J'ai le virus: c'est pas toi, que faire.??

Résolu
Mitsuka Messages postés 4 Statut Membre -  
 miguelito -
Bonjour,
J'ai le virus "c'est pas toi" qui tourne en se moment sur msn
mon anti-virus "avast" n'a pas réagis.
J'ai donc etais sur ce forum et suivis les quelques instructions que j'avais trouver, malgré le nombre incalculable de scan avec AVG, ou de nettoyage avec CCleaner j'ai encore ce virus.
S'il vous plait, si vous savez comment faire ca m'arrangerai.

Merci
Configuration: Windows XP
Internet Explorer 7.0

105 réponses

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
Résumé de la discussion

Une infection de type « virus MSN » touche Windows XP et passe inaperçue aux détections d Avast, entraînant des difficultés pour nettoyer le système malgré de nombreux scans. Des intervenants recommandent des outils spécialisés, notamment SDFix et GMER, pour vérifier les services, les fichiers et le registre, puis supprimer les fichiers trojans et remettre à zéro les paramètres réseau et le fichier hosts. Plusieurs utilisateurs rapportent des résultats concrets avec des fichiers détectés puis supprimés, et une restauration progressive du fonctionnement normal de MSN, selon les rapports des outils SDFix et MSNFix. En cas de récidive, l'utilisation ciblée des sauvegardes système et des scans complémentaires peut prévenir une réinfection et aider à rétablir les services réseau et les applications impactées.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    0
  2. Mitsuka Messages postés 4 Statut Membre
     
    SDFix: Version 1.127

    Run by Charlotte on 18/01/2008 at 18:55

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\CHARLO~1\Bureau\NOUVEA~1\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Program Files\Temporary\kernInst.exe - Deleted
    C:\DOCUME~1\CHARLO~1\LOCALS~1\Temp\services.exe - Deleted
    C:\WINDOWS\17PHolmes*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe.tmp - Deleted

    Folder C:\Program Files\Dot1XCfg - Removed
    Folder C:\Program Files\Temporary - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-18 18:58:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters]
    "VideoInitTime"=dword:00000c54
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Watchdog\Display]
    "ShutdownCount"=dword:00000029
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_1180&DEV_0822&SUBSYS_01F51028&REV_19\4&1a4c5809&0&08A4\LogConf]
    "BasicConfigVector"=hex(a):a8,00,00,00,05,00,00,00,08,00,00,00,01,00,00,00,00,00,00,00,00,..
    "BootConfig"=hex(8):01,00,00,00,05,00,00,00,08,00,00,00,01,00,01,00,02,00,00,00,03,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_1180&DEV_0843&SUBSYS_01F51028&REV_01\4&1a4c5809&0&09A4\LogConf]
    "BasicConfigVector"=hex(a):a8,00,00,00,05,00,00,00,08,00,00,00,21,00,00,00,00,00,00,00,00,..
    "BootConfig"=hex(8):01,00,00,00,05,00,00,00,08,00,00,00,01,00,01,00,02,00,00,00,03,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ERSvc]
    "Start"=dword:00000004
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\helpsvc]
    "Start"=dword:00000003
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lanmanserver\parameters]
    "AutoShareWks"=dword:00000000
    "AutoShareServer"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SamSs]
    "Start"=dword:00000003
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Epoch]
    "Epoch"=dword:00000254
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SynTP\Parameters]
    "DetectTimeMS"=dword:000002b1
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EA4BF9DF-1591-46AD-A807-1D6C45B333C0}]
    "LeaseObtainedTime"=dword:4790de98
    "T1"=dword:47918758
    "T2"=dword:479205e8
    "LeaseTerminatesTime"=dword:47923018
    "DhcpRetryTime"=dword:0000a8bb
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wscsvc]
    "Start"=dword:00000004
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{EA4BF9DF-1591-46AD-A807-1D6C45B333C0}\Parameters\Tcpip]
    "LeaseObtainedTime"=dword:4790de98
    "T1"=dword:47918758
    "T2"=dword:479205e8
    "LeaseTerminatesTime"=dword:47923018

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
    "ProfileLoadTimeLow"=dword:c7862118
    "ProfileLoadTimeHigh"=dword:01c859f5
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
    "RefCount"=dword:00000003

    scanning hidden files ...

    C:\WINDOWS\pchealth\helpctr\System\DFS\privacy.htm 3354 bytes
    C:\WINDOWS\pchealth\helpctr\System\DFS\uplddrvinfo.htm 33722 bytes
    C:\WINDOWS\pchealth\helpctr\System\DFS\viewmode.xml 274 bytes
    C:\WINDOWS\pchealth\helpctr\System\DFS\xmldialog.htm 966 bytes
    C:\WINDOWS\pchealth\helpctr\System\DFS\xmldisplay.xsl 11750 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 138

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\DOCUME~1\\CHARLO~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CHARLO~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\CHARLO~1\Bureau\NOUVEA~1\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Finished!

    Voila, j'ai fait tout ce que tu m'avais dis... il se passe quoi maintenant?
    0
    1. Genius
       
      SDFix: Version 1.131

      Run by Audrey on 26/01/2008 at 13:54

      Microsoft Windows XP [version 5.1.2600]

      Running From: C:\DOCUME~1\Audrey\Bureau\SDFix

      Safe Mode:
      Checking Services:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting...


      Normal Mode:
      Checking Files:

      Trojan Files Found:

      C:\Documents and Settings\Audrey\Application Data\addon.dat - Deleted



      Folder C:\Program Files\Bifrost - Removed


      Removing Temp Files...

      ADS Check:

      C:\WINDOWS
      :BZ-VIRTUAL-LINK 0
      Total size: 0 bytes.

      WINDOWS: deleted 0 bytes in 1 streams.

      Checking for remaining Streams

      C:\WINDOWS
      No streams found.

      C:\WINDOWS\explorer.exe
      No streams found.

      C:\WINDOWS\system32
      :BZ-VIRTUAL-LINK 0
      Total size: 0 bytes.

      system32: deleted 0 bytes in 1 streams.

      Checking for remaining Streams

      C:\WINDOWS\system32
      No streams found.

      C:\WINDOWS\system32\svchost.exe
      No streams found.

      C:\WINDOWS\system32\ntoskrnl.exe
      No streams found.



      Final Check:

      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-26 14:03:22
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\7971f918-a847-4430-9279-4a52d1efe18d]
      "CurrentCacheFile"="C:\WINDOWS\SoftwareDistribution\EventCache\{92EB66FF-7774-4C7E-BCAE-72781812CA68}.bin"

      scanning hidden files ...


      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 656


      Remaining Services:
      ------------------



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
      "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
      "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
      "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
      "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
      "C:\\DOCUME~1\\Audrey\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Audrey\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
      "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
      "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

      Remaining Files:
      ---------------

      File Backups: - C:\DOCUME~1\Audrey\Bureau\SDFix\backups\backups.zip

      Files with Hidden Attributes:

      Mon 24 Apr 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
      Wed 20 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
      Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COH32LU.reg"
      Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COHDLU.reg"

      Finished!


      C'est bon ? Tout est clean ? En tout cas merci pour tes conseil. ;)
      0
  3. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
     
    essaye normalement ça devrait remarcher non?
    0
  4. Mitsuka Messages postés 4 Statut Membre
     
    ouiiii merciii ^^

    :)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. boob's-75
     
    Slt tout le monde voila moi aussi j'ai ce problème qui persiste j’étais sur MSN et tout a coup un de mes contact m'envoi un message avec un lien et mon adresse MSN j'ouvre et c'était un Ga que je ne connaissais pas donc je ferme et la mon ordi ce met a délire tout seul personnes ne pourrai m'aider svp mais si la solution la plus simple pour enlève ce virus vous Vien a l'esprit dite me le svp par ce que je suis très nul en informatique
    0
  7. TITOO
     
    BONJOUR moi j'ai fait la meme chose que Mitsuka et voia le rapport
    Run by admin on 19/01/2008 at 11:09

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\DOCUME~1\Cyprien\LOCALS~1\Temp\services.exe - Deleted
    C:\WINDOWS\mrofinu*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe.tmp - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 11:16:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 69

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\World of Warcraft\\WoW.exe"="C:\\Program Files\\World of Warcraft\\WoW.exe:*:Enabled:World of Warcraft"
    "C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:World of Warcraft - Repair"
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"="C:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe:*:Enabled:W40kWA"
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.12.6546-to-2.1.0.6692-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\DOCUME~1\\Cyprien\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Cyprien\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Thu 26 Jan 2006 4,126,240 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Mon 29 Aug 2005 121,240 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1CheckW40k.EXE"
    Sat 20 Aug 2005 121,237 A..HR --- "C:\Program Files\THQ\Dawn Of War\Disk1Check.EXE"

    Finished!

    Sui je guérit docteur???
    0
  8. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
     
    Ca marche ce coup ci?
    0
  9. jangofett76 Messages postés 144 Statut Membre 21
     
    slt j'ai le même problème que vous donc j'essaye la méthode et je vous confirme si ça marche
    0
  10. jangofett76 Messages postés 144 Statut Membre 21
     
    cette méthode marche nikel, j'ai retrouvé msn
    0
  11. Xia
     
    Voila le rapport

    SDFix: Version 1.129

    Run by soizic on 19/01/2008 at 16:03

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\DOCUME~1\soizic\LOCALS~1\Temp\services.exe - Deleted
    C:\WINDOWS\17PHolmes*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe.tmp - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 16:15:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 2929

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
    "C:\\WINDOWS\\AdobeR.exe"="C:\\WINDOWS\\AdobeR.exe:*:Disabled:AdobeR"
    "C:\\DOCUME~1\\soizic\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\soizic\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Thu 26 Jan 2006 4,126,240 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Sat 1 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 30 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\21c885a593b3aea69d4a95ec1bfc46d4\BIT9.tmp"
    Sat 19 Jan 2008 3,555,440 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ac16e878b3eb65a8615fd9bf20cdf4df\BITA.tmp"
    Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf719f1d7800c04efd4b1796edb2edc3\BITB.tmp"

    Finished!
    0
  12. noun
     
    et si rien ne se passe quand on appuie sur Y???
    0
    1. delby
       
      il faut appuyer sur entrée !
      0
  13. mamine
     
    G fé ske ta di, sa avé lair de marcher mais mon antispyxware de bitdefender marche plus, et j'ai encore le virus...

    voila le rapport ke sa a donné!!

    SDFix: Version 1.129

    Run by BABIN_ on 19/01/2008 at 20:20

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    windows mail service

    Path:
    "C:\WINDOWS\mail.exe"

    windows mail service - Deleted

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\DOCUME~1\BABIN_\LOCALS~1\Temp\services.exe - Deleted
    C:\autorun.inf - Deleted
    C:\WINDOWS\mail.exe - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 20:27:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control]
    "WaitToKillServiceTimeout"="7000"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Session Manager\Memory Management\PrefetchParameters]
    "VideoInitTime"=dword:000001f4

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Watchdog\Display]
    "ShutdownCount"=dword:00000250
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDOWS_MAIL_SERVICE]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_WINDOWS_MAIL_SERVICE\0000]
    "Service"="windows mail service"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="windows mail service"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\ESENT]
    "EventMessageFile"=str(2):"C:\WINDOWS\system32\ESENT.dll"
    "CategoryMessageFile"=str(2):"C:\WINDOWS\system32\ESENT.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver\DefaultSecurity]
    "PreviousAnonymousRestriction"=dword:00000001
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver\parameters]
    "AutoShareWks"=dword:00000000
    "AutoShareServer"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanworkstation\parameters]
    "AutoShareWks"=dword:00000000
    "AutoShareServer"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Epoch]
    "Epoch"=dword:000004d0
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{3C85EDBA-9483-4FB0-A872-40A5750B7981}]
    "DhcpRetryTime"=dword:00044398
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\windows mail service]
    "Type"=dword:00000110
    "Start"=dword:00000002
    "ErrorControl"=dword:00000000
    "ImagePath"=str(2):""C:\WINDOWS\mail.exe""
    "DisplayName"="windows mail service"
    "ObjectName"="LocalSystem"
    "FailureActions"=hex:0a,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,..
    "Description"="windows mail service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\windows mail service\Security]
    "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wscsvc]
    "Start"=dword:00000004

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
    "RefCount"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 740

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\DOCUME~1\\BABIN_\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\BABIN_\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Tue 5 Dec 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 28 Aug 2007 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
    Tue 28 Aug 2007 48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
    Tue 5 Dec 2006 4,348 ...H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv1key.bak"
    Fri 31 Aug 2007 20 A..H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv1lic.bak"
    Tue 28 Aug 2007 400 ...H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv2key.bak"
    Fri 31 Aug 2007 1,536 A..H. --- "C:\Documents and Settings\BABIN_\Mes documents\drmv2lic.bak"
    Sun 14 Jan 2007 25,385,984 ...H. --- "C:\Documents and Settings\BABIN_\Mes documents\~WRL1266.tmp"

    Finished!
    0
  14. All star
     
    SDFix: Version 1.129

    Run by ADAM on 19/01/2008 at 21:06

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Documents and Settings\ADAM\Local Settings\Temp\aax52.tmp.exe - Deleted
    C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
    C:\Program Files\Temporary\kernInst.exe - Deleted
    C:\Program Files\Words\list.txt - Deleted
    C:\Program Files\Words\script.txt - Deleted
    C:\Program Files\Words\UnInstall.exe - Deleted
    C:\Program Files\Words\Words.exe - Deleted
    C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
    C:\Documents and Settings\ADAM\new.txt - Deleted
    C:\DOCUME~1\ADAM\LOCALS~1\Temp\services.exe - Deleted
    C:\install\credits.bat - Deleted
    C:\WINDOWS\17PHolmes*.exe - Deleted
    C:\WINDOWS\b12?.exe - Deleted
    C:\WINDOWS\b14?.exe - Deleted
    C:\WINDOWS\mrofinu*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe.tmp - Deleted
    C:\WINDOWS\myalbum*.zip - Deleted

    Folder C:\Program Files\Dot1XCfg - Removed
    Folder C:\Program Files\InetGet2 - Removed
    Folder C:\Program Files\Temporary - Removed
    Folder C:\Program Files\Words - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 21:15:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 690

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\802.11 Wireless LAN\\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\\WlanCU.exe"="C:\\Program Files\\802.11 Wireless LAN\\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\\WlanCU.exe:*:Enabled:Wireless Configuration Utility HW.32"
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
    "E:\\incredimail_install.exe"="E:\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
    "C:\\Documents and Settings\\ADAM\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\ADAM\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
    "C:\\Documents and Settings\\ADAM\\Mes documents\\My Completed Downloads\\incredimail_install.exe"="C:\\Documents and Settings\\ADAM\\Mes documents\\My Completed Downloads\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)"
    "C:\\DOCUME~1\\ADAM\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\ADAM\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Sat 7 Oct 2006 10,022 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Sat 7 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 24 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

    Finished!

    Je vous remerci pour la solution c magique !!!
    a bientot(fin jesper pas pk sinon sa voudrait dire ke jai encore un probleme =D) MERCI
    0
  15. joule33 Messages postés 2 Statut Membre
     
    bonsoir a tous j ai egalement ce virus et j ai fait le rapport que faire maintenant?
    merci pour votre aideSystem Report
    *************

    Run on 19/01/2008 at 21:24

    Microsoft Windows XP [version 5.1.2600]

    Current user is an administrator

    Running Processes:

    \SystemRoot\System32\smss.exe [536]
    \??\C:\WINDOWS\system32\csrss.exe [592]
    \??\C:\WINDOWS\system32\winlogon.exe [628]
    C:\WINDOWS\system32\services.exe [672]
    C:\WINDOWS\system32\lsass.exe [684]
    C:\WINDOWS\system32\Ati2evxx.exe [848]
    C:\WINDOWS\system32\svchost.exe [872]
    C:\WINDOWS\system32\svchost.exe [948]
    C:\WINDOWS\System32\svchost.exe [1004]
    C:\WINDOWS\system32\svchost.exe [1112]
    C:\WINDOWS\system32\svchost.exe [1152]
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [1412]
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe [1628]
    C:\WINDOWS\system32\spoolsv.exe [1940]
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [580]
    C:\WINDOWS\system32\Ati2evxx.exe [900]
    C:\WINDOWS\Explorer.EXE [1376]
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1708]
    C:\WINDOWS\eHome\ehRecvr.exe [1780]
    C:\WINDOWS\eHome\ehSched.exe [1840]
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [720]
    C:\WINDOWS\ehome\ehtray.exe [1084]
    C:\WINDOWS\system32\ctfmon.exe [1268]
    C:\WINDOWS\eHome\ehmsas.exe [1648]
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2240]
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2332]
    C:\WINDOWS\system32\HPZipm12.exe [2556]
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2564]
    C:\WINDOWS\system32\svchost.exe [2600]
    C:\WINDOWS\system32\svchost.exe [2612]
    C:\WINDOWS\BUtilityBar\BisonBar.exe [2728]
    C:\WINDOWS\ehome\mcrdsvc.exe [2796]
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2876]
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2932]
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2944]
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2980]
    C:\WINDOWS\system32\fxssvc.exe [3092]
    C:\Program Files\QuickTime\QTTask.exe [3104]
    C:\Program Files\iTunes\iTunesHelper.exe [3156]
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [3228]
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE [3304]
    C:\WINDOWS\RTHDCPL.EXE [3312]
    C:\DOCUME~1\GOURDO~1\LOCALS~1\Temp\services.exe [3520]
    C:\Program Files\MSN Messenger\MsnMsgr.Exe [3608]
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [3724]
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2136]
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe [2164]
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2172]
    C:\Program Files\WinZip\WZQKPICK.EXE [2368]
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe [2824]
    C:\WINDOWS\system32\dllhost.exe [3664]
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN [3260]
    C:\WINDOWS\system32\wbem\wmiapsrv.exe [2540]
    C:\WINDOWS\system32\wbem\wmiprvse.exe [2452]
    C:\Program Files\iPod\bin\iPodService.exe [372]
    C:\WINDOWS\system32\wbem\wmiprvse.exe [1752]
    C:\WINDOWS\System32\alg.exe [4088]
    C:\WINDOWS\system32\wbem\unsecapp.exe [4240]
    C:\WINDOWS\system32\wuauclt.exe [4668]
    C:\WINDOWS\System32\svchost.exe [4688]
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [5644]
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE [5744]
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe [5920]
    C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe [6008]
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe [2224]
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe [3776]

    Drivers - Running:

    SERVICE_NAME: abp480n5
    SERVICE_NAME: ACPI
    SERVICE_NAME: ACPIEC
    SERVICE_NAME: adpu160m
    SERVICE_NAME: AFD
    SERVICE_NAME: agp440
    SERVICE_NAME: agpCPQ
    SERVICE_NAME: Aha154x
    SERVICE_NAME: aic78u2
    SERVICE_NAME: aic78xx
    SERVICE_NAME: AliIde
    SERVICE_NAME: alim1541
    SERVICE_NAME: amdagp
    SERVICE_NAME: AmdK8
    SERVICE_NAME: amsint
    SERVICE_NAME: AR5211
    SERVICE_NAME: asc
    SERVICE_NAME: asc3350p
    SERVICE_NAME: asc3550
    SERVICE_NAME: atapi
    SERVICE_NAME: ati2mtag
    SERVICE_NAME: audstub
    SERVICE_NAME: Beep
    SERVICE_NAME: Cam5603D
    SERVICE_NAME: cbidf
    SERVICE_NAME: cd20xrnt
    SERVICE_NAME: Cdfs
    SERVICE_NAME: Cdrom
    SERVICE_NAME: CmBatt
    SERVICE_NAME: CmdIde
    SERVICE_NAME: Compbatt
    SERVICE_NAME: Cpqarray
    SERVICE_NAME: dac2w2k
    SERVICE_NAME: dac960nt
    SERVICE_NAME: Disk
    SERVICE_NAME: DKbFltr
    SERVICE_NAME: dmio
    SERVICE_NAME: dmload
    SERVICE_NAME: dpti2o
    SERVICE_NAME: DritekPortIO
    SERVICE_NAME: eeCtrl
    SERVICE_NAME: EMSCR
    SERVICE_NAME: ESDCR
    SERVICE_NAME: ESMCR
    SERVICE_NAME: Fastfat
    SERVICE_NAME: Fips
    SERVICE_NAME: FltMgr
    SERVICE_NAME: Ftdisk
    SERVICE_NAME: GEARAspiWDM
    SERVICE_NAME: Gpc
    SERVICE_NAME: HDAudBus
    SERVICE_NAME: hpn
    SERVICE_NAME: HSFHWAZL
    SERVICE_NAME: HSF_DPV
    SERVICE_NAME: HTTP
    SERVICE_NAME: i2omgmt
    SERVICE_NAME: i2omp
    SERVICE_NAME: i8042prt
    SERVICE_NAME: Imapi
    SERVICE_NAME: ini910u
    SERVICE_NAME: int15
    SERVICE_NAME: IntcAzAudAddService
    SERVICE_NAME: IntelIde
    SERVICE_NAME: IpNat
    SERVICE_NAME: IPSec
    SERVICE_NAME: irda
    SERVICE_NAME: isapnp
    SERVICE_NAME: Kbdclass
    SERVICE_NAME: kmixer
    SERVICE_NAME: KSecDD
    SERVICE_NAME: mdmxsdk
    SERVICE_NAME: mnmdd
    SERVICE_NAME: Modem
    SERVICE_NAME: Mouclass
    SERVICE_NAME: MountMgr
    SERVICE_NAME: mraid35x
    SERVICE_NAME: MRxDAV
    SERVICE_NAME: MRxSmb
    SERVICE_NAME: Msfs
    SERVICE_NAME: mssmbios
    SERVICE_NAME: Mup
    SERVICE_NAME: NAVENG
    SERVICE_NAME: NAVEX15
    SERVICE_NAME: NDIS
    SERVICE_NAME: NdisTapi
    SERVICE_NAME: Ndisuio
    SERVICE_NAME: NdisWan
    SERVICE_NAME: NDProxy
    SERVICE_NAME: NetBIOS
    SERVICE_NAME: NetBT
    SERVICE_NAME: Npfs
    SERVICE_NAME: NTIDrvr
    SERVICE_NAME: Null
    SERVICE_NAME: ohci1394
    SERVICE_NAME: PartMgr
    SERVICE_NAME: PCI
    SERVICE_NAME: PCIIde
    SERVICE_NAME: Pcmcia
    SERVICE_NAME: perc2
    SERVICE_NAME: perc2hib
    SERVICE_NAME: PptpMiniport
    SERVICE_NAME: PSched
    SERVICE_NAME: Ptilink
    SERVICE_NAME: PxHelp20
    SERVICE_NAME: ql1080
    SERVICE_NAME: Ql10wnt
    SERVICE_NAME: ql12160
    SERVICE_NAME: ql1240
    SERVICE_NAME: ql1280
    SERVICE_NAME: RasAcd
    SERVICE_NAME: Rasirda
    SERVICE_NAME: Rasl2tp
    SERVICE_NAME: RasPppoe
    SERVICE_NAME: Raspti
    SERVICE_NAME: Rdbss
    SERVICE_NAME: RDPCDD
    SERVICE_NAME: rdpdr
    SERVICE_NAME: redbook
    SERVICE_NAME: RTL8023xp
    SERVICE_NAME: sdbus
    SERVICE_NAME: sisagp
    SERVICE_NAME: Sparrow
    SERVICE_NAME: SPBBCDrv
    SERVICE_NAME: sr
    SERVICE_NAME: SRTSP
    SERVICE_NAME: SRTSPX
    SERVICE_NAME: Srv
    SERVICE_NAME: swenum
    SERVICE_NAME: symc810
    SERVICE_NAME: symc8xx
    SERVICE_NAME: SYMDNS
    SERVICE_NAME: SymEvent
    SERVICE_NAME: SYMFW
    SERVICE_NAME: SYMIDS
    SERVICE_NAME: SYMIDSCO
    SERVICE_NAME: SYMNDIS
    SERVICE_NAME: SYMREDRV
    SERVICE_NAME: SYMTDI
    SERVICE_NAME: sym_hi
    SERVICE_NAME: sym_u3
    SERVICE_NAME: SynTP
    SERVICE_NAME: sysaudio
    SERVICE_NAME: Tcpip
    SERVICE_NAME: TermDD
    SERVICE_NAME: tffsport
    SERVICE_NAME: TosIde
    SERVICE_NAME: tvicport
    SERVICE_NAME: UBHelper
    SERVICE_NAME: ultra
    SERVICE_NAME: Update
    SERVICE_NAME: usbehci
    SERVICE_NAME: usbhub
    SERVICE_NAME: usbohci
    SERVICE_NAME: VgaSave
    SERVICE_NAME: viaagp
    SERVICE_NAME: ViaIde
    SERVICE_NAME: VolSnap
    SERVICE_NAME: Wanarp
    SERVICE_NAME: wdmaud
    SERVICE_NAME: winachsf
    SERVICE_NAME: WmiAcpi
    SERVICE_NAME: zntport

    Drivers - Stopped:

    SERVICE_NAME: Abiosdsk
    SERVICE_NAME: aec
    SERVICE_NAME: Arp1394
    SERVICE_NAME: AsyncMac
    SERVICE_NAME: Atdisk
    SERVICE_NAME: Atmarpc
    SERVICE_NAME: cbidf2k
    SERVICE_NAME: CCDECODE
    SERVICE_NAME: Cdaudio
    SERVICE_NAME: Changer
    SERVICE_NAME: dmboot
    SERVICE_NAME: DMusic
    SERVICE_NAME: driverhardwarev2
    SERVICE_NAME: drmkaud
    SERVICE_NAME: eLock2BurnerLockDriver
    SERVICE_NAME: eLock2FSCTLDriver
    SERVICE_NAME: Fdc
    SERVICE_NAME: Flpydisk
    SERVICE_NAME: HPZid412
    SERVICE_NAME: HPZipr12
    SERVICE_NAME: HPZius12
    SERVICE_NAME: HSXHWAZL
    SERVICE_NAME: Ip6Fw
    SERVICE_NAME: IpFilterDriver
    SERVICE_NAME: IpInIp
    SERVICE_NAME: IRENUM
    SERVICE_NAME: irsir
    SERVICE_NAME: lbrtfdc
    SERVICE_NAME: MHNDRV
    SERVICE_NAME: MSKSSRV
    SERVICE_NAME: MSPCLOCK
    SERVICE_NAME: MSPQM
    SERVICE_NAME: MSTEE
    SERVICE_NAME: NABTSFEC
    SERVICE_NAME: NdisIP
    SERVICE_NAME: NIC1394
    SERVICE_NAME: Ntfs
    SERVICE_NAME: NwlnkFlt
    SERVICE_NAME: NwlnkFwd
    SERVICE_NAME: Parport
    SERVICE_NAME: ParVdm
    SERVICE_NAME: PCIDump
    SERVICE_NAME: PDCOMP
    SERVICE_NAME: PDFRAME
    SERVICE_NAME: PDRELI
    SERVICE_NAME: PDRFRAME
    SERVICE_NAME: Processor
    SERVICE_NAME: RDPWD
    SERVICE_NAME: Secdrv
    SERVICE_NAME: Serial
    SERVICE_NAME: Sfloppy
    SERVICE_NAME: Simbad
    SERVICE_NAME: SLIP
    SERVICE_NAME: SMCIRDA
    SERVICE_NAME: splitter
    SERVICE_NAME: SRTSPL
    SERVICE_NAME: streamip
    SERVICE_NAME: swmidi
    SERVICE_NAME: TDPIPE
    SERVICE_NAME: TDTCP
    SERVICE_NAME: Udfs
    SERVICE_NAME: USBAAPL
    SERVICE_NAME: usbccgp
    SERVICE_NAME: usbprint
    SERVICE_NAME: usbscan
    SERVICE_NAME: USBSTOR
    SERVICE_NAME: WDICA
    SERVICE_NAME: WSTCODEC

    Services - Running:

    SERVICE_NAME: AcerMemUsageCheckService
    SERVICE_NAME: ALG
    SERVICE_NAME: Apple Mobile Device
    SERVICE_NAME: Ati HotKey Poller
    SERVICE_NAME: AudioSrv
    SERVICE_NAME: BITS
    SERVICE_NAME: Browser
    SERVICE_NAME: ccEvtMgr
    SERVICE_NAME: ccSetMgr
    SERVICE_NAME: CLTNetCnService
    SERVICE_NAME: COMSysApp
    SERVICE_NAME: CryptSvc
    SERVICE_NAME: DcomLaunch
    SERVICE_NAME: Dhcp
    SERVICE_NAME: dmserver
    SERVICE_NAME: Dnscache
    SERVICE_NAME: ehRecvr
    SERVICE_NAME: ehSched
    SERVICE_NAME: ERSvc
    SERVICE_NAME: Eventlog
    SERVICE_NAME: EventSystem
    SERVICE_NAME: FastUserSwitchingCompatibility
    SERVICE_NAME: Fax
    SERVICE_NAME: helpsvc
    SERVICE_NAME: HTTPFilter
    SERVICE_NAME: iPod Service
    SERVICE_NAME: Irmon
    SERVICE_NAME: lanmanserver
    SERVICE_NAME: lanmanworkstation
    SERVICE_NAME: LightScribeService
    SERVICE_NAME: LiveUpdate
    SERVICE_NAME: LiveUpdate Notice Ex
    SERVICE_NAME: LmHosts
    SERVICE_NAME: McrdSvc
    SERVICE_NAME: Netman
    SERVICE_NAME: Nla
    SERVICE_NAME: Planificateur LiveUpdate automatique
    SERVICE_NAME: PlugPlay
    SERVICE_NAME: Pml Driver HPZ12
    SERVICE_NAME: PolicyAgent
    SERVICE_NAME: ProtectedStorage
    SERVICE_NAME: RasMan
    SERVICE_NAME: RemoteRegistry
    SERVICE_NAME: RpcSs
    SERVICE_NAME: SamSs
    SERVICE_NAME: Schedule
    SERVICE_NAME: seclogon
    SERVICE_NAME: SENS
    SERVICE_NAME: SharedAccess
    SERVICE_NAME: ShellHWDetection
    SERVICE_NAME: Spooler
    SERVICE_NAME: srservice
    SERVICE_NAME: SSDPSRV
    SERVICE_NAME: stisvc
    SERVICE_NAME: SymAppCore
    SERVICE_NAME: TapiSrv
    SERVICE_NAME: TermService
    SERVICE_NAME: Themes
    SERVICE_NAME: TrkWks
    SERVICE_NAME: W32Time
    SERVICE_NAME: WebClient
    SERVICE_NAME: winmgmt
    SERVICE_NAME: WmiApSrv
    SERVICE_NAME: wuauserv
    SERVICE_NAME: WZCSVC

    Services - Stopped:

    SERVICE_NAME: Alerter
    SERVICE_NAME: AppMgmt
    SERVICE_NAME: aspnet_state
    SERVICE_NAME: ATI Smart
    SERVICE_NAME: CiSvc
    SERVICE_NAME: ClipSrv
    SERVICE_NAME: clr_optimization_v2.0.50727_32
    SERVICE_NAME: dmadmin
    SERVICE_NAME: GoogleDesktopManager
    SERVICE_NAME: HidServ
    SERVICE_NAME: ImapiService
    SERVICE_NAME: ISPwdSvc
    SERVICE_NAME: LiveUpdate Notice Service
    SERVICE_NAME: Messenger
    SERVICE_NAME: MHN
    SERVICE_NAME: mnmsrvc
    SERVICE_NAME: MSDTC
    SERVICE_NAME: MSIServer
    SERVICE_NAME: NetDDE
    SERVICE_NAME: NetDDEdsdm
    SERVICE_NAME: Netlogon
    SERVICE_NAME: NtLmSsp
    SERVICE_NAME: NtmsSvc
    SERVICE_NAME: ose
    SERVICE_NAME: RasAuto
    SERVICE_NAME: RDSessMgr
    SERVICE_NAME: RemoteAccess
    SERVICE_NAME: RpcLocator
    SERVICE_NAME: RSVP
    SERVICE_NAME: SCardSvr
    SERVICE_NAME: SwPrv
    SERVICE_NAME: Symantec Core LC
    SERVICE_NAME: SysmonLog
    SERVICE_NAME: TlntSvr
    SERVICE_NAME: UMWdf
    SERVICE_NAME: upnphost
    SERVICE_NAME: UPS
    SERVICE_NAME: usnjsvc
    SERVICE_NAME: VSS
    SERVICE_NAME: WmdmPmSN
    SERVICE_NAME: Wmi
    SERVICE_NAME: wscsvc
    SERVICE_NAME: xmlprov

    Files Created/Modified - 60 Days :

    C:\

    19 Jan 2008 21:17:06 1 409 286 144 A.SH. "C:\pagefile.sys"
    19 Jan 2008 20:21:36 12 463 A.... "C:\lopR.txt"
    19 Jan 2008 21:17:08 937 603 072 A.SH. "C:\hiberfil.sys"
    2 Jan 2008 15:07:06 25 422 898 A.... "C:\Audio_5_10_0_5273.zip"

    C:\WINDOWS\

    13 Dec 2007 3:01:00 22 412 A.... "C:\WINDOWS\KB944653.log"
    13 Dec 2007 3:01:10 25 448 A.... "C:\WINDOWS\KB941568.log"
    9 Jan 2008 3:01:04 1 355 A.... "C:\WINDOWS\imsins.BAK"
    3 Jan 2008 16:39:58 628 A.... "C:\WINDOWS\win.ini"
    9 Jan 2008 3:01:12 1 355 A.... "C:\WINDOWS\imsins.log"
    19 Jan 2008 21:07:26 1 278 478 A.... "C:\WINDOWS\WindowsUpdate.log"
    19 Jan 2008 21:17:36 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
    19 Jan 2008 21:17:52 0 A.... "C:\WINDOWS\0.log"
    19 Jan 2008 21:05:40 32 538 A.... "C:\WINDOWS\SchedLgU.Txt"
    9 Jan 2008 3:01:12 411 252 A.... "C:\WINDOWS\ocgen.log"
    9 Jan 2008 3:01:12 865 618 A.... "C:\WINDOWS\FaxSetup.log"
    9 Jan 2008 3:01:12 944 614 A.... "C:\WINDOWS\iis6.log"
    9 Jan 2008 3:01:12 289 883 A.... "C:\WINDOWS\comsetup.log"
    9 Jan 2008 3:01:12 174 007 A.... "C:\WINDOWS\ntdtcsetup.log"
    9 Jan 2008 3:01:12 394 633 A.... "C:\WINDOWS\tsoc.log"
    9 Jan 2008 3:01:10 265 764 A.... "C:\WINDOWS\msmqinst.log"
    9 Jan 2008 3:01:12 42 756 A.... "C:\WINDOWS\msgsocm.log"
    9 Jan 2008 3:01:12 43 279 A.... "C:\WINDOWS\tabletoc.log"
    9 Jan 2008 3:01:12 105 023 A.... "C:\WINDOWS\MedCtrOC.log"
    9 Jan 2008 3:01:12 47 981 A.... "C:\WINDOWS\ehOCGen.log"
    9 Jan 2008 3:01:12 97 986 A.... "C:\WINDOWS\plusoc.log"
    9 Jan 2008 3:01:12 162 546 A.... "C:\WINDOWS\netfxocm.log"
    9 Jan 2008 3:01:12 46 840 A.... "C:\WINDOWS\ocmsn.log"
    2 Jan 2008 15:09:30 8 175 A.... "C:\WINDOWS\KB888111.log"
    19 Jan 2008 21:05:32 50 A.... "C:\WINDOWS\wiaservc.log"
    19 Jan 2008 21:19:20 159 A.... "C:\WINDOWS\wiadebug.log"
    3 Dec 2007 20:25:06 24 011 A.... "C:\WINDOWS\wmsetup.log"
    19 Jan 2008 21:20:52 4 122 A.... "C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt"
    13 Dec 2007 3:02:32 104 988 A.... "C:\WINDOWS\updspapi.log"
    19 Jan 2008 20:42:26 386 A.... "C:\WINDOWS\msnfix.txt"
    19 Jan 2008 20:42:26 151 A.... "C:\WINDOWS\presf.txt"
    9 Jan 2008 3:01:04 13 217 A.... "C:\WINDOWS\KB943485.log"
    18 Jan 2008 20:02:38 961 880 A.... "C:\WINDOWS\setupapi.log"
    19 Jan 2008 21:19:46 54 156 A..H. "C:\WINDOWS\QTFont.qfn"
    13 Dec 2007 3:02:48 40 824 A.... "C:\WINDOWS\KB942763.log"
    28 Nov 2007 22:50:12 11 717 A.... "C:\WINDOWS\atiogl.xml"
    13 Dec 2007 3:01:50 34 343 A.... "C:\WINDOWS\KB942615-IE7.log"
    13 Dec 2007 3:05:14 30 429 A.... "C:\WINDOWS\KB937894.log"
    13 Dec 2007 3:02:36 25 406 A.... "C:\WINDOWS\KB941569.log"
    9 Jan 2008 3:01:12 12 907 A.... "C:\WINDOWS\KB941644.log"
    3 Jan 2008 15:50:28 128 374 ..... "C:\WINDOWS\hpoins11.dat.temp"
    29 Nov 2007 23:30:16 1 044 480 A.... "C:\WINDOWS\system32\libdivx.dll"
    29 Nov 2007 23:30:16 200 704 A.... "C:\WINDOWS\system32\ssldivx.dll"
    19 Jan 2008 21:21:14 1 158 A.... "C:\WINDOWS\system32\wpa.dbl"
    2 Jan 2008 14:28:54 68 966 A.... "C:\WINDOWS\system32\perfc009.dat"
    2 Jan 2008 14:28:56 415 312 A.... "C:\WINDOWS\system32\perfh009.dat"
    2 Jan 2008 14:28:56 83 650 A.... "C:\WINDOWS\system32\perfc00C.dat"
    2 Jan 2008 14:28:56 484 842 A.... "C:\WINDOWS\system32\perfh00C.dat"
    13 Dec 2007 3:02:42 386 478 A.... "C:\WINDOWS\system32\TZLog.log"
    2 Jan 2008 14:28:54 1 027 458 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
    5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ativvaxx.dat"
    5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ativva5x.dat"
    5 Dec 2007 3:33:28 887 724 A.... "C:\WINDOWS\system32\ativva6x.dat"
    5 Dec 2007 4:05:14 368 640 A.... "C:\WINDOWS\system32\ATIDEMGX.dll"
    5 Dec 2007 3:15:00 180 224 A.... "C:\WINDOWS\system32\atiok3x2.dll"
    5 Dec 2007 3:48:52 9 535 488 A.... "C:\WINDOWS\system32\atioglx2.dll"
    5 Dec 2007 14:17:00 593 920 ..... "C:\WINDOWS\system32\ati2sgag.exe"
    2 Jan 2008 19:21:36 17 642 616 A.... "C:\WINDOWS\system32\MRT.exe"
    17 Dec 2007 17:22:10 268 408 A.... "C:\WINDOWS\inf\oem31.inf"
    2 Jan 2008 15:09:26 6 656 A.... "C:\WINDOWS\inf\hdaudbus.PNF"
    2 Jan 2008 15:09:30 40 524 A.... "C:\WINDOWS\inf\hdaudio.PNF"
    2 Jan 2008 1:56:30 389 256 A.... "C:\WINDOWS\inf\oem31.PNF"
    16 Jan 2008 21:31:04 4 100 A.... "C:\WINDOWS\inf\branches.PNF"
    16 Jan 2008 21:31:04 1 763 288 A.... "C:\WINDOWS\inf\INFCACHE.1"
    2 Jan 2008 1:57:26 5 878 A.... "C:\WINDOWS\inf\oem38.PNF"
    2 Jan 2008 15:10:38 230 164 A.... "C:\WINDOWS\inf\oem13.PNF"
    3 Jan 2008 16:38:58 71 058 A.... "C:\WINDOWS\inf\oem32.PNF"
    3 Jan 2008 16:39:00 97 298 A.... "C:\WINDOWS\inf\oem33.PNF"
    3 Jan 2008 16:39:00 23 450 A.... "C:\WINDOWS\inf\oem34.PNF"
    3 Jan 2008 16:39:02 42 338 A.... "C:\WINDOWS\inf\oem35.PNF"
    3 Jan 2008 16:39:02 86 146 A.... "C:\WINDOWS\inf\oem36.PNF"
    3 Jan 2008 16:39:02 50 944 A.... "C:\WINDOWS\inf\oem37.PNF"
    2 Jan 2008 1:58:58 6 962 A.... "C:\WINDOWS\inf\oem39.PNF"
    2 Jan 2008 14:23:42 64 776 A.... "C:\WINDOWS\inf\oem40.PNF"
    19 Jan 2008 21:17:38 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
    9 Jan 2008 3:05:52 17 110 A.... "C:\WINDOWS\Debug\mrt.log"
    9 Jan 2008 3:05:52 5 226 A.... "C:\WINDOWS\Debug\mrteng.log"
    19 Jan 2008 21:18:08 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
    18 Jan 2008 20:34:00 578 A.... "C:\WINDOWS\Tasks\Norton AntiVirus - Analyse systŠme complŠte - gourdonneau.job"
    14 Jan 2008 19:30:04 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    19 Jan 2008 21:20:50 1 048 576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{279C8190-F81F-4A55-AFCF-E29948F3553B}.crmlog"
    19 Jan 2008 21:18:24 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"
    3 Jan 2008 16:26:56 10 002 A.... "C:\WINDOWS\Temp\HPZIDS.log"
    3 Jan 2008 16:24:48 930 A.... "C:\WINDOWS\Temp\CIO_NDCS.log"
    19 Jan 2008 21:21:18 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"
    22 Nov 2007 21:49:30 5 291 994 A.... "C:\WINDOWS\Temp\slu7ed3.tmp"
    22 Nov 2007 22:57:58 5 291 994 A.... "C:\WINDOWS\Temp\slu333d.tmp"
    23 Nov 2007 0:01:02 5 291 994 A.... "C:\WINDOWS\Temp\slu6385.tmp"
    23 Nov 2007 3:32:38 5 291 994 A.... "C:\WINDOWS\Temp\slu576.tmp"
    23 Nov 2007 15:00:50 5 291 994 A.... "C:\WINDOWS\Temp\slu142d.tmp"
    23 Nov 2007 18:31:56 5 291 994 A.... "C:\WINDOWS\Temp\slu35c5.tmp"
    23 Nov 2007 22:36:42 5 291 994 A.... "C:\WINDOWS\Temp\slu711b.tmp"
    24 Nov 2007 2:19:10 5 291 994 A.... "C:\WINDOWS\Temp\slu1b60.tmp"
    24 Nov 2007 6:38:30 5 291 994 A.... "C:\WINDOWS\Temp\slu61e0.tmp"
    20 Nov 2007 20:28:26 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_100.dat"
    22 Nov 2007 10:42:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_55c.dat"
    20 Nov 2007 20:12:44 1 350 A.... "C:\WINDOWS\Temp\QTInstallCode.log"
    22 Nov 2007 21:42:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_18c.dat"
    22 Nov 2007 21:44:38 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8bc.dat"
    22 Nov 2007 22:51:04 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_274.dat"
    22 Nov 2007 22:53:34 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e54.dat"
    27 Nov 2007 14:32:20 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_f94.dat"
    28 Nov 2007 18:08:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_50c.dat"
    28 Nov 2007 18:10:02 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1f0.dat"
    30 Nov 2007 12:35:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_c64.dat"
    30 Nov 2007 12:34:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8ac.dat"
    2 Dec 2007 20:33:58 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat"
    7 Dec 2007 11:24:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e74.dat"
    8 Dec 2007 13:26:14 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_2d0.dat"
    8 Dec 2007 13:29:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e1c.dat"
    8 Dec 2007 20:44:36 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_7e4.dat"
    9 Dec 2007 4:16:16 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8f4.dat"
    9 Dec 2007 13:55:30 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_568.dat"
    9 Dec 2007 13:57:58 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1088.dat"
    9 Dec 2007 15:50:42 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8f0.dat"
    13 Dec 2007 3:22:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_2dc.dat"
    13 Dec 2007 7:36:22 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_eac.dat"
    15 Dec 2007 14:29:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat"
    15 Dec 2007 14:31:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_ee8.dat"
    16 Dec 2007 4:52:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_d08.dat"
    16 Dec 2007 13:09:20 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_124.dat"
    16 Dec 2007 13:44:42 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_cbc.dat"
    18 Dec 2007 17:35:32 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_a10.dat"
    20 Dec 2007 19:47:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_4d8.dat"
    20 Dec 2007 19:50:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_8dc.dat"
    21 Dec 2007 17:21:12 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_510.dat"
    21 Dec 2007 17:23:32 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_960.dat"
    31 Dec 2007 13:50:36 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_9d8.dat"
    1 Jan 2008 16:53:44 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_524.dat"
    1 Jan 2008 16:55:52 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1cc.dat"
    2 Jan 2008 2:29:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_424.dat"
    2 Jan 2008 2:31:48 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_608.dat"
    2 Jan 2008 13:01:42 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_33c.dat"
    2 Jan 2008 13:02:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_b50.dat"
    2 Jan 2008 14:52:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_b90.dat"
    3 Jan 2008 13:31:38 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_430.dat"
    3 Jan 2008 16:06:56 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_560.dat"
    3 Jan 2008 15:48:00 454 A.... "C:\WINDOWS\Temp\servic006.log"
    3 Jan 2008 15:48:22 540 A.... "C:\WINDOWS\Temp\servic007.log"
    3 Jan 2008 15:48:34 12 018 A.... "C:\WINDOWS\Temp\HPZIDI004.log"
    3 Jan 2008 16:26:06 454 A.... "C:\WINDOWS\Temp\servic008.log"
    3 Jan 2008 16:26:30 540 A.... "C:\WINDOWS\Temp\servic009.log"
    3 Jan 2008 16:26:44 12 020 A.... "C:\WINDOWS\Temp\HPZIDI005.log"
    3 Jan 2008 16:56:32 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_850.dat"
    3 Jan 2008 16:56:40 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_b18.dat"
    3 Jan 2008 20:07:14 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_fbc.dat"
    3 Jan 2008 20:07:26 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_11dc.dat"
    4 Jan 2008 5:59:18 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_123c.dat"
    4 Jan 2008 14:02:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_460.dat"
    4 Jan 2008 14:05:24 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1350.dat"
    7 Jan 2008 18:37:26 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_ae0.dat"
    8 Jan 2008 19:46:48 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_184.dat"
    9 Jan 2008 3:14:00 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat"
    12 Jan 2008 0:09:00 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_1178.dat"
    12 Jan 2008 16:56:30 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat"
    12 Jan 2008 16:59:52 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_964.dat"
    15 Jan 2008 12:13:52 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_190.dat"
    15 Jan 2008 12:53:50 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_814.dat"
    18 Jan 2008 19:05:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_e6c.dat"
    19 Jan 2008 10:44:20 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_414.dat"
    19 Jan 2008 15:13:08 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_cc8.dat"
    19 Jan 2008 21:18:28 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_244.dat"
    19 Jan 2008 21:22:56 0 A.... "C:\WINDOWS\Temp\scs5.tmp"
    9 Jan 2008 21:07:20 94 208 A.... "C:\WINDOWS\Minidump\Mini011208-01.dmp"
    9 Dec 2007 14:29:02 2 097 152 A.... "C:\WINDOWS\system32\FxsTmp\fxs2A.tmp"
    2 Jan 2008 15:09:34 216 A.... "C:\WINDOWS\security\logs\scecomp.old"
    8 Dec 2007 12:21:12 313 872 A.... "C:\WINDOWS\Debug\UserMode\userenv.bak"
    19 Jan 2008 21:18:24 197 632 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
    2 Jan 2008 14:28:10 8 173 A.... "C:\WINDOWS\WinSxS\Manifests\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790.manifest"
    14 Jan 2008 19:30:04 16 384 A.... "C:\WINDOWS\Temp\Cookies\index.dat"
    21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\ESRDEF.BIN"
    21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCDEFS.DAT"
    21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCSCAN7.DAT"
    21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCSCAN8.DAT"
    21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TCSCAN9.DAT"
    21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TINF.DAT"
    21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TINFL.DAT"
    21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\TSCAN1.DAT"
    21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\V.GRD"
    21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\V.SIG"
    19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN.INF"
    21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN1.DAT"
    21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN2.DAT"
    21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN3.DAT"
    21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN4.DAT"
    21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN5.DAT"
    21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN6.DAT"
    21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN7.DAT"
    21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN8.DAT"
    21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCAN9.DAT"
    21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\VIRSCANT.DAT"
    21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu7e7e.tmp\WHATSNEW.TXT"
    21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu32f2.tmp\ESRDEF.BIN"
    21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCDEFS.DAT"
    21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCSCAN7.DAT"
    21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCSCAN8.DAT"
    21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TCSCAN9.DAT"
    21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TINF.DAT"
    21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TINFL.DAT"
    21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu32f2.tmp\TSCAN1.DAT"
    21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu32f2.tmp\V.GRD"
    21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu32f2.tmp\V.SIG"
    19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN.INF"
    21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN1.DAT"
    21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN2.DAT"
    21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN3.DAT"
    21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN4.DAT"
    21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN5.DAT"
    21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN6.DAT"
    21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN7.DAT"
    21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN8.DAT"
    21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCAN9.DAT"
    21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu32f2.tmp\VIRSCANT.DAT"
    21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu32f2.tmp\WHATSNEW.TXT"
    21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu6337.tmp\ESRDEF.BIN"
    21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCDEFS.DAT"
    21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCSCAN7.DAT"
    21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCSCAN8.DAT"
    21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu6337.tmp\TCSCAN9.DAT"
    21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu6337.tmp\TINF.DAT"
    21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu6337.tmp\TINFL.DAT"
    21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu6337.tmp\TSCAN1.DAT"
    21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu6337.tmp\V.GRD"
    21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu6337.tmp\V.SIG"
    19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN.INF"
    21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN1.DAT"
    21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN2.DAT"
    21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN3.DAT"
    21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN4.DAT"
    21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN5.DAT"
    21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN6.DAT"
    21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN7.DAT"
    21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN8.DAT"
    21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCAN9.DAT"
    21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu6337.tmp\VIRSCANT.DAT"
    21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu6337.tmp\WHATSNEW.TXT"
    21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu52e.tmp\ESRDEF.BIN"
    21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCDEFS.DAT"
    21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCSCAN7.DAT"
    21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCSCAN8.DAT"
    21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu52e.tmp\TCSCAN9.DAT"
    21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu52e.tmp\TINF.DAT"
    21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu52e.tmp\TINFL.DAT"
    21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu52e.tmp\TSCAN1.DAT"
    21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu52e.tmp\V.GRD"
    21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu52e.tmp\V.SIG"
    19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN.INF"
    21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN1.DAT"
    21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN2.DAT"
    21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN3.DAT"
    21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN4.DAT"
    21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN5.DAT"
    21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN6.DAT"
    21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN7.DAT"
    21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN8.DAT"
    21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCAN9.DAT"
    21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu52e.tmp\VIRSCANT.DAT"
    21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu52e.tmp\WHATSNEW.TXT"
    21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu13ef.tmp\ESRDEF.BIN"
    21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCDEFS.DAT"
    21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCSCAN7.DAT"
    21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCSCAN8.DAT"
    21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TCSCAN9.DAT"
    21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TINF.DAT"
    21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TINFL.DAT"
    21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu13ef.tmp\TSCAN1.DAT"
    21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu13ef.tmp\V.GRD"
    21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu13ef.tmp\V.SIG"
    19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN.INF"
    21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN1.DAT"
    21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN2.DAT"
    21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN3.DAT"
    21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN4.DAT"
    21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN5.DAT"
    21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN6.DAT"
    21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN7.DAT"
    21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN8.DAT"
    21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCAN9.DAT"
    21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu13ef.tmp\VIRSCANT.DAT"
    21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu13ef.tmp\WHATSNEW.TXT"
    21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu359b.tmp\ESRDEF.BIN"
    21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCDEFS.DAT"
    21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCSCAN7.DAT"
    21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCSCAN8.DAT"
    21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu359b.tmp\TCSCAN9.DAT"
    21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu359b.tmp\TINF.DAT"
    21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu359b.tmp\TINFL.DAT"
    21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu359b.tmp\TSCAN1.DAT"
    21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu359b.tmp\V.GRD"
    21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu359b.tmp\V.SIG"
    19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN.INF"
    21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN1.DAT"
    21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN2.DAT"
    21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN3.DAT"
    21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN4.DAT"
    21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN5.DAT"
    21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN6.DAT"
    21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN7.DAT"
    21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN8.DAT"
    21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCAN9.DAT"
    21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu359b.tmp\VIRSCANT.DAT"
    21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu359b.tmp\WHATSNEW.TXT"
    21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu70f1.tmp\ESRDEF.BIN"
    21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCDEFS.DAT"
    21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCSCAN7.DAT"
    21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCSCAN8.DAT"
    21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TCSCAN9.DAT"
    21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TINF.DAT"
    21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TINFL.DAT"
    21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu70f1.tmp\TSCAN1.DAT"
    21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu70f1.tmp\V.GRD"
    21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu70f1.tmp\V.SIG"
    19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN.INF"
    21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN1.DAT"
    21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN2.DAT"
    21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN3.DAT"
    21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN4.DAT"
    21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN5.DAT"
    21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN6.DAT"
    21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN7.DAT"
    21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN8.DAT"
    21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCAN9.DAT"
    21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu70f1.tmp\VIRSCANT.DAT"
    21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu70f1.tmp\WHATSNEW.TXT"
    23 Nov 2007 20:50:46 2 072 A.... "C:\WINDOWS\Temp\slu70f1.tmp\vscanmsx.dat"
    21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu1b36.tmp\ESRDEF.BIN"
    21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCDEFS.DAT"
    21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCSCAN7.DAT"
    21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCSCAN8.DAT"
    21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TCSCAN9.DAT"
    21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TINF.DAT"
    21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TINFL.DAT"
    21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu1b36.tmp\TSCAN1.DAT"
    21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu1b36.tmp\V.GRD"
    21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu1b36.tmp\V.SIG"
    19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN.INF"
    21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN1.DAT"
    21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN2.DAT"
    21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN3.DAT"
    21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN4.DAT"
    21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN5.DAT"
    21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN6.DAT"
    21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN7.DAT"
    21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN8.DAT"
    21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCAN9.DAT"
    21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu1b36.tmp\VIRSCANT.DAT"
    21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu1b36.tmp\WHATSNEW.TXT"
    23 Nov 2007 20:50:46 2 072 A.... "C:\WINDOWS\Temp\slu1b36.tmp\vscanmsx.dat"
    21 Nov 2007 10:00:00 4 815 633 A.... "C:\WINDOWS\Temp\slu61b6.tmp\ESRDEF.BIN"
    21 Nov 2007 10:00:00 400 641 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCDEFS.DAT"
    21 Nov 2007 10:00:00 2 361 417 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCSCAN7.DAT"
    21 Nov 2007 10:00:00 413 635 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCSCAN8.DAT"
    21 Nov 2007 10:00:00 974 754 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TCSCAN9.DAT"
    21 Nov 2007 10:00:00 453 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TINF.DAT"
    21 Nov 2007 10:00:00 1 957 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TINFL.DAT"
    21 Nov 2007 10:00:00 68 335 A.... "C:\WINDOWS\Temp\slu61b6.tmp\TSCAN1.DAT"
    21 Nov 2007 10:00:00 5 053 A.... "C:\WINDOWS\Temp\slu61b6.tmp\V.GRD"
    21 Nov 2007 10:00:00 2 267 A.... "C:\WINDOWS\Temp\slu61b6.tmp\V.SIG"
    19 Nov 2007 10:00:00 106 244 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN.INF"
    21 Nov 2007 10:00:00 996 239 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN1.DAT"
    21 Nov 2007 10:00:00 570 966 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN2.DAT"
    21 Nov 2007 10:00:00 150 608 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN3.DAT"
    21 Nov 2007 10:00:00 320 253 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN4.DAT"
    21 Nov 2007 10:00:00 4 899 735 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN5.DAT"
    21 Nov 2007 10:00:00 392 228 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN6.DAT"
    21 Nov 2007 10:00:00 15 204 398 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN7.DAT"
    21 Nov 2007 10:00:00 1 866 655 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN8.DAT"
    21 Nov 2007 10:00:00 5 291 270 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCAN9.DAT"
    21 Nov 2007 1:07:46 32 A.... "C:\WINDOWS\Temp\slu61b6.tmp\VIRSCANT.DAT"
    21 Nov 2007 10:00:00 40 289 A.... "C:\WINDOWS\Temp\slu61b6.tmp\WHATSNEW.TXT"
    23 Nov 2007 20:50:46 2 072 A.... "C:\WINDOWS\Temp\slu61b6.tmp\vscanmsx.dat"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00002"
    13 Dec 2007 3:01:28 86 016 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00003"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00004"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00005"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00006"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00007"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00008"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00009"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00010"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00011"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00012"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00013"
    13 Dec 2007 3:01:28 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00014"
    13 Dec 2007 3:01:28 16 384 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00015"
    28 Nov 2007 18:20:20 13 660 672 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\veoh.msi"
    28 Nov 2007 18:20:16 6 129 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\0x0409.ini"
    28 Nov 2007 18:20:16 88 607 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\setup.isn"
    28 Nov 2007 18:20:16 1 940 A.... "C:\WINDOWS\Downloaded Installations\{34179DF9-5786-439E-BB19-5D4AC0D6EF47}\Setup.INI"
    2 Jan 2008 13:09:08 13 898 240 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\veoh.msi"
    2 Jan 2008 13:09:02 6 129 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\0x0409.ini"
    2 Jan 2008 13:09:02 88 607 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\setup.isn"
    2 Jan 2008 13:09:02 1 940 A.... "C:\WINDOWS\Downloaded Installations\{F9E61671-13F2-4768-9150-8A3E10D5E9E7}\Setup.INI"
    13 Dec 2007 3:00:52 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
    13 Dec 2007 3:00:58 11 753 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
    13 Dec 2007 3:01:04 305 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
    13 Dec 2007 3:01:10 11 731 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
    13 Dec 2007 3:02:32 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
    13 Dec 2007 3:02:36 11 846 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
    13 Dec 2007 3:02:44 270 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
    13 Dec 2007 3:02:48 12 931 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
    13 Dec 2007 3:05:06 2 232 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.txt"
    13 Dec 2007 3:05:12 14 977 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.inf"
    9 Jan 2008 3:00:54 360 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.txt"
    9 Jan 2008 3:01:04 12 740 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.inf"
    9 Jan 2008 3:01:08 363 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.txt"
    9 Jan 2008 3:01:12 12 828 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.inf"
    2 Jan 2008 14:28:46 107 496 A.... "C:\WINDOWS\system32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof"
    18 Jan 2008 20:03:04 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
    20 Dec 2007 1:59:42 159 861 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem31.CAT"
    16 Dec 2007 16:34:34 3 121 152 A.... "C:\WINDOWS\system32\Macromed\Shockwave 10\gt.msi"
    16 Dec 2007 16:35:02 41 631 A.... "C:\WINDOWS\system32\Macromed\Shockwave 10\Install.log"
    2 Jan 2008 14:29:18 151 906 A.... "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.log"
    2 Jan 2008 15:37:34 515 924 A.... "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen_service.log"
    14 Jan 2008 19:30:04 32 768 A.SH. "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\index.dat"
    14 Jan 2008 19:30:04 16 384 A.SH. "C:\WINDOWS\Temp\History\History.IE5\index.dat"
    13 Dec 2007 3:01:28 7 309 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.txt"
    13 Dec 2007 3:01:50 23 272 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.inf"
    17 Dec 2007 17:22:10 268 408 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_55811.INF"
    2 Jan 2008 1:56:30 389 256 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_55811.PNF"
    20 Dec 2007 1:59:42 159 861 A.S.. "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\CX_55811.CAT"
    5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativvaxx.dat"
    5 Dec 2007 3:33:28 3 107 788 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativva5x.dat"
    5 Dec 2007 3:33:28 887 724 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ativva6x.dat"
    5 Dec 2007 4:05:14 368 640 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGX.dll"
    5 Dec 2007 3:15:00 180 224 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\atiok3x2.dll"
    5 Dec 2007 3:48:52 9 535 488 A.... "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\atioglx2.dll"
    3 Dec 2007 19:30:12 38 301 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\8T8WTVYK\061-4121.French[1].dist"
    14 Jan 2008 19:30:08 18 178 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\8T8WTVYK\061-3637.English[1].dist"
    14 Jan 2008 19:30:10 20 137 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\8T8WTVYK\061-4212.French[1].dist"
    14 Jan 2008 19:30:08 22 674 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\KQP5P6R3\061-3638.French[1].dist"
    14 Jan 2008 19:30:10 3 782 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\KQP5P6R3\061-3452.French[1].dist"
    14 Jan 2008 19:30:08 25 348 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\index-windows-1[1].sucatalog"
    14 Jan 2008 19:30:08 21 431 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\061-2802.French[1].dist"
    14 Jan 2008 19:30:08 21 610 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\061-3872.French[1].dist"
    14 Jan 2008 19:30:10 29 291 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\SOU9L6LZ\061-4125.French[1].dist"
    3 Dec 2007 19:30:08 29 461 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\ZZ1JUZOI\061-3395.French[1].dist"
    3 Dec 2007 19:30:10 19 966 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\ZZ1JUZOI\061-4066.French[1].dist"
    14 Jan 2008 19:30:10 38 301 A.... "C:\WINDOWS\Temp\Fichiers Internet temporaires\Content.IE5\ZZ1JUZOI\061-4184.French[1].dist"

    C:\Program Files\

    2 Jan 2008 1:44:44 48 683 488 A.... "C:\Program Files\7-12-igp_xp32_dd_ccc_wdm_sb_gart_enu_55811.exe"
    2 Jan 2008 13:57:20 82 360 681 A.... "C:\Program Files\Chipset + VGA Driver ATI Ver.8.251.zip"
    2 Jan 2008 22:48:12 95 893 A.... "C:\Program Files\DivX\DivXWebPlayerUninstall.exe"
    2 Jan 2008 22:48:14 95 893 A.... "C:\Program Files\DivX\DivXContentUploaderUninstall.exe"
    20 Nov 2007 14:35:00 125 685 A.... "C:\Program Files\LimeWire\uninstall.exe"
    7 Dec 2007 19:34:56 132 712 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
    7 Dec 2007 19:34:58 132 232 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
    7 Dec 2007 19:34:58 13 416 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
    7 Dec 2007 19:34:58 12 400 A.... "C:\Program Files\Mozilla Firefox\xpistub.dll"
    7 Dec 2007 19:34:58 73 848 A.... "C:\Program Files\Mozilla Firefox\xpcom_compat.dll"
    7 Dec 2007 19:34:58 422 000 A.... "C:\Program Files\Mozilla Firefox\xpcom_core.dll"
    7 Dec 2007 19:34:58 73 336 A.... "C:\Program Files\Mozilla Firefox\xpicleanup.exe"
    7 Dec 2007 19:34:42 13 952 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
    7 Dec 2007 19:34:52 7 650 416 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
    7 Dec 2007 19:34:52 200 829 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
    7 Dec 2007 19:34:52 456 296 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
    7 Dec 2007 19:34:54 161 392 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
    7 Dec 2007 19:34:54 378 472 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
    7 Dec 2007 19:34:54 271 984 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
    7 Dec 2007 19:34:54 34 424 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
    7 Dec 2007 19:34:54 30 320 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
    7 Dec 2007 19:34:56 112 232 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
    7 Dec 2007 19:34:56 254 060 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
    2 Dec 2007 12:23:06 253 952 A.... "C:\Program Files\ma-config.com\nphardwaredetection.dll"
    2 Dec 2007 12:25:44 962 560 A.... "C:\Program Files\ma-config.com\MCNoyau.dll"
    2 Jan 2008 2:32:02 1 266 936 A.... "C:\Program Files\Steam\Steam.exe"
    12 Jan 2008 16:58:16 251 128 A.... "C:\Program Files\Steam\WriteMiniDump.exe"
    12 Jan 2008 16:58:18 2 912 504 A.... "C:\Program Files\Steam\SteamUI.dll"
    12 Jan 2008 16:58:20 1 039 192 A.... "C:\Program Files\Steam\dbghelp.dll"
    12 Jan 2008 16:58:24 3 249 400 A.... "C:\Program Files\Steam\Steam.dll"
    12 Jan 2008 16:59:02 112 128 A.... "C:\Program Files\Steam\CSERHelper.dll"
    12 Jan 2008 16:59:04 1 625 336 A.... "C:\Program Files\Steam\steamclient.dll"
    12 Jan 2008 16:59:04 229 624 A.... "C:\Program Files\Steam\tier0_s.dll"
    12 Jan 2008 16:59:06 346 360 A.... "C:\Program Files\Steam\vstdlib_s.dll"
    12 Jan 2008 16:59:06 206 072 A.... "C:\Program Files\Steam\GameOverlayRenderer.dll"
    12 Jan 2008 16:59:08 1 008 888 A.... "C:\Program Files\Steam\GameOverlayUI.exe"
    12 Jan 2008 17:00:00 540 672 A.... "C:\Program Files\Steam\mss32_s.dll"
    19 Jan 2008 20:18:48 78 958 A.... "C:\Program Files\Lop SD\Uninstal.exe"
    22 Nov 2007 20:39:38 136 704 A.... "C:\Program Files\Lop SD\catchme.exe"
    13 Jan 2008 22:57:04 4 803 A.... "C:\Program Files\Lop SD\RegLop.reg"
    19 Jan 2008 20:19:22 1 784 A.... "C:\Program Files\Lop SD\paths.bat"
    5 Dec 2007 20:17:00 65 536 A.... "C:\Program Files\InstallShield Installation Information\{43801800-CFEE-11D2-A41B-006097B55AD3}\Setup.exe"
    5 Dec 2007 20:17:00 46 080 A.... "C:\Program Files\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\Setup.exe"
    28 Nov 2007 18:20:30 294 912 A.... "C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe"
    28 Nov 2007 18:25:00 1 951 556 A.... "C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\ISSetup.dll"
    2 Jan 2008 2:01:12 380 928 A.... "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\_setup.dll"
    28 Nov 2007 18:24:06 100 693 A.... "C:\Program Files\Yahoo!\common\unyt.exe"
    19 Jan 2008 19:23:42 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
    12 Dec 2007 2:54:12 1 492 A.... "C:\Program Files\eMule\config\load_index.dat"
    12 Dec 2007 2:54:12 12 A.... "C:\Program Files\eMule\config\src_index.dat"
    12 Dec 2007 2:54:12 28 A.... "C:\Program Files\eMule\config\key_index.dat"
    12 Dec 2007 2:54:12 23 A.... "C:\Program Files\eMule\config\preferencesKad.dat"
    12 Dec 2007 17:33:40
    0
    1. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
       
      FAIT plutôt ce qui est écrit plus haut
      0
  16. eliiana
     
    SDFix: Version 1.129

    Run by miss_tos_eliana on 19/01/2008 at 22:25

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\MISS_T~1.ACE\Bureau\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\DOCUME~1\MISS_T~1.ACE\LOCALS~1\Temp\services.exe - Deleted
    C:\WINDOWS\17PHolmes*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe.tmp - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-19 22:31:54
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
    "C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
    "C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
    "C:\\WINDOWS\\System32\\LEXPPS.EXE"="C:\\WINDOWS\\System32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Documents and Settings\\Eliana.ACER-73356C3771.001\\Local Settings\\Temporary Internet Files\\Content.IE5\\DINW252L\\incredimail_install[1].exe"="C:\\Documents and Settings\\Eliana.ACER-73356C3771.001\\Local Settings\\Temporary Internet Files\\Content.IE5\\DINW252L\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\DOCUME~1\\MISS_T~1.ACE\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MISS_T~1.ACE\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\MISS_T~1.ACE\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Mon 17 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Sat 17 Mar 2007 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Sat 11 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 11 Feb 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
    Fri 20 Apr 2007 4,158 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
    Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\493c50fe9f23ee81559d491f3f423dc0\BIT79.tmp"
    Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6658f544763a012c23109e05e811db81\BIT7A.tmp"
    Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c728fd35e0fbfbad19770aaa8086c1e4\BIT7B.tmp"
    Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3a2cc8348b523d553ab91932959586ed\BIT89.tmp"
    Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\15d6b6128783c0ae74d81b31766420a0\BIT8A.tmp"
    Sun 30 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\656b7e612f38bc403dcef9ecb255273d\BIT8B.tmp"
    Thu 20 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Tue 9 May 2006 401 A..H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv1lic.bak"
    Sat 11 Feb 2006 4,348 ...H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv1key.bak"
    Tue 9 May 2006 1,536 A..H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv2lic.bak"
    Sat 11 Feb 2006 312 ...H. --- "C:\Documents and Settings\gdfgdf\Bureau\kikou\Mes documents\musique de rap\drmv2key.bak"
    Tue 9 May 2006 401 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv1lic.bak"
    Sat 11 Feb 2006 4,348 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv1key.bak"
    Tue 9 May 2006 1,536 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv2lic.bak"
    Sat 11 Feb 2006 312 A..H. --- "C:\Documents and Settings\ANTONIA\Bureau\ELIANA\Bureau\Ma musique\musique de rape\drmv2key.bak"

    Finished!
    0
  17. Luciole
     
    J'ai redemarré mon ordi en mode sans echec, comme conseillé ci dessus, mais en appuyant sur Y, il ne s'est rien passé.
    Quand vous faisiez l'analyse, cela vous prenait combien de temps (pour ceux qui ont reussi) ?
    0
    1. delby
       
      apres y tu dois appuyer sur entrée sinon marche po
      0
  18. cyril307 Messages postés 19 Statut Membre 1
     
    bonjour
    meme manip que tout le monde dont voici le rapport
    DFix: Version 1.129

    Run by cyril-titi on 20/01/2008 at 01:09

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\CYRIL-~1\Bureau\Sdfix\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 01:12:31
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\DOCUME~1\\CYRIL-~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CYRIL-~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Wed 26 Dec 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
    Wed 26 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 19 Jan 2008 41,724 A.SH. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006258.exe"
    Tue 15 Jan 2008 140,800 A.SH. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006259.exe"
    Sat 19 Jan 2008 6,656 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006399.exe"
    Sat 19 Jan 2008 1,024 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP52\A0006400.sys"
    Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT5.tmp"
    Sat 19 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    Finished!
    0
  19. delby
     
    Jai eu egalement le meme probleme
    j ai commencé par suivre les conseil d un certain laurent avec msn fic et cleaner
    ca mlarchait bien puis virus est revenu

    Jai donc suivi vos coneil avec sd fix et voici le rapport

    SDFix: Version 1.129

    Run by Administrateur on

    20/01/2008 at 10:12

    Microsoft Windows XP [version

    5.1.2600]

    Running From:

    C:\DOCUME~1\Administrateur\Bureau\

    SDFix

    Safe Mode:
    Checking Services:

    C:\WINDOWS\system32\Microsoft\back

    up.tftp Found

    Checking files:

    Genuine:
    C:\WINDOWS\system32\Microsoft\back

    up.tftp

    Dummy:
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\tftp.exe
    C:\WINDOWS\system32\dllcache\ftp.e

    xe
    C:\WINDOWS\system32\dllcache\tftp.

    exe

    Files copied to SDFix\Backups

    Restoring files if backups are

    found

    Final Check:

    Genuine:
    C:\WINDOWS\system32\Microsoft\back

    up.tftp
    C:\WINDOWS\system32\tftp.exe
    C:\WINDOWS\system32\dllcache\tftp.

    exe

    Dummy:
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\dllcache\ftp.e

    xe

    Infected ip6fw.sys Found!

    ip6fw.sys File Locations:

    "C:\WINDOWS\system32\DllCache\ip6f

    w.sys" 29056 03/08/2004 22:00
    "C:\WINDOWS\system32\drivers\ip6fw

    .sys" 29056 03/08/2004 22:00

    Infected File Listed Below:

    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM

    File copied to Backups Folder
    Attempting to replace ip6fw.sys

    with original version...

    Unable To Replace Infected File!

    Restoring Windows Registry Values
    Restoring Windows Default Hosts

    File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM - Deleted
    C:\DOCUME~1\Administrateur\Local

    Settings\Temp\services.exe -

    Deleted
    C:\WINDOWS\mrofinu*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe.tmp -

    Deleted
    C:\WINDOWS\system32\Microsoft\back

    up.tftp - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista -

    rootkit/stealth malware detector

    by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 10:17:06
    Windows 5.1.2600 Service Pack 2

    NTFS

    scanning hidden processes ...

    scanning hidden services & system

    hive ...

    scanning hidden registry entries

    ...

    source file error: C:\Documents

    and

    Settings\Administrateur\ntuser.dat
    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\current

    controlset\services\sharedaccess\p

    arameters\firewallpolicy\standardp

    rofile\authorizedapplications\list

    ]
    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\system32\\sessmgr.exe:*

    :enabled:@xpsp2res.dll,-22019"
    "C:\\Program

    Files\\Skype\\Phone\\Skype.exe"="C

    :\\Program

    Files\\Skype\\Phone\\Skype.exe:*:E

    nabled:Skype"
    "C:\\Program

    Files\\Logitech\\Desktop

    Messenger\\8876480\\Program\\Logit

    echDesktopMessenger.exe"="C:\\Prog

    ram Files\\Logitech\\Desktop

    Messenger\\8876480\\Program\\Logit

    echDesktopMessenger.exe:*:Enabled:

    Logitech Desktop Messenger"
    "C:\\Program

    Files\\NewsBin\\nbpro.exe"="C:\\Pr

    ogram

    Files\\NewsBin\\nbpro.exe:*:Enable

    d:Newsbin"
    "C:\\DOCUME~1\\Administrateur\\Loc

    al

    Settings\\Temp\\services.exe"="C:\

    \DOCUME~1\\Administrateur\\Local

    Settings\\Temp\\services.exe:*:Ena

    bled:Flash Player2"
    "C:\\Program Files\\Windows

    Live\\Messenger\\msnmsgr.exe"="C:\

    \Program Files\\Windows

    Live\\Messenger\\msnmsgr.exe:*:Ena

    bled:Windows Live Messenger"
    "C:\\Program Files\\Windows

    Live\\Messenger\\livecall.exe"="C:

    \\Program Files\\Windows

    Live\\Messenger\\livecall.exe:*:En

    abled:Windows Live Messenger

    (Phone)"

    [HKEY_LOCAL_MACHINE\system\current

    controlset\services\sharedaccess\p

    arameters\firewallpolicy\domainpro

    file\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\system32\\sessmgr.exe:*

    :enabled:@xpsp2res.dll,-22019"
    "C:\\Program

    Files\\Logitech\\Desktop

    Messenger\\8876480\\Program\\Logit

    echDesktopMessenger.exe"="C:\\Prog

    ram Files\\Logitech\\Desktop

    Messenger\\8876480\\Program\\Logit

    echDesktopMessenger.exe:*:Enabled:

    Logitech Desktop Messenger"
    "C:\\Program Files\\Windows

    Live\\Messenger\\msnmsgr.exe"="C:\

    \Program Files\\Windows

    Live\\Messenger\\msnmsgr.exe:*:Ena

    bled:Windows Live Messenger"
    "C:\\Program Files\\Windows

    Live\\Messenger\\livecall.exe"="C:

    \\Program Files\\Windows

    Live\\Messenger\\livecall.exe:*:En

    abled:Windows Live Messenger

    (Phone)"

    Remaining Files:
    ---------------

    File Backups: -

    C:\DOCUME~1\Administrateur\Bureau\

    SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Impossible d'ex‚cuter

    C:\DOCUME~1\ADMINISTRATEUR\BUREAU\

    SDFIX\APPS\LOCATE.COM

    Finished!

    DITES MOI JE VOUS EN SUPPLI QUE TOUT VA RENTRER DANS L ORDRE CAR JE N EN PEUT PLUS !

    Et si ca marche et bien je vous en remercie de tout coeur je ne saurai pas toruver less mots pour vous dire combien je vous sui reconnaissante !

    a tres vite (enfin juste pour discuter pas pour résoudre un nouveau virus!)

    Bon we !
    0
  20. Ocelot
     
    Bonjour, ayant le même probème j'ai suivi la procédure ci-dessus.(merci)
    Voila le rapport:

    SDFix: Version 1.129

    Run by Compaq_Propri‚taire on 20/01/2008 at 10:12

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Program Files\Temporary\kernInst.exe - Deleted
    C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
    C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
    C:\Documents and Settings\Compaq_Propri‚taire\Application Data\addon.dat - Deleted
    C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe - Deleted
    C:\WINDOWS\b12?.exe - Deleted
    C:\WINDOWS\b14?.exe - Deleted
    C:\WINDOWS\mrofinu*.exe - Deleted
    C:\WINDOWS\mrofinu*.exe.tmp - Deleted

    Folder C:\Program Files\InetGet2 - Removed
    Folder C:\Program Files\Temporary - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 10:22:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:3d7f6cd9
    "s2"=dword:a3af3d0c
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cc,b3,74,50,d9,12,f0,f8,20,b8,3b,8c,22,48,84,08,29,20,53,ac,28,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b1,5f,8b,a1,fe,9a,5c,dd,91,ea,34,e1,ef,17,88,2f,17,..
    "khjeh"=hex:fe,1b,01,b3,38,c9,c4,d6,a8,91,a7,55,09,a2,15,b6,16,53,a2,e1,47,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:55,d2,01,6a,24,b8,0e,ef,55,c0,55,55,12,66,74,78,85,5a,ff,43,75,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cc,b3,74,50,d9,12,f0,f8,20,b8,3b,8c,22,48,84,08,29,20,53,ac,28,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,b1,5f,8b,a1,fe,9a,5c,dd,91,ea,34,e1,ef,17,88,2f,17,..
    "khjeh"=hex:fe,1b,01,b3,38,c9,c4,d6,a8,91,a7,55,09,a2,15,b6,16,53,a2,e1,47,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:55,d2,01,6a,24,b8,0e,ef,55,c0,55,55,12,66,74,78,85,5a,ff,43,75,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120% (Trial Version)"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 58

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
    "C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
    "C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Sat 23 Jun 2007 218 A.SHR --- "C:\BOOT.BAK"
    Thu 5 Aug 2004 1,150,053 ...H. --- "C:\Program Files\fx2000\winfox32.exe"
    Sun 3 Sep 2006 32 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
    Sat 10 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Tue 17 Jul 2007 278,528 A.SH. --- "C:\Documents and Settings\Compaq_Propri‚taire\Local Settings\Temp\~rnsetup\pncrt.dll"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\035933f8200812cad539195e91cbe107\BIT69.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1369c6d3d1e461b8f6eb4aab4a0a2c8a\BIT58.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\15adc2524e94dfdbb0290c0f6b64f81a\BIT89.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\175fcb601eafb4c2ac2a80afd20179a4\BIT65.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20b3cabb260cb882b3d8b497abda1f71\BIT56.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2188236ebfb773be9367bf47c988d6f4\BIT83.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2922e248dc4a80f30a47f8b5c778e508\BIT64.tmp"
    Sat 10 Feb 2007 5,629,208 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2bf5fa7530b3dc625e3bc850faa4f61f\BIT53.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\333cef8fb3a3826b395bbbf1bc9cc952\BIT5F.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\43b6a33ce0cc0d9f775487c3b03ab6aa\BIT8F.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\46b6215de5d83b8828fa6f76b79196ef\BIT5D.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5224af626898b31ba0c7476966921e26\BIT68.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\53a3a14f74503141a8462ffdac5b76db\BIT98.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\60e05582324722f8544d6085e0e80928\BIT95.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\652df4481e78cf8db95f337e5e6fd06c\BIT8C.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\75b33b4a04c484cff6a32aee5a3eeba8\BIT96.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\920a938ef1f0fd127b387b35bb459ddd\BIT5E.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\BIT99.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\96323f4b2477b2d772cfb04f3513215f\BIT88.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e0d35b1a9afd12850e9b854d046f6d\BIT63.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\BIT55.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\982e3592e6cb28f674d1d6319523b1b9\BIT87.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9d141fe443dceca575dc6e6f2f0eca89\BIT61.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b2b9feec5d877dde28227c507e3c9f03\BIT5C.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bdbc2001decde12012366b57c981e5e9\BIT8B.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\be5406dd83b313de669f120c86c4b9f5\BIT9B.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\BIT8A.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c2c90d07259878f31cc0a433c5f7cbdb\BIT59.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c40c0e3d7dcfb5be7fb7777a31340af0\BIT8E.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c431dc4bbdccd59d7eec2075c4336ebf\BIT57.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d34105cbc07cfc82a840c12d5e028679\BIT8D.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d50db80046c205ad16f51b74e13487ba\BIT62.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\de3f6fa0352b869c41bbf510291a7322\BIT66.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eabe1622973d561afb591ab24f972644\BIT91.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eb54cd851acca1509d7ffb5dc4f80842\BIT5A.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ec6f8a1f8a53fe527617657a69254313\BIT67.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ee1608e4453bf012111368b651f3cf15\BIT97.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f3e7858db8ebf255ea0c4b70d83969b2\BIT60.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fda4a07ab7a56c6d4616537d15334ad6\BIT5B.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\087c95038fa0513bb8de57c8b3f3084d\download\BITA0.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0d7569a279576eea9ab33afe1d3e51f7\download\BITA1.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1059f9fa18db5c659dd880c6bde1acd8\download\BIT9F.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4042804c2a776995a3f497dfcca87fe6\download\BIT9D.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\602bff9cd5e4a4e7039bbbe857eb7ff2\download\BIT86.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b039f22f4555a9e0b76dac38b519972\download\BITA4.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8a7f7c98df0a30ead57d10a0a13cfc46\download\BIT9C.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\94dd5c86d2211543a830b2de82b24440\download\BITA3.tmp"
    Sat 10 Feb 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\967887277fa6d2b1bc642d5a1b513174\download\BIT9E.tmp"
    Tue 12 Apr 2005 2,824,742 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a784624f51e504c24fcaaa117668f3b6\download\BIT54.tmp"

    Finished!
    0
  21. McC
     
    Bonjour, j'ai aussi le virus, pendant que j'étais en mode sans echec dans l'ecran noir ( désolé de la précision ) il me dit Accès refusé trois fois, j'éspère que ça à tout de même marcher :/

    Voici le Report.Txt

    SDFix: Version 1.129

    Run by C‚cile on 20/01/2008 at 10:09

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted
    C:\DOCUME~1\CCILE~1\LOCALS~1\Temp\services.exe - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-20 10:20:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\Documents and Settings\Cécile\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1087 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 119

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
    "C:\\Program Files\\Securitoo\\av_fw\\backweb\\1044199\\Program\\backWeb-1044199.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\1044199\\Program\\backWeb-1044199.exe:*:Disabled:backWeb-1044199"
    "C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"
    "C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
    "C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\ipconfig.exe"="C:\\DOCUME~1\\CCILE~1\\LOCALS~1\\Temp\\ipconfig.exe:*:Enabled:Slave"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"="C:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe:*:Enabled:Antivirus Firewall"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Sun 8 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Mon 9 Jul 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
    Sun 15 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ae178a19c6b7c7d3db0eb0aa49460b31\BIT30.tmp"
    Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8426e25532eb668f59dd4d969b4a550\BIT1E.tmp"
    Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8e1092e4a07bde9d108020eaac84239\BIT2F.tmp"

    Finished!

    Comment vérifier si c'est bon ?

    Merci x)
    0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6