Analyse Rapports TB.txt Fixnavi.txt Cleannavi.txt
Forum Sécurité - Virus : Analyse Rapports TB.txt Fixnavi.txt Cleannavi.txt
Bonjour, voici les rapports de chacunes des étapes tel que recommandées....
Merci de m'aider une fois de plus !
***RAPPORT Malwarebytes :
Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1831
Windows 5.1.2600 Service Pack 2
11/03/2009 00:24:10
mbam-log-2009-03-11 (00-24-10).txt
Type de recherche: Examen complet (C:\|E:\|G:\|)
Eléments examinés: 112749
Temps écoulé: 3 hour(s), 0 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution
Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows help center
(Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft
(Spyware.OnlineGames) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidde
n\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and
deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted
successfully.
Fichier(s) infecté(s):
C:\GenProc\outil\curl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
***RAPPORT Scan en ligne BitDefender :
1er tentative
-------------
"BitDefender n'a pu mettre ç jour les définitions de virus.
Bien qu'il soit possible de rechercher des virus, les résultat sera probablement imprécis."
Vouslez-vous continuer l'analyse? "Oui"
Scan Failed!
Impossible d'analyser l'ordinateur contre les virus
Info su l'analyse
Fichiers: 0, Temps d'analyse: 00:00:00.
Fermer
2eme tentative
--------------
BitDefender Online Scanner
Rapport d'analyse généré à: Wed, Mar 11, 2009 - 03:19:05
Voie d'analyse: A:\;C:\;D:\;E:\;G:\;
Statistiques
Temps
02:08:12
Fichiers
38146
Directoires
4958
Secteurs de boot
0
Archives
972
Paquets programmes
2911
Résultats
Virus identifiés
1
Fichiers infectés
1
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
1
Info sur les moteurs
Définition virus
2774720
Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Analyse des plugins
17
Archive des plugins
45
Unpack des plugins
7
E-mail plugins
6
Système plugins
4
***RAPPORT EMAIL SCAN@VIRUSTOTAL.COM
----- Original Message -----
From: <scan@virustotal.com>
To: <okapimct@yahoo.fr>
Sent: Tuesday, March 10, 2009 5:00 PM
Subject: [Bulk] [VirusTotal] Server notification
> Complete scanning result of "webcam-photos095.zip", processed in VirusTotal at 03/10/2009
17:00:14 (CET).
>
> [ file data ]
> * name..: webcam-photos095.zip
> * size..: 116362
> * md5...: 0faf475f9c5a2554f56063be5cbf880f
> * sha1..: 778f2da0eab6b9825bee3a88b380beb54411ca9a
> * peid..: -
>
> [ scan result ]
> a-squared 4.0.0.101/20090310 found [Backdoor.Win32.IRCBot!IK]
> AhnLab-V3 5.0.0.2/20090310 found [Win32/ShadoBot.worm.116224]
> AntiVir 7.9.0.107/20090310 found [TR/Crypt.XPACK.Gen]
> Authentium 5.1.0.4/20090310 found [W32/Backdoor.BMHU]
> Avast 4.8.1335.0/20090309 found [Win32:IRCBot-CDT]
> AVG 8.0.0.237/20090310 found [BackDoor.Ircbot.AXB]
> BitDefender 7.2/20090310 found [Backdoor.IRCBot.ABEU]
> CAT-QuickHeal 10.00/20090310 found [Backdoor.IRCBot.acd]
> ClamAV 0.94.1/20090310 found [Trojan.IRCBot-1132]
> Comodo 1043/20090310 found [Backdoor.Win32.IRCBot.WO]
> DrWeb 4.44.0.09170/20090310 found [BackDoor.IRC.Sdbot.1987]
> eSafe 7.0.17.0/20090309 found [Win32.IRCBot.acd]
> eTrust-Vet 31.6.6388/20090309 found [Win32/Checkout.J]
> F-Prot 4.4.4.56/20090309 found [W32/Backdoor.BMHU]
> F-Secure 8.0.14470.0/20090310 found [Backdoor.Win32.IRCBot.acd]
> Fortinet 3.117.0.0/20090310 found [W32/IRCBot.ACD!tr.bdr]
> GData 19/20090310 found [Backdoor.IRCBot.ABEU]
> Ikarus T3.1.1.45.0/20090310 found [Backdoor.Win32.IRCBot]
> K7AntiVirus 7.10.665/20090310 found [Backdoor.Win32.IRCBot.acd]
> Kaspersky 7.0.0.125/20090310 found [Backdoor.Win32.IRCBot.acd]
> McAfee 5548/20090309 found [W32/Checkout]
> McAfee+Artemis 5548/20090309 found [W32/Checkout]
> Microsoft 1.4405/20090310 found [Backdoor:Win32/IRCbot.OU]
> NOD32 3923/20090310 found [Win32/IRCBot.WO]
> Norman 6.00.06/20090310 found [W32/Ircbot.XIC]
> nProtect 2009.1.8.0/20090310 found nothing
> Panda 10.0.0.10/20090309 found [W32/Gaobot.OXI.worm]
> PCTools 4.4.2.0/20090310 found [Worm.IRCBot.BDP]
> Prevx1 V2/20090310 found [High Risk System Back Door]
> Rising 21.20.11.00/20090310 found [Backdoor.Win32.IRCbot.bcr]
> SecureWeb-Gateway 6.7.6/20090310 found [Trojan.Crypt.XPACK.Gen]
> Sophos 4.39.0/20090310 found [W32/IRCBot-XG]
> Sunbelt 3.2.1858.2/20090310 found [Worm.Win32.IRCBot.Gen]
> Symantec 1.4.4.12/20090310 found [W32.Mubla.B]
> TheHacker 6.3.3.0.278/20090310 found [Backdoor/IRCBot.acd]
> TrendMicro 8.700.0.1004/20090310 found [BKDR_IRCBOT.AGP]
> VBA32 3.12.10.1/20090310 found [Backdoor.Win32.IRCBot.acd]
> ViRobot 2009.3.10.1643/20090310 found [Backdoor.Win32.IRCBot.116224.C]
> VirusBuster 4.5.11.0/20090310 found [Worm.IRCBot.BDP]
>
> [ notes ]
> packers (Kaspersky): PE_Patch, NTKrnl
> Prevx info:
http://info.prevx.com/aboutprogram [...] 00E660967F
***RAPPORT RSIT :
Logfile of random's system information tool 1.05 (written by random/random)
Run by Patrick at 2009-03-11 00:50:14
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 310 MB (3%) free of 10 GB
Total RAM: 382 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:56, on 11/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Steganos Internet Anonym VPN\SVPNStarter.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Documents and Settings\Patrick\Bureau\RSIT.exe
C:\Program Files\trend micro\Patrick.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program
Files\Orbitdownloader\orbitcth.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\Free Download
Manager\iefdm2.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program
Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program
Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE
LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE
RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default
user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program
Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://E:\Free
Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://E:\Free
Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager -
file://E:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager -
file://E:\Free Download Manager\dlfvideo.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
http://a516.g.akamai.net/f/516/251 [...] /wficat-no
-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5E9D4FE-84CB-4146-A3B9-1AF7EDB17926}: NameServer
= 194.25.0.68 194.25.0.60
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDB2ADDA-8A05-4D36-85A2-DFB22491ECC6}: NameServer
= 212.19.48.14
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe
Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program
Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program
Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -
C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Steganos VPN Starter Service (SVPNStarter) - Unknown owner - C:\Program
Files\Steganos Internet Anonym VPN\SVPNStarter.exe
--
End of file - 7537 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-02-20 134344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - E:\Free Download Manager\iefdm2.dll [2009-03-02 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-01-02 204248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program
Files\Orbitdownloader\GrabPro.dll [2009-02-20 646264]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-07 144792]
"avast!"=E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26
1211176]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Documents and Settings\Patrick\Menu Démarrer\Programmes\Démarrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma
Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
[2004-08-20 240128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop
Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{BB4C402F-882A-4526-8C08-51278EA437C1}"=C:\WINDOWS\system32\afmain0.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic
y\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-220
19"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft
ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft
ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft
ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program
Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows
Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows
Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital
Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital
Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital
Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital
Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital
Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program
Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Proxy Switcher Lite\ProxySwitcher.exe"="C:\Program Files\Proxy Switcher
Lite\ProxySwitcher.exe:*:Enabled
roxy Switcher"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program
Files\Orbitdownloader\orbitdm.exe:*:Enabled
rbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program
Files\Orbitdownloader\orbitnet.exe:*:Enabledrbit"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet
Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program
Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\ServicePackFiles\i386\iexplore.exe"="C:\WINDOWS\ServicePackFiles\i386\iexplore.
exe:*:Enabled:Internet Explorer"
"E:\Free Download Manager\fdm.exe"="E:\Free Download Manager\fdm.exe:*:Enabled:Free
Download Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolic
y\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-220
19"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft
ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft
ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft
ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows
Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows
Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078ba48
6-3532-11dc-8931-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27093ba
0-019a-11de-b0d2-0030051136bb}]
shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fd7b5d
0-614f-11dc-8980-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49087cc
b-0d0a-11dc-88f2-4d6564696130}]
shell\AutoRun\command - F:\ve.exe
shell\open\command - F:\ve.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b95243
4-bb78-11dc-8a6d-4d6564696130}]
shell\AutoRun\command - F:\pook.com
shell\open\command - F:\pook.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{786af3e
0-ad82-11dd-8bd9-0030051136bb}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{786af3e
1-ad82-11dd-8bd9-0030051136bb}]
shell\AutoRun\command - G:\e.com
shell\explore\command - G:\e.com
shell\open\command - G:\e.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a025e2
0-309f-11dd-8b34-4d6564696130}]
shell\AutoRun\command - F:\oufddh.exe
shell\explore\command - F:\oufddh.exe
shell\open\command - F:\oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98b0009
0-af12-11dd-8bdc-0030051136bb}]
shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8a4b58
0-443d-11dc-894c-000d180119bf}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2871ff
0-e81a-11db-88b0-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc710eb
0-c5e3-11dd-b03b-0030051136bb}]
shell\AutoRun\command - H:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e79a045
6-4bdb-11dc-895f-4d6564696130}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f505f54
7-ee5f-11dd-b092-0030051136bb}]
shell\AutoRun\command - F:\8.bat
shell\open\command - F:\8.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6cfd09
0-af13-11dd-8bdd-0030051136bb}]
shell\AutoRun\command - H:\AutoRun.exe
======List of files/folders created in the last 3 months======
2009-03-11 00:50:14 ----D---- C:\rsit
2009-03-10 18:11:38 ----D---- C:\Documents and Settings\Patrick\Application
Data\Malwarebytes
2009-03-10 18:11:25 ----D---- C:\Documents and Settings\All Users\Application
Data\Malwarebytes
2009-03-10 18:11:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-10 15:22:22 ----D---- C:\_OTMoveIt
2009-03-10 12:51:43 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-03-10 12:44:28 ----A---- C:\TB.txt
2009-03-10 12:43:44 ----D---- C:\ToolBar SD
2009-03-10 12:36:23 ----A---- C:\cleannavi.txt
2009-03-10 11:14:08 ----A---- C:\fixnavi.txt
2009-03-10 11:11:15 ----D---- C:\Program Files\Navilog1
2009-03-09 23:58:20 ----D---- C:\GenProc
2009-03-09 23:38:09 ----D---- C:\WINDOWS\BDOSCAN8
2009-03-07 11:28:06 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-03-05 17:19:08 ----D---- C:\Documents and Settings\Patrick\Application Data\Media
Player Classic
2009-03-05 02:49:07 ----A---- C:\WINDOWS\system32\unrar.dll
2009-03-05 02:49:04 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-03-05 02:49:03 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-03-05 02:49:01 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-03-05 02:48:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-03-05 02:48:58 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-03-05 02:48:54 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-03-05 02:27:48 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-03-05 02:27:47 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-03-05 02:27:46 ----N---- C:\WINDOWS\system32\px.dll
2009-03-04 17:47:22 ----RSH---- C:\dbrxubcw.com
2009-03-04 11:07:41 ----D---- C:\Documents and Settings\Patrick\Application Data\Free
Download Manager
2009-02-24 13:52:46 ----D---- C:\WINDOWS\system32\Color
2009-02-24 12:23:03 ----D---- C:\Documents and Settings\Patrick\Application Data\ICAClient
2009-02-24 12:22:52 ----D---- C:\Program Files\Citrix
2009-02-23 12:09:38 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2009-02-23 04:15:11 ----D---- C:\Documents and Settings\Patrick\Application Data\GrabPro
2009-02-23 04:14:58 ----D---- C:\Documents and Settings\Patrick\Application Data\Orbit
2009-02-23 04:14:54 ----D---- C:\Program Files\Orbitdownloader
2009-02-07 17:40:14 ----RSH---- C:\1utbfd.bat
2009-02-06 02:54:58 ----D---- C:\Ares Tube
2009-02-04 23:11:10 ----D---- C:\Program Files\Internet Download Manager
2009-01-30 01:44:21 ----A---- C:\WINDOWS\AhnRpta.exe
2009-01-20 07:24:57 ----D---- C:\Documents and Settings\Patrick\Application Data\IDM
2009-01-10 06:27:32 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-01-08 02:24:47 ----A---- C:\WINDOWS\system32\ShellMPD.dll
2009-01-02 23:15:02 ----D---- C:\Program Files\Hotspot Shield
2008-12-26 12:37:52 ----D---- C:\Program Files\MsnMonitorPro
2008-12-21 13:37:52 ----D---- C:\Program Files\Fichiers communs\Windows Live
2008-12-18 19:29:48 ----D---- C:\Program Files\OpenAL
2008-12-18 19:28:52 ----D---- C:\Program Files\Warzone 2100
2008-12-17 14:08:13 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-17 00:29:06 ----A---- C:\WINDOWS\system32\lfpng13n.dll
2008-12-14 11:35:01 ----D---- C:\Documents and Settings\Patrick\Application Data\dvdcss
2008-12-13 13:49:20 ----D---- C:\Program Files\Windows Live SkyDrive
2008-12-12 11:35:45 ----D---- C:\Documents and Settings\Patrick\Application Data\vlc
2008-12-12 02:16:22 ----D---- C:\Documents and Settings\Patrick\Application Data\DMCache
======List of files/folders modified in the last 3 months======
2009-03-11 00:50:56 ----D---- C:\Program Files\Trend Micro
2009-03-11 00:49:50 ----D---- C:\WINDOWS\Prefetch
2009-03-11 00:48:57 ----D---- C:\WINDOWS
2009-03-11 00:48:55 ----D---- C:\WINDOWS\Temp
2009-03-11 00:39:33 ----D---- C:\Program Files\eMule
2009-03-11 00:37:32 ----RD---- C:\Program Files
2009-03-11 00:27:45 ----D---- C:\WINDOWS\system32\drivers
2009-03-10 18:33:36 ----D---- C:\Program Files\MessenPass
2009-03-10 15:24:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-10 12:51:43 ----D---- C:\WINDOWS\system32
2009-03-10 12:48:22 ----D---- C:\WINDOWS\Minidump
2009-03-09 23:38:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-09 23:38:09 ----HD---- C:\WINDOWS\inf
2009-03-05 19:20:06 ----D---- C:\mp3
2009-03-05 02:27:58 ----D---- C:\Program Files\DivX
2009-03-05 02:27:20 ----SHD---- C:\WINDOWS\Installer
2009-03-05 02:27:20 ----HD---- C:\Config.Msi
2009-03-02 03:02:35 ----D---- C:\Program Files\Foxit Software
2009-03-01 23:04:14 ----SD---- C:\Documents and Settings\All Users\Application
Data\Microsoft
2009-03-01 02:42:01 ----D---- C:\Documents and Settings
2009-02-23 17:41:54 ----D---- C:\Documents and Settings\Patrick\Application Data\Skype
2009-02-23 11:29:29 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-02-11 10:48:20 ----D---- C:\Documents and Settings\Patrick\Application Data\LimeWire
2009-02-11 10:48:17 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-11 10:48:17 ----D---- C:\WINDOWS\system32\NtmsData
2009-02-11 10:48:17 ----D---- C:\WINDOWS\Help
2009-02-11 10:48:17 ----D---- C:\Program Files\WinRAR
2009-02-11 10:48:17 ----D---- C:\Program Files\FlashGet
2009-02-11 10:48:17 ----D---- C:\Program Files\Fichiers communs\XpressUpdate
2009-02-11 10:15:33 ----D---- C:\temp
2009-02-09 22:53:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-09 20:40:16 ----D---- C:\Downloads
2009-02-06 02:25:24 ----RSD---- C:\WINDOWS\assembly
2009-02-06 02:25:24 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-06 02:14:04 ----D---- C:\WINDOWS\WinSxS
2009-01-30 20:25:33 ----SHD---- C:\RECYCLER
2009-01-18 23:52:16 ----D---- C:\Documents and Settings\Patrick\Application Data\Adobe
2009-01-08 02:24:31 ----D---- C:\Program Files\Messenger
2008-12-21 14:44:36 ----D---- C:\Program Files\Windows Live
2008-12-21 14:44:06 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-12-21 13:37:52 ----D---- C:\Program Files\Fichiers communs
2008-12-18 16:02:39 ----D---- C:\Documents and Settings\Patrick\Application Data\skypePM
2008-12-13 20:18:46 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-12 11:31:32 ----D---- C:\Program Files\VideoLAN
2008-12-12 01:45:01 ----D---- C:\Documents and Settings\Patrick\Application Data\LuckaSoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,
4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys
[2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05
51376]
R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-19
46720]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys
[2009-02-05 94032]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R3 ac97intc;Service d'installation du pilote audio Intel(r) 82801 (WDM);
C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\System32\DRIVERS\e100b325.sys
[2001-08-23 117760]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;
C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-05-14 100992]
R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-02-15 26624]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys
[2004-08-04 31616]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[2004-08-04 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft;
C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VPCNetS2;Virtual Machine Network Services Driver;
C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056]
S2 ADILOADER;General Purpose USB Driver (adildr.sys);
C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);
C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2005-09-19
126489]
S3 BioNT_BS;BioNT_BS; \??\C:\Program Files\Paragon Software\Hard Disk Manager (technician
licence)\BlueScrn\BioNT_bs.sys []
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys
[2004-08-04 17024]
S3 BTHMODEM;Pilote de communications modem Bluetooth;
C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-04 38016]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys
[2004-08-04 100992]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14
272768]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04
18944]
S3 catchme;catchme; \??\C:\DOCUME~1\Patrick\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04
17024]
S3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04
114616]
S3 HPUATA;HP CD Writer Plus Controller Driver; C:\WINDOWS\System32\DRIVERS\HPUATA.sys
[2001-09-24 75776]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys
[2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12;
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12;
C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-04 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-04 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-04 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-04 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-04 22271]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft;
C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04
85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04
10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\System32\DRIVERS\qv2kux.sys
[2001-08-17 3328]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM);
C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 UsbEvdoAtc;LGE EVDO USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgevdoatc.sys
[2007-08-28 19840]
S3 usbevdobus;LGE EVDO Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgevdobus.sys
[2007-08-28 12800]
S3 UsbEvdoDiag;LGE EVDO USB Serial DM Port; C:\WINDOWS\system32\DRIVERS\lgevdodiag.sys
[2007-08-28 19840]
S3 USBEVDOModem;LGE EVDO USB Modem; C:\WINDOWS\system32\DRIVERS\lgevdomodem.sys [2007-08-28
21632]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys
[2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04
15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
[2007-06-21 22768]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;
C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-06-21 25600]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys
[2004-08-04 78464]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
[2006-04-10 104576]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04
19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;
C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows
Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,
4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; E:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; E:\Program Files\Alwil Software\Avast4\ashServ.exe
[2009-02-05 138680]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2007-11-14
131072]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot
Shield\bin\openvpnas.exe [2008-11-25 88024]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe
[2008-10-07 147456]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-20 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-20 14336]
R2 SVPNStarter;Steganos VPN Starter Service; C:\Program Files\Steganos Internet Anonym
VPN\SVPNStarter.exe [2007-02-16 19968]
R2 WSearch;Recherche Windows; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;
C:\WINDOWS\system32\svchost.exe [2004-08-20 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; E:\Program Files\Alwil
Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems
Shared\Service\Adobelmsvc.exe [2006-03-21 72704]
S3 aspnet_state;ASP.NET State Service;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows
Live\Messenger\usnsvc.exe [2007-10-18 98328]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-03-11 00:51:01
======Uninstall list======
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132
C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE
C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Ares Tube 3.2-->"c:\Ares Tube\unins000.exe"
avast! Antivirus-->E:\Program Files\Alwil Software\Avast4\aswRunDll.exe "E:\Program
Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe
/X{90120000-0020-040C-0000-0000000FF1CE}
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Download Manager 3.0-->E:\Free Download Manager\uninst.exe
Hard Disk Manager (technician licence)-->RunDll32
C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation
Information\{A2552753-D0A7-459B-B606-A7AE12EDFFEF}\Setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotspot Shield 1.10-->C:\Program Files\Hotspot Shield\Uninstall.exe
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital
Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat
-onestop
IMDetect MSN Sniffer Pro v3.0 Evaluation Version -->C:\PROGRA~1\MSNMON~1\UNWISE.EXE
C:\PROGRA~1\MSNMON~1\INSTALL.LOG
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
K-Lite Codec Pack 4.7.0 (Full)-->"E:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MessenPass-->C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\MessenPass\uninst1~.nsu"
MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection
C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET
Framework 2.0\install.exe
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows
XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe
/I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe
/I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack
1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe
/X{7299052b-02a4-4627-81f2-1818da5d550d}
Mobile Connect-->RunDll32
C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation
Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x9 -removeonly
Modem USB LG Electronics-->RunDll32
C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation
Information\{3DC6E06A-F0F7-47F7-8479-FFCAF60F538F}\setup.exe" -l0x40c -removeonly
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Steganos Internet Anonym VPN-->C:\Program Files\Steganos Internet Anonym VPN\uninstall.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Virtual Machine Network Services Driver-->MsiExec.exe
/I{A1795AC0-9B6A-40D9-8E07-A82662268D9F}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe"
/UninstallAll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U
C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090310-0]
System event log
Computer Name: OKAPIMCT
Event Code: 26
Message: Application popup : Windows - Mémoire virtuelle minimale insuffisante : Votre
système manque de mémoire virtuelle. Windows augmente la taille de votre fichier de
pagination de mémoire virtuelle. Durant cette opération, des demandes de mémoire pour
certaines applications pourront être refusées. Pour plus d'informations, consultez l'Aide.
Record Number: 138750
Source Name: Application Popup
Time Written: 20090210155313.000000+060
Event Type: Informations
User:
Computer Name: OKAPIMCT
Event Code: 20159
Message: La connexion à HUAWEI3G.Internet Méditel effectuée par l'utilisateur MEDINET
utilisant le périphérique COM8 a été déconnectée.
Record Number: 138749
Source Name: RemoteAccess
Time Written: 20090210154636.000000+060
Event Type: Informations
User:
Computer Name: OKAPIMCT
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de
connexion TCP simultanées.
Record Number: 138748
Source Name: Tcpip
Time Written: 20090210142451.000000+060
Event Type: Avertissement
User:
Computer Name: OKAPIMCT
Event Code: 35
Message: Le service de temps synchronise maintenant l'heure système avec la
source de temps time.windows.com (ntp.m|0x1|41.214.153.60:123->207.46.232.182:123).
Record Number: 138747
Source Name: W32Time
Time Written: 20090210141656.000000+060
Event Type: Informations
User:
Computer Name: OKAPIMCT
Event Code: 20158
Message: L'utilisateur MEDINET a établi une connexion à HUAWEI3G.Internet Méditel en
utilisant le périphérique COM8.
Record Number: 138746
Source Name: RemoteAccess
Time Written: 20090210141644.000000+060
Event Type: Informations
User:
Application event log
Computer Name: OKAPIMCT
Event Code: 7
Message:
Record Number: 5
Source Name: ADSLAutoconnect
Time Written: 20090121012957.000000+060
Event Type: Informations
User:
Computer Name: OKAPIMCT
Event Code: 7
Message:
Record Number: 4
Source Name: ADSLAutoconnect
Time Written: 20090120233136.000000+060
Event Type: Informations
User:
Computer Name: OKAPIMCT
Event Code: 1003
Message: Le service Recherche Windows a été démarré.
Record Number: 3
Source Name: Windows Search Service
Time Written: 20090120233127.000000+060
Event Type: Informations
User:
Computer Name: OKAPIMCT
Event Code: 7
Message:
Record Number: 2
Source Name: ADSLAutoconnect
Time Written: 20090120233124.000000+060
Event Type: Informations
User:
Computer Name: OKAPIMCT
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 1
Source Name: SecurityCenter
Time Written: 20090120233121.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program
Files\Fichiers communs\Adobe\AGL
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=080a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------
okapimct,
Nettoyage des fichiers temporaires, Cookies..
CCleaner version Slim (sans la Yahoo ToolBar) : Téléchargement - & - Tutoriel.
Utiliser CCleaner après chaque session sur le net,
installation de logiciels et/ou avant de fermer le PC.
__________________________________________________________________________________
Suppressions d'infections.
Redémarrez en >> mode sans échec <<.
• Ouvrer le Bloc-note dans le Menu Démarrer --> Tout les programmes --> Accessoire,
• Copier/ coller le contenu exact de la citation suivante dans le Bloc-Note,
• Sauvegarder sous Suppress.Bat
• Double-cliquer sur le fichier Suppress.Bat
(vous n'avez qu'à mettre en subrillance la citation et tout sera copié/collé correctement dans le Bloc-note.)
| Citation : reg delete "hKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078ba486-3532-11dc-8931-4d6564696130" /f
|
__________________________________________________________________________________
Gestion d'espace disque nécessaire pour le fichier d'échange.
L'Observateur d'évènement montre ( Mémoire virtuel minimale insuffisante).
En vérifiant l'espace disque total et restante affiché dans le RSIT (System drive C: has 310 MB (3%) free of 10 GB ).
Vous devez avoir au moins 10% d'espace disque libre pour le fichier d'échange (C:\pagefile.sys).
Vous devrez donc enlever au moins 25Go "sinon danvantage !" de fichiers sur le C:\.
Ils y a certainement des données personnelles qui pourraient être déplacées sur l'autre disque.
Également supprimer les points de restauration : désactiver/activer la restauration du système (XP)
Aussi, vous pourriez supprimer les désinstallateurs et l'historique des màj de Windows Update, pour récupérer +-1Go.
Préférable d'attendre 2-3semaines après la dernière màj, avant une telle suppression, pour vérifier que cette màj est bien fonctionnelle !
Tuto de suppression des désinstallateurs.. > ici.
( >>> Ne pas supprimer ce répertoire C:\windows\$hf_mig$ <<< )
Après ces modifications/suppressions faites une défragmentation !
__________________________________________________________________________________
Outil de suppression de Kaspersky, màj et téléchargeable quotidiennement.
Serait préférable, puisqu'ils restaient des traces d'infections.
Kaspersky Virus Tool Remover : http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
__________________________________________________________________________________
Optimisation des ressources.
Les lignes 04 dans HijackThis, correspondent à des programmes lancés automatiquement au démarrage du PC.
Plusieurs prennent des ressources système inutilement, puisqu'ils roulent constamment même lorsque inutilisés.
La suppression de lignes 04- ne supprimes aucun fichier.
En fait ces lignes sont des entrées registre, correspondants aux lancement automatique de programmes.
Relancer HijackThis,
• Appuyer sur [Do a system scan only],
• Cocher 
toutes les lignes suivantes et
>>> Fermer les navigateurs, logiciels.. <<<
• Appuyer sur [Fix Checked] pour les supprimer.
( √ = infection, √ = optimisation)
√ O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
√ O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
√ O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
√ O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
√ O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
√ O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
√ O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
√ O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -http://a516.g.akamai.net/f/516/251[...] /wficat-no-eula.cab.
>>>>>> • Redémarrer votre PC pour que prennent effet ces suppressions • <<<<<<<<
__________________________________________________________________________________
Désinstallation des logiciels de désinfection utilisés et déjà sur votre PC.
Préférable en tenant compte du fait qu'il ne sont plus à jours après quelques jours.
>> Fermez toutes les applications en cours,
Téléchargez "ToolsCleaner2" (de A.Rothstein et Dj Quiou) sur votre Bureau : http://pc-system.fr/TC/ToolsCleaner2.exe
• Double cliquez sur ToolsCleaner2.exe > cliquez sur Recherche et laissez le scan se terminer.
• Cliquez sur Suppression pour finaliser
• Vous pouvez, si vous le souhaites, vous servir des Options facultatives.
• Cliquez sur Quitter, pour que le rapport puisse se créer.
Message édité par mido1 le 11-03-2009 à 16:48:33
