-14 06:45:50
Pre-Run: 66,987,909,120 octets libres
Post-Run: 66,828,288,000 octets libres
467 --- E O F --- 2008-07-12 08:07:57
Par contre le pc s'est redemarré tout seul au cours de l'analyse et c'est poursuivie direct au reboot !
ComboFix 08-07-13.8 - YoYo 2008-07-14 13:59:11.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1058 [GMT 2:00]
Endroit: C:\Users\YoYo\Desktop\ComboFix.exe
Command switches used :: C:\Users\YoYo\Desktop\CFScript.txt .txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\System32\gpprefcl.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Error Doctor 2008 v1 5 Fix Your PC.rar\
C:\Error Doctor 2008 version with serial number.rar.bc!\
C:\Error Doctor PC Fix 2008.zip.bc!\
C:\ErrorDoctor 2008 + serial
C:\ErrorDoctor 2008 + serial\sn.txt.bc!
C:\grldr\
C:\Program Files\SoftwareDoctor
C:\Program Files\SoftwareDoctor\ErrorDoctor\ignore.lst
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2008-07-06_20-26-33.reg
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2008-07-06_20-38-19.reg
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2008-07-06_20-42-28.reg
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2008-07-06_20-53-25.reg
C:\Uniblue RegistryBooster 2
C:\Uniblue RegistryBooster 2\serial.txt
C:\VundoFix Backups
C:\Windows\System32\gpprefcl.dll\
C:\Windows\System32\gpprefcl.dll . . . . Echec de suppression
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))))))
.
2008-07-14 09:49 . 2008-07-14 09:49 <REP> d-------- C:\Windows\System32\Adobe
2008-07-14 08:35 . 2008-07-14 13:58 <REP> d-------- C:\327882R2FWJFW
2008-07-13 21:13 . 2008-07-13 21:13 2,039,296 --a------ C:\360FW-Toolbox-46.rar.bc!
2008-07-13 21:12 . 2008-07-13 21:12 <REP> d-------- C:\X360 Backup & Firmware ToolBox (02-2008)
2008-07-13 21:00 . 2008-07-13 21:00 <REP> d-------- C:\Windows\System32\360fwtoolbox_30
2008-07-13 20:54 . 2008-07-13 20:54 <REP> d-------- C:\zbin
2008-07-13 20:10 . 2008-07-13 20:10 <REP> d-------- C:\usbfile
2008-07-13 20:08 . 2008-07-13 20:08 <REP> d-------- C:\DriveKey
2008-07-13 19:43 . 2008-07-13 19:43 <REP> d-------- C:\dosflash14b
2008-07-13 15:38 . 2008-07-13 15:48 <REP> d-------- C:\BenQ_TooLs
2008-07-13 15:23 . 2008-07-13 15:23 <REP> d-------- C:\C4EVA_iXTRM-Benq V1.41 Benq iXtreme v1.41
2008-07-13 15:16 . 2008-07-13 15:19 386,647 --a------ C:\C4EVA_iXTRM-Benq V1.41 Benq iXtreme v1.41.rar
2008-07-13 15:07 . 2008-07-13 15:07 <REP> d-------- C:\Program Files\X-Projects
2008-07-13 15:01 . 2008-07-13 15:01 <REP> d--h----- C:\Windows\PIF
2008-07-13 14:43 . 2008-07-13 14:47 <REP> d-------- C:\all.fw.tools.r2c
2008-07-13 14:40 . 2008-07-13 14:40 <REP> d-------- C:\BenQ iXtremev1.1
2008-07-13 14:38 . 2008-07-13 14:38 79,386 --a------ C:\BenQ iXtremev1.1.rar
2008-07-11 20:56 . 2008-07-14 14:03 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-07-11 18:27 . 2008-07-11 18:27 <REP> d-------- C:\Windows\Google Earth Pro 4.2
2008-07-11 18:27 . 2008-07-11 18:29 <REP> d-------- C:\Program Files\Google Earth Pro 4.2
2008-07-11 18:24 . 2008-07-11 18:25 <REP> d-------- C:\Google Earth Pro 4.2
2008-07-10 02:04 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-10 02:04 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-10 02:04 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-07 00:15 . 2007-07-20 01:55 233,888 --a------ C:\Windows\System32\DreamScene.dll
2008-07-06 20:08 . 2008-07-06 20:24 2,367,633 --a------ C:\Error Doctor 2008 v1.5 + serial.rar
2008-07-06 19:57 . 2008-07-06 19:57 3,445,248 --a------ C:\Error Doctor PC Fix 2008.zip.bc!
2008-07-06 19:46 . 2008-07-06 20:05 2,465,006 --a------ C:\Error Doctor 2008 version with serial number.rar.bc!
2008-07-06 19:40 . 2008-07-06 19:43 6,214,069 --a------ C:\Error Doctor 2008 v1 5 Fix Your PC.rar
2008-07-06 17:40 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr
2008-07-06 16:09 . 2008-07-06 16:09 <REP> d-------- C:\Program Files\Realtek AC97
2008-07-06 16:07 . 2008-07-06 16:07 <REP> d-------- C:\pilote_audio_realtek_ac97_6.0.1.6251_4321
2008-07-05 18:01 . 2008-07-05 18:01 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
2008-07-05 14:32 . 2008-07-05 14:32 <REP> d-------- C:\Users\All Users\Uniblue
2008-07-05 14:32 . 2008-07-05 14:32 <REP> d-------- C:\ProgramData\Uniblue
2008-07-05 13:02 . 2008-07-05 13:21 <REP> d-------- C:\Program Files\RegCure
2008-07-04 21:41 . 2008-07-04 21:46 47 --a------ C:\Windows\System32\[u]0/u9wutili.sys
2008-07-04 21:39 . 2008-07-04 21:46 <REP> d-------- C:\Program Files\WinUtilities
2008-07-04 21:28 . 2008-07-04 21:28 <REP> d-------- C:\Program Files\CleanUp!
2008-07-04 11:02 . 2008-07-04 11:02 <REP> d-------- C:\!KillBox
2008-07-04 10:33 . 2008-07-04 10:33 <REP> d-------- C:\Users\All Users\ATI
2008-07-04 10:33 . 2008-07-04 10:33 <REP> d-------- C:\ProgramData\ATI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\Users\All Users\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\ProgramData\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 <REP> d-------- C:\Program Files\PrevxCSI
2008-07-04 10:19 . 2008-07-04 10:19 17,408 --a------ C:\Windows\System32\drivers\pxark.sys
2008-07-04 01:12 . 2008-07-03 22:41 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-07-04 01:12 . 2008-07-03 22:41 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-07-04 00:57 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-07-04 00:57 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-07-04 00:55 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-07-04 00:54 . 2008-01-18 23:38 4,595,712 --a------ C:\Windows\System32\AuthFWSnapin.dll
2008-07-04 00:53 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-07-04 00:51 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-07-04 00:48 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-07-04 00:13 . 2008-07-04 00:13 <REP> d-------- C:\Program Files\Trend Micro
2008-07-04 00:09 . 2008-07-04 00:09 <REP> d-------- C:\Deckard
2008-07-03 22:41 . 2008-07-04 01:17 196,608 --a------ C:\Windows\SPInstall.etl
2008-07-03 19:19 . 2008-07-03 19:19 988,216 --a------ C:\Windows\System32\winload.exe
2008-07-03 19:19 . 2008-07-03 19:19 927,288 --a------ C:\Windows\System32\winresume.exe
2008-07-03 19:19 . 2008-07-03 19:19 615,992 --a------ C:\Windows\System32\ci.dll
2008-07-03 19:19 . 2008-07-03 19:19 378,368 --a------ C:\Windows\System32\srcore.dll
2008-07-03 19:19 . 2008-07-03 19:19 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-07-03 19:19 . 2008-07-03 19:19 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-07-03 19:19 . 2008-07-03 19:19 40,960 --a------ C:\Windows\System32\srclient.dll
2008-07-03 19:19 . 2008-07-03 19:19 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-07-03 19:19 . 2008-07-03 19:19 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-07-03 19:19 . 2008-07-03 19:19 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-07-03 17:46 . 2008-07-03 18:45 <REP> d-------- C:\Users\YoYo\.homeplayer
2008-07-03 17:46 . 2008-07-03 17:47 <REP> d-------- C:\Program Files\HomePlayer
2008-07-03 14:39 . 2008-07-03 14:39 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-07-02 23:43 . 2008-07-02 23:43 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-07-02 23:34 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-07-02 23:34 . 2006-11-02 01:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-07-02 23:33 . 2008-07-02 23:33 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-07-02 23:31 . 2008-07-02 23:31 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-07-02 23:31 . 2008-07-02 23:31 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-07-02 23:30 . 2008-07-02 23:30 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-02 23:30 . 2008-07-02 23:30 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-07-02 23:30 . 2008-07-02 23:30 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-07-02 23:29 . 2008-07-02 23:29 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-07-02 23:29 . 2008-07-02 23:29 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-07-02 23:29 . 2008-07-02 23:29 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-07-02 23:29 . 2008-07-02 23:29 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-07-02 23:29 . 2008-07-02 23:29 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-07-02 23:29 . 2008-07-02 23:29 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-07-02 23:01 . 2008-07-02 23:01 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-07-02 23:01 . 2008-07-02 23:01 826,880 --a------ C:\Windows\System32\wininet.dll
2008-07-02 17:05 . 2008-07-03 00:06 <REP> d-------- C:\Windows\Panther
2008-07-02 17:05 . 2006-09-12 21:00 197,632 --a------ C:\Windows\System32\CNMLM7L.DLL
2008-07-02 17:05 . 2006-07-28 08:09 194,048 --a------ C:\Windows\System32\CNCC500.DLL
2008-07-02 17:05 . 2005-05-30 11:47 139,264 --a------ C:\Windows\System32\CNCL500.DLL
2008-07-02 17:05 . 2006-06-29 06:29 106,496 --a------ C:\Windows\System32\cncisco.dll
2008-07-02 17:05 . 2005-12-02 23:49 64,352 --a------ C:\Windows\System32\drivers\ativmc20.cod
2008-07-02 17:05 . 2006-07-28 08:08 37,888 --a------ C:\Windows\System32\CNCI500.DLL
2008-07-02 17:03 . 2008-07-14 08:57 <REP> d-------- C:\Windows\Debug
2008-07-02 16:54 . 2008-07-02 16:54 <REP> d-------- C:\Users\Default\video
2008-07-02 16:45 . 2008-07-02 16:45 <REP> d--h----- C:\$WINDOWS.~Q
2008-07-02 16:34 . 2008-07-02 16:38 <REP> d--h----- C:\$INPLACE.~TR
2008-07-02 16:20 . 2008-07-14 09:16 <REP> dr------- C:\Users\YoYo\Videos
2008-07-02 16:20 . 2008-07-02 16:53 <REP> dr------- C:\Users\YoYo\Saved Games
2008-07-02 16:20 . 2008-07-14 08:56 <REP> dr------- C:\Users\YoYo\Pictures
2008-07-02 16:20 . 2008-07-05 13:21 <REP> dr------- C:\Users\YoYo\Links
2008-07-02 16:20 . 2006-11-02 14:35 <REP> d-------- C:\Users\YoYo\AppData\Roaming\Media Center Programs
2008-07-02 16:20 . 2008-07-02 16:52 <REP> d--h----- C:\Users\YoYo\AppData
2008-07-02 16:20 . 2008-07-06 17:20 <REP> d-------- C:\Users\YoYo
2008-07-02 16:20 . 2008-07-02 16:50 <REP> d-------- C:\Users\Invit‚
2008-07-02 16:18 . 2008-07-02 16:18 <REP> d--h----- C:\Users\All Users\CanonBJ
2008-07-02 16:18 . 2008-07-02 16:18 <REP> d--h----- C:\ProgramData\CanonBJ
2008-07-02 16:18 . 2008-07-02 16:18 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-02 16:17 . 2008-07-02 16:17 0 --a------ C:\Windows\ativpsrm.bin
2008-07-02 16:15 . 2008-07-10 03:00 <REP> d-------- C:\Windows\System32\catroot2
2008-07-01 23:56 . 2008-07-01 23:56 <REP> d-------- C:\Kaspersky AntiVirus 2009 8.0.0.357 + No Blacklist Key
2008-07-01 21:50 . 2008-07-01 21:50 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-07-01 19:34 . 2008-07-01 19:36 2,719,575 --a------ C:\Magic ISO Maker 5.4 with serial.rar
2008-07-01 18:51 . 2008-07-01 20:00 <REP> d-------- C:\Adobe After Effects CS3 Professional 2008 PC + Crack
2008-07-01 16:33 . 2008-07-01 16:43 10,353,408 --a------ C:\Spybot_Search_Destroy_1_6_0_beta2.exe
2008-06-27 22:57 . 2008-06-27 22:57 <REP> d-------- C:\deluxe route
2008-06-26 17:36 . 2008-07-05 13:35 <REP> d-------- C:\dede
2008-06-26 17:34 . 2008-06-26 17:34 <REP> d-------- C:\Program Files\TomTom DesktopSuite
2008-06-26 10:25 . 2008-06-27 09:50 <REP> d-------- C:\The.Forbidden.Kingdom.R5.LiNE.x264.AC3-TLo
2008-06-26 10:01 . 2008-07-02 16:35 <REP> d-------- C:\Users\All Users\Lavasoft
2008-06-26 10:01 . 2008-07-02 16:35 <REP> d-------- C:\ProgramData\Lavasoft
2008-06-26 10:01 . 2008-07-02 16:32 <REP> d-------- C:\Program Files\Lavasoft
2008-06-26 09:55 . 2008-06-27 09:39 <REP> d-------- C:\The.Forbidden.Kingdom.R5.REPACK.DVDR-DREAMLiGHT
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 12:04 85,792 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-07-14 12:04 5,824 --sha-w C:\Windows\system32\drivers\fidbox2.idx
2008-07-14 12:04 10,709,024 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-07-14 12:04 1,081,376 --sha-w C:\Windows\system32\drivers\fidbox2.dat
2008-07-14 07:21 --------- d-----w C:\Program Files\NeoSmart Technologies
2008-07-14 07:06 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-14 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-14 06:55 --------- d-----w C:\Program Files\Yahoo!
2008-07-12 21:01 --------- d-----w C:\Program Files\Opera
2008-07-12 20:58 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-12 18:10 --------- d-----w C:\Users\YoYo\AppData\Roaming\Uniblue
2008-07-12 18:10 --------- d-----w C:\Program Files\Uniblue
2008-07-12 14:15 --------- d-----w C:\Program Files\Steam
2008-07-11 18:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 01:06 --------- d-----w C:\Program Files\Windows Mail
2008-07-06 16:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 15:59 --------- d-----w C:\Program Files\Ubisoft
2008-07-06 15:58 --------- d-----w C:\Program Files\Electronic Arts
2008-07-06 15:54 --------- d-----w C:\Program Files\A123 YouTube FLV to AVI iPod Converter
2008-07-06 14:15 --------- d-----w C:\Program Files\ATI
2008-07-06 13:43 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-05 13:46 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-04 08:27 --------- d-----w C:\Program Files\ATI Technologies
2008-07-03 23:47 174 --sha-w C:\Program Files\desktop.ini
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Defender
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-03 23:30 --------- d-----w C:\Program Files\Windows Calendar
2008-07-02 21:30 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-02 21:30 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-02 21:30 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-02 21:30 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-02 21:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-02 19:29 96,966 ----a-w C:\Windows\system32\drivers\klin.dat
2008-07-02 19:29 88,774 ----a-w C:\Windows\system32\drivers\klick.dat
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Modèles
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Favoris
2008-07-02 15:22 --------- d-sh--w C:\ProgramData\Bureau
2008-07-02 15:22 --------- d-sh--w C:\Program Files\Fichiers communs
2008-07-02 14:36 --------- d-----w C:\ProgramData\Yahoo!
2008-07-02 14:35 --------- d-----w C:\ProgramData\Logitech
2008-07-02 14:34 --------- d-----w C:\Program Files\Windows Live
2008-07-02 14:34 --------- d-----w C:\Program Files\Winamp
2008-07-02 14:34 --------- d-----w C:\Program Files\VirtualDJ
2008-07-02 14:34 --------- d-----w C:\Program Files\VideoLAN
2008-07-02 14:34 --------- d-----w C:\Program Files\Video Converter
2008-07-02 14:34 --------- d-----w C:\Program Files\URUSoft
2008-07-02 14:34 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-02 14:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-02 14:34 --------- d-----w C:\Program Files\SubMagic
2008-07-02 14:34 --------- d-----w C:\Program Files\STOIK Imaging
2008-07-02 14:34 --------- d-----w C:\Program Files\STK014
2008-07-02 14:34 --------- d-----w C:\Program Files\Stardock
2008-07-02 14:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-02 14:32 --------- d-----w C:\Program Files\Microsoft Games
2008-07-02 14:31 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 14:27 --------- d--h--w C:\Program Files\CanonBJ
2008-06-05 20:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-04 18:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-03 06:22 3,695,104 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2008-06-03 02:34 49,152 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2008-06-01 11:54 --------- d-----w C:\ProgramData\iolo
2008-06-01 10:22 --------- d-----w C:\Users\YoYo\AppData\Roaming\iolo
2008-05-23 18:45 99,776 ----a-w C:\Windows\system32\drivers\snapman.sys
2008-05-15 01:20 175,488 ----a-w C:\Windows\system32\drivers\atinavt2.sys
2007-11-13 19:37 842 ----a-w C:\Users\YoYo\AppData\Roaming\waver_2.95.dat
2006-05-03 09:06 163,328 --sha-r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-14_ 8.44.42.69 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 19:25:14 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-14 12:05:33 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-07-13 19:27:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-14 12:06:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-14 12:06:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-13 19:27:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-14 12:06:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-14 12:06:04 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-06-17 14:12:42 114,688 ----a-w C:\Windows\System32\Adobe\Director\np32dsw.dll
+ 2008-06-17 14:23:02 202,168 ----a-w C:\Windows\System32\Adobe\Director\SwDir.dll
+ 2008-06-17 14:13:22 487,424 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Control.dll
+ 2008-06-17 13:36:00 1,798,144 ----a-w C:\Windows\System32\Adobe\Shockwave 11\dirapi.dll
+ 2008-06-17 14:13:26 9,216 ----a-w C:\Windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-06-17 13:25:58 697,344 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gi.dll
+ 2008-06-17 13:26:00 1,145,896 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gt.exe
+ 2008-06-17 13:25:58 52,288 ----a-w C:\Windows\System32\Adobe\Shockwave 11\gtapi.dll
+ 2008-06-17 13:32:18 892,928 ----a-w C:\Windows\System32\Adobe\Shockwave 11\iml32.dll
+ 2008-06-17 14:11:56 253,952 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Plugin.dll
+ 2008-06-17 14:15:00 446,464 ----a-w C:\Windows\System32\Adobe\Shockwave 11\Proj.dll
+ 2008-06-17 14:22:46 439,736 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100458.exe
+ 2008-06-17 14:15:44 114,688 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwInit.exe
+ 2008-06-17 14:11:44 94,208 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-06-17 13:25:58 50,808 ----a-w C:\Windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 08:55:30 149,504 ----a-w C:\Windows\System32\Adobe\Shockwave 11\UNWISE.EXE
+ 2008-07-14 09:30:46 203,537 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin
- 2008-07-10 00:07:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-14 07:14:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-10 00:07:21 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-14 07:14:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-10 00:07:21 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-14 07:14:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-13 19:31:07 101,052 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-14 09:41:42 101,052 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-13 19:31:07 123,350 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-07-14 09:41:42 123,350 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-07-13 19:31:07 586,980 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-14 09:41:42 586,980 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-13 19:31:07 669,340 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-07-14 09:41:42 669,340 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-07-13 19:27:53 6,880 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3465875824-3392229113-3859714596-1000_UserData.bin
+ 2008-07-14 07:07:51 7,326 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3465875824-3392229113-3859714596-1000_UserData.bin
- 2008-07-13 19:27:52 55,028 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-14 07:07:51 55,412 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 23:36 2153472 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 13:21 563080]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2007-05-10 13:18 835584]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-06-28 23:01 2512128]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-18 11:55 1132056]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-18 11:34 774168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 19:21 201992]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 16:28 598016 C:\Windows\SOUNDMAN.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\Windows\KHALMNPR.Exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-14 15:21:08 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DontDisplayLogonHoursWarnings"= 1 (0x1)
"LogonHoursAction"= 2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.X264"= x264vfw.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-04-25 19:21 201992 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{135D8AB3-ACE5-4389-9B40-2772EA33E2DE}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{7971196E-11C8-4FD8-ADEB-AA3067ED05A2}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{09E4FCC6-B8AB-431A-96A5-A63DABD911B7}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{85D76D5F-51A3-482A-B98B-84EF62B432EF}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{A13D2A12-2DBC-40F4-83C2-7FF7BF0AA9EC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{98BEB660-0E6A-4F4C-BE4F-242C085D3400}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{9B164E68-4D00-42D0-A819-60A21E7B7501}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{437131F0-EBD9-43B3-849C-944F5F296810}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{71A28A76-C9BB-4C03-9D4A-FE13D1554E53}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0B1923BF-840E-47DF-B976-6403DB20C685}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A6AD2B90-4607-4270-B3F6-799D3B126486}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6734EEA1-9AAE-46A5-92D6-9F88430468E0}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{989BB491-619F-4205-AA12-1C10A359D854}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EE23FF41-3831-4F92-ADA9-67CC1FC1741D}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{45069129-3271-49A9-9E31-2B190A178BD8}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{E61CF6CF-5EF3-4AC9-B321-568E47E696DC}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{F16089B3-2A3A-4F88-93EF-32AB8DC242CD}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{1AED7AFD-BC9D-46F9-9A9F-A6745993DCBC}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{073D913E-B1CE-4453-A484-D2ECEB98700A}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{3E70A04D-B1E6-4159-80A1-37A2F2A3F81B}"= UDP:990:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{3361D756-F93B-4BAA-8E77-8F24E8B636CF}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{CC1B6C5A-251A-4F5F-B735-4E44BF545BFF}"= UDP:999:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{1F80D8B3-884E-4083-B0C2-7285339D5758}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{48F79BB4-16CC-4F7A-BD48-CD6CC7F5DB6F}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{39777A7F-DAD9-4AF0-BCE2-9A49137800DD}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BF4AE78D-8C84-4BD2-82D9-028C0D6D40F3}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{30454EC8-A315-44EE-AD63-C49B9DEE66CA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"UDP Query User{07F47A02-415C-4861-BEC7-61B493F5D97A}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"TCP Query User{37851D6C-C2E9-4195-810A-5BAB05198C5B}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.321\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.321\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
"{FBE87BB8-615D-409E-9C4E-68698D207DBC}"= Disabled:TCP:G:\incredimail_install(3).exe:IncrediMail Installer
"{CF84D3F6-648B-4099-99FC-FB2BCECFD2E1}"= Disabled:UDP:G:\incredimail_install(3).exe:IncrediMail Installer
"{B61838A7-73B8-49C4-B8DF-484B654FFB27}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8F583F07-8BF0-4D19-B56A-3B897F4F0EF7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{64CDC495-843A-44D0-A656-3212E19F9D0B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DB0EF69C-E964-4E6D-9ACB-85819E715F83}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5B8CF2A4-CE84-413C-9031-ECB5A879FE7C}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FE811146-B55E-4F74-B113-43F8D289FED9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5F9E0658-52BC-4CDA-9CE4-F0DF9C6FF2ED}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{A405D797-85BB-4B8D-A803-6FC71A15514E}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{553A0253-4AE6-45A7-9EA7-DA525A4C9CCD}"= UDP:50901:Adobe Version Cue CS3 Server
"{0DA8F27D-AB28-4A58-A863-CFC1FC9B8474}"= UDP:50900:Adobe Version Cue CS3 Server
"{7136EA44-6FF3-4B5D-B98D-EDFCB13C5367}"= UDP:3704:Adobe Version Cue CS3 Server
"{0667449A-9061-4356-A862-A524343618A7}"= UDP:3703:Adobe Version Cue CS3 Server
"UDP Query User{95ABAEDE-8F4F-4729-9205-7393F4104FE4}C:\\program files\\gigabyte\\et5\\update.exe"= TCP:C:\program files\gigabyte\et5\update.exe:ftptest
"TCP Query User{A2711FC7-A16D-44C3-A632-D4A727F5A64E}C:\\program files\\gigabyte\\et5\\update.exe"= UDP:C:\program files\gigabyte\et5\update.exe:ftptest
"{5C481AA7-E70D-4FFC-AAE2-4C617C8B1B06}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F12FB478-B603-4FF3-AF5B-77A82D2BF741}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4C649156-6750-4702-AFBC-E6C739BECFA8}"= TCP:17598:BitComet 17598 UDP
"{0BFB8182-E7BF-4B22-840E-04A05F7CAADF}"= UDP:17598:BitComet 17598 TCP
"{E0D112A2-A226-4449-ADEB-70E8A7EF55D3}"= TCP:11507:BitComet 11507 UDP
"{B67351A4-0750-4B61-A9D5-F6D5E70BC217}"= UDP:11507:BitComet 11507 TCP
"{D7703C8F-AC49-4A1E-8827-4FCC44E91434}"= TCP:11507:BitComet 11507 UDP
"{87E58A77-D1F6-4135-BE85-7AE0F77FF3A2}"= UDP:11507:BitComet 11507 TCP
"{15D5C4BA-09FE-4674-AD86-108445B48F0F}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"{E3451934-F27A-4D1F-81D3-1E3505B9A5CB}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{7545109D-C36B-4909-B617-37FA22A23BE6}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5C78FA5D-32AE-4DE7-B7F2-35D4FEE0C288}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9EE7C5F6-0DFD-4F91-85FB-AFA45A27A648}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{17883C27-7B52-4ACC-A695-D6895BBD3E90}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A19D4FF3-47CA-4DC2-B60A-9890B08F6CC9}"= TCP:9375:BitComet 9375 UDP
"{ABD20516-970E-4069-A1A6-B32D24FAEDAF}"= UDP:9375:BitComet 9375 TCP
"{B9577DFE-CA7E-47B1-A88D-F137A833232F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisabledInterfaces"= {77CC3A99-24E8-432E-8750-125B46242B15},{CCC70AB2-9676-40B2-A47A-4B6A4952C20A}
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 19:29]
R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-07-04 10:19]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-03-26 13:10]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 16:46]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 08:22]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 20:02]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S2 TimerStop;TimerStop;C:\Windows\system32\timerstop.sys [2007-01-02 19:06]
S2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-18 23:33]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\Windows\system32\DRIVERS\BTCamDrv.sys [2006-11-01 20:45]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2007-01-12 18:34]
S3 OABXTMG;OABXTMG;C:\Users\YoYo\AppData\Local\Temp\OABXTMG.exe []
S3 PRODIGY;PRODIGY;C:\Windows\system32\Drivers\PRODIGY.SYS [2006-08-29 16:56]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-15 11:57]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-01 12:38]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-11 15:16:48 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-07-14 12:05:54 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-10 01:06:32 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-05 15:30:31 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-05 11:28:49 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-07-05 12:37:16 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-07-14 00:07:49 C:\Windows\Tasks\User_Feed_Synchronization-{AA6DE61B-8532-452B-BCFC-0B0D05E38307}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-07-14 12:10:05 C:\Windows\Tasks\User_Feed_Synchronization-{F66F6557-DF8E-4E3C-BAA8-EEEA8AE5C498}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 14:06:09
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\conime.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 14:15:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 12:14:55
ComboFix2.txt 2008-07-14 06:45:50
Pre-Run: 66,987,909,120 octets libres
Post-Run: 66,828,288,000 octets libres
467 --- E O F --- 2008-07-12 08:07:57
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
14 juil. 2008 à 14:27
14 juil. 2008 à 14:27
le C:\Windows\System32\gpprefcl.dll fais des siennes :p ! il ne veut pas se supprimer selon le rapport :s
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
14 juil. 2008 à 20:43
14 juil. 2008 à 20:43
salut,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
* Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Aide : Comment utiliser MBAM.
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
* Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Aide : Comment utiliser MBAM.
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
15 juil. 2008 à 00:26
15 juil. 2008 à 00:26
Voili voilou par contre le gpprefcl.dll n'a pas été décelé serait ce un fichier saint?!
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 949
Windows 6.0.6001 Service Pack 1
00:18:45 15/07/2008
mbam-log-7-15-2008 (00-18-45).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 327607
Temps écoulé: 45 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 154
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gxvpsafm.bxkn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Users\YoYo\AppData\Roaming\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Users\YoYo\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\vav.cpl.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\Desktop\Downloads\up_by_titi59_A_CS3_Keygen_Collection\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (Rogue.SpywareDestructor) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 949
Windows 6.0.6001 Service Pack 1
00:18:45 15/07/2008
mbam-log-7-15-2008 (00-18-45).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 327607
Temps écoulé: 45 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 154
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gxvpsafm.bxkn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Users\YoYo\AppData\Roaming\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Users\YoYo\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\vav.cpl.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\Desktop\Downloads\up_by_titi59_A_CS3_Keygen_Collection\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\AppData\Roaming\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Users\YoYo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT (Rogue.SpywareDestructor) -> Quarantined and deleted successfully.
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
15 juil. 2008 à 00:54
15 juil. 2008 à 00:54
salut,
as tu cracké kaspersky??
as tu cracké kaspersky??
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
15 juil. 2008 à 01:05
15 juil. 2008 à 01:05
l'ancien ué mais je l'ai totalement viré , la j'ai juste appliqué un clé de licence , aucun crack sur kasper!
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
15 juil. 2008 à 01:11
15 juil. 2008 à 01:11
re,
Télécharge Navilog (de Il-Mafioso)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
* Enregistre-le sur ton Bureau.
* Installe-le en double cliquant sur navilog.exe.
* Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
* Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
* Patiente jusqu'à l'apparition de ce message :
*** Analyse Termine le ..... ***
* Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
* Poste le rapport généré.
Le rapport se trouve ici : C:\fixnavi.txt
Si tu as Vista, fais ceci avant :
Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)
Télécharge Navilog (de Il-Mafioso)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
* Enregistre-le sur ton Bureau.
* Installe-le en double cliquant sur navilog.exe.
* Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
* Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
* Patiente jusqu'à l'apparition de ce message :
*** Analyse Termine le ..... ***
* Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
* Poste le rapport généré.
Le rapport se trouve ici : C:\fixnavi.txt
Si tu as Vista, fais ceci avant :
Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
15 juil. 2008 à 01:57
15 juil. 2008 à 01:57
Search Navipromo version 3.6.0 commencé le 15/07/2008 à 1:36:47,65
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "YoYo"
Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "c:\users\yoyo\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\INVIT~1\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\YoYo\AppData\Local\virtualstore\Program Files" ***
*** Recherche dossiers dans "C:\Users\YoYo\AppData\Roaming" ***
*** Recherche dossiers dans "C:\Users\INVIT~1\appdata\roaming" ***
*** Recherche dossiers dans "C:\Users\TEMP\appdata\roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\YoYo\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\YoYo\AppData\Local\virtualstore\windows\system32" *
* Recherche dans "C:\Users\YoYo\AppData\Local" *
* Recherche dans "C:\Users\INVIT~1\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\YoYo\AppData\Local\Microsoft" :
* Dans "C:\Users\YoYo\AppData\Local\virtualstore\windows\system32" :
* Dans "C:\Users\YoYo\AppData\Local" :
* Dans "C:\Users\INVIT~1\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 15/07/2008 à 1:55:21,46 ***
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "YoYo"
Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "c:\users\yoyo\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\INVIT~1\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\YoYo\AppData\Local\virtualstore\Program Files" ***
*** Recherche dossiers dans "C:\Users\YoYo\AppData\Roaming" ***
*** Recherche dossiers dans "C:\Users\INVIT~1\appdata\roaming" ***
*** Recherche dossiers dans "C:\Users\TEMP\appdata\roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\YoYo\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\YoYo\AppData\Local\virtualstore\windows\system32" *
* Recherche dans "C:\Users\YoYo\AppData\Local" *
* Recherche dans "C:\Users\INVIT~1\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\YoYo\AppData\Local\Microsoft" :
* Dans "C:\Users\YoYo\AppData\Local\virtualstore\windows\system32" :
* Dans "C:\Users\YoYo\AppData\Local" :
* Dans "C:\Users\INVIT~1\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 15/07/2008 à 1:55:21,46 ***
ludsfa
Messages postés
1284
Date d'inscription
dimanche 3 février 2008
Statut
Membre
Dernière intervention
15 janvier 2018
15
15 juil. 2008 à 07:28
15 juil. 2008 à 07:28
re,
Bon de ce coté la ça va .
Télécharge Ccleaner sur ton Bureau
https://filehippo.com/download_ccleaner/
* Clique sur download the latest version.
* Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau.
- Contrôler automatiquement les mises à jour de CCleaner.
* Lance le Nettoyage.
* Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner.
http://www.infos-du-net.com/forum/272336-7-Ccleaner-under-construction
ensuite si ton kaspersky est craqué je te conseille fortement de le désinstaller et d'installer un très bon antivirus gratuit.
Télécharge AntiVir sur ton Bureau.
https://download.cnet.com/Avira-Free-Security-with-Antivirus/3000-18510_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=10831109
* Double clique sur l'exécutable téléchargé pour lancer l'installation.
* A la fin de l'installation, clique sur Finish.
* Ouvre Antivir, assure-toi qu’il soit bien à jour !
* Dans l'onglet Local Protection, choisis Scanner.
* Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
* Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
* Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..
Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.
Bon de ce coté la ça va .
Télécharge Ccleaner sur ton Bureau
https://filehippo.com/download_ccleaner/
* Clique sur download the latest version.
* Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau.
- Contrôler automatiquement les mises à jour de CCleaner.
* Lance le Nettoyage.
* Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner.
http://www.infos-du-net.com/forum/272336-7-Ccleaner-under-construction
ensuite si ton kaspersky est craqué je te conseille fortement de le désinstaller et d'installer un très bon antivirus gratuit.
Télécharge AntiVir sur ton Bureau.
https://download.cnet.com/Avira-Free-Security-with-Antivirus/3000-18510_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=10831109
* Double clique sur l'exécutable téléchargé pour lancer l'installation.
* A la fin de l'installation, clique sur Finish.
* Ouvre Antivir, assure-toi qu’il soit bien à jour !
* Dans l'onglet Local Protection, choisis Scanner.
* Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
* Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
* Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..
Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.
picks
Messages postés
12
Date d'inscription
samedi 12 juillet 2008
Statut
Membre
Dernière intervention
17 juillet 2008
15 juil. 2008 à 08:11
15 juil. 2008 à 08:11
re,
Je fais le ccleaner tout les jours^^
Ce matin ca a été fait vers 6h du mat avt le sport!
Et je le répète kasperky n'est pas cracké
Je fais le ccleaner tout les jours^^
Ce matin ca a été fait vers 6h du mat avt le sport!
Et je le répète kasperky n'est pas cracké