J'ai le virus: c'est pas toi, que faire.??
Résolu/Fermé
Mitsuka
Messages postés
4
Date d'inscription
jeudi 17 janvier 2008
Statut
Membre
Dernière intervention
18 janvier 2008
-
18 janv. 2008 à 18:28
miguelito - 25 févr. 2008 à 20:45
miguelito - 25 févr. 2008 à 20:45
A voir également:
- J'ai le virus: c'est pas toi, que faire.??
- Svchost.exe virus - Guide
- Lien virus à envoyer - Forum Virus
- Faux message virus iphone - Forum iPhone
- Vérificateur de lien virus - Guide
- Produkey virus ✓ - Forum Windows 10
105 réponses
Maijin
Messages postés
1385
Date d'inscription
lundi 1 octobre 2007
Statut
Membre
Dernière intervention
28 juin 2009
351
18 janv. 2008 à 18:34
18 janv. 2008 à 18:34
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Mitsuka
Messages postés
4
Date d'inscription
jeudi 17 janvier 2008
Statut
Membre
Dernière intervention
18 janvier 2008
18 janv. 2008 à 19:05
18 janv. 2008 à 19:05
SDFix: Version 1.127
Run by Charlotte on 18/01/2008 at 18:55
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\CHARLO~1\Bureau\NOUVEA~1\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 18:58:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters]
"VideoInitTime"=dword:00000c54
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Watchdog\Display]
"ShutdownCount"=dword:00000029
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_1180&DEV_0822&SUBSYS_01F51028&REV_19\4&1a4c5809&0&08A4\LogConf]
"BasicConfigVector"=hex(a):a8,00,00,00,05,00,00,00,08,00,00,00,01,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,05,00,00,00,08,00,00,00,01,00,01,00,02,00,00,00,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_1180&DEV_0843&SUBSYS_01F51028&REV_01\4&1a4c5809&0&09A4\LogConf]
"BasicConfigVector"=hex(a):a8,00,00,00,05,00,00,00,08,00,00,00,21,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,05,00,00,00,08,00,00,00,01,00,01,00,02,00,00,00,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ERSvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\helpsvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SamSs]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Epoch]
"Epoch"=dword:00000254
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SynTP\Parameters]
"DetectTimeMS"=dword:000002b1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EA4BF9DF-1591-46AD-A807-1D6C45B333C0}]
"LeaseObtainedTime"=dword:4790de98
"T1"=dword:47918758
"T2"=dword:479205e8
"LeaseTerminatesTime"=dword:47923018
"DhcpRetryTime"=dword:0000a8bb
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wscsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{EA4BF9DF-1591-46AD-A807-1D6C45B333C0}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:4790de98
"T1"=dword:47918758
"T2"=dword:479205e8
"LeaseTerminatesTime"=dword:47923018
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"ProfileLoadTimeLow"=dword:c7862118
"ProfileLoadTimeHigh"=dword:01c859f5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"RefCount"=dword:00000003
scanning hidden files ...
C:\WINDOWS\pchealth\helpctr\System\DFS\privacy.htm 3354 bytes
C:\WINDOWS\pchealth\helpctr\System\DFS\uplddrvinfo.htm 33722 bytes
C:\WINDOWS\pchealth\helpctr\System\DFS\viewmode.xml 274 bytes
C:\WINDOWS\pchealth\helpctr\System\DFS\xmldialog.htm 966 bytes
C:\WINDOWS\pchealth\helpctr\System\DFS\xmldisplay.xsl 11750 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 138
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\CHARLO~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CHARLO~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\CHARLO~1\Bureau\NOUVEA~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Finished!
Voila, j'ai fait tout ce que tu m'avais dis... il se passe quoi maintenant?
Run by Charlotte on 18/01/2008 at 18:55
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\CHARLO~1\Bureau\NOUVEA~1\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 18:58:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters]
"VideoInitTime"=dword:00000c54
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Watchdog\Display]
"ShutdownCount"=dword:00000029
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_1180&DEV_0822&SUBSYS_01F51028&REV_19\4&1a4c5809&0&08A4\LogConf]
"BasicConfigVector"=hex(a):a8,00,00,00,05,00,00,00,08,00,00,00,01,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,05,00,00,00,08,00,00,00,01,00,01,00,02,00,00,00,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_1180&DEV_0843&SUBSYS_01F51028&REV_01\4&1a4c5809&0&09A4\LogConf]
"BasicConfigVector"=hex(a):a8,00,00,00,05,00,00,00,08,00,00,00,21,00,00,00,00,00,00,00,00,..
"BootConfig"=hex(8):01,00,00,00,05,00,00,00,08,00,00,00,01,00,01,00,02,00,00,00,03,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ERSvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\helpsvc]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SamSs]
"Start"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Epoch]
"Epoch"=dword:00000254
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SynTP\Parameters]
"DetectTimeMS"=dword:000002b1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EA4BF9DF-1591-46AD-A807-1D6C45B333C0}]
"LeaseObtainedTime"=dword:4790de98
"T1"=dword:47918758
"T2"=dword:479205e8
"LeaseTerminatesTime"=dword:47923018
"DhcpRetryTime"=dword:0000a8bb
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wscsvc]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{EA4BF9DF-1591-46AD-A807-1D6C45B333C0}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:4790de98
"T1"=dword:47918758
"T2"=dword:479205e8
"LeaseTerminatesTime"=dword:47923018
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"ProfileLoadTimeLow"=dword:c7862118
"ProfileLoadTimeHigh"=dword:01c859f5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"RefCount"=dword:00000003
scanning hidden files ...
C:\WINDOWS\pchealth\helpctr\System\DFS\privacy.htm 3354 bytes
C:\WINDOWS\pchealth\helpctr\System\DFS\uplddrvinfo.htm 33722 bytes
C:\WINDOWS\pchealth\helpctr\System\DFS\viewmode.xml 274 bytes
C:\WINDOWS\pchealth\helpctr\System\DFS\xmldialog.htm 966 bytes
C:\WINDOWS\pchealth\helpctr\System\DFS\xmldisplay.xsl 11750 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 138
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\CHARLO~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CHARLO~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\CHARLO~1\Bureau\NOUVEA~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Finished!
Voila, j'ai fait tout ce que tu m'avais dis... il se passe quoi maintenant?
SDFix: Version 1.131
Run by Audrey on 26/01/2008 at 13:54
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Audrey\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\Audrey\Application Data\addon.dat - Deleted
Folder C:\Program Files\Bifrost - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
:BZ-VIRTUAL-LINK 0
Total size: 0 bytes.
WINDOWS: deleted 0 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
:BZ-VIRTUAL-LINK 0
Total size: 0 bytes.
system32: deleted 0 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 14:03:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\7971f918-a847-4430-9279-4a52d1efe18d]
"CurrentCacheFile"="C:\WINDOWS\SoftwareDistribution\EventCache\{92EB66FF-7774-4C7E-BCAE-72781812CA68}.bin"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 656
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\DOCUME~1\\Audrey\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Audrey\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Audrey\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 24 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 20 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COHDLU.reg"
Finished!
C'est bon ? Tout est clean ? En tout cas merci pour tes conseil. ;)
Run by Audrey on 26/01/2008 at 13:54
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Audrey\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\Audrey\Application Data\addon.dat - Deleted
Folder C:\Program Files\Bifrost - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
:BZ-VIRTUAL-LINK 0
Total size: 0 bytes.
WINDOWS: deleted 0 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
:BZ-VIRTUAL-LINK 0
Total size: 0 bytes.
system32: deleted 0 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 14:03:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\7971f918-a847-4430-9279-4a52d1efe18d]
"CurrentCacheFile"="C:\WINDOWS\SoftwareDistribution\EventCache\{92EB66FF-7774-4C7E-BCAE-72781812CA68}.bin"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 656
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\DOCUME~1\\Audrey\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Audrey\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Audrey\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 24 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 20 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COHDLU.reg"
Finished!
C'est bon ? Tout est clean ? En tout cas merci pour tes conseil. ;)
Maijin
Messages postés
1385
Date d'inscription
lundi 1 octobre 2007
Statut
Membre
Dernière intervention
28 juin 2009
351
18 janv. 2008 à 19:25
18 janv. 2008 à 19:25
essaye normalement ça devrait remarcher non?
Mitsuka
Messages postés
4
Date d'inscription
jeudi 17 janvier 2008
Statut
Membre
Dernière intervention
18 janvier 2008
18 janv. 2008 à 19:55
18 janv. 2008 à 19:55
ouiiii merciii ^^
:)
:)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Slt tout le monde voila moi aussi j'ai ce problème qui persiste j’étais sur MSN et tout a coup un de mes contact m'envoi un message avec un lien et mon adresse MSN j'ouvre et c'était un Ga que je ne connaissais pas donc je ferme et la mon ordi ce met a délire tout seul personnes ne pourrai m'aider svp mais si la solution la plus simple pour enlève ce virus vous Vien a l'esprit dite me le svp par ce que je suis très nul en informatique
BONJOUR moi j'ai fait la meme chose que Mitsuka et voia le rapport
Run by admin on 19/01/2008 at 11:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\Cyprien\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 11:16:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 69
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\World of Warcraft\\WoW.exe"="C:\\Program Files\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:World of Warcraft - Repair"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe:*:Enabled:W40kWA"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\DOCUME~1\\Cyprien\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Cyprien\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 26 Jan 2006 4,126,240 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 29 Aug 2005 121,240 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1CheckW40k.EXE"
Sat 20 Aug 2005 121,237 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1Check.EXE"
Finished!
Sui je guérit docteur???
Run by admin on 19/01/2008 at 11:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\Cyprien\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 11:16:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 69
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\World of Warcraft\\WoW.exe"="C:\\Program Files\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:World of Warcraft - Repair"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe:*:Enabled:W40kWA"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\DOCUME~1\\Cyprien\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Cyprien\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 26 Jan 2006 4,126,240 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 29 Aug 2005 121,240 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1CheckW40k.EXE"
Sat 20 Aug 2005 121,237 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1Check.EXE"
Finished!
Sui je guérit docteur???
Maijin
Messages postés
1385
Date d'inscription
lundi 1 octobre 2007
Statut
Membre
Dernière intervention
28 juin 2009
351
19 janv. 2008 à 12:47
19 janv. 2008 à 12:47
Ca marche ce coup ci?
jangofett76
Messages postés
139
Date d'inscription
dimanche 23 décembre 2007
Statut
Membre
Dernière intervention
4 septembre 2012
21
19 janv. 2008 à 13:21
19 janv. 2008 à 13:21
slt j'ai le même problème que vous donc j'essaye la méthode et je vous confirme si ça marche
jangofett76
Messages postés
139
Date d'inscription
dimanche 23 décembre 2007
Statut
Membre
Dernière intervention
4 septembre 2012
21
19 janv. 2008 à 14:22
19 janv. 2008 à 14:22
cette méthode marche nikel, j'ai retrouvé msn
Voila le rapport
SDFix: Version 1.129
Run by soizic on 19/01/2008 at 16:03
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\soizic\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 16:15:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2929
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\WINDOWS\\AdobeR.exe"="C:\\WINDOWS\\AdobeR.exe:*:Disabled:AdobeR"
"C:\\DOCUME~1\\soizic\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\soizic\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 26 Jan 2006 4,126,240 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 1 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 30 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\21c885a593b3aea69d4a95ec1bfc46d4\BIT9.tmp"
Sat 19 Jan 2008 3,555,440 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac16e878b3eb65a8615fd9bf20cdf4df\BITA.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf719f1d7800c04efd4b1796edb2edc3\BITB.tmp"
Finished!
SDFix: Version 1.129
Run by soizic on 19/01/2008 at 16:03
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\soizic\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 16:15:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2929
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\WINDOWS\\AdobeR.exe"="C:\\WINDOWS\\AdobeR.exe:*:Disabled:AdobeR"
"C:\\DOCUME~1\\soizic\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\soizic\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 26 Jan 2006 4,126,240 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 1 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 30 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\21c885a593b3aea69d4a95ec1bfc46d4\BIT9.tmp"
Sat 19 Jan 2008 3,555,440 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac16e878b3eb65a8615fd9bf20cdf4df\BITA.tmp"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf719f1d7800c04efd4b1796edb2edc3\BITB.tmp"
Finished!
G fé ske ta di, sa avé lair de marcher mais mon antispyxware de bitdefender marche plus, et j'ai encore le virus...
voila le rapport ke sa a donné!!
SDFix: Version 1.129
Run by BABIN_ on 19/01/2008 at 20:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
windows mail service
Path:
"C:\WINDOWS\mail.exe"
windows mail service - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\BABIN_\LOCALS~1\Temp\services.exe - Deleted
C:\autorun.inf - Deleted
C:\WINDOWS\mail.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 20:27:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control]
"WaitToKillServiceTimeout"="7000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\Memory Management\PrefetchParameters]
"VideoInitTime"=dword:000001f4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Watchdog\Display]
"ShutdownCount"=dword:00000250
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDOWS_MAIL_SERVICE]
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDOWS_MAIL_SERVICE\0000]
"Service"="windows mail service"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="windows mail service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"C:\WINDOWS\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"C:\WINDOWS\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver\DefaultSecurity]
"PreviousAnonymousRestriction"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanworkstation\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Epoch]
"Epoch"=dword:000004d0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{3C85EDBA-9483-4FB0-A872-40A5750B7981}]
"DhcpRetryTime"=dword:00044398
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\windows mail service]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):""C:\WINDOWS\mail.exe""
"DisplayName"="windows mail service"
"ObjectName"="LocalSystem"
"FailureActions"=hex:0a,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,..
"Description"="windows mail service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\windows mail service\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wscsvc]
"Start"=dword:00000004
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"RefCount"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 740
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\BABIN_\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\BABIN_\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 5 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 28 Aug 2007 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Tue 28 Aug 2007 48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Tue 5 Dec 2006 4,348 ...H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv1key.bak"
Fri 31 Aug 2007 20 A..H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv1lic.bak"
Tue 28 Aug 2007 400 ...H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv2key.bak"
Fri 31 Aug 2007 1,536 A..H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv2lic.bak"
Sun 14 Jan 2007 25,385,984 ...H. --- "C:\Documents and Settings\BABIN_\Mes documents\~WRL1266.tmp"
Finished!
voila le rapport ke sa a donné!!
SDFix: Version 1.129
Run by BABIN_ on 19/01/2008 at 20:20
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
windows mail service
Path:
"C:\WINDOWS\mail.exe"
windows mail service - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\BABIN_\LOCALS~1\Temp\services.exe - Deleted
C:\autorun.inf - Deleted
C:\WINDOWS\mail.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 20:27:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control]
"WaitToKillServiceTimeout"="7000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\Memory Management\PrefetchParameters]
"VideoInitTime"=dword:000001f4
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Watchdog\Display]
"ShutdownCount"=dword:00000250
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDOWS_MAIL_SERVICE]
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDOWS_MAIL_SERVICE\0000]
"Service"="windows mail service"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="windows mail service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"C:\WINDOWS\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"C:\WINDOWS\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver\DefaultSecurity]
"PreviousAnonymousRestriction"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanworkstation\parameters]
"AutoShareWks"=dword:00000000
"AutoShareServer"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Epoch]
"Epoch"=dword:000004d0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{3C85EDBA-9483-4FB0-A872-40A5750B7981}]
"DhcpRetryTime"=dword:00044398
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\windows mail service]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000000
"ImagePath"=str(2):""C:\WINDOWS\mail.exe""
"DisplayName"="windows mail service"
"ObjectName"="LocalSystem"
"FailureActions"=hex:0a,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,..
"Description"="windows mail service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\windows mail service\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wscsvc]
"Start"=dword:00000004
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"RefCount"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 740
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\BABIN_\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\BABIN_\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 5 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 28 Aug 2007 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Tue 28 Aug 2007 48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Tue 5 Dec 2006 4,348 ...H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv1key.bak"
Fri 31 Aug 2007 20 A..H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv1lic.bak"
Tue 28 Aug 2007 400 ...H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv2key.bak"
Fri 31 Aug 2007 1,536 A..H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv2lic.bak"
Sun 14 Jan 2007 25,385,984 ...H. --- "C:\Documents and Settings\BABIN_\Mes documents\~WRL1266.tmp"
Finished!
SDFix: Version 1.129
Run by ADAM on 19/01/2008 at 21:06
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\ADAM\Local Settings\Temp\aax52.tmp.exe - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\script.txt - Deleted
C:\Program Files\Words\UnInstall.exe - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\Documents and Settings\ADAM\new.txt - Deleted
C:\DOCUME~1\ADAM\LOCALS~1\Temp\services.exe - Deleted
C:\install\credits.bat - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b14?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\myalbum*.zip - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Words - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 21:15:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 690
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\802.11 Wireless LAN\\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\\WlanCU.exe"="C:\\Program Files\\802.11 Wireless LAN\\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\\WlanCU.exe:*:Enabled:Wireless Configuration Utility HW.32"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"E:\\incredimail_install.exe"="E:\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\ADAM\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\ADAM\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\ADAM\\Mes documents\\My Completed Downloads\\incredimail_install.exe"="C:\\Documents and Settings\\ADAM\\Mes documents\\My Completed Downloads\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)"
"C:\\DOCUME~1\\ADAM\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\ADAM\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 7 Oct 2006 10,022 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 7 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 24 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Finished!
Je vous remerci pour la solution c magique !!!
a bientot(fin jesper pas pk sinon sa voudrait dire ke jai encore un probleme =D) MERCI
Run by ADAM on 19/01/2008 at 21:06
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\ADAM\Local Settings\Temp\aax52.tmp.exe - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\script.txt - Deleted
C:\Program Files\Words\UnInstall.exe - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\Documents and Settings\ADAM\new.txt - Deleted
C:\DOCUME~1\ADAM\LOCALS~1\Temp\services.exe - Deleted
C:\install\credits.bat - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b14?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\myalbum*.zip - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Words - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 21:15:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 690
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\802.11 Wireless LAN\\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\\WlanCU.exe"="C:\\Program Files\\802.11 Wireless LAN\\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\\WlanCU.exe:*:Enabled:Wireless Configuration Utility HW.32"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"E:\\incredimail_install.exe"="E:\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\ADAM\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\ADAM\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\ADAM\\Mes documents\\My Completed Downloads\\incredimail_install.exe"="C:\\Documents and Settings\\ADAM\\Mes documents\\My Completed Downloads\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)"
"C:\\DOCUME~1\\ADAM\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\ADAM\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 7 Oct 2006 10,022 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 7 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 24 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Finished!
Je vous remerci pour la solution c magique !!!
a bientot(fin jesper pas pk sinon sa voudrait dire ke jai encore un probleme =D) MERCI
joule33
Messages postés
2
Date d'inscription
samedi 19 janvier 2008
Statut
Membre
Dernière intervention
20 janvier 2008
19 janv. 2008 à 21:32
19 janv. 2008 à 21:32
bonsoir a tous j ai egalement ce virus et j ai fait le rapport que faire maintenant?
merci pour votre aideSystem Report
*************
Run on 19/01/2008 at 21:24
Microsoft Windows XP [version 5.1.2600]
Current user is an administrator
Running Processes:
\SystemRoot\System32\smss.exe [536]
\??\C:\WINDOWS\system32\csrss.exe [592]
\??\C:\WINDOWS\system32\winlogon.exe [628]
C:\WINDOWS\system32\services.exe [672]
C:\WINDOWS\system32\lsass.exe [684]
C:\WINDOWS\system32\Ati2evxx.exe [848]
C:\WINDOWS\system32\svchost.exe [872]
C:\WINDOWS\system32\svchost.exe [948]
C:\WINDOWS\System32\svchost.exe [1004]
C:\WINDOWS\system32\svchost.exe [1112]
C:\WINDOWS\system32\svchost.exe [1152]
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [1412]
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe [1628]
C:\WINDOWS\system32\spoolsv.exe [1940]
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [580]
C:\WINDOWS\system32\Ati2evxx.exe [900]
C:\WINDOWS\Explorer.EXE [1376]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1708]
C:\WINDOWS\eHome\ehRecvr.exe [1780]
C:\WINDOWS\eHome\ehSched.exe [1840]
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [720]
C:\WINDOWS\ehome\ehtray.exe [1084]
C:\WINDOWS\system32\ctfmon.exe [1268]
C:\WINDOWS\eHome\ehmsas.exe [1648]
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2240]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2332]
C:\WINDOWS\system32\HPZipm12.exe [2556]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2564]
C:\WINDOWS\system32\svchost.exe [2600]
C:\WINDOWS\system32\svchost.exe [2612]
C:\WINDOWS\BUtilityBar\BisonBar.exe [2728]
C:\WINDOWS\ehome\mcrdsvc.exe [2796]
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2876]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2932]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2944]
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2980]
C:\WINDOWS\system32\fxssvc.exe [3092]
C:\Program Files\QuickTime\QTTask.exe [3104]
C:\Program Files\iTunes\iTunesHelper.exe [3156]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [3228]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [3304]
C:\WINDOWS\RTHDCPL.EXE [3312]
C:\DOCUME~1\GOURDO~1\LOCALS~1\Temp\services.exe [3520]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [3608]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [3724]
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2136]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [2164]
C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2172]
C:\Program Files\WinZip\WZQKPICK.EXE [2368]
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe [2824]
C:\WINDOWS\system32\dllhost.exe [3664]
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN [3260]
C:\WINDOWS\system32\wbem\wmiapsrv.exe [2540]
C:\WINDOWS\system32\wbem\wmiprvse.exe [2452]
C:\Program Files\iPod\bin\iPodService.exe [372]
C:\WINDOWS\system32\wbem\wmiprvse.exe [1752]
C:\WINDOWS\System32\alg.exe [4088]
C:\WINDOWS\system32\wbem\unsecapp.exe [4240]
C:\WINDOWS\system32\wuauclt.exe [4668]
C:\WINDOWS\System32\svchost.exe [4688]
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [5644]
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE [5744]
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe [5920]
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe [6008]
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe [2224]
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe [3776]
Drivers - Running:
SERVICE_NAME: abp480n5
SERVICE_NAME: ACPI
SERVICE_NAME: ACPIEC
SERVICE_NAME: adpu160m
SERVICE_NAME: AFD
SERVICE_NAME: agp440
SERVICE_NAME: agpCPQ
SERVICE_NAME: Aha154x
SERVICE_NAME: aic78u2
SERVICE_NAME: aic78xx
SERVICE_NAME: AliIde
SERVICE_NAME: alim1541
SERVICE_NAME: amdagp
SERVICE_NAME: AmdK8
SERVICE_NAME: amsint
SERVICE_NAME: AR5211
SERVICE_NAME: asc
SERVICE_NAME: asc3350p
SERVICE_NAME: asc3550
SERVICE_NAME: atapi
SERVICE_NAME: ati2mtag
SERVICE_NAME: audstub
SERVICE_NAME: Beep
SERVICE_NAME: Cam5603D
SERVICE_NAME: cbidf
SERVICE_NAME: cd20xrnt
SERVICE_NAME: Cdfs
SERVICE_NAME: Cdrom
SERVICE_NAME: CmBatt
SERVICE_NAME: CmdIde
SERVICE_NAME: Compbatt
SERVICE_NAME: Cpqarray
SERVICE_NAME: dac2w2k
SERVICE_NAME: dac960nt
SERVICE_NAME: Disk
SERVICE_NAME: DKbFltr
SERVICE_NAME: dmio
SERVICE_NAME: dmload
SERVICE_NAME: dpti2o
SERVICE_NAME: DritekPortIO
SERVICE_NAME: eeCtrl
SERVICE_NAME: EMSCR
SERVICE_NAME: ESDCR
SERVICE_NAME: ESMCR
SERVICE_NAME: Fastfat
SERVICE_NAME: Fips
SERVICE_NAME: FltMgr
SERVICE_NAME: Ftdisk
SERVICE_NAME: GEARAspiWDM
SERVICE_NAME: Gpc
SERVICE_NAME: HDAudBus
SERVICE_NAME: hpn
SERVICE_NAME: HSFHWAZL
SERVICE_NAME: HSF_DPV
SERVICE_NAME: HTTP
SERVICE_NAME: i2omgmt
SERVICE_NAME: i2omp
SERVICE_NAME: i8042prt
SERVICE_NAME: Imapi
SERVICE_NAME: ini910u
SERVICE_NAME: int15
SERVICE_NAME: IntcAzAudAddService
SERVICE_NAME: IntelIde
SERVICE_NAME: IpNat
SERVICE_NAME: IPSec
SERVICE_NAME: irda
SERVICE_NAME: isapnp
SERVICE_NAME: Kbdclass
SERVICE_NAME: kmixer
SERVICE_NAME: KSecDD
SERVICE_NAME: mdmxsdk
SERVICE_NAME: mnmdd
SERVICE_NAME: Modem
SERVICE_NAME: Mouclass
SERVICE_NAME: MountMgr
SERVICE_NAME: mraid35x
SERVICE_NAME: MRxDAV
SERVICE_NAME: MRxSmb
SERVICE_NAME: Msfs
SERVICE_NAME: mssmbios
SERVICE_NAME: Mup
SERVICE_NAME: NAVENG
SERVICE_NAME: NAVEX15
SERVICE_NAME: NDIS
SERVICE_NAME: NdisTapi
SERVICE_NAME: Ndisuio
SERVICE_NAME: NdisWan
SERVICE_NAME: NDProxy
SERVICE_NAME: NetBIOS
SERVICE_NAME: NetBT
SERVICE_NAME: Npfs
SERVICE_NAME: NTIDrvr
SERVICE_NAME: Null
SERVICE_NAME: ohci1394
SERVICE_NAME: PartMgr
SERVICE_NAME: PCI
SERVICE_NAME: PCIIde
SERVICE_NAME: Pcmcia
SERVICE_NAME: perc2
SERVICE_NAME: perc2hib
SERVICE_NAME: PptpMiniport
SERVICE_NAME: PSched
SERVICE_NAME: Ptilink
SERVICE_NAME: PxHelp20
SERVICE_NAME: ql1080
SERVICE_NAME: Ql10wnt
SERVICE_NAME: ql12160
SERVICE_NAME: ql1240
SERVICE_NAME: ql1280
SERVICE_NAME: RasAcd
SERVICE_NAME: Rasirda
SERVICE_NAME: Rasl2tp
SERVICE_NAME: RasPppoe
SERVICE_NAME: Raspti
SERVICE_NAME: Rdbss
SERVICE_NAME: RDPCDD
SERVICE_NAME: rdpdr
SERVICE_NAME: redbook
SERVICE_NAME: RTL8023xp
SERVICE_NAME: sdbus
SERVICE_NAME: sisagp
SERVICE_NAME: Sparrow
SERVICE_NAME: SPBBCDrv
SERVICE_NAME: sr
SERVICE_NAME: SRTSP
SERVICE_NAME: SRTSPX
SERVICE_NAME: Srv
SERVICE_NAME: swenum
SERVICE_NAME: symc810
SERVICE_NAME: symc8xx
SERVICE_NAME: SYMDNS
SERVICE_NAME: SymEvent
SERVICE_NAME: SYMFW
SERVICE_NAME: SYMIDS
SERVICE_NAME: SYMIDSCO
SERVICE_NAME: SYMNDIS
SERVICE_NAME: SYMREDRV
SERVICE_NAME: SYMTDI
SERVICE_NAME: sym_hi
SERVICE_NAME: sym_u3
SERVICE_NAME: SynTP
SERVICE_NAME: sysaudio
SERVICE_NAME: Tcpip
SERVICE_NAME: TermDD
SERVICE_NAME: tffsport
SERVICE_NAME: TosIde
SERVICE_NAME: tvicport
SERVICE_NAME: UBHelper
SERVICE_NAME: ultra
SERVICE_NAME: Update
SERVICE_NAME: usbehci
SERVICE_NAME: usbhub
SERVICE_NAME: usbohci
SERVICE_NAME: VgaSave
SERVICE_NAME: viaagp
SERVICE_NAME: ViaIde
SERVICE_NAME: VolSnap
SERVICE_NAME: Wanarp
SERVICE_NAME: wdmaud
SERVICE_NAME: winachsf
SERVICE_NAME: WmiAcpi
SERVICE_NAME: zntport
Drivers - Stopped:
SERVICE_NAME: Abiosdsk
SERVICE_NAME: aec
SERVICE_NAME: Arp1394
SERVICE_NAME: AsyncMac
SERVICE_NAME: Atdisk
SERVICE_NAME: Atmarpc
SERVICE_NAME: cbidf2k
SERVICE_NAME: CCDECODE
SERVICE_NAME: Cdaudio
SERVICE_NAME: Changer
SERVICE_NAME: dmboot
SERVICE_NAME: DMusic
SERVICE_NAME: driverhardwarev2
SERVICE_NAME: drmkaud
SERVICE_NAME: eLock2BurnerLockDriver
SERVICE_NAME: eLock2FSCTLDriver
SERVICE_NAME: Fdc
SERVICE_NAME: Flpydisk
SERVICE_NAME: HPZid412
SERVICE_NAME: HPZipr12
SERVICE_NAME: HPZius12
SERVICE_NAME: HSXHWAZL
SERVICE_NAME: Ip6Fw
SERVICE_NAME: IpFilterDriver
SERVICE_NAME: IpInIp
SERVICE_NAME: IRENUM
SERVICE_NAME: irsir
SERVICE_NAME: lbrtfdc
SERVICE_NAME: MHNDRV
SERVICE_NAME: MSKSSRV
SERVICE_NAME: MSPCLOCK
SERVICE_NAME: MSPQM
SERVICE_NAME: MSTEE
SERVICE_NAME: NABTSFEC
SERVICE_NAME: NdisIP
SERVICE_NAME: NIC1394
SERVICE_NAME: Ntfs
SERVICE_NAME: NwlnkFlt
SERVICE_NAME: NwlnkFwd
SERVICE_NAME: Parport
SERVICE_NAME: ParVdm
SERVICE_NAME: PCIDump
SERVICE_NAME: PDCOMP
SERVICE_NAME: PDFRAME
SERVICE_NAME: PDRELI
SERVICE_NAME: PDRFRAME
SERVICE_NAME: Processor
SERVICE_NAME: RDPWD
SERVICE_NAME: Secdrv
SERVICE_NAME: Serial
SERVICE_NAME: Sfloppy
SERVICE_NAME: Simbad
SERVICE_NAME: SLIP
SERVICE_NAME: SMCIRDA
SERVICE_NAME: splitter
SERVICE_NAME: SRTSPL
SERVICE_NAME: streamip
SERVICE_NAME: swmidi
SERVICE_NAME: TDPIPE
SERVICE_NAME: TDTCP
SERVICE_NAME: Udfs
SERVICE_NAME: USBAAPL
SERVICE_NAME: usbccgp
SERVICE_NAME: usbprint
SERVICE_NAME: usbscan
SERVICE_NAME: USBSTOR
SERVICE_NAME: WDICA
SERVICE_NAME: WSTCODEC
Services - Running:
SERVICE_NAME: AcerMemUsageCheckService
SERVICE_NAME: ALG
SERVICE_NAME: Apple Mobile Device
SERVICE_NAME: Ati HotKey Poller
SERVICE_NAME: AudioSrv
SERVICE_NAME: BITS
SERVICE_NAME: Browser
SERVICE_NAME: ccEvtMgr
SERVICE_NAME: ccSetMgr
SERVICE_NAME: CLTNetCnService
SERVICE_NAME: COMSysApp
SERVICE_NAME: CryptSvc
SERVICE_NAME: DcomLaunch
SERVICE_NAME: Dhcp
SERVICE_NAME: dmserver
SERVICE_NAME: Dnscache
SERVICE_NAME: ehRecvr
SERVICE_NAME: ehSched
SERVICE_NAME: ERSvc
SERVICE_NAME: Eventlog
SERVICE_NAME: EventSystem
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: Fax
SERVICE_NAME: helpsvc
SERVICE_NAME: HTTPFilter
SERVICE_NAME: iPod Service
SERVICE_NAME: Irmon
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: LightScribeService
SERVICE_NAME: LiveUpdate
SERVICE_NAME: LiveUpdate Notice Ex
SERVICE_NAME: LmHosts
SERVICE_NAME: McrdSvc
SERVICE_NAME: Netman
SERVICE_NAME: Nla
SERVICE_NAME: Planificateur LiveUpdate automatique
SERVICE_NAME: PlugPlay
SERVICE_NAME: Pml Driver HPZ12
SERVICE_NAME: PolicyAgent
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: RasMan
SERVICE_NAME: RemoteRegistry
SERVICE_NAME: RpcSs
SERVICE_NAME: SamSs
SERVICE_NAME: Schedule
SERVICE_NAME: seclogon
SERVICE_NAME: SENS
SERVICE_NAME: SharedAccess
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: Spooler
SERVICE_NAME: srservice
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: SymAppCore
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: Themes
SERVICE_NAME: TrkWks
SERVICE_NAME: W32Time
SERVICE_NAME: WebClient
SERVICE_NAME: winmgmt
SERVICE_NAME: WmiApSrv
SERVICE_NAME: wuauserv
SERVICE_NAME: WZCSVC
Services - Stopped:
SERVICE_NAME: Alerter
SERVICE_NAME: AppMgmt
SERVICE_NAME: aspnet_state
SERVICE_NAME: ATI Smart
SERVICE_NAME: CiSvc
SERVICE_NAME: ClipSrv
SERVICE_NAME: clr_optimization_v2.0.50727_32
SERVICE_NAME: dmadmin
SERVICE_NAME: GoogleDesktopManager
SERVICE_NAME: HidServ
SERVICE_NAME: ImapiService
SERVICE_NAME: ISPwdSvc
SERVICE_NAME: LiveUpdate Notice Service
SERVICE_NAME: Messenger
SERVICE_NAME: MHN
SERVICE_NAME: mnmsrvc
SERVICE_NAME: MSDTC
SERVICE_NAME: MSIServer
SERVICE_NAME: NetDDE
SERVICE_NAME: NetDDEdsdm
SERVICE_NAME: Netlogon
SERVICE_NAME: NtLmSsp
SERVICE_NAME: NtmsSvc
SERVICE_NAME: ose
SERVICE_NAME: RasAuto
SERVICE_NAME: RDSessMgr
SERVICE_NAME: RemoteAccess
SERVICE_NAME: RpcLocator
SERVICE_NAME: RSVP
SERVICE_NAME: SCardSvr
SERVICE_NAME: SwPrv
SERVICE_NAME: Symantec Core LC
SERVICE_NAME: SysmonLog
SERVICE_NAME: TlntSvr
SERVICE_NAME: UMWdf
SERVICE_NAME: upnphost
SERVICE_NAME: UPS
SERVICE_NAME: usnjsvc
SERVICE_NAME: VSS
SERVICE_NAME: WmdmPmSN
SERVICE_NAME: Wmi
SERVICE_NAME: wscsvc
SERVICE_NAME: xmlprov
Files Created/Modified - 60 Days :
C:\
19 Jan 2008 21:17:06 1 409 286 144 A.SH. "C:\pagefile.sys"
19 Jan 2008 20:21:36 12 463 A.... "C:\lopR.txt"
19 Jan 2008 21:17:08 937 603 072 A.SH. "C:\hiberfil.sys"
2 Jan 2008 15:07:06 25 422 898 A.... "C:\Audio_5_10_0_5273.zip"
C:\WINDOWS\
13 Dec 2007 3:01:00 22 412 A.... "C:\WINDOWS\KB944653.log"
13 Dec 2007 3:01:10 25 448 A.... "C:\WINDOWS\KB941568.log"
9 Jan 2008 3:01:04 1 355 A.... "C:\WINDOWS\imsins.BAK"
3 Jan 2008 16:39:58 628 A.... "C:\WINDOWS\win.ini"
9 Jan 2008 3:01:12 1 355 A.... "C:\WINDOWS\imsins.log"
19 Jan 2008 21:07:26 1 278 478 A.... "C:\WINDOWS\WindowsUpdate.log"
19 Jan 2008 21:17:36 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
19 Jan 2008 21:17:52 0 A.... "C:\WINDOWS\0.log"
19 Jan 2008 21:05:40 32 538 A.... "C:\WINDOWS\SchedLgU.Txt"
9 Jan 2008 3:01:12 411 252 A.... "C:\WINDOWS\ocgen.log"
9 Jan 2008 3:01:12 865 618 A.... "C:\WINDOWS\FaxSetup.log"
9 Jan 2008 3:01:12 944 614 A.... "C:\WINDOWS\iis6.log"
9 Jan 2008 3:01:12 289 883 A.... "C:\WINDOWS\comsetup.log"
9 Jan 2008 3:01:12 174 007 A.... "C:\WINDOWS\ntdtcsetup.log"
9 Jan 2008 3:01:12 394 633 A.... "C:\WINDOWS\tsoc.log"
9 Jan 2008 3:01:10 265 764 A.... "C:\WINDOWS\msmqinst.log"
9 Jan 2008 3:01:12 42 756 A.... "C:\WINDOWS\msgsocm.log"
9 Jan 2008 3:01:12 43 279 A.... "C:\WINDOWS\tabletoc.log"
9 Jan 2008 3:01:12 105 023 A.... "C:\WINDOWS\MedCtrOC.log"
9 Jan 2008 3:01:12 47 981 A.... "C:\WINDOWS\ehOCGen.log"
9 Jan 2008 3:01:12 97 986 A.... "C:\WINDOWS\plusoc.log"
9 Jan 2008 3:01:12 162 546 A.... "C:\WINDOWS\netfxocm.log"
9 Jan 2008 3:01:12 46 840 A.... "C:\WINDOWS\ocmsn.log"
2 Jan 2008 15:09:30 8 175 A.... "C:\WINDOWS\KB888111.log"
19 Jan 2008 21:05:32 50 A.... "C:\WINDOWS\wiaservc.log"
19 Jan 2008 21:19:20 159 A.... "C:\WINDOWS\wiadebug.log"
3 Dec 2007 20:25:06 24 011 A.... "C:\WINDOWS\wmsetup.log"
19 Jan 2008 21:20:52 4 122 A.... "C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt"
13 Dec 2007 3:02:32 104 988 A.... "C:\WINDOWS\updspapi.log"
19 Jan 2008 20:42:26 386 A.... "C:\WINDOWS\msnfix.txt"
19 Jan 2008 20:42:26 151 A.... "C:\WINDOWS\presf.txt"
9 Jan 2008 3:01:04 13 217 A.... "C:\WINDOWS\KB943485.log"
18 Jan 2008 20:02:38 961 880 A.... "C:\WINDOWS\setupapi.log"
19 Jan 2008 21:19:46 54 156 A..H. "C:\WINDOWS\QTFont.qfn"
13 Dec 2007 3:02:48 40 824 A.... "C:\WINDOWS\KB942763.log"
28 Nov 2007 22:50:12 11 717 A.... "C:\WINDOWS\atiogl.xml"
13 Dec 2007 3:01:50 34 343 A.... "C:\WINDOWS\KB942615-IE7.log"
13 Dec 2007 3:05:14 30 429 A.... "C:\WINDOWS\KB937894.log"
13 Dec 2007 3:02:36 25 406 A.... "C:\WINDOWS\KB941569.log"
9 Jan 2008 3:01:12 12 907 A.... "C:\WINDOWS\KB941644.log"
3 Jan 2008 15:50:28 128 374 ..... "C:\WINDOWS\hpoins11.dat.temp"
29 Nov 2007 23:30:16 1 044 480 A.... "C:\WINDOWS\system32\libdivx.dll"
29 Nov 2007 23:30:16 200 704 A.... "C:\WINDOWS\system32\ssldivx.dll"
19 Jan 2008 21:21:14 1 158 A.... "C:\WINDOWS\system32\wpa.dbl"
2 Jan 2008 14:28:54 68 966 A.... "C:\WINDOWS\system32\perfc009.dat"
2 Jan 2008 14:28:56 415 312 A.... "C:\WINDOWS\system32\perfh009.dat"
2 Jan 2008 14:28:56 83 650 A.... "C:\WINDOWS\system32\perfc00C.dat"
2 Jan 2008 14:28:56 484 842 A.... "C:\WINDOWS\system32\perfh00C.dat"
13 Dec 2007 3:02:42 386 478 A.... "C:\WINDOWS\system32\TZLog.log"
2 Jan 2008 14:28:54 1 027 458 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ativvaxx.dat"
5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ativva5x.dat"
5 Dec 2007 3:33:28 887 724 A.... "C:\WINDOWS\system32\ativva6x.dat"
5 Dec 2007 4:05:14 368 640 A.... "C:\WINDOWS\system32\ATIDEMGX.dll"
5 Dec 2007 3:15:00 180 224 A.... "C:\WINDOWS\system32\atiok3x2.dll"
5 Dec 2007 3:48:52 9 535 488 A.... "C:\WINDOWS\system32\atioglx2.dll"
5 Dec 2007 14:17:00 593 920 ..... "C:\WINDOWS\system32\ati2sgag.exe"
2 Jan 2008 19:21:36 17 642 616 A.... "C:\WINDOWS\system32\MRT.exe"
17 Dec 2007 17:22:10 268 408 A.... "C:\WINDOWS\inf\oem31.inf"
2 Jan 2008 15:09:26 6 656 A.... "C:\WINDOWS\inf\hdaudbus.PNF"
2 Jan 2008 15:09:30 40 524 A.... "C:\WINDOWS\inf\hdaudio.PNF"
2 Jan 2008 1:56:30 389 256 A.... "C:\WINDOWS\inf\oem31.PNF"
16 Jan 2008 21:31:04 4 100 A.... "C:\WINDOWS\inf\branches.PNF"
16 Jan 2008 21:31:04 1 763 288 A.... "C:\WINDOWS\inf\INFCACHE.1"
2 Jan 2008 1:57:26 5 878 A.... "C:\WINDOWS\inf\oem38.PNF"
2 Jan 2008 15:10:38 230 164 A.... "C:\WINDOWS\inf\oem13.PNF"
3 Jan 2008 16:38:58 71 058 A.... "C:\WINDOWS\inf\oem32.PNF"
3 Jan 2008 16:39:00 97 298 A.... "C:\WINDOWS\inf\oem33.PNF"
3 Jan 2008 16:39:00 23 450 A.... "C:\WINDOWS\inf\oem34.PNF"
3 Jan 2008 16:39:02 42 338 A.... "C:\WINDOWS\inf\oem35.PNF"
3 Jan 2008 16:39:02 86 146 A.... "C:\WINDOWS\inf\oem36.PNF"
3 Jan 2008 16:39:02 50 944 A.... "C:\WINDOWS\inf\oem37.PNF"
2 Jan 2008 1:58:58 6 962 A.... "C:\WINDOWS\inf\oem39.PNF"
2 Jan 2008 14:23:42 64 776 A.... "C:\WINDOWS\inf\oem40.PNF"
19 Jan 2008 21:17:38 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
9 Jan 2008 3:05:52 17 110 A.... "C:\WINDOWS\Debug\mrt.log"
9 Jan 2008 3:05:52 5 226 A.... "C:\WINDOWS\Debug\mrteng.log"
19 Jan 2008 21:18:08 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
18 Jan 2008 20:34:00 578 A.... "C:\WINDOWS\Tasks\Norton AntiVirus - Analyse systŠme complŠte - gourdonneau.job"
14 Jan 2008 19:30:04 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
19 Jan 2008 21:20:50 1 048 576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{279C8190-F81F-4A55-AFCF-E29948F3553B}.crmlog"
19 Jan 2008 21:18:24 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"
3 Jan 2008 16:26:56 10 002 A.... "C:\WINDOWS\Temp\HPZIDS.log"
3 Jan 2008 16:24:48 930 A.... "C:\WINDOWS\Temp\CIO_NDCS.log"
19 Jan 2008 21:21:18 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"
22 Nov 2007 21:49:30 5 291 994 A.... "C:\WINDOWS\Temp\slu7ed3.tmp"
22 Nov 2007 22:57:58 5 291 994 A.... "C:\WINDOWS\Temp\slu333d.tmp"
23 Nov 2007 0:01:02 5 291 994 A.... "C:\WINDOWS\Temp\slu6385.tmp"
23 Nov 2007 3:32:38 5 291 994 A.... "C:\WINDOWS\Temp\slu576.tmp"
23 Nov 2007 15:00:50 5 291 994 A.... "C:\WINDOWS\Temp\slu142d.tmp"
23 Nov 2007 18:31:56 5 291 994 A.... "C:\WINDOWS\Temp\slu35c5.tmp"
23 Nov 2007 22:36:42 5 291 994 A.... "C:\WINDOWS\Temp\slu711b.tmp"
24 Nov 2007 2:19:10 5 291 994 A.... "C:\WINDOWS\Temp\slu1b60.tmp"
24 Nov 2007 6:38:30 5 291 994 A.... "C:\WINDOWS\Temp\slu61e0.tmp"
20 Nov 2007 20:28:26 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_100.dat"
22 Nov 2007 10:42:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat"
20 Nov 2007 20:12:44 1 350 A.... "C:\WINDOWS\Temp\QTInstallCode.log"
22 Nov 2007 21:42:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_18c.dat"
22 Nov 2007 21:44:38 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8bc.dat"
22 Nov 2007 22:51:04 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_274.dat"
22 Nov 2007 22:53:34 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e54.dat"
27 Nov 2007 14:32:20 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_f94.dat"
28 Nov 2007 18:08:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat"
28 Nov 2007 18:10:02 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1f0.dat"
30 Nov 2007 12:35:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_c64.dat"
30 Nov 2007 12:34:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8ac.dat"
2 Dec 2007 20:33:58 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat"
7 Dec 2007 11:24:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e74.dat"
8 Dec 2007 13:26:14 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_2d0.dat"
8 Dec 2007 13:29:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e1c.dat"
8 Dec 2007 20:44:36 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_7e4.dat"
9 Dec 2007 4:16:16 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8f4.dat"
9 Dec 2007 13:55:30 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_568.dat"
9 Dec 2007 13:57:58 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1088.dat"
9 Dec 2007 15:50:42 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8f0.dat"
13 Dec 2007 3:22:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_2dc.dat"
13 Dec 2007 7:36:22 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_eac.dat"
15 Dec 2007 14:29:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat"
15 Dec 2007 14:31:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_ee8.dat"
16 Dec 2007 4:52:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_d08.dat"
16 Dec 2007 13:09:20 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_124.dat"
16 Dec 2007 13:44:42 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_cbc.dat"
18 Dec 2007 17:35:32 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_a10.dat"
20 Dec 2007 19:47:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_4d8.dat"
20 Dec 2007 19:50:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8dc.dat"
21 Dec 2007 17:21:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_510.dat"
21 Dec 2007 17:23:32 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_960.dat"
31 Dec 2007 13:50:36 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_9d8.dat"
1 Jan 2008 16:53:44 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_524.dat"
1 Jan 2008 16:55:52 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1cc.dat"
2 Jan 2008 2:29:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_424.dat"
2 Jan 2008 2:31:48 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_608.dat"
2 Jan 2008 13:01:42 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_33c.dat"
2 Jan 2008 13:02:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_b50.dat"
2 Jan 2008 14:52:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_b90.dat"
3 Jan 2008 13:31:38 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_430.dat"
3 Jan 2008 16:06:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_560.dat"
3 Jan 2008 15:48:00 454 A.... "C:\WINDOWS\Temp\servic006.log"
3 Jan 2008 15:48:22 540 A.... "C:\WINDOWS\Temp\servic007.log"
3 Jan 2008 15:48:34 12 018 A.... "C:\WINDOWS\Temp\HPZIDI004.log"
3 Jan 2008 16:26:06 454 A.... "C:\WINDOWS\Temp\servic008.log"
3 Jan 2008 16:26:30 540 A.... "C:\WINDOWS\Temp\servic009.log"
3 Jan 2008 16:26:44 12 020 A.... "C:\WINDOWS\Temp\HPZIDI005.log"
3 Jan 2008 16:56:32 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_850.dat"
3 Jan 2008 16:56:40 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_b18.dat"
3 Jan 2008 20:07:14 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_fbc.dat"
3 Jan 2008 20:07:26 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_11dc.dat"
4 Jan 2008 5:59:18 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_123c.dat"
4 Jan 2008 14:02:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_460.dat"
4 Jan 2008 14:05:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1350.dat"
7 Jan 2008 18:37:26 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_ae0.dat"
8 Jan 2008 19:46:48 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_184.dat"
9 Jan 2008 3:14:00 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat"
12 Jan 2008 0:09:00 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1178.dat"
12 Jan 2008 16:56:30 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat"
12 Jan 2008 16:59:52 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_964.dat"
15 Jan 2008 12:13:52 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_190.dat"
15 Jan 2008 12:53:50 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_814.dat"
18 Jan 2008 19:05:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e6c.dat"
19 Jan 2008 10:44:20 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_414.dat"
19 Jan 2008 15:13:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_cc8.dat"
19 Jan 2008 21:18:28 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_244.dat"
19 Jan 2008 21:22:56 0 A.... "C:\WINDOWS\Temp\scs5.tmp"
9 Jan 2008 21:07:20 94 208 A.... "C:\WINDOWS\Minidump\Mini011208-01.dmp"
9 Dec 2007 14:29:02 2 097 152 A.... "C:\WINDOWS\system32\FxsTmp\fxs2A.tmp"
2 Jan 2008 15:09:34 216 A.... "C:\WINDOWS\security\logs\scecomp.old"
8 Dec 2007 12:21:12 313 872 A.... "C:\WINDOWS\Debug\UserMode\userenv.bak"
19 Jan 2008 21:18:24 197 632 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
2 Jan 2008 14:28:10 8 173 A.... "C:\WINDOWS\WinSxS\Manifests\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790.manifest"
14 Jan 2008 19:30:04 16 384 A.... "C:\WINDOWS\Temp\Cookies\index.dat"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu32f2.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu32f2.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu32f2.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu32f2.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu6337.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu6337.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu6337.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu6337.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu6337.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu6337.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu6337.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu52e.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu52e.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu52e.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu52e.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu52e.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu52e.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu52e.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu13ef.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu13ef.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu13ef.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu13ef.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu359b.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu359b.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu359b.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu359b.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu359b.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu359b.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu359b.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu70f1.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu70f1.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu70f1.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu70f1.tmp\WHATSNEW.TXT"
23 Nov 2007 20:50:46 2 072 A.... "C:\WINDOWS\Temp\slu70f1.tmp\vscanmsx.dat"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu1b36.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu1b36.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu1b36.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu1b36.tmp\WHATSNEW.TXT"
23 Nov 2007 20:50:46 2 072 A.... "C:\WINDOWS\Temp\slu1b36.tmp\vscanmsx.dat"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu61b6.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu61b6.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu61b6.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu61b6.tmp\WHATSNEW.TXT"
23 Nov 2007 20:50:46 2 072 A.... "C:\WINDOWS\Temp\slu61b6.tmp\vscanmsx.dat"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00002"
13 Dec 2007 3:01:28 86 016 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00003"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00004"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00005"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00006"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00007"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00008"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00009"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00010"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00011"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00012"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00013"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00014"
13 Dec 2007 3:01:28 16 384 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00015"
28 Nov 2007 18:20:20 13 660 672 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\veoh.msi"
28 Nov 2007 18:20:16 6 129 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\0x0409.ini"
28 Nov 2007 18:20:16 88 607 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\setup.isn"
28 Nov 2007 18:20:16 1 940 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\Setup.INI"
2 Jan 2008 13:09:08 13 898 240 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\veoh.msi"
2 Jan 2008 13:09:02 6 129 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\0x0409.ini"
2 Jan 2008 13:09:02 88 607 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\setup.isn"
2 Jan 2008 13:09:02 1 940 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\Setup.INI"
13 Dec 2007 3:00:52 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
13 Dec 2007 3:00:58 11 753 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
13 Dec 2007 3:01:04 305 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
13 Dec 2007 3:01:10 11 731 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
13 Dec 2007 3:02:32 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
13 Dec 2007 3:02:36 11 846 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
13 Dec 2007 3:02:44 270 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
13 Dec 2007 3:02:48 12 931 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
13 Dec 2007 3:05:06 2 232 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.txt"
13 Dec 2007 3:05:12 14 977 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.inf"
9 Jan 2008 3:00:54 360 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.txt"
9 Jan 2008 3:01:04 12 740 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.inf"
9 Jan 2008 3:01:08 363 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.txt"
9 Jan 2008 3:01:12 12 828 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.inf"
2 Jan 2008 14:28:46 107 496 A.... "C:\WINDOWS\system32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof"
18 Jan 2008 20:03:04 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
20 Dec 2007 1:59:42 159 861 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem31.CAT"
16 Dec 2007 16:34:34 3 121 152 A.... "C:\WINDOWS\system32\Macromed\Shockwave 10\gt.msi"
16 Dec 2007 16:35:02 41 631 A.... "C:\WINDOWS\system32\Macromed\Shockwave 10\Install.log"
2 Jan 2008 14:29:18 151 906 A.... "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.log"
2 Jan 2008 15:37:34 515 924 A.... "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen_service.log"
14 Jan 2008 19:30:04 32 768 A.SH. "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\index.dat"
14 Jan 2008 19:30:04 16 384 A.SH. "C:\WINDOWS\Temp\History\History.IE5\index.dat"
13 Dec 2007 3:01:28 7 309 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.txt"
13 Dec 2007 3:01:50 23 272 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.inf"
17 Dec 2007 17:22:10 268 408 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_55811.INF"
2 Jan 2008 1:56:30 389 256 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_55811.PNF"
20 Dec 2007 1:59:42 159 861 A.S.. "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_55811.CAT"
5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dat"
5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativva5x.dat"
5 Dec 2007 3:33:28 887 724 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativva6x.dat"
5 Dec 2007 4:05:14 368 640 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGX.dll"
5 Dec 2007 3:15:00 180 224 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\atiok3x2.dll"
5 Dec 2007 3:48:52 9 535 488 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\atioglx2.dll"
3 Dec 2007 19:30:12 38 301 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\8T8WTVYK\061-4121.French[1].dist"
14 Jan 2008 19:30:08 18 178 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\8T8WTVYK\061-3637.English[1].dist"
14 Jan 2008 19:30:10 20 137 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\8T8WTVYK\061-4212.French[1].dist"
14 Jan 2008 19:30:08 22 674 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\KQP5P6R3\061-3638.French[1].dist"
14 Jan 2008 19:30:10 3 782 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\KQP5P6R3\061-3452.French[1].dist"
14 Jan 2008 19:30:08 25 348 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\index-windows-1[1].sucatalog"
14 Jan 2008 19:30:08 21 431 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\061-2802.French[1].dist"
14 Jan 2008 19:30:08 21 610 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\061-3872.French[1].dist"
14 Jan 2008 19:30:10 29 291 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\061-4125.French[1].dist"
3 Dec 2007 19:30:08 29 461 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\ZZ1JUZOI\061-3395.French[1].dist"
3 Dec 2007 19:30:10 19 966 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\ZZ1JUZOI\061-4066.French[1].dist"
14 Jan 2008 19:30:10 38 301 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\ZZ1JUZOI\061-4184.French[1].dist"
C:\Program Files\
2 Jan 2008 1:44:44 48 683 488 A.... "C:\Program Files\7-12-igp_xp32_dd_ccc_wdm_sb_gart_enu_55811.exe"
2 Jan 2008 13:57:20 82 360 681 A.... "C:\Program Files\Chipset + VGA Driver ATI Ver.8.251.zip"
2 Jan 2008 22:48:12 95 893 A.... "C:\Program Files\DivX\DivXWebPlayerUninstall.exe"
2 Jan 2008 22:48:14 95 893 A.... "C:\Program Files\DivX\DivXContentUploaderUninstall.exe"
20 Nov 2007 14:35:00 125 685 A.... "C:\Program Files\LimeWire\uninstall.exe"
7 Dec 2007 19:34:56 132 712 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
7 Dec 2007 19:34:58 132 232 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
7 Dec 2007 19:34:58 13 416 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
7 Dec 2007 19:34:58 12 400 A.... "C:\Program Files\Mozilla Firefox\xpistub.dll"
7 Dec 2007 19:34:58 73 848 A.... "C:\Program Files\Mozilla Firefox\xpcom_compat.dll"
7 Dec 2007 19:34:58 422 000 A.... "C:\Program Files\Mozilla Firefox\xpcom_core.dll"
7 Dec 2007 19:34:58 73 336 A.... "C:\Program Files\Mozilla Firefox\xpicleanup.exe"
7 Dec 2007 19:34:42 13 952 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
7 Dec 2007 19:34:52 7 650 416 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
7 Dec 2007 19:34:52 200 829 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
7 Dec 2007 19:34:52 456 296 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
7 Dec 2007 19:34:54 161 392 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
7 Dec 2007 19:34:54 378 472 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
7 Dec 2007 19:34:54 271 984 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
7 Dec 2007 19:34:54 34 424 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
7 Dec 2007 19:34:54 30 320 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
7 Dec 2007 19:34:56 112 232 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
7 Dec 2007 19:34:56 254 060 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
2 Dec 2007 12:23:06 253 952 A.... "C:\Program Files\ma-config.com\nphardwaredetection.dll"
2 Dec 2007 12:25:44 962 560 A.... "C:\Program Files\ma-config.com\MCNoyau.dll"
2 Jan 2008 2:32:02 1 266 936 A.... "C:\Program Files\Steam\Steam.exe"
12 Jan 2008 16:58:16 251 128 A.... "C:\Program Files\Steam\WriteMiniDump.exe"
12 Jan 2008 16:58:18 2 912 504 A.... "C:\Program Files\Steam\SteamUI.dll"
12 Jan 2008 16:58:20 1 039 192 A.... "C:\Program Files\Steam\dbghelp.dll"
12 Jan 2008 16:58:24 3 249 400 A.... "C:\Program Files\Steam\Steam.dll"
12 Jan 2008 16:59:02 112 128 A.... "C:\Program Files\Steam\CSERHelper.dll"
12 Jan 2008 16:59:04 1 625 336 A.... "C:\Program Files\Steam\steamclient.dll"
12 Jan 2008 16:59:04 229 624 A.... "C:\Program Files\Steam\tier0_s.dll"
12 Jan 2008 16:59:06 346 360 A.... "C:\Program Files\Steam\vstdlib_s.dll"
12 Jan 2008 16:59:06 206 072 A.... "C:\Program Files\Steam\GameOverlayRenderer.dll"
12 Jan 2008 16:59:08 1 008 888 A.... "C:\Program Files\Steam\GameOverlayUI.exe"
12 Jan 2008 17:00:00 540 672 A.... "C:\Program Files\Steam\mss32_s.dll"
19 Jan 2008 20:18:48 78 958 A.... "C:\Program Files\Lop SD\Uninstal.exe"
22 Nov 2007 20:39:38 136 704 A.... "C:\Program Files\Lop SD\catchme.exe"
13 Jan 2008 22:57:04 4 803 A.... "C:\Program Files\Lop SD\RegLop.reg"
19 Jan 2008 20:19:22 1 784 A.... "C:\Program Files\Lop SD\paths.bat"
5 Dec 2007 20:17:00 65 536 A.... "C:\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\Setup.exe"
5 Dec 2007 20:17:00 46 080 A.... "C:\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\Setup.exe"
28 Nov 2007 18:20:30 294 912 A.... "C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe"
28 Nov 2007 18:25:00 1 951 556 A.... "C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\ISSetup.dll"
2 Jan 2008 2:01:12 380 928 A.... "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\_setup.dll"
28 Nov 2007 18:24:06 100 693 A.... "C:\Program Files\Yahoo!\common\unyt.exe"
19 Jan 2008 19:23:42 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
12 Dec 2007 2:54:12 1 492 A.... "C:\Program Files\eMule\config\load_index.dat"
12 Dec 2007 2:54:12 12 A.... "C:\Program Files\eMule\config\src_index.dat"
12 Dec 2007 2:54:12 28 A.... "C:\Program Files\eMule\config\key_index.dat"
12 Dec 2007 2:54:12 23 A.... "C:\Program Files\eMule\config\preferencesKad.dat"
12 Dec 2007 17:33:40
merci pour votre aideSystem Report
*************
Run on 19/01/2008 at 21:24
Microsoft Windows XP [version 5.1.2600]
Current user is an administrator
Running Processes:
\SystemRoot\System32\smss.exe [536]
\??\C:\WINDOWS\system32\csrss.exe [592]
\??\C:\WINDOWS\system32\winlogon.exe [628]
C:\WINDOWS\system32\services.exe [672]
C:\WINDOWS\system32\lsass.exe [684]
C:\WINDOWS\system32\Ati2evxx.exe [848]
C:\WINDOWS\system32\svchost.exe [872]
C:\WINDOWS\system32\svchost.exe [948]
C:\WINDOWS\System32\svchost.exe [1004]
C:\WINDOWS\system32\svchost.exe [1112]
C:\WINDOWS\system32\svchost.exe [1152]
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [1412]
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe [1628]
C:\WINDOWS\system32\spoolsv.exe [1940]
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [580]
C:\WINDOWS\system32\Ati2evxx.exe [900]
C:\WINDOWS\Explorer.EXE [1376]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1708]
C:\WINDOWS\eHome\ehRecvr.exe [1780]
C:\WINDOWS\eHome\ehSched.exe [1840]
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [720]
C:\WINDOWS\ehome\ehtray.exe [1084]
C:\WINDOWS\system32\ctfmon.exe [1268]
C:\WINDOWS\eHome\ehmsas.exe [1648]
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2240]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2332]
C:\WINDOWS\system32\HPZipm12.exe [2556]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2564]
C:\WINDOWS\system32\svchost.exe [2600]
C:\WINDOWS\system32\svchost.exe [2612]
C:\WINDOWS\BUtilityBar\BisonBar.exe [2728]
C:\WINDOWS\ehome\mcrdsvc.exe [2796]
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2876]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2932]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2944]
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2980]
C:\WINDOWS\system32\fxssvc.exe [3092]
C:\Program Files\QuickTime\QTTask.exe [3104]
C:\Program Files\iTunes\iTunesHelper.exe [3156]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [3228]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [3304]
C:\WINDOWS\RTHDCPL.EXE [3312]
C:\DOCUME~1\GOURDO~1\LOCALS~1\Temp\services.exe [3520]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [3608]
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [3724]
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2136]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [2164]
C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2172]
C:\Program Files\WinZip\WZQKPICK.EXE [2368]
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe [2824]
C:\WINDOWS\system32\dllhost.exe [3664]
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN [3260]
C:\WINDOWS\system32\wbem\wmiapsrv.exe [2540]
C:\WINDOWS\system32\wbem\wmiprvse.exe [2452]
C:\Program Files\iPod\bin\iPodService.exe [372]
C:\WINDOWS\system32\wbem\wmiprvse.exe [1752]
C:\WINDOWS\System32\alg.exe [4088]
C:\WINDOWS\system32\wbem\unsecapp.exe [4240]
C:\WINDOWS\system32\wuauclt.exe [4668]
C:\WINDOWS\System32\svchost.exe [4688]
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [5644]
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE [5744]
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe [5920]
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe [6008]
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe [2224]
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe [3776]
Drivers - Running:
SERVICE_NAME: abp480n5
SERVICE_NAME: ACPI
SERVICE_NAME: ACPIEC
SERVICE_NAME: adpu160m
SERVICE_NAME: AFD
SERVICE_NAME: agp440
SERVICE_NAME: agpCPQ
SERVICE_NAME: Aha154x
SERVICE_NAME: aic78u2
SERVICE_NAME: aic78xx
SERVICE_NAME: AliIde
SERVICE_NAME: alim1541
SERVICE_NAME: amdagp
SERVICE_NAME: AmdK8
SERVICE_NAME: amsint
SERVICE_NAME: AR5211
SERVICE_NAME: asc
SERVICE_NAME: asc3350p
SERVICE_NAME: asc3550
SERVICE_NAME: atapi
SERVICE_NAME: ati2mtag
SERVICE_NAME: audstub
SERVICE_NAME: Beep
SERVICE_NAME: Cam5603D
SERVICE_NAME: cbidf
SERVICE_NAME: cd20xrnt
SERVICE_NAME: Cdfs
SERVICE_NAME: Cdrom
SERVICE_NAME: CmBatt
SERVICE_NAME: CmdIde
SERVICE_NAME: Compbatt
SERVICE_NAME: Cpqarray
SERVICE_NAME: dac2w2k
SERVICE_NAME: dac960nt
SERVICE_NAME: Disk
SERVICE_NAME: DKbFltr
SERVICE_NAME: dmio
SERVICE_NAME: dmload
SERVICE_NAME: dpti2o
SERVICE_NAME: DritekPortIO
SERVICE_NAME: eeCtrl
SERVICE_NAME: EMSCR
SERVICE_NAME: ESDCR
SERVICE_NAME: ESMCR
SERVICE_NAME: Fastfat
SERVICE_NAME: Fips
SERVICE_NAME: FltMgr
SERVICE_NAME: Ftdisk
SERVICE_NAME: GEARAspiWDM
SERVICE_NAME: Gpc
SERVICE_NAME: HDAudBus
SERVICE_NAME: hpn
SERVICE_NAME: HSFHWAZL
SERVICE_NAME: HSF_DPV
SERVICE_NAME: HTTP
SERVICE_NAME: i2omgmt
SERVICE_NAME: i2omp
SERVICE_NAME: i8042prt
SERVICE_NAME: Imapi
SERVICE_NAME: ini910u
SERVICE_NAME: int15
SERVICE_NAME: IntcAzAudAddService
SERVICE_NAME: IntelIde
SERVICE_NAME: IpNat
SERVICE_NAME: IPSec
SERVICE_NAME: irda
SERVICE_NAME: isapnp
SERVICE_NAME: Kbdclass
SERVICE_NAME: kmixer
SERVICE_NAME: KSecDD
SERVICE_NAME: mdmxsdk
SERVICE_NAME: mnmdd
SERVICE_NAME: Modem
SERVICE_NAME: Mouclass
SERVICE_NAME: MountMgr
SERVICE_NAME: mraid35x
SERVICE_NAME: MRxDAV
SERVICE_NAME: MRxSmb
SERVICE_NAME: Msfs
SERVICE_NAME: mssmbios
SERVICE_NAME: Mup
SERVICE_NAME: NAVENG
SERVICE_NAME: NAVEX15
SERVICE_NAME: NDIS
SERVICE_NAME: NdisTapi
SERVICE_NAME: Ndisuio
SERVICE_NAME: NdisWan
SERVICE_NAME: NDProxy
SERVICE_NAME: NetBIOS
SERVICE_NAME: NetBT
SERVICE_NAME: Npfs
SERVICE_NAME: NTIDrvr
SERVICE_NAME: Null
SERVICE_NAME: ohci1394
SERVICE_NAME: PartMgr
SERVICE_NAME: PCI
SERVICE_NAME: PCIIde
SERVICE_NAME: Pcmcia
SERVICE_NAME: perc2
SERVICE_NAME: perc2hib
SERVICE_NAME: PptpMiniport
SERVICE_NAME: PSched
SERVICE_NAME: Ptilink
SERVICE_NAME: PxHelp20
SERVICE_NAME: ql1080
SERVICE_NAME: Ql10wnt
SERVICE_NAME: ql12160
SERVICE_NAME: ql1240
SERVICE_NAME: ql1280
SERVICE_NAME: RasAcd
SERVICE_NAME: Rasirda
SERVICE_NAME: Rasl2tp
SERVICE_NAME: RasPppoe
SERVICE_NAME: Raspti
SERVICE_NAME: Rdbss
SERVICE_NAME: RDPCDD
SERVICE_NAME: rdpdr
SERVICE_NAME: redbook
SERVICE_NAME: RTL8023xp
SERVICE_NAME: sdbus
SERVICE_NAME: sisagp
SERVICE_NAME: Sparrow
SERVICE_NAME: SPBBCDrv
SERVICE_NAME: sr
SERVICE_NAME: SRTSP
SERVICE_NAME: SRTSPX
SERVICE_NAME: Srv
SERVICE_NAME: swenum
SERVICE_NAME: symc810
SERVICE_NAME: symc8xx
SERVICE_NAME: SYMDNS
SERVICE_NAME: SymEvent
SERVICE_NAME: SYMFW
SERVICE_NAME: SYMIDS
SERVICE_NAME: SYMIDSCO
SERVICE_NAME: SYMNDIS
SERVICE_NAME: SYMREDRV
SERVICE_NAME: SYMTDI
SERVICE_NAME: sym_hi
SERVICE_NAME: sym_u3
SERVICE_NAME: SynTP
SERVICE_NAME: sysaudio
SERVICE_NAME: Tcpip
SERVICE_NAME: TermDD
SERVICE_NAME: tffsport
SERVICE_NAME: TosIde
SERVICE_NAME: tvicport
SERVICE_NAME: UBHelper
SERVICE_NAME: ultra
SERVICE_NAME: Update
SERVICE_NAME: usbehci
SERVICE_NAME: usbhub
SERVICE_NAME: usbohci
SERVICE_NAME: VgaSave
SERVICE_NAME: viaagp
SERVICE_NAME: ViaIde
SERVICE_NAME: VolSnap
SERVICE_NAME: Wanarp
SERVICE_NAME: wdmaud
SERVICE_NAME: winachsf
SERVICE_NAME: WmiAcpi
SERVICE_NAME: zntport
Drivers - Stopped:
SERVICE_NAME: Abiosdsk
SERVICE_NAME: aec
SERVICE_NAME: Arp1394
SERVICE_NAME: AsyncMac
SERVICE_NAME: Atdisk
SERVICE_NAME: Atmarpc
SERVICE_NAME: cbidf2k
SERVICE_NAME: CCDECODE
SERVICE_NAME: Cdaudio
SERVICE_NAME: Changer
SERVICE_NAME: dmboot
SERVICE_NAME: DMusic
SERVICE_NAME: driverhardwarev2
SERVICE_NAME: drmkaud
SERVICE_NAME: eLock2BurnerLockDriver
SERVICE_NAME: eLock2FSCTLDriver
SERVICE_NAME: Fdc
SERVICE_NAME: Flpydisk
SERVICE_NAME: HPZid412
SERVICE_NAME: HPZipr12
SERVICE_NAME: HPZius12
SERVICE_NAME: HSXHWAZL
SERVICE_NAME: Ip6Fw
SERVICE_NAME: IpFilterDriver
SERVICE_NAME: IpInIp
SERVICE_NAME: IRENUM
SERVICE_NAME: irsir
SERVICE_NAME: lbrtfdc
SERVICE_NAME: MHNDRV
SERVICE_NAME: MSKSSRV
SERVICE_NAME: MSPCLOCK
SERVICE_NAME: MSPQM
SERVICE_NAME: MSTEE
SERVICE_NAME: NABTSFEC
SERVICE_NAME: NdisIP
SERVICE_NAME: NIC1394
SERVICE_NAME: Ntfs
SERVICE_NAME: NwlnkFlt
SERVICE_NAME: NwlnkFwd
SERVICE_NAME: Parport
SERVICE_NAME: ParVdm
SERVICE_NAME: PCIDump
SERVICE_NAME: PDCOMP
SERVICE_NAME: PDFRAME
SERVICE_NAME: PDRELI
SERVICE_NAME: PDRFRAME
SERVICE_NAME: Processor
SERVICE_NAME: RDPWD
SERVICE_NAME: Secdrv
SERVICE_NAME: Serial
SERVICE_NAME: Sfloppy
SERVICE_NAME: Simbad
SERVICE_NAME: SLIP
SERVICE_NAME: SMCIRDA
SERVICE_NAME: splitter
SERVICE_NAME: SRTSPL
SERVICE_NAME: streamip
SERVICE_NAME: swmidi
SERVICE_NAME: TDPIPE
SERVICE_NAME: TDTCP
SERVICE_NAME: Udfs
SERVICE_NAME: USBAAPL
SERVICE_NAME: usbccgp
SERVICE_NAME: usbprint
SERVICE_NAME: usbscan
SERVICE_NAME: USBSTOR
SERVICE_NAME: WDICA
SERVICE_NAME: WSTCODEC
Services - Running:
SERVICE_NAME: AcerMemUsageCheckService
SERVICE_NAME: ALG
SERVICE_NAME: Apple Mobile Device
SERVICE_NAME: Ati HotKey Poller
SERVICE_NAME: AudioSrv
SERVICE_NAME: BITS
SERVICE_NAME: Browser
SERVICE_NAME: ccEvtMgr
SERVICE_NAME: ccSetMgr
SERVICE_NAME: CLTNetCnService
SERVICE_NAME: COMSysApp
SERVICE_NAME: CryptSvc
SERVICE_NAME: DcomLaunch
SERVICE_NAME: Dhcp
SERVICE_NAME: dmserver
SERVICE_NAME: Dnscache
SERVICE_NAME: ehRecvr
SERVICE_NAME: ehSched
SERVICE_NAME: ERSvc
SERVICE_NAME: Eventlog
SERVICE_NAME: EventSystem
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: Fax
SERVICE_NAME: helpsvc
SERVICE_NAME: HTTPFilter
SERVICE_NAME: iPod Service
SERVICE_NAME: Irmon
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: LightScribeService
SERVICE_NAME: LiveUpdate
SERVICE_NAME: LiveUpdate Notice Ex
SERVICE_NAME: LmHosts
SERVICE_NAME: McrdSvc
SERVICE_NAME: Netman
SERVICE_NAME: Nla
SERVICE_NAME: Planificateur LiveUpdate automatique
SERVICE_NAME: PlugPlay
SERVICE_NAME: Pml Driver HPZ12
SERVICE_NAME: PolicyAgent
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: RasMan
SERVICE_NAME: RemoteRegistry
SERVICE_NAME: RpcSs
SERVICE_NAME: SamSs
SERVICE_NAME: Schedule
SERVICE_NAME: seclogon
SERVICE_NAME: SENS
SERVICE_NAME: SharedAccess
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: Spooler
SERVICE_NAME: srservice
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: SymAppCore
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: Themes
SERVICE_NAME: TrkWks
SERVICE_NAME: W32Time
SERVICE_NAME: WebClient
SERVICE_NAME: winmgmt
SERVICE_NAME: WmiApSrv
SERVICE_NAME: wuauserv
SERVICE_NAME: WZCSVC
Services - Stopped:
SERVICE_NAME: Alerter
SERVICE_NAME: AppMgmt
SERVICE_NAME: aspnet_state
SERVICE_NAME: ATI Smart
SERVICE_NAME: CiSvc
SERVICE_NAME: ClipSrv
SERVICE_NAME: clr_optimization_v2.0.50727_32
SERVICE_NAME: dmadmin
SERVICE_NAME: GoogleDesktopManager
SERVICE_NAME: HidServ
SERVICE_NAME: ImapiService
SERVICE_NAME: ISPwdSvc
SERVICE_NAME: LiveUpdate Notice Service
SERVICE_NAME: Messenger
SERVICE_NAME: MHN
SERVICE_NAME: mnmsrvc
SERVICE_NAME: MSDTC
SERVICE_NAME: MSIServer
SERVICE_NAME: NetDDE
SERVICE_NAME: NetDDEdsdm
SERVICE_NAME: Netlogon
SERVICE_NAME: NtLmSsp
SERVICE_NAME: NtmsSvc
SERVICE_NAME: ose
SERVICE_NAME: RasAuto
SERVICE_NAME: RDSessMgr
SERVICE_NAME: RemoteAccess
SERVICE_NAME: RpcLocator
SERVICE_NAME: RSVP
SERVICE_NAME: SCardSvr
SERVICE_NAME: SwPrv
SERVICE_NAME: Symantec Core LC
SERVICE_NAME: SysmonLog
SERVICE_NAME: TlntSvr
SERVICE_NAME: UMWdf
SERVICE_NAME: upnphost
SERVICE_NAME: UPS
SERVICE_NAME: usnjsvc
SERVICE_NAME: VSS
SERVICE_NAME: WmdmPmSN
SERVICE_NAME: Wmi
SERVICE_NAME: wscsvc
SERVICE_NAME: xmlprov
Files Created/Modified - 60 Days :
C:\
19 Jan 2008 21:17:06 1 409 286 144 A.SH. "C:\pagefile.sys"
19 Jan 2008 20:21:36 12 463 A.... "C:\lopR.txt"
19 Jan 2008 21:17:08 937 603 072 A.SH. "C:\hiberfil.sys"
2 Jan 2008 15:07:06 25 422 898 A.... "C:\Audio_5_10_0_5273.zip"
C:\WINDOWS\
13 Dec 2007 3:01:00 22 412 A.... "C:\WINDOWS\KB944653.log"
13 Dec 2007 3:01:10 25 448 A.... "C:\WINDOWS\KB941568.log"
9 Jan 2008 3:01:04 1 355 A.... "C:\WINDOWS\imsins.BAK"
3 Jan 2008 16:39:58 628 A.... "C:\WINDOWS\win.ini"
9 Jan 2008 3:01:12 1 355 A.... "C:\WINDOWS\imsins.log"
19 Jan 2008 21:07:26 1 278 478 A.... "C:\WINDOWS\WindowsUpdate.log"
19 Jan 2008 21:17:36 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
19 Jan 2008 21:17:52 0 A.... "C:\WINDOWS\0.log"
19 Jan 2008 21:05:40 32 538 A.... "C:\WINDOWS\SchedLgU.Txt"
9 Jan 2008 3:01:12 411 252 A.... "C:\WINDOWS\ocgen.log"
9 Jan 2008 3:01:12 865 618 A.... "C:\WINDOWS\FaxSetup.log"
9 Jan 2008 3:01:12 944 614 A.... "C:\WINDOWS\iis6.log"
9 Jan 2008 3:01:12 289 883 A.... "C:\WINDOWS\comsetup.log"
9 Jan 2008 3:01:12 174 007 A.... "C:\WINDOWS\ntdtcsetup.log"
9 Jan 2008 3:01:12 394 633 A.... "C:\WINDOWS\tsoc.log"
9 Jan 2008 3:01:10 265 764 A.... "C:\WINDOWS\msmqinst.log"
9 Jan 2008 3:01:12 42 756 A.... "C:\WINDOWS\msgsocm.log"
9 Jan 2008 3:01:12 43 279 A.... "C:\WINDOWS\tabletoc.log"
9 Jan 2008 3:01:12 105 023 A.... "C:\WINDOWS\MedCtrOC.log"
9 Jan 2008 3:01:12 47 981 A.... "C:\WINDOWS\ehOCGen.log"
9 Jan 2008 3:01:12 97 986 A.... "C:\WINDOWS\plusoc.log"
9 Jan 2008 3:01:12 162 546 A.... "C:\WINDOWS\netfxocm.log"
9 Jan 2008 3:01:12 46 840 A.... "C:\WINDOWS\ocmsn.log"
2 Jan 2008 15:09:30 8 175 A.... "C:\WINDOWS\KB888111.log"
19 Jan 2008 21:05:32 50 A.... "C:\WINDOWS\wiaservc.log"
19 Jan 2008 21:19:20 159 A.... "C:\WINDOWS\wiadebug.log"
3 Dec 2007 20:25:06 24 011 A.... "C:\WINDOWS\wmsetup.log"
19 Jan 2008 21:20:52 4 122 A.... "C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt"
13 Dec 2007 3:02:32 104 988 A.... "C:\WINDOWS\updspapi.log"
19 Jan 2008 20:42:26 386 A.... "C:\WINDOWS\msnfix.txt"
19 Jan 2008 20:42:26 151 A.... "C:\WINDOWS\presf.txt"
9 Jan 2008 3:01:04 13 217 A.... "C:\WINDOWS\KB943485.log"
18 Jan 2008 20:02:38 961 880 A.... "C:\WINDOWS\setupapi.log"
19 Jan 2008 21:19:46 54 156 A..H. "C:\WINDOWS\QTFont.qfn"
13 Dec 2007 3:02:48 40 824 A.... "C:\WINDOWS\KB942763.log"
28 Nov 2007 22:50:12 11 717 A.... "C:\WINDOWS\atiogl.xml"
13 Dec 2007 3:01:50 34 343 A.... "C:\WINDOWS\KB942615-IE7.log"
13 Dec 2007 3:05:14 30 429 A.... "C:\WINDOWS\KB937894.log"
13 Dec 2007 3:02:36 25 406 A.... "C:\WINDOWS\KB941569.log"
9 Jan 2008 3:01:12 12 907 A.... "C:\WINDOWS\KB941644.log"
3 Jan 2008 15:50:28 128 374 ..... "C:\WINDOWS\hpoins11.dat.temp"
29 Nov 2007 23:30:16 1 044 480 A.... "C:\WINDOWS\system32\libdivx.dll"
29 Nov 2007 23:30:16 200 704 A.... "C:\WINDOWS\system32\ssldivx.dll"
19 Jan 2008 21:21:14 1 158 A.... "C:\WINDOWS\system32\wpa.dbl"
2 Jan 2008 14:28:54 68 966 A.... "C:\WINDOWS\system32\perfc009.dat"
2 Jan 2008 14:28:56 415 312 A.... "C:\WINDOWS\system32\perfh009.dat"
2 Jan 2008 14:28:56 83 650 A.... "C:\WINDOWS\system32\perfc00C.dat"
2 Jan 2008 14:28:56 484 842 A.... "C:\WINDOWS\system32\perfh00C.dat"
13 Dec 2007 3:02:42 386 478 A.... "C:\WINDOWS\system32\TZLog.log"
2 Jan 2008 14:28:54 1 027 458 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ativvaxx.dat"
5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ativva5x.dat"
5 Dec 2007 3:33:28 887 724 A.... "C:\WINDOWS\system32\ativva6x.dat"
5 Dec 2007 4:05:14 368 640 A.... "C:\WINDOWS\system32\ATIDEMGX.dll"
5 Dec 2007 3:15:00 180 224 A.... "C:\WINDOWS\system32\atiok3x2.dll"
5 Dec 2007 3:48:52 9 535 488 A.... "C:\WINDOWS\system32\atioglx2.dll"
5 Dec 2007 14:17:00 593 920 ..... "C:\WINDOWS\system32\ati2sgag.exe"
2 Jan 2008 19:21:36 17 642 616 A.... "C:\WINDOWS\system32\MRT.exe"
17 Dec 2007 17:22:10 268 408 A.... "C:\WINDOWS\inf\oem31.inf"
2 Jan 2008 15:09:26 6 656 A.... "C:\WINDOWS\inf\hdaudbus.PNF"
2 Jan 2008 15:09:30 40 524 A.... "C:\WINDOWS\inf\hdaudio.PNF"
2 Jan 2008 1:56:30 389 256 A.... "C:\WINDOWS\inf\oem31.PNF"
16 Jan 2008 21:31:04 4 100 A.... "C:\WINDOWS\inf\branches.PNF"
16 Jan 2008 21:31:04 1 763 288 A.... "C:\WINDOWS\inf\INFCACHE.1"
2 Jan 2008 1:57:26 5 878 A.... "C:\WINDOWS\inf\oem38.PNF"
2 Jan 2008 15:10:38 230 164 A.... "C:\WINDOWS\inf\oem13.PNF"
3 Jan 2008 16:38:58 71 058 A.... "C:\WINDOWS\inf\oem32.PNF"
3 Jan 2008 16:39:00 97 298 A.... "C:\WINDOWS\inf\oem33.PNF"
3 Jan 2008 16:39:00 23 450 A.... "C:\WINDOWS\inf\oem34.PNF"
3 Jan 2008 16:39:02 42 338 A.... "C:\WINDOWS\inf\oem35.PNF"
3 Jan 2008 16:39:02 86 146 A.... "C:\WINDOWS\inf\oem36.PNF"
3 Jan 2008 16:39:02 50 944 A.... "C:\WINDOWS\inf\oem37.PNF"
2 Jan 2008 1:58:58 6 962 A.... "C:\WINDOWS\inf\oem39.PNF"
2 Jan 2008 14:23:42 64 776 A.... "C:\WINDOWS\inf\oem40.PNF"
19 Jan 2008 21:17:38 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
9 Jan 2008 3:05:52 17 110 A.... "C:\WINDOWS\Debug\mrt.log"
9 Jan 2008 3:05:52 5 226 A.... "C:\WINDOWS\Debug\mrteng.log"
19 Jan 2008 21:18:08 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
18 Jan 2008 20:34:00 578 A.... "C:\WINDOWS\Tasks\Norton AntiVirus - Analyse systŠme complŠte - gourdonneau.job"
14 Jan 2008 19:30:04 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
19 Jan 2008 21:20:50 1 048 576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{279C8190-F81F-4A55-AFCF-E29948F3553B}.crmlog"
19 Jan 2008 21:18:24 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"
3 Jan 2008 16:26:56 10 002 A.... "C:\WINDOWS\Temp\HPZIDS.log"
3 Jan 2008 16:24:48 930 A.... "C:\WINDOWS\Temp\CIO_NDCS.log"
19 Jan 2008 21:21:18 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"
22 Nov 2007 21:49:30 5 291 994 A.... "C:\WINDOWS\Temp\slu7ed3.tmp"
22 Nov 2007 22:57:58 5 291 994 A.... "C:\WINDOWS\Temp\slu333d.tmp"
23 Nov 2007 0:01:02 5 291 994 A.... "C:\WINDOWS\Temp\slu6385.tmp"
23 Nov 2007 3:32:38 5 291 994 A.... "C:\WINDOWS\Temp\slu576.tmp"
23 Nov 2007 15:00:50 5 291 994 A.... "C:\WINDOWS\Temp\slu142d.tmp"
23 Nov 2007 18:31:56 5 291 994 A.... "C:\WINDOWS\Temp\slu35c5.tmp"
23 Nov 2007 22:36:42 5 291 994 A.... "C:\WINDOWS\Temp\slu711b.tmp"
24 Nov 2007 2:19:10 5 291 994 A.... "C:\WINDOWS\Temp\slu1b60.tmp"
24 Nov 2007 6:38:30 5 291 994 A.... "C:\WINDOWS\Temp\slu61e0.tmp"
20 Nov 2007 20:28:26 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_100.dat"
22 Nov 2007 10:42:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat"
20 Nov 2007 20:12:44 1 350 A.... "C:\WINDOWS\Temp\QTInstallCode.log"
22 Nov 2007 21:42:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_18c.dat"
22 Nov 2007 21:44:38 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8bc.dat"
22 Nov 2007 22:51:04 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_274.dat"
22 Nov 2007 22:53:34 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e54.dat"
27 Nov 2007 14:32:20 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_f94.dat"
28 Nov 2007 18:08:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat"
28 Nov 2007 18:10:02 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1f0.dat"
30 Nov 2007 12:35:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_c64.dat"
30 Nov 2007 12:34:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8ac.dat"
2 Dec 2007 20:33:58 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat"
7 Dec 2007 11:24:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e74.dat"
8 Dec 2007 13:26:14 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_2d0.dat"
8 Dec 2007 13:29:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e1c.dat"
8 Dec 2007 20:44:36 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_7e4.dat"
9 Dec 2007 4:16:16 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8f4.dat"
9 Dec 2007 13:55:30 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_568.dat"
9 Dec 2007 13:57:58 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1088.dat"
9 Dec 2007 15:50:42 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8f0.dat"
13 Dec 2007 3:22:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_2dc.dat"
13 Dec 2007 7:36:22 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_eac.dat"
15 Dec 2007 14:29:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat"
15 Dec 2007 14:31:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_ee8.dat"
16 Dec 2007 4:52:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_d08.dat"
16 Dec 2007 13:09:20 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_124.dat"
16 Dec 2007 13:44:42 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_cbc.dat"
18 Dec 2007 17:35:32 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_a10.dat"
20 Dec 2007 19:47:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_4d8.dat"
20 Dec 2007 19:50:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8dc.dat"
21 Dec 2007 17:21:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_510.dat"
21 Dec 2007 17:23:32 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_960.dat"
31 Dec 2007 13:50:36 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_9d8.dat"
1 Jan 2008 16:53:44 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_524.dat"
1 Jan 2008 16:55:52 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1cc.dat"
2 Jan 2008 2:29:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_424.dat"
2 Jan 2008 2:31:48 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_608.dat"
2 Jan 2008 13:01:42 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_33c.dat"
2 Jan 2008 13:02:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_b50.dat"
2 Jan 2008 14:52:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_b90.dat"
3 Jan 2008 13:31:38 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_430.dat"
3 Jan 2008 16:06:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_560.dat"
3 Jan 2008 15:48:00 454 A.... "C:\WINDOWS\Temp\servic006.log"
3 Jan 2008 15:48:22 540 A.... "C:\WINDOWS\Temp\servic007.log"
3 Jan 2008 15:48:34 12 018 A.... "C:\WINDOWS\Temp\HPZIDI004.log"
3 Jan 2008 16:26:06 454 A.... "C:\WINDOWS\Temp\servic008.log"
3 Jan 2008 16:26:30 540 A.... "C:\WINDOWS\Temp\servic009.log"
3 Jan 2008 16:26:44 12 020 A.... "C:\WINDOWS\Temp\HPZIDI005.log"
3 Jan 2008 16:56:32 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_850.dat"
3 Jan 2008 16:56:40 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_b18.dat"
3 Jan 2008 20:07:14 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_fbc.dat"
3 Jan 2008 20:07:26 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_11dc.dat"
4 Jan 2008 5:59:18 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_123c.dat"
4 Jan 2008 14:02:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_460.dat"
4 Jan 2008 14:05:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1350.dat"
7 Jan 2008 18:37:26 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_ae0.dat"
8 Jan 2008 19:46:48 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_184.dat"
9 Jan 2008 3:14:00 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat"
12 Jan 2008 0:09:00 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1178.dat"
12 Jan 2008 16:56:30 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat"
12 Jan 2008 16:59:52 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_964.dat"
15 Jan 2008 12:13:52 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_190.dat"
15 Jan 2008 12:53:50 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_814.dat"
18 Jan 2008 19:05:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e6c.dat"
19 Jan 2008 10:44:20 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_414.dat"
19 Jan 2008 15:13:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_cc8.dat"
19 Jan 2008 21:18:28 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_244.dat"
19 Jan 2008 21:22:56 0 A.... "C:\WINDOWS\Temp\scs5.tmp"
9 Jan 2008 21:07:20 94 208 A.... "C:\WINDOWS\Minidump\Mini011208-01.dmp"
9 Dec 2007 14:29:02 2 097 152 A.... "C:\WINDOWS\system32\FxsTmp\fxs2A.tmp"
2 Jan 2008 15:09:34 216 A.... "C:\WINDOWS\security\logs\scecomp.old"
8 Dec 2007 12:21:12 313 872 A.... "C:\WINDOWS\Debug\UserMode\userenv.bak"
19 Jan 2008 21:18:24 197 632 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
2 Jan 2008 14:28:10 8 173 A.... "C:\WINDOWS\WinSxS\Manifests\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790.manifest"
14 Jan 2008 19:30:04 16 384 A.... "C:\WINDOWS\Temp\Cookies\index.dat"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu32f2.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu32f2.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu32f2.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu32f2.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu6337.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu6337.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu6337.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu6337.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu6337.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu6337.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu6337.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu52e.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu52e.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu52e.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu52e.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu52e.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu52e.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu52e.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu13ef.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu13ef.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu13ef.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu13ef.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu359b.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu359b.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu359b.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu359b.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu359b.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu359b.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu359b.tmp\WHATSNEW.TXT"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu70f1.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu70f1.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu70f1.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu70f1.tmp\WHATSNEW.TXT"
23 Nov 2007 20:50:46 2 072 A.... "C:\WINDOWS\Temp\slu70f1.tmp\vscanmsx.dat"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu1b36.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu1b36.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu1b36.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu1b36.tmp\WHATSNEW.TXT"
23 Nov 2007 20:50:46 2 072 A.... "C:\WINDOWS\Temp\slu1b36.tmp\vscanmsx.dat"
21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu61b6.tmp\ESRDEF.BIN"
21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCDEFS.DAT"
21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCSCAN7.DAT"
21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCSCAN8.DAT"
21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCSCAN9.DAT"
21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TINF.DAT"
21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TINFL.DAT"
21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TSCAN1.DAT"
21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu61b6.tmp\V.GRD"
21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu61b6.tmp\V.SIG"
19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN.INF"
21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN1.DAT"
21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN2.DAT"
21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN3.DAT"
21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN4.DAT"
21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN5.DAT"
21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN6.DAT"
21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN7.DAT"
21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN8.DAT"
21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN9.DAT"
21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCANT.DAT"
21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu61b6.tmp\WHATSNEW.TXT"
23 Nov 2007 20:50:46 2 072 A.... "C:\WINDOWS\Temp\slu61b6.tmp\vscanmsx.dat"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00002"
13 Dec 2007 3:01:28 86 016 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00003"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00004"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00005"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00006"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00007"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00008"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00009"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00010"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00011"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00012"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00013"
13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00014"
13 Dec 2007 3:01:28 16 384 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00015"
28 Nov 2007 18:20:20 13 660 672 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\veoh.msi"
28 Nov 2007 18:20:16 6 129 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\0x0409.ini"
28 Nov 2007 18:20:16 88 607 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\setup.isn"
28 Nov 2007 18:20:16 1 940 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\Setup.INI"
2 Jan 2008 13:09:08 13 898 240 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\veoh.msi"
2 Jan 2008 13:09:02 6 129 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\0x0409.ini"
2 Jan 2008 13:09:02 88 607 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\setup.isn"
2 Jan 2008 13:09:02 1 940 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\Setup.INI"
13 Dec 2007 3:00:52 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
13 Dec 2007 3:00:58 11 753 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
13 Dec 2007 3:01:04 305 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
13 Dec 2007 3:01:10 11 731 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
13 Dec 2007 3:02:32 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
13 Dec 2007 3:02:36 11 846 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
13 Dec 2007 3:02:44 270 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
13 Dec 2007 3:02:48 12 931 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
13 Dec 2007 3:05:06 2 232 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.txt"
13 Dec 2007 3:05:12 14 977 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.inf"
9 Jan 2008 3:00:54 360 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.txt"
9 Jan 2008 3:01:04 12 740 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.inf"
9 Jan 2008 3:01:08 363 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.txt"
9 Jan 2008 3:01:12 12 828 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.inf"
2 Jan 2008 14:28:46 107 496 A.... "C:\WINDOWS\system32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof"
18 Jan 2008 20:03:04 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
20 Dec 2007 1:59:42 159 861 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem31.CAT"
16 Dec 2007 16:34:34 3 121 152 A.... "C:\WINDOWS\system32\Macromed\Shockwave 10\gt.msi"
16 Dec 2007 16:35:02 41 631 A.... "C:\WINDOWS\system32\Macromed\Shockwave 10\Install.log"
2 Jan 2008 14:29:18 151 906 A.... "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.log"
2 Jan 2008 15:37:34 515 924 A.... "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen_service.log"
14 Jan 2008 19:30:04 32 768 A.SH. "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\index.dat"
14 Jan 2008 19:30:04 16 384 A.SH. "C:\WINDOWS\Temp\History\History.IE5\index.dat"
13 Dec 2007 3:01:28 7 309 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.txt"
13 Dec 2007 3:01:50 23 272 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.inf"
17 Dec 2007 17:22:10 268 408 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_55811.INF"
2 Jan 2008 1:56:30 389 256 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_55811.PNF"
20 Dec 2007 1:59:42 159 861 A.S.. "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_55811.CAT"
5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dat"
5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativva5x.dat"
5 Dec 2007 3:33:28 887 724 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativva6x.dat"
5 Dec 2007 4:05:14 368 640 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGX.dll"
5 Dec 2007 3:15:00 180 224 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\atiok3x2.dll"
5 Dec 2007 3:48:52 9 535 488 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\atioglx2.dll"
3 Dec 2007 19:30:12 38 301 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\8T8WTVYK\061-4121.French[1].dist"
14 Jan 2008 19:30:08 18 178 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\8T8WTVYK\061-3637.English[1].dist"
14 Jan 2008 19:30:10 20 137 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\8T8WTVYK\061-4212.French[1].dist"
14 Jan 2008 19:30:08 22 674 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\KQP5P6R3\061-3638.French[1].dist"
14 Jan 2008 19:30:10 3 782 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\KQP5P6R3\061-3452.French[1].dist"
14 Jan 2008 19:30:08 25 348 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\index-windows-1[1].sucatalog"
14 Jan 2008 19:30:08 21 431 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\061-2802.French[1].dist"
14 Jan 2008 19:30:08 21 610 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\061-3872.French[1].dist"
14 Jan 2008 19:30:10 29 291 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\061-4125.French[1].dist"
3 Dec 2007 19:30:08 29 461 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\ZZ1JUZOI\061-3395.French[1].dist"
3 Dec 2007 19:30:10 19 966 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\ZZ1JUZOI\061-4066.French[1].dist"
14 Jan 2008 19:30:10 38 301 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\ZZ1JUZOI\061-4184.French[1].dist"
C:\Program Files\
2 Jan 2008 1:44:44 48 683 488 A.... "C:\Program Files\7-12-igp_xp32_dd_ccc_wdm_sb_gart_enu_55811.exe"
2 Jan 2008 13:57:20 82 360 681 A.... "C:\Program Files\Chipset + VGA Driver ATI Ver.8.251.zip"
2 Jan 2008 22:48:12 95 893 A.... "C:\Program Files\DivX\DivXWebPlayerUninstall.exe"
2 Jan 2008 22:48:14 95 893 A.... "C:\Program Files\DivX\DivXContentUploaderUninstall.exe"
20 Nov 2007 14:35:00 125 685 A.... "C:\Program Files\LimeWire\uninstall.exe"
7 Dec 2007 19:34:56 132 712 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
7 Dec 2007 19:34:58 132 232 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
7 Dec 2007 19:34:58 13 416 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
7 Dec 2007 19:34:58 12 400 A.... "C:\Program Files\Mozilla Firefox\xpistub.dll"
7 Dec 2007 19:34:58 73 848 A.... "C:\Program Files\Mozilla Firefox\xpcom_compat.dll"
7 Dec 2007 19:34:58 422 000 A.... "C:\Program Files\Mozilla Firefox\xpcom_core.dll"
7 Dec 2007 19:34:58 73 336 A.... "C:\Program Files\Mozilla Firefox\xpicleanup.exe"
7 Dec 2007 19:34:42 13 952 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
7 Dec 2007 19:34:52 7 650 416 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
7 Dec 2007 19:34:52 200 829 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
7 Dec 2007 19:34:52 456 296 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
7 Dec 2007 19:34:54 161 392 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
7 Dec 2007 19:34:54 378 472 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
7 Dec 2007 19:34:54 271 984 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
7 Dec 2007 19:34:54 34 424 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
7 Dec 2007 19:34:54 30 320 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
7 Dec 2007 19:34:56 112 232 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
7 Dec 2007 19:34:56 254 060 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
2 Dec 2007 12:23:06 253 952 A.... "C:\Program Files\ma-config.com\nphardwaredetection.dll"
2 Dec 2007 12:25:44 962 560 A.... "C:\Program Files\ma-config.com\MCNoyau.dll"
2 Jan 2008 2:32:02 1 266 936 A.... "C:\Program Files\Steam\Steam.exe"
12 Jan 2008 16:58:16 251 128 A.... "C:\Program Files\Steam\WriteMiniDump.exe"
12 Jan 2008 16:58:18 2 912 504 A.... "C:\Program Files\Steam\SteamUI.dll"
12 Jan 2008 16:58:20 1 039 192 A.... "C:\Program Files\Steam\dbghelp.dll"
12 Jan 2008 16:58:24 3 249 400 A.... "C:\Program Files\Steam\Steam.dll"
12 Jan 2008 16:59:02 112 128 A.... "C:\Program Files\Steam\CSERHelper.dll"
12 Jan 2008 16:59:04 1 625 336 A.... "C:\Program Files\Steam\steamclient.dll"
12 Jan 2008 16:59:04 229 624 A.... "C:\Program Files\Steam\tier0_s.dll"
12 Jan 2008 16:59:06 346 360 A.... "C:\Program Files\Steam\vstdlib_s.dll"
12 Jan 2008 16:59:06 206 072 A.... "C:\Program Files\Steam\GameOverlayRenderer.dll"
12 Jan 2008 16:59:08 1 008 888 A.... "C:\Program Files\Steam\GameOverlayUI.exe"
12 Jan 2008 17:00:00 540 672 A.... "C:\Program Files\Steam\mss32_s.dll"
19 Jan 2008 20:18:48 78 958 A.... "C:\Program Files\Lop SD\Uninstal.exe"
22 Nov 2007 20:39:38 136 704 A.... "C:\Program Files\Lop SD\catchme.exe"
13 Jan 2008 22:57:04 4 803 A.... "C:\Program Files\Lop SD\RegLop.reg"
19 Jan 2008 20:19:22 1 784 A.... "C:\Program Files\Lop SD\paths.bat"
5 Dec 2007 20:17:00 65 536 A.... "C:\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\Setup.exe"
5 Dec 2007 20:17:00 46 080 A.... "C:\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\Setup.exe"
28 Nov 2007 18:20:30 294 912 A.... "C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe"
28 Nov 2007 18:25:00 1 951 556 A.... "C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\ISSetup.dll"
2 Jan 2008 2:01:12 380 928 A.... "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\_setup.dll"
28 Nov 2007 18:24:06 100 693 A.... "C:\Program Files\Yahoo!\common\unyt.exe"
19 Jan 2008 19:23:42 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
12 Dec 2007 2:54:12 1 492 A.... "C:\Program Files\eMule\config\load_index.dat"
12 Dec 2007 2:54:12 12 A.... "C:\Program Files\eMule\config\src_index.dat"
12 Dec 2007 2:54:12 28 A.... "C:\Program Files\eMule\config\key_index.dat"
12 Dec 2007 2:54:12 23 A.... "C:\Program Files\eMule\config\preferencesKad.dat"
12 Dec 2007 17:33:40
Maijin
Messages postés
1385
Date d'inscription
lundi 1 octobre 2007
Statut
Membre
Dernière intervention
28 juin 2009
351
19 janv. 2008 à 21:45
19 janv. 2008 à 21:45
FAIT plutôt ce qui est écrit plus haut
SDFix: Version 1.129
Run by miss_tos_eliana on 19/01/2008 at 22:25
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\MISS_T~1.ACE\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\MISS_T~1.ACE\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 22:31:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\WINDOWS\\System32\\LEXPPS.EXE"="C:\\WINDOWS\\System32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Eliana.ACER-73356C3771.001\\Local Settings\\Temporary Internet Files\\Content.IE5\\DINW252L\\incredimail_install[1].exe"="C:\\Documents and Settings\\Eliana.ACER-73356C3771.001\\Local Settings\\Temporary Internet Files\\Content.IE5\\DINW252L\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\MISS_T~1.ACE\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MISS_T~1.ACE\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\MISS_T~1.ACE\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 17 Mar 2007 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 11 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 11 Feb 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
Fri 20 Apr 2007 4,158 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\493c50fe9f23ee81559d491f3f423dc0\BIT79.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6658f544763a012c23109e05e811db81\BIT7A.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c728fd35e0fbfbad19770aaa8086c1e4\BIT7B.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3a2cc8348b523d553ab91932959586ed\BIT89.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\15d6b6128783c0ae74d81b31766420a0\BIT8A.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\656b7e612f38bc403dcef9ecb255273d\BIT8B.tmp"
Thu 20 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 9 May 2006 401 A..H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv1lic.bak"
Sat 11 Feb 2006 4,348 ...H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv1key.bak"
Tue 9 May 2006 1,536 A..H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv2lic.bak"
Sat 11 Feb 2006 312 ...H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv2key.bak"
Tue 9 May 2006 401 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv1lic.bak"
Sat 11 Feb 2006 4,348 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv1key.bak"
Tue 9 May 2006 1,536 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv2lic.bak"
Sat 11 Feb 2006 312 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv2key.bak"
Finished!
Run by miss_tos_eliana on 19/01/2008 at 22:25
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\MISS_T~1.ACE\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\MISS_T~1.ACE\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 22:31:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\WINDOWS\\System32\\LEXPPS.EXE"="C:\\WINDOWS\\System32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Eliana.ACER-73356C3771.001\\Local Settings\\Temporary Internet Files\\Content.IE5\\DINW252L\\incredimail_install[1].exe"="C:\\Documents and Settings\\Eliana.ACER-73356C3771.001\\Local Settings\\Temporary Internet Files\\Content.IE5\\DINW252L\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\MISS_T~1.ACE\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MISS_T~1.ACE\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\MISS_T~1.ACE\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 17 Mar 2007 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 11 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 11 Feb 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
Fri 20 Apr 2007 4,158 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\493c50fe9f23ee81559d491f3f423dc0\BIT79.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6658f544763a012c23109e05e811db81\BIT7A.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c728fd35e0fbfbad19770aaa8086c1e4\BIT7B.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3a2cc8348b523d553ab91932959586ed\BIT89.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\15d6b6128783c0ae74d81b31766420a0\BIT8A.tmp"
Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\656b7e612f38bc403dcef9ecb255273d\BIT8B.tmp"
Thu 20 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 9 May 2006 401 A..H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv1lic.bak"
Sat 11 Feb 2006 4,348 ...H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv1key.bak"
Tue 9 May 2006 1,536 A..H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv2lic.bak"
Sat 11 Feb 2006 312 ...H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv2key.bak"
Tue 9 May 2006 401 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv1lic.bak"
Sat 11 Feb 2006 4,348 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv1key.bak"
Tue 9 May 2006 1,536 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv2lic.bak"
Sat 11 Feb 2006 312 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv2key.bak"
Finished!
J'ai redemarré mon ordi en mode sans echec, comme conseillé ci dessus, mais en appuyant sur Y, il ne s'est rien passé.
Quand vous faisiez l'analyse, cela vous prenait combien de temps (pour ceux qui ont reussi) ?
Quand vous faisiez l'analyse, cela vous prenait combien de temps (pour ceux qui ont reussi) ?
cyril307
Messages postés
18
Date d'inscription
dimanche 20 janvier 2008
Statut
Membre
Dernière intervention
20 janvier 2009
1
20 janv. 2008 à 01:19
20 janv. 2008 à 01:19
bonjour
meme manip que tout le monde dont voici le rapport
DFix: Version 1.129
Run by cyril-titi on 20/01/2008 at 01:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\CYRIL-~1\Bureau\Sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 01:12:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\CYRIL-~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CYRIL-~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 26 Dec 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Wed 26 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 19 Jan 2008 41,724 A.SH. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006258.exe"
Tue 15 Jan 2008 140,800 A.SH. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006259.exe"
Sat 19 Jan 2008 6,656 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006399.exe"
Sat 19 Jan 2008 1,024 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006400.sys"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT5.tmp"
Sat 19 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
meme manip que tout le monde dont voici le rapport
DFix: Version 1.129
Run by cyril-titi on 20/01/2008 at 01:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\CYRIL-~1\Bureau\Sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 01:12:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\CYRIL-~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CYRIL-~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 26 Dec 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Wed 26 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 19 Jan 2008 41,724 A.SH. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006258.exe"
Tue 15 Jan 2008 140,800 A.SH. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006259.exe"
Sat 19 Jan 2008 6,656 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006399.exe"
Sat 19 Jan 2008 1,024 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006400.sys"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT5.tmp"
Sat 19 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Jai eu egalement le meme probleme
j ai commencé par suivre les conseil d un certain laurent avec msn fic et cleaner
ca mlarchait bien puis virus est revenu
Jai donc suivi vos coneil avec sd fix et voici le rapport
SDFix: Version 1.129
Run by Administrateur on
20/01/2008 at 10:12
Microsoft Windows XP [version
5.1.2600]
Running From:
C:\DOCUME~1\Administrateur\Bureau\
SDFix
Safe Mode:
Checking Services:
C:\WINDOWS\system32\Microsoft\back
up.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\back
up.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.e
xe
C:\WINDOWS\system32\dllcache\tftp.
exe
Files copied to SDFix\Backups
Restoring files if backups are
found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\back
up.tftp
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.
exe
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\dllcache\ftp.e
xe
Infected ip6fw.sys Found!
ip6fw.sys File Locations:
"C:\WINDOWS\system32\DllCache\ip6f
w.sys" 29056 03/08/2004 22:00
"C:\WINDOWS\system32\drivers\ip6fw
.sys" 29056 03/08/2004 22:00
Infected File Listed Below:
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM
File copied to Backups Folder
Attempting to replace ip6fw.sys
with original version...
Unable To Replace Infected File!
Restoring Windows Registry Values
Restoring Windows Default Hosts
File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
C:\DOCUME~1\Administrateur\Local
Settings\Temp\services.exe -
Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp -
Deleted
C:\WINDOWS\system32\Microsoft\back
up.tftp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista -
rootkit/stealth malware detector
by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 10:17:06
Windows 5.1.2600 Service Pack 2
NTFS
scanning hidden processes ...
scanning hidden services & system
hive ...
scanning hidden registry entries
...
source file error: C:\Documents
and
Settings\Administrateur\ntuser.dat
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\current
controlset\services\sharedaccess\p
arameters\firewallpolicy\standardp
rofile\authorizedapplications\list
]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe:*
:enabled:@xpsp2res.dll,-22019"
"C:\\Program
Files\\Skype\\Phone\\Skype.exe"="C
:\\Program
Files\\Skype\\Phone\\Skype.exe:*:E
nabled:Skype"
"C:\\Program
Files\\Logitech\\Desktop
Messenger\\8876480\\Program\\Logit
echDesktopMessenger.exe"="C:\\Prog
ram Files\\Logitech\\Desktop
Messenger\\8876480\\Program\\Logit
echDesktopMessenger.exe:*:Enabled:
Logitech Desktop Messenger"
"C:\\Program
Files\\NewsBin\\nbpro.exe"="C:\\Pr
ogram
Files\\NewsBin\\nbpro.exe:*:Enable
d:Newsbin"
"C:\\DOCUME~1\\Administrateur\\Loc
al
Settings\\Temp\\services.exe"="C:\
\DOCUME~1\\Administrateur\\Local
Settings\\Temp\\services.exe:*:Ena
bled:Flash Player2"
"C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe"="C:\
\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe:*:Ena
bled:Windows Live Messenger"
"C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe"="C:
\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:En
abled:Windows Live Messenger
(Phone)"
[HKEY_LOCAL_MACHINE\system\current
controlset\services\sharedaccess\p
arameters\firewallpolicy\domainpro
file\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe:*
:enabled:@xpsp2res.dll,-22019"
"C:\\Program
Files\\Logitech\\Desktop
Messenger\\8876480\\Program\\Logit
echDesktopMessenger.exe"="C:\\Prog
ram Files\\Logitech\\Desktop
Messenger\\8876480\\Program\\Logit
echDesktopMessenger.exe:*:Enabled:
Logitech Desktop Messenger"
"C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe"="C:\
\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe:*:Ena
bled:Windows Live Messenger"
"C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe"="C:
\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:En
abled:Windows Live Messenger
(Phone)"
Remaining Files:
---------------
File Backups: -
C:\DOCUME~1\Administrateur\Bureau\
SDFix\backups\backups.zip
Files with Hidden Attributes:
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM
Finished!
DITES MOI JE VOUS EN SUPPLI QUE TOUT VA RENTRER DANS L ORDRE CAR JE N EN PEUT PLUS !
Et si ca marche et bien je vous en remercie de tout coeur je ne saurai pas toruver less mots pour vous dire combien je vous sui reconnaissante !
a tres vite (enfin juste pour discuter pas pour résoudre un nouveau virus!)
Bon we !
j ai commencé par suivre les conseil d un certain laurent avec msn fic et cleaner
ca mlarchait bien puis virus est revenu
Jai donc suivi vos coneil avec sd fix et voici le rapport
SDFix: Version 1.129
Run by Administrateur on
20/01/2008 at 10:12
Microsoft Windows XP [version
5.1.2600]
Running From:
C:\DOCUME~1\Administrateur\Bureau\
SDFix
Safe Mode:
Checking Services:
C:\WINDOWS\system32\Microsoft\back
up.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\back
up.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.e
xe
C:\WINDOWS\system32\dllcache\tftp.
exe
Files copied to SDFix\Backups
Restoring files if backups are
found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\back
up.tftp
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.
exe
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\dllcache\ftp.e
xe
Infected ip6fw.sys Found!
ip6fw.sys File Locations:
"C:\WINDOWS\system32\DllCache\ip6f
w.sys" 29056 03/08/2004 22:00
"C:\WINDOWS\system32\drivers\ip6fw
.sys" 29056 03/08/2004 22:00
Infected File Listed Below:
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM
File copied to Backups Folder
Attempting to replace ip6fw.sys
with original version...
Unable To Replace Infected File!
Restoring Windows Registry Values
Restoring Windows Default Hosts
File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM - Deleted
C:\DOCUME~1\Administrateur\Local
Settings\Temp\services.exe -
Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp -
Deleted
C:\WINDOWS\system32\Microsoft\back
up.tftp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista -
rootkit/stealth malware detector
by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 10:17:06
Windows 5.1.2600 Service Pack 2
NTFS
scanning hidden processes ...
scanning hidden services & system
hive ...
scanning hidden registry entries
...
source file error: C:\Documents
and
Settings\Administrateur\ntuser.dat
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\current
controlset\services\sharedaccess\p
arameters\firewallpolicy\standardp
rofile\authorizedapplications\list
]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe:*
:enabled:@xpsp2res.dll,-22019"
"C:\\Program
Files\\Skype\\Phone\\Skype.exe"="C
:\\Program
Files\\Skype\\Phone\\Skype.exe:*:E
nabled:Skype"
"C:\\Program
Files\\Logitech\\Desktop
Messenger\\8876480\\Program\\Logit
echDesktopMessenger.exe"="C:\\Prog
ram Files\\Logitech\\Desktop
Messenger\\8876480\\Program\\Logit
echDesktopMessenger.exe:*:Enabled:
Logitech Desktop Messenger"
"C:\\Program
Files\\NewsBin\\nbpro.exe"="C:\\Pr
ogram
Files\\NewsBin\\nbpro.exe:*:Enable
d:Newsbin"
"C:\\DOCUME~1\\Administrateur\\Loc
al
Settings\\Temp\\services.exe"="C:\
\DOCUME~1\\Administrateur\\Local
Settings\\Temp\\services.exe:*:Ena
bled:Flash Player2"
"C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe"="C:\
\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe:*:Ena
bled:Windows Live Messenger"
"C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe"="C:
\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:En
abled:Windows Live Messenger
(Phone)"
[HKEY_LOCAL_MACHINE\system\current
controlset\services\sharedaccess\p
arameters\firewallpolicy\domainpro
file\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe:*
:enabled:@xpsp2res.dll,-22019"
"C:\\Program
Files\\Logitech\\Desktop
Messenger\\8876480\\Program\\Logit
echDesktopMessenger.exe"="C:\\Prog
ram Files\\Logitech\\Desktop
Messenger\\8876480\\Program\\Logit
echDesktopMessenger.exe:*:Enabled:
Logitech Desktop Messenger"
"C:\\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe"="C:\
\Program Files\\Windows
Live\\Messenger\\msnmsgr.exe:*:Ena
bled:Windows Live Messenger"
"C:\\Program Files\\Windows
Live\\Messenger\\livecall.exe"="C:
\\Program Files\\Windows
Live\\Messenger\\livecall.exe:*:En
abled:Windows Live Messenger
(Phone)"
Remaining Files:
---------------
File Backups: -
C:\DOCUME~1\Administrateur\Bureau\
SDFix\backups\backups.zip
Files with Hidden Attributes:
Impossible d'ex‚cuter
C:\DOCUME~1\ADMINISTRATEUR\BUREAU\
SDFIX\APPS\LOCATE.COM
Finished!
DITES MOI JE VOUS EN SUPPLI QUE TOUT VA RENTRER DANS L ORDRE CAR JE N EN PEUT PLUS !
Et si ca marche et bien je vous en remercie de tout coeur je ne saurai pas toruver less mots pour vous dire combien je vous sui reconnaissante !
a tres vite (enfin juste pour discuter pas pour résoudre un nouveau virus!)
Bon we !
Bonjour, ayant le même probème j'ai suivi la procédure ci-dessus.(merci)
Voila le rapport:
SDFix: Version 1.129
Run by Compaq_Propri‚taire on 20/01/2008 at 10:12
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\addon.dat - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b14?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 10:22:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:3d7f6cd9
"s2"=dword:a3af3d0c
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cc,b3,74,50,d9,12,f0,f8,20,b8,3b,8c,22,48,84,08,29,20,53,ac,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,5f,8b,a1,fe,9a,5c,dd,91,ea,34,e1,ef,17,88,2f,17,..
"khjeh"=hex:fe,1b,01,b3,38,c9,c4,d6,a8,91,a7,55,09,a2,15,b6,16,53,a2,e1,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d2,01,6a,24,b8,0e,ef,55,c0,55,55,12,66,74,78,85,5a,ff,43,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cc,b3,74,50,d9,12,f0,f8,20,b8,3b,8c,22,48,84,08,29,20,53,ac,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,5f,8b,a1,fe,9a,5c,dd,91,ea,34,e1,ef,17,88,2f,17,..
"khjeh"=hex:fe,1b,01,b3,38,c9,c4,d6,a8,91,a7,55,09,a2,15,b6,16,53,a2,e1,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d2,01,6a,24,b8,0e,ef,55,c0,55,55,12,66,74,78,85,5a,ff,43,75,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120% (Trial Version)"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 58
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 23 Jun 2007 218 A.SHR --- "C:\BOOT.BAK"
Thu 5 Aug 2004 1,150,053 ...H. --- "C:\Program Files\fx2000\winfox32.exe"
Sun 3 Sep 2006 32 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Sat 10 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 17 Jul 2007 278,528 A.SH. --- "C:\Documents and Settings\Compaq_Propri‚taire\Local Settings\Temp\~rnsetup\pncrt.dll"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\035933f8200812cad539195e91cbe107\BIT69.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1369c6d3d1e461b8f6eb4aab4a0a2c8a\BIT58.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\15adc2524e94dfdbb0290c0f6b64f81a\BIT89.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\175fcb601eafb4c2ac2a80afd20179a4\BIT65.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20b3cabb260cb882b3d8b497abda1f71\BIT56.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2188236ebfb773be9367bf47c988d6f4\BIT83.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2922e248dc4a80f30a47f8b5c778e508\BIT64.tmp"
Sat 10 Feb 2007 5,629,208 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2bf5fa7530b3dc625e3bc850faa4f61f\BIT53.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\333cef8fb3a3826b395bbbf1bc9cc952\BIT5F.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\43b6a33ce0cc0d9f775487c3b03ab6aa\BIT8F.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\46b6215de5d83b8828fa6f76b79196ef\BIT5D.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5224af626898b31ba0c7476966921e26\BIT68.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\53a3a14f74503141a8462ffdac5b76db\BIT98.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\60e05582324722f8544d6085e0e80928\BIT95.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\652df4481e78cf8db95f337e5e6fd06c\BIT8C.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\75b33b4a04c484cff6a32aee5a3eeba8\BIT96.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\920a938ef1f0fd127b387b35bb459ddd\BIT5E.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\BIT99.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\96323f4b2477b2d772cfb04f3513215f\BIT88.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e0d35b1a9afd12850e9b854d046f6d\BIT63.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\BIT55.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\982e3592e6cb28f674d1d6319523b1b9\BIT87.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9d141fe443dceca575dc6e6f2f0eca89\BIT61.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b2b9feec5d877dde28227c507e3c9f03\BIT5C.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bdbc2001decde12012366b57c981e5e9\BIT8B.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\be5406dd83b313de669f120c86c4b9f5\BIT9B.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\BIT8A.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c2c90d07259878f31cc0a433c5f7cbdb\BIT59.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c40c0e3d7dcfb5be7fb7777a31340af0\BIT8E.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c431dc4bbdccd59d7eec2075c4336ebf\BIT57.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d34105cbc07cfc82a840c12d5e028679\BIT8D.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d50db80046c205ad16f51b74e13487ba\BIT62.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\de3f6fa0352b869c41bbf510291a7322\BIT66.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eabe1622973d561afb591ab24f972644\BIT91.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eb54cd851acca1509d7ffb5dc4f80842\BIT5A.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ec6f8a1f8a53fe527617657a69254313\BIT67.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ee1608e4453bf012111368b651f3cf15\BIT97.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f3e7858db8ebf255ea0c4b70d83969b2\BIT60.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fda4a07ab7a56c6d4616537d15334ad6\BIT5B.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\087c95038fa0513bb8de57c8b3f3084d\download\BITA0.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0d7569a279576eea9ab33afe1d3e51f7\download\BITA1.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1059f9fa18db5c659dd880c6bde1acd8\download\BIT9F.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4042804c2a776995a3f497dfcca87fe6\download\BIT9D.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\602bff9cd5e4a4e7039bbbe857eb7ff2\download\BIT86.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b039f22f4555a9e0b76dac38b519972\download\BITA4.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8a7f7c98df0a30ead57d10a0a13cfc46\download\BIT9C.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\94dd5c86d2211543a830b2de82b24440\download\BITA3.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\967887277fa6d2b1bc642d5a1b513174\download\BIT9E.tmp"
Tue 12 Apr 2005 2,824,742 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a784624f51e504c24fcaaa117668f3b6\download\BIT54.tmp"
Finished!
Voila le rapport:
SDFix: Version 1.129
Run by Compaq_Propri‚taire on 20/01/2008 at 10:12
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\addon.dat - Deleted
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b14?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 10:22:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:3d7f6cd9
"s2"=dword:a3af3d0c
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cc,b3,74,50,d9,12,f0,f8,20,b8,3b,8c,22,48,84,08,29,20,53,ac,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,5f,8b,a1,fe,9a,5c,dd,91,ea,34,e1,ef,17,88,2f,17,..
"khjeh"=hex:fe,1b,01,b3,38,c9,c4,d6,a8,91,a7,55,09,a2,15,b6,16,53,a2,e1,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d2,01,6a,24,b8,0e,ef,55,c0,55,55,12,66,74,78,85,5a,ff,43,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cc,b3,74,50,d9,12,f0,f8,20,b8,3b,8c,22,48,84,08,29,20,53,ac,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b1,5f,8b,a1,fe,9a,5c,dd,91,ea,34,e1,ef,17,88,2f,17,..
"khjeh"=hex:fe,1b,01,b3,38,c9,c4,d6,a8,91,a7,55,09,a2,15,b6,16,53,a2,e1,47,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d2,01,6a,24,b8,0e,ef,55,c0,55,55,12,66,74,78,85,5a,ff,43,75,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120% (Trial Version)"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 58
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
"C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 23 Jun 2007 218 A.SHR --- "C:\BOOT.BAK"
Thu 5 Aug 2004 1,150,053 ...H. --- "C:\Program Files\fx2000\winfox32.exe"
Sun 3 Sep 2006 32 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Sat 10 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 17 Jul 2007 278,528 A.SH. --- "C:\Documents and Settings\Compaq_Propri‚taire\Local Settings\Temp\~rnsetup\pncrt.dll"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\035933f8200812cad539195e91cbe107\BIT69.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1369c6d3d1e461b8f6eb4aab4a0a2c8a\BIT58.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\15adc2524e94dfdbb0290c0f6b64f81a\BIT89.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\175fcb601eafb4c2ac2a80afd20179a4\BIT65.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20b3cabb260cb882b3d8b497abda1f71\BIT56.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2188236ebfb773be9367bf47c988d6f4\BIT83.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2922e248dc4a80f30a47f8b5c778e508\BIT64.tmp"
Sat 10 Feb 2007 5,629,208 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2bf5fa7530b3dc625e3bc850faa4f61f\BIT53.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\333cef8fb3a3826b395bbbf1bc9cc952\BIT5F.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\43b6a33ce0cc0d9f775487c3b03ab6aa\BIT8F.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\46b6215de5d83b8828fa6f76b79196ef\BIT5D.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5224af626898b31ba0c7476966921e26\BIT68.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\53a3a14f74503141a8462ffdac5b76db\BIT98.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\60e05582324722f8544d6085e0e80928\BIT95.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\652df4481e78cf8db95f337e5e6fd06c\BIT8C.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\75b33b4a04c484cff6a32aee5a3eeba8\BIT96.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\920a938ef1f0fd127b387b35bb459ddd\BIT5E.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\BIT99.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\96323f4b2477b2d772cfb04f3513215f\BIT88.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e0d35b1a9afd12850e9b854d046f6d\BIT63.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\BIT55.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\982e3592e6cb28f674d1d6319523b1b9\BIT87.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9d141fe443dceca575dc6e6f2f0eca89\BIT61.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b2b9feec5d877dde28227c507e3c9f03\BIT5C.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bdbc2001decde12012366b57c981e5e9\BIT8B.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\be5406dd83b313de669f120c86c4b9f5\BIT9B.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\BIT8A.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c2c90d07259878f31cc0a433c5f7cbdb\BIT59.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c40c0e3d7dcfb5be7fb7777a31340af0\BIT8E.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c431dc4bbdccd59d7eec2075c4336ebf\BIT57.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d34105cbc07cfc82a840c12d5e028679\BIT8D.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d50db80046c205ad16f51b74e13487ba\BIT62.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\de3f6fa0352b869c41bbf510291a7322\BIT66.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eabe1622973d561afb591ab24f972644\BIT91.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eb54cd851acca1509d7ffb5dc4f80842\BIT5A.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ec6f8a1f8a53fe527617657a69254313\BIT67.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ee1608e4453bf012111368b651f3cf15\BIT97.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f3e7858db8ebf255ea0c4b70d83969b2\BIT60.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fda4a07ab7a56c6d4616537d15334ad6\BIT5B.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\087c95038fa0513bb8de57c8b3f3084d\download\BITA0.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0d7569a279576eea9ab33afe1d3e51f7\download\BITA1.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1059f9fa18db5c659dd880c6bde1acd8\download\BIT9F.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4042804c2a776995a3f497dfcca87fe6\download\BIT9D.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\602bff9cd5e4a4e7039bbbe857eb7ff2\download\BIT86.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b039f22f4555a9e0b76dac38b519972\download\BITA4.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8a7f7c98df0a30ead57d10a0a13cfc46\download\BIT9C.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\94dd5c86d2211543a830b2de82b24440\download\BITA3.tmp"
Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\967887277fa6d2b1bc642d5a1b513174\download\BIT9E.tmp"
Tue 12 Apr 2005 2,824,742 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a784624f51e504c24fcaaa117668f3b6\download\BIT54.tmp"
Finished!
Bonjour, j'ai aussi le virus, pendant que j'étais en mode sans echec dans l'ecran noir ( désolé de la précision ) il me dit Accès refusé trois fois, j'éspère que ça à tout de même marcher :/
Voici le Report.Txt
SDFix: Version 1.129
Run by C‚cile on 20/01/2008 at 10:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted
C:\DOCUME~1\CCILE~1\LOCALS~1\Temp\services.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 10:20:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\Cécile\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 119
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Securitoo\\av_fw\\backweb\\1044199\\Program\\backWeb-1044199.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\1044199\\Program\\backWeb-1044199.exe:*:Disabled:backWeb-1044199"
"C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
"C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\ipconfig.exe"="C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\ipconfig.exe:*:Enabled:Slave"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 8 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 9 Jul 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Sun 15 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ae178a19c6b7c7d3db0eb0aa49460b31\BIT30.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8426e25532eb668f59dd4d969b4a550\BIT1E.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8e1092e4a07bde9d108020eaac84239\BIT2F.tmp"
Finished!
Comment vérifier si c'est bon ?
Merci x)
Voici le Report.Txt
SDFix: Version 1.129
Run by C‚cile on 20/01/2008 at 10:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted
C:\DOCUME~1\CCILE~1\LOCALS~1\Temp\services.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 10:20:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\Cécile\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 119
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\Securitoo\\av_fw\\backweb\\1044199\\Program\\backWeb-1044199.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\1044199\\Program\\backWeb-1044199.exe:*:Disabled:backWeb-1044199"
"C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
"C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\ipconfig.exe"="C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\ipconfig.exe:*:Enabled:Slave"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 8 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 9 Jul 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Sun 15 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ae178a19c6b7c7d3db0eb0aa49460b31\BIT30.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8426e25532eb668f59dd4d969b4a550\BIT1E.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8e1092e4a07bde9d108020eaac84239\BIT2F.tmp"
Finished!
Comment vérifier si c'est bon ?
Merci x)
