Se connecter / S'enregistrer
Votre question

Problême : Invasion de Virus

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Juillet 2008 10:36:46

Bonjour, récemment à cause d'un fichier contaminé
mon ordinateur est infesté de Spywares et de Virus
qui ralentissent considérablement la vitesse de mon
Pc.

Voici quelques problêmes : Ctrl + Alt + Suppr désactivé
car "L'administrateur du Systême à désactivé cette commande"

Fond d'écran toujours fixé sur cette image :


et vitesse de connexion très lente, impossible d'accéder à Google.
Je fais des analyses qui détectent souvent une dixaine de Spywares
et de Malwares mais les autres responsables de ces problêmes ne
sont jamais détectés.

Sauriez-vous comment les éliminer ?

Autres pages sur : probleme invasion virus

8 Juillet 2008 11:59:57

Bonjour,

Sûrement une infection Smitfraud ..

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    8 Juillet 2008 12:33:47

    D'accord, j'essaye ça de suite.
    Je viendrais poster le rapport d'ici ce soir.
    Contenus similaires
    8 Juillet 2008 20:00:41

    voila le rapport

    Citation :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:52:58, on 09/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\sesinetd.exe
    C:\WINDOWS\system32\hserver.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\444.470
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\uoyzsydz.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\atwtusb.exe
    C:\Documents and Settings\Raf\winlogon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    F:\HiJackThis.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\Raf\winlogon.exe
    O4 - HKLM\..\Run: [{ebb7b79d-7f75-7f3b-c3ab-75826325adc9}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{68599936-08d3-adb7-3970-91898cc7e345}.dll" DllInit
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
    O4 - HKLM\..\Run: [d8d04abd] rundll32.exe "C:\WINDOWS\system32\ojlgxhoe.dll",b
    O4 - HKLM\..\Run: [BMdbe37921] Rundll32.exe "C:\WINDOWS\system32\spmxevqk.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
    O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O21 - SSODL: WinCD - {d49e5680-baba-4bb7-b656-465874b9f97d} - C:\WINDOWS\Installer\{d49e5680-baba-4bb7-b656-465874b9f97d}\WinCD.dll (file missing)
    O21 - SSODL: zip - {5ff071a3-0de6-43e1-b867-2533ee9ddbd3} - C:\WINDOWS\Installer\{5ff071a3-0de6-43e1-b867-2533ee9ddbd3}\zip.dll (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINDOWS\system32\sesinetd.exe
    O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: wampapache - Unknown owner - C:\Documents and Settings\Raf\Bureau\Serveur Privé Wow\bin\apache\apache2.2.6\bin\httpd.exe (file missing)
    O23 - Service: wampmysqld - Unknown owner - C:\Documents and Settings\Raf\Bureau\Serveur Privé Wow\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe (file missing)
    O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Raf/Local%20Settings/Temp/GIFTest-PhotoFiltre.gif
    O24 - Desktop Component 1: (no name) - http://www.planet.nl/upload_mm/e/8/0/1920517527_1999998...

    --
    End of file - 10370 bytes
    8 Juillet 2008 22:00:13

    Re,

    Un peu de tout ^^

    Télécharge SDFix (d’Andy Manchesta).

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<
    18 Juillet 2008 23:23:12

    Citation :
    SDFix: Version 1.206
    Run by Raf on 19/07/2008 at 20:19

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :

    Name :
    clbdriver
    MsSecurity1.209.4

    Path :
    \??\globalroot\systemroot\system32\drivers\clbdriver.sys
    C:\WINDOWS\winself.exe service

    clbdriver - Deleted
    MsSecurity1.209.4 - Deleted

    Killing PID 872 'uoyzsydz.exe'


    Restoring Default Security Values
    Restoring Default Hosts File
    Restoring Default IE HomePage
    Restoring Default Desktop Wallpaper

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\iiffDsRL.dll - Deleted
    C:\WINDOWS\system32\1041a.exe - Deleted
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
    C:\Temp\1cb\syscheck.log - Deleted
    C:\Program Files\mjc\mjc.exe - Deleted
    C:\Program Files\Webtools\webtools.dll - Deleted
    C:\WINDOWS\x.exe - Deleted
    C:\WINDOWS\y.exe - Deleted
    C:\WINDOWS\b152.exe - Deleted
    C:\WINDOWS\b155.exe - Deleted
    C:\WINDOWS\mrofinu1188.exe - Deleted
    C:\DOCUME~1\Raf\LOCALS~1\Temp\removalfile.bat - Deleted
    C:\DOCUME~1\Raf\LOCALS~1\Temp\tmpfile0.bat - Deleted
    C:\DOCUME~1\Raf\LOCALS~1\Temp\tmpfile1.bat - Deleted
    C:\WINDOWS\accesss.exe - Deleted
    C:\WINDOWS\astctl32.ocx - Deleted
    C:\WINDOWS\avpcc.dll - Deleted
    C:\WINDOWS\clrssn.exe - Deleted
    C:\WINDOWS\cpan.dll - Deleted
    C:\WINDOWS\ctfmon32.exe - Deleted
    C:\WINDOWS\ctrlpan.dll - Deleted
    C:\WINDOWS\default.htm - Deleted
    C:\WINDOWS\directx32.exe - Deleted
    C:\WINDOWS\dnsrelay.dll - Deleted
    C:\WINDOWS\editpad.exe - Deleted
    C:\WINDOWS\explore.exe - Deleted
    C:\WINDOWS\explorer32.exe - Deleted
    C:\WINDOWS\funniest.exe - Deleted
    C:\WINDOWS\funny.exe - Deleted
    C:\WINDOWS\gfmnaaa.dll - Deleted
    C:\WINDOWS\helpcvs.exe - Deleted
    C:\WINDOWS\iedll.exe - Deleted
    C:\WINDOWS\iexplorer.exe - Deleted
    C:\WINDOWS\inetinf.exe - Deleted
    C:\WINDOWS\internet.exe - Deleted
    C:\WINDOWS\loader.exe - Deleted
    C:\WINDOWS\megavid.cdt - Deleted
    C:\WINDOWS\msconfd.dll - Deleted
    C:\WINDOWS\msspi.dll - Deleted
    C:\WINDOWS\mssys.exe - Deleted
    C:\WINDOWS\msupdate.exe - Deleted
    C:\WINDOWS\mswsc10.dll - Deleted
    C:\WINDOWS\mswsc20.dll - Deleted
    C:\WINDOWS\mtwirl32.dll - Deleted
    C:\WINDOWS\muotr.so - Deleted
    C:\WINDOWS\notepad32.exe - Deleted
    C:\WINDOWS\olehelp.exe - Deleted
    C:\WINDOWS\qttasks.exe - Deleted
    C:\WINDOWS\quicken.exe - Deleted
    C:\WINDOWS\rundll16.exe - Deleted
    C:\WINDOWS\rundll32.vbe - Deleted
    C:\WINDOWS\searchword.dll - Deleted
    C:\WINDOWS\sistem.exe - Deleted
    C:\WINDOWS\svchost32.exe - Deleted
    C:\WINDOWS\svcinit.exe - Deleted
    C:\WINDOWS\systeem.exe - Deleted
    C:\WINDOWS\systemcritical.exe - Deleted
    C:\WINDOWS\system32\hljwugsf.bin - Deleted
    C:\WINDOWS\system32\pac.txt - Deleted
    C:\WINDOWS\system32\spywarewarning.mht - Deleted
    C:\WINDOWS\system32\spywarewarning2.mht - Deleted
    C:\WINDOWS\system32\uoyzsydz.exe - Deleted
    C:\WINDOWS\time.exe - Deleted
    C:\WINDOWS\users32.exe - Deleted
    C:\WINDOWS\waol.exe - Deleted
    C:\WINDOWS\win32e.exe - Deleted
    C:\WINDOWS\win64.exe - Deleted
    C:\WINDOWS\winajbm.dll - Deleted
    C:\WINDOWS\window.exe - Deleted
    C:\WINDOWS\winmgnt.exe - Deleted
    C:\WINDOWS\winself.exe - Deleted
    C:\WINDOWS\xplugin.dll - Deleted
    C:\WINDOWS\xxxvideo.hta - Deleted



    Folder C:\Program Files\IE Extensions - Removed
    Folder C:\Program Files\InetGet2 - Removed
    Folder C:\Program Files\mjc - Removed
    Folder C:\Program Files\Temporary - Removed
    Folder C:\Program Files\Webtools - Removed
    Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
    Folder C:\Recyclers\ - Removed
    Folder C:\Temp\1cb - Removed


    Removing Temp Files

    ADS Check :



    Final Check :


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
    "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
    "C:\\Documents and Settings\\Administrateur\\Bureau\\Nexuiz\\nexuiz.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\Nexuiz\\nexuiz.exe:*:Enabled:Nexuiz"
    "C:\\Alien Arena 2006 UE\\crx.exe"="C:\\Alien Arena 2006 UE\\crx.exe:*:Enabled:crx"
    "C:\\Documents and Settings\\Administrateur\\Bureau\\Nexuiz\\nexuiz-dedicated.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\Nexuiz\\nexuiz-dedicated.exe:*:Enabled:Nexuiz"
    "C:\\Documents and Settings\\Administrateur\\Bureau\\Nexuiz\\nexuiz-sdl.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\Nexuiz\\nexuiz-sdl.exe:*:Enabled:Nexuiz"
    "C:\\Program Files\\Team Arena Demo\\taquake3.exe"="C:\\Program Files\\Team Arena Demo\\taquake3.exe:*:Enabled:taquake3"
    "C:\\Program Files\\Enlight\\Scrapland\\Bin\\Scrap.exe"="C:\\Program Files\\Enlight\\Scrapland\\Bin\\Scrap.exe:*:Enabled:Scrap"
    "C:\\NeverwinterNights\\NWN\\nwmain.exe"="C:\\NeverwinterNights\\NWN\\nwmain.exe:*:Enabled:Neverwinter Nights"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Documents and Settings\\Raf\\Bureau\\WoW-BurningCrusade-frFR-Installer-downloader.exe"="C:\\Documents and Settings\\Raf\\Bureau\\WoW-BurningCrusade-frFR-Installer-downloader.exe:*:Enabled:WoW-BurningCrusade-frFR-Installer-downloader"
    "C:\\Documents and Settings\\Raf\\Bureau\\WoW-frFR-Installer-downloader.exe"="C:\\Documents and Settings\\Raf\\Bureau\\WoW-frFR-Installer-downloader.exe:*:Enabled:WoW-frFR-Installer-downloader"
    "C:\\Program Files\\Dofus\\Dofus.exe"="C:\\Program Files\\Dofus\\Dofus.exe:*:Enabled:D ofus"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\DOCUME~1\\Raf\\LOCALS~1\\Temp\\win188.exe"="C:\\DOCUME~1\\Raf\\LOCALS~1\\Temp\\win188.exe:*:Enabled:win188"
    "C:\\Documents and Settings\\Raf\\Bureau\\WINXP\\SWU.exe"="C:\\Documents and Settings\\Raf\\Bureau\\WINXP\\SWU.exe:*:Enabled:SWU"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Sun 17 Dec 2006 211 A.SHR --- "C:\BOOT.BAK"
    Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\REX Shared Library.dll"
    Fri 27 Jun 2008 53,248 ..SH. --- "C:\Documents and Settings\Raf\winlogon.exe"
    Wed 27 Jun 2007 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Tue 8 Jul 2008 1,800,284 ..SH. --- "C:\WINDOWS\system32\npufvqsp.tmp"
    Tue 25 Mar 2008 1,335,294 ..SH. --- "C:\WINDOWS\system32\pwnguwva.tmp"
    Sat 19 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 7 Mar 2000 473,600 A..H. --- "C:\Program Files\Mozilla Firefox\Laxius Power 3\Harmony.dll"
    Wed 20 Mar 2002 462,336 A..H. --- "C:\Program Files\Mozilla Firefox\Laxius Power 3\VDSRUN40.DLL"
    Sun 1 Apr 2007 8,459,351 A..H. --- "C:\Documents and Settings\Administrateur\Local Settings\Temp\dn2193.tmp"
    Fri 7 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Fri 25 Jun 2004 12,431,945 A..H. --- "C:\Program Files\Bodom-Child - RaBBi\RGSS\Standard\Graphics.exe"
    Tue 3 Dec 2002 196,608 A..H. --- "C:\Program Files\Mozilla Firefox\Laxius Power 3\Piez-o-matic\LAME.EXE"
    Tue 3 Dec 2002 172,032 A..H. --- "C:\Program Files\Mozilla Firefox\Laxius Power 3\Piez-o-matic\LAME_ENC.DLL"
    Fri 29 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT1.tmp"
    Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1.tmp"
    Wed 21 Mar 2007 444 ...HR --- "C:\Documents and Settings\Administrateur\Application Data\SecuROM\UserData\securom_v7_01.bak"

    Finished!



    Voila le rapport donné par le logiciel.
    Il à éliminé des virus comme le fond d'écran
    ou Ctrl + Alt + Suppr mais la vitesse de connexion
    est toujours aussi lente et certains programmes ne s'ouvrent
    pas.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS