J'ai le virus: c'est pas toi, que faire.??
Résolu/Fermé
Mitsuka
Messages postés
4
Date d'inscription
jeudi 17 janvier 2008
Statut
Membre
Dernière intervention
18 janvier 2008
-
18 janv. 2008 à 18:28
miguelito - 25 févr. 2008 à 20:45
miguelito - 25 févr. 2008 à 20:45
A voir également:
- J'ai le virus: c'est pas toi, que faire.??
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- Softonic virus - Forum Virus / Sécurité
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
105 réponses
salut jai toujours le virus. je ne sais pas quoi faire. apres avoir fait le tuto mon rapport est :
SDFix: Version 1.129
Run by SOPHIE on 20/01/2008 at 15:34
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\SOPHIE\Bureau\SDFix
Safe Mode:
Checking Services:
il ny a rien marquer dautre. comment sa se fait ?! estceque cest parceque mon ordi ne se rallume pas tout seul apres avoir entré la touche "Y" ?! il ne me dit pas dappuyer sur une touche pour rallumer lordi ..
SDFix: Version 1.129
Run by SOPHIE on 20/01/2008 at 15:34
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\SOPHIE\Bureau\SDFix
Safe Mode:
Checking Services:
il ny a rien marquer dautre. comment sa se fait ?! estceque cest parceque mon ordi ne se rallume pas tout seul apres avoir entré la touche "Y" ?! il ne me dit pas dappuyer sur une touche pour rallumer lordi ..
Cest bon je crois que jen ai enfin fini, voici mon rapport :
SDFix: Version 1.129
Run by SOPHIE on 20/01/2008 at 16:44
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\SOPHIE\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 17:07:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 284
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Documents and Settings\\antony\\Local Settings\\Application Data\\Microsoft\\Messenger\\madeinampere@hotmail.fr\\Sharing Folders\\incredimail_install.exe"="C:\\Documents and Settings\\antony\\Local Settings\\Application Data\\Microsoft\\Messenger\\madeinampere@hotmail.fr\\Sharing Folders\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\cabreli\\Local Settings\\Temporary Internet Files\\Content.IE5\\6345SBLW\\incredimail_install[1].exe"="C:\\Documents and Settings\\cabreli\\Local Settings\\Temporary Internet Files\\Content.IE5\\6345SBLW\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\SOPHIE\\Mes documents\\Mes Google Gadgets\\incredimail_install.exe"="C:\\Documents and Settings\\SOPHIE\\Mes documents\\Mes Google Gadgets\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\DOCUME~1\\SOPHIE\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\SOPHIE\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\SOPHIE\\rhqhlp.exe"="C:\\Documents and Settings\\SOPHIE\\rhqhlp.exe:*:Enabled:Windows Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Thu 18 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 1 Aug 2007 321,659 ..SH. --- "C:\WINDOWS\system32\pqstv.tmp"
Wed 1 Aug 2007 321,334 ..SH. --- "C:\WINDOWS\system32\pqstv.bak1"
Fri 3 Aug 2007 321,451 ..SH. --- "C:\WINDOWS\system32\pqstv.bak2"
Sun 27 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 29 May 2007 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Mon 17 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 1 Dec 2006 25,088 A..H. --- "C:\Documents and Settings\NATHALIE HEINRICH\Mes documents\lettre de motivation CV\~WRL0001.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT7.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8ec741c57b58a534cd55e8f0ca69e79\BIT8.tmp"
Sun 27 May 2007 4,348 ...H. --- "C:\Documents and Settings\cabreli\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 17 Sep 2007 401 A..H. --- "C:\Documents and Settings\cabreli\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 28 May 2007 9,656 A.SH. --- "C:\Documents and Settings\cabreli\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 1 Dec 2006 25,088 A..H. --- "C:\Documents and Settings\NATHALIE HEINRICH\Mes documents\COURRIER\lettre de motivation CV\~WRL0001.tmp"
Finished!
SDFix: Version 1.129
Run by SOPHIE on 20/01/2008 at 16:44
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\SOPHIE\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 17:07:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 284
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Documents and Settings\\antony\\Local Settings\\Application Data\\Microsoft\\Messenger\\madeinampere@hotmail.fr\\Sharing Folders\\incredimail_install.exe"="C:\\Documents and Settings\\antony\\Local Settings\\Application Data\\Microsoft\\Messenger\\madeinampere@hotmail.fr\\Sharing Folders\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\cabreli\\Local Settings\\Temporary Internet Files\\Content.IE5\\6345SBLW\\incredimail_install[1].exe"="C:\\Documents and Settings\\cabreli\\Local Settings\\Temporary Internet Files\\Content.IE5\\6345SBLW\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\SOPHIE\\Mes documents\\Mes Google Gadgets\\incredimail_install.exe"="C:\\Documents and Settings\\SOPHIE\\Mes documents\\Mes Google Gadgets\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\DOCUME~1\\SOPHIE\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\SOPHIE\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\SOPHIE\\rhqhlp.exe"="C:\\Documents and Settings\\SOPHIE\\rhqhlp.exe:*:Enabled:Windows Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Thu 18 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 1 Aug 2007 321,659 ..SH. --- "C:\WINDOWS\system32\pqstv.tmp"
Wed 1 Aug 2007 321,334 ..SH. --- "C:\WINDOWS\system32\pqstv.bak1"
Fri 3 Aug 2007 321,451 ..SH. --- "C:\WINDOWS\system32\pqstv.bak2"
Sun 27 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 29 May 2007 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Mon 17 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 1 Dec 2006 25,088 A..H. --- "C:\Documents and Settings\NATHALIE HEINRICH\Mes documents\lettre de motivation CV\~WRL0001.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT7.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8ec741c57b58a534cd55e8f0ca69e79\BIT8.tmp"
Sun 27 May 2007 4,348 ...H. --- "C:\Documents and Settings\cabreli\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 17 Sep 2007 401 A..H. --- "C:\Documents and Settings\cabreli\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 28 May 2007 9,656 A.SH. --- "C:\Documents and Settings\cabreli\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 1 Dec 2006 25,088 A..H. --- "C:\Documents and Settings\NATHALIE HEINRICH\Mes documents\COURRIER\lettre de motivation CV\~WRL0001.tmp"
Finished!
Bonjour, jai moi aussi chopé cette saloperie de virus...j'ai suivi toutes les instructions (enfin j'espère) données sur le forum...comme demandé, je colle le rapport, j'espère vraiment m'en être débarrassée, si c'est le cas, je vous en remercie du fond du coeuur!
SDFix: Version 1.129
Run by MARINE on 20/01/2008 at 16:59
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\MARINE\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 17:06:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x778e"
"DeviceDesc"="\xb973\x778e"
"ProviderName"="\x27fc\21\xee18\x7c91\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x4f0"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=str(7):"c:\documents and settings\marine\mes documents\drivers\sbdrv\smbus\smbusati.inf"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\MARINE\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MARINE\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 4 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 1 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\825602f548d54de494879712d10e8261\BIT1.tmp"
Finished!
SDFix: Version 1.129
Run by MARINE on 20/01/2008 at 16:59
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\MARINE\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 17:06:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x778e"
"DeviceDesc"="\xb973\x778e"
"ProviderName"="\x27fc\21\xee18\x7c91\x286c\21\b"
"MFG"="\xc1bf\b\xe12b\x1803\x4f0"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=str(7):"c:\documents and settings\marine\mes documents\drivers\sbdrv\smbus\smbusati.inf"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\MARINE\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MARINE\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 4 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 1 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\825602f548d54de494879712d10e8261\BIT1.tmp"
Finished!
SDFix: Version 1.129
Run by cabrol on 20/01/2008 at 18:16
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\cabrol\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\cabrol\Local Settings\Temp\aax5B.tmp.exe - Deleted
C:\DOCUME~1\cabrol\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 18:19:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Documents and Settings\\cabrol\\Bureau\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\cabrol\\Bureau\\nini\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\nini\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="C:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\cabrol\\Bureau\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\NINI\\azureus\\Azureus.exe"="C:\\NINI\\azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\nini\\installations enregistr‚es\\azureus\\Azureus.exe"="C:\\nini\\installations enregistr‚es\\azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="D:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\cabrol\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\cabrol\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\cabrol\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 20 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 14 Oct 2007 5,903,928 A..H. --- "C:\System Volume Information\_restore{42310EC4-7D2B-4715-A05C-0D953851EDA5}\RP327\A0053324.exe"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT3.tmp"
Thu 16 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Voilà...ça marche maintenant?
Run by cabrol on 20/01/2008 at 18:16
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\cabrol\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\cabrol\Local Settings\Temp\aax5B.tmp.exe - Deleted
C:\DOCUME~1\cabrol\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 18:19:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Documents and Settings\\cabrol\\Bureau\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\cabrol\\Bureau\\nini\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\nini\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="C:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\cabrol\\Bureau\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\NINI\\azureus\\Azureus.exe"="C:\\NINI\\azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\nini\\installations enregistr‚es\\azureus\\Azureus.exe"="C:\\nini\\installations enregistr‚es\\azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="D:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\cabrol\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\cabrol\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\cabrol\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 20 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 14 Oct 2007 5,903,928 A..H. --- "C:\System Volume Information\_restore{42310EC4-7D2B-4715-A05C-0D953851EDA5}\RP327\A0053324.exe"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT3.tmp"
Thu 16 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Voilà...ça marche maintenant?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
SDFix: Version 1.129
Run by cabrol on 20/01/2008 at 18:16
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\cabrol\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\cabrol\Local Settings\Temp\aax5B.tmp.exe - Deleted
C:\DOCUME~1\cabrol\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 18:19:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Documents and Settings\\cabrol\\Bureau\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\cabrol\\Bureau\\nini\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\nini\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="C:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\cabrol\\Bureau\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\NINI\\azureus\\Azureus.exe"="C:\\NINI\\azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\nini\\installations enregistr‚es\\azureus\\Azureus.exe"="C:\\nini\\installations enregistr‚es\\azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="D:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\cabrol\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\cabrol\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\cabrol\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 20 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 14 Oct 2007 5,903,928 A..H. --- "C:\System Volume Information\_restore{42310EC4-7D2B-4715-A05C-0D953851EDA5}\RP327\A0053324.exe"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT3.tmp"
Thu 16 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Voilà...ça marche maintenant?
Run by cabrol on 20/01/2008 at 18:16
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\cabrol\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\cabrol\Local Settings\Temp\aax5B.tmp.exe - Deleted
C:\DOCUME~1\cabrol\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 18:19:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AliceSAV = C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Documents and Settings\\cabrol\\Bureau\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\cabrol\\Bureau\\nini\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\nini\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="C:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\cabrol\\Bureau\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\cabrol\\Bureau\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\NINI\\azureus\\Azureus.exe"="C:\\NINI\\azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\nini\\installations enregistr‚es\\azureus\\Azureus.exe"="C:\\nini\\installations enregistr‚es\\azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe"="D:\\nini\\installations enregistr‚es\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\DOCUME~1\\cabrol\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\cabrol\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\cabrol\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Tue 6 Sep 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 20 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 14 Oct 2007 5,903,928 A..H. --- "C:\System Volume Information\_restore{42310EC4-7D2B-4715-A05C-0D953851EDA5}\RP327\A0053324.exe"
Sat 19 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT3.tmp"
Thu 16 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Voilà...ça marche maintenant?
joule33
Messages postés
2
Date d'inscription
samedi 19 janvier 2008
Statut
Membre
Dernière intervention
20 janvier 2008
20 janv. 2008 à 19:07
20 janv. 2008 à 19:07
salut quand je redemarre mon ordi en mode sans echec il s eteint tout seul que dois je faire??
merci pour votre aide
merci pour votre aide
System Report
*************
Run on 20/01/2008 at 19:06
Microsoft Windows XP [version 5.1.2600]
Current user is an administrator
Running Processes:
\SystemRoot\System32\smss.exe [644]
\??\C:\WINDOWS\system32\csrss.exe [692]
\??\C:\WINDOWS\system32\winlogon.exe [720]
C:\WINDOWS\system32\services.exe [764]
C:\WINDOWS\system32\lsass.exe [776]
C:\WINDOWS\system32\Ati2evxx.exe [932]
C:\WINDOWS\system32\svchost.exe [948]
C:\WINDOWS\system32\svchost.exe [1044]
C:\WINDOWS\System32\svchost.exe [1136]
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [1188]
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1216]
C:\WINDOWS\system32\svchost.exe [1280]
C:\WINDOWS\system32\svchost.exe [1392]
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1512]
C:\Program Files\Alwil Software\Avast4\ashServ.exe [1560]
C:\WINDOWS\system32\spoolsv.exe [1916]
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [1996]
C:\WINDOWS\system32\Ati2evxx.exe [240]
C:\WINDOWS\Explorer.EXE [392]
C:\WINDOWS\RTHDCPL.EXE [584]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [604]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [376]
C:\Program Files\Acer\Acer Arcade\PCMService.exe [632]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [108]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [740]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [908]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [988]
C:\Acer\Empowering Technology\eRecovery\Monitor.exe [972]
C:\WINDOWS\system32\LVCOMSX.EXE [1084]
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [1116]
C:\WINDOWS\system32\ElkCtrl.exe [1160]
C:\Acer\Empowering Technology\admtray.exe [1348]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [1364]
C:\Program Files\QuickTime\qttask.exe [1368]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [1604]
C:\Acer\Empowering Technology\admServ.exe [1848]
C:\Program Files\Netcom\Netcom.exe [1856]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [1872]
C:\DOCUME~1\Fabrice\LOCALS~1\Temp\services.exe [1956]
C:\WINDOWS\mrofinu1148.exe [2092]
C:\WINDOWS\system32\ctfmon.exe [2108]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2152]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2228]
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2240]
C:\Program Files\Skype\Phone\Skype.exe [2288]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2324]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2436]
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2456]
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2464]
C:\WINDOWS\system32\CTsvcCDA.exe [2512]
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2560]
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2604]
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe [2636]
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2708]
C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2856]
C:\WINDOWS\system32\svchost.exe [2880]
C:\WINDOWS\system32\wdfmgr.exe [2948]
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [3016]
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [3376]
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [3404]
C:\WINDOWS\system32\wbem\wmiprvse.exe [3700]
C:\WINDOWS\system32\wbem\wmiprvse.exe [4060]
C:\WINDOWS\System32\alg.exe [288]
C:\WINDOWS\system32\wbem\unsecapp.exe [2924]
C:\WINDOWS\system32\wbem\wmiapsrv.exe [3624]
C:\Program Files\Skype\Plugin Manager\skypePM.exe [2012]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [3176]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [420]
C:\WINDOWS\system32\wuauclt.exe [3352]
Drivers - Running:
SERVICE_NAME: Aavmker4
SERVICE_NAME: abp480n5
SERVICE_NAME: ACPI
SERVICE_NAME: ACPIEC
SERVICE_NAME: adpu160m
SERVICE_NAME: AegisP
SERVICE_NAME: AFD
SERVICE_NAME: agp440
SERVICE_NAME: agpCPQ
SERVICE_NAME: Aha154x
SERVICE_NAME: aic78u2
SERVICE_NAME: aic78xx
SERVICE_NAME: AliIde
SERVICE_NAME: alim1541
SERVICE_NAME: amdagp
SERVICE_NAME: amsint
SERVICE_NAME: Arp1394
SERVICE_NAME: asc
SERVICE_NAME: asc3350p
SERVICE_NAME: asc3550
SERVICE_NAME: aswMon2
SERVICE_NAME: aswRdr
SERVICE_NAME: aswTdi
SERVICE_NAME: atapi
SERVICE_NAME: ati2mtag
SERVICE_NAME: audstub
SERVICE_NAME: b57w2k
SERVICE_NAME: Beep
SERVICE_NAME: catchme
SERVICE_NAME: cbidf
SERVICE_NAME: cd20xrnt
SERVICE_NAME: Cdfs
SERVICE_NAME: cdrbsdrv
SERVICE_NAME: Cdrom
SERVICE_NAME: CmBatt
SERVICE_NAME: CmdIde
SERVICE_NAME: Compbatt
SERVICE_NAME: Cpqarray
SERVICE_NAME: dac2w2k
SERVICE_NAME: dac960nt
SERVICE_NAME: Disk
SERVICE_NAME: DKbFltr
SERVICE_NAME: dpti2o
SERVICE_NAME: EpmPsd
SERVICE_NAME: EpmShd
SERVICE_NAME: Fastfat
SERVICE_NAME: Fips
SERVICE_NAME: FltMgr
SERVICE_NAME: Ftdisk
SERVICE_NAME: Gpc
SERVICE_NAME: HDAudBus
SERVICE_NAME: HidUsb
SERVICE_NAME: hpn
SERVICE_NAME: HSFHWAZL
SERVICE_NAME: HSF_DPV
SERVICE_NAME: HTTP
SERVICE_NAME: i2omgmt
SERVICE_NAME: i2omp
SERVICE_NAME: i8042prt
SERVICE_NAME: Imapi
SERVICE_NAME: ini910u
SERVICE_NAME: IntcAzAudAddService
SERVICE_NAME: IntelIde
SERVICE_NAME: intelppm
SERVICE_NAME: IpNat
SERVICE_NAME: IPSec
SERVICE_NAME: irda
SERVICE_NAME: IRENUM
SERVICE_NAME: isapnp
SERVICE_NAME: Kbdclass
SERVICE_NAME: KSecDD
SERVICE_NAME: lv321av
SERVICE_NAME: lvmvdrv
SERVICE_NAME: LVPrcMon
SERVICE_NAME: LVUSBSta
SERVICE_NAME: mdmxsdk
SERVICE_NAME: mnmdd
SERVICE_NAME: Modem
SERVICE_NAME: Mouclass
SERVICE_NAME: mouhid
SERVICE_NAME: MountMgr
SERVICE_NAME: mraid35x
SERVICE_NAME: MRxDAV
SERVICE_NAME: MRxSmb
SERVICE_NAME: Msfs
SERVICE_NAME: mssmbios
SERVICE_NAME: Mup
SERVICE_NAME: NDIS
SERVICE_NAME: NdisFilt
SERVICE_NAME: NdisTapi
SERVICE_NAME: Ndisuio
SERVICE_NAME: NdisWan
SERVICE_NAME: NDProxy
SERVICE_NAME: NetBIOS
SERVICE_NAME: NetBT
SERVICE_NAME: NIC1394
SERVICE_NAME: Npfs
SERVICE_NAME: NTIDrvr
SERVICE_NAME: Null
SERVICE_NAME: ohci1394
SERVICE_NAME: OsaFsLoc
SERVICE_NAME: osaio
SERVICE_NAME: osanbm
SERVICE_NAME: PartMgr
SERVICE_NAME: PCI
SERVICE_NAME: PCIIde
SERVICE_NAME: Pcmcia
SERVICE_NAME: perc2
SERVICE_NAME: perc2hib
SERVICE_NAME: PptpMiniport
SERVICE_NAME: PSched
SERVICE_NAME: Ptilink
SERVICE_NAME: ql1080
SERVICE_NAME: Ql10wnt
SERVICE_NAME: ql12160
SERVICE_NAME: ql1240
SERVICE_NAME: ql1280
SERVICE_NAME: RasAcd
SERVICE_NAME: Rasirda
SERVICE_NAME: Rasl2tp
SERVICE_NAME: RasPppoe
SERVICE_NAME: Raspti
SERVICE_NAME: Rdbss
SERVICE_NAME: RDPCDD
SERVICE_NAME: redbook
SERVICE_NAME: s24trans
SERVICE_NAME: sisagp
SERVICE_NAME: SMCIRDA
SERVICE_NAME: Sparrow
SERVICE_NAME: sr
SERVICE_NAME: Srv
SERVICE_NAME: swenum
SERVICE_NAME: symc810
SERVICE_NAME: symc8xx
SERVICE_NAME: sym_hi
SERVICE_NAME: sym_u3
SERVICE_NAME: SynTP
SERVICE_NAME: sysaudio
SERVICE_NAME: Tcpip
SERVICE_NAME: TermDD
SERVICE_NAME: tifm21
SERVICE_NAME: TosIde
SERVICE_NAME: UBHelper
SERVICE_NAME: ultra
SERVICE_NAME: Update
SERVICE_NAME: usbehci
SERVICE_NAME: usbhub
SERVICE_NAME: usbprint
SERVICE_NAME: usbuhci
SERVICE_NAME: VgaSave
SERVICE_NAME: viaagp
SERVICE_NAME: ViaIde
SERVICE_NAME: VolSnap
SERVICE_NAME: Wanarp
SERVICE_NAME: wdmaud
SERVICE_NAME: winachsf
SERVICE_NAME: WmiAcpi
SERVICE_NAME: int15.sys
Drivers - Stopped:
SERVICE_NAME: Abiosdsk
SERVICE_NAME: aec
SERVICE_NAME: AsyncMac
SERVICE_NAME: Atdisk
SERVICE_NAME: Atmarpc
SERVICE_NAME: AVerM115
SERVICE_NAME: cbidf2k
SERVICE_NAME: CCDECODE
SERVICE_NAME: Cdaudio
SERVICE_NAME: Changer
SERVICE_NAME: dmboot
SERVICE_NAME: dmio
SERVICE_NAME: dmload
SERVICE_NAME: DMusic
SERVICE_NAME: drmkaud
SERVICE_NAME: Fdc
SERVICE_NAME: Flpydisk
SERVICE_NAME: InCDFs
SERVICE_NAME: InCDPass
SERVICE_NAME: InCDRm
SERVICE_NAME: Ip6Fw
SERVICE_NAME: IpFilterDriver
SERVICE_NAME: IpInIp
SERVICE_NAME: kbdhid
SERVICE_NAME: kmixer
SERVICE_NAME: lbrtfdc
SERVICE_NAME: MPE
SERVICE_NAME: MSIRCOMM
SERVICE_NAME: MSKSSRV
SERVICE_NAME: MSPCLOCK
SERVICE_NAME: MSPQM
SERVICE_NAME: MSTEE
SERVICE_NAME: NABTSFEC
SERVICE_NAME: NdisIP
SERVICE_NAME: NETMNT
SERVICE_NAME: nmwcd
SERVICE_NAME: nmwcdc
SERVICE_NAME: nmwcdcj
SERVICE_NAME: nmwcdcm
SERVICE_NAME: NPF
SERVICE_NAME: Ntfs
SERVICE_NAME: NwlnkFlt
SERVICE_NAME: NwlnkFwd
SERVICE_NAME: Parport
SERVICE_NAME: ParVdm
SERVICE_NAME: PCIDump
SERVICE_NAME: PDCOMP
SERVICE_NAME: PDFRAME
SERVICE_NAME: PDRELI
SERVICE_NAME: PDRFRAME
SERVICE_NAME: rdpdr
SERVICE_NAME: RDPWD
SERVICE_NAME: Secdrv
SERVICE_NAME: Serial
SERVICE_NAME: Sfloppy
SERVICE_NAME: Simbad
SERVICE_NAME: SLIP
SERVICE_NAME: SMCB000
SERVICE_NAME: SONYPVU1
SERVICE_NAME: splitter
SERVICE_NAME: streamip
SERVICE_NAME: swmidi
SERVICE_NAME: TDPIPE
SERVICE_NAME: TDTCP
SERVICE_NAME: Udfs
SERVICE_NAME: usbaudio
SERVICE_NAME: usbccgp
SERVICE_NAME: USBSTOR
SERVICE_NAME: w39n51
SERVICE_NAME: WDICA
SERVICE_NAME: WpdUsb
SERVICE_NAME: WSTCODEC
Services - Running:
SERVICE_NAME: ALG
SERVICE_NAME: aswUpdSv
SERVICE_NAME: Ati HotKey Poller
SERVICE_NAME: AudioSrv
SERVICE_NAME: avast! Antivirus
SERVICE_NAME: avast! Mail Scanner
SERVICE_NAME: avast! Web Scanner
SERVICE_NAME: AWService
SERVICE_NAME: CLCapSvc
SERVICE_NAME: CLSched
SERVICE_NAME: Creative Service for CDROM Access
SERVICE_NAME: CryptSvc
SERVICE_NAME: CyberLink Media Library Service
SERVICE_NAME: DcomLaunch
SERVICE_NAME: Dhcp
SERVICE_NAME: Dnscache
SERVICE_NAME: ERSvc
SERVICE_NAME: Eventlog
SERVICE_NAME: EventSystem
SERVICE_NAME: EvtEng
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: helpsvc
SERVICE_NAME: HidServ
SERVICE_NAME: Irmon
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: LmHosts
SERVICE_NAME: LVPrcSrv
SERVICE_NAME: Netman
SERVICE_NAME: Nla
SERVICE_NAME: PlugPlay
SERVICE_NAME: PolicyAgent
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: RasMan
SERVICE_NAME: RegSrvc
SERVICE_NAME: RichVideo
SERVICE_NAME: RpcSs
SERVICE_NAME: S24EventMonitor
SERVICE_NAME: SamSs
SERVICE_NAME: Schedule
SERVICE_NAME: seclogon
SERVICE_NAME: SENS
SERVICE_NAME: SharedAccess
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: Spooler
SERVICE_NAME: srservice
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: Themes
SERVICE_NAME: TrkWks
SERVICE_NAME: UMWdf
SERVICE_NAME: W32Time
SERVICE_NAME: WebClient
SERVICE_NAME: winmgmt
SERVICE_NAME: WmiApSrv
SERVICE_NAME: wscsvc
SERVICE_NAME: wuauserv
SERVICE_NAME: WZCSVC
Services - Stopped:
SERVICE_NAME: Alerter
SERVICE_NAME: AppMgmt
SERVICE_NAME: aspnet_state
SERVICE_NAME: BITS
SERVICE_NAME: Browser
SERVICE_NAME: CiSvc
SERVICE_NAME: ClipSrv
SERVICE_NAME: COMSysApp
SERVICE_NAME: dmadmin
SERVICE_NAME: dmserver
SERVICE_NAME: Fax
SERVICE_NAME: gusvc
SERVICE_NAME: HTTPFilter
SERVICE_NAME: ImapiService
SERVICE_NAME: Messenger
SERVICE_NAME: mnmsrvc
SERVICE_NAME: MSDTC
SERVICE_NAME: MSIServer
SERVICE_NAME: NetDDE
SERVICE_NAME: NetDDEdsdm
SERVICE_NAME: Netlogon
SERVICE_NAME: NtLmSsp
SERVICE_NAME: NtmsSvc
SERVICE_NAME: RasAuto
SERVICE_NAME: RDSessMgr
SERVICE_NAME: RemoteAccess
SERVICE_NAME: RpcLocator
SERVICE_NAME: RSVP
SERVICE_NAME: SCardSvr
SERVICE_NAME: SwPrv
SERVICE_NAME: SysmonLog
SERVICE_NAME: upnphost
SERVICE_NAME: UPS
SERVICE_NAME: usnjsvc
SERVICE_NAME: VSS
SERVICE_NAME: WmdmPmSN
SERVICE_NAME: xmlprov
Files Created/Modified - 60 Days :
C:\
26 Dec 2007 10:48:06 244 A..H. "C:\sqmnoopt06.sqm"
26 Dec 2007 10:48:06 268 A..H. "C:\sqmdata06.sqm"
20 Jan 2008 19:03:36 1 071 763 456 A.SH. "C:\hiberfil.sys"
3 Jan 2008 21:14:34 244 A..H. "C:\sqmnoopt07.sqm"
3 Jan 2008 21:14:34 232 A..H. "C:\sqmdata07.sqm"
20 Jan 2008 19:03:34 1 610 612 736 A.SH. "C:\pagefile.sys"
C:\WINDOWS\
20 Jan 2008 18:12:28 614 A.... "C:\WINDOWS\win.ini"
10 Jan 2008 21:48:54 1 374 A.... "C:\WINDOWS\imsins.log"
23 Dec 2007 18:00:10 17 679 A.... "C:\WINDOWS\KB915865.log"
28 Nov 2007 16:04:02 478 A.... "C:\WINDOWS\setuplog.txt"
4 Dec 2007 19:51:54 232 873 A.... "C:\WINDOWS\setupact.log"
10 Jan 2008 21:48:50 1 374 A.... "C:\WINDOWS\imsins.BAK"
20 Jan 2008 19:04:00 4 164 A.... "C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt"
10 Jan 2008 21:48:54 402 410 A.... "C:\WINDOWS\ocgen.log"
10 Jan 2008 21:48:54 847 171 A.... "C:\WINDOWS\FaxSetup.log"
10 Jan 2008 21:48:54 132 646 A.... "C:\WINDOWS\iis6.log"
10 Jan 2008 21:48:54 286 269 A.... "C:\WINDOWS\comsetup.log"
10 Jan 2008 21:48:54 171 718 A.... "C:\WINDOWS\ntdtcsetup.log"
10 Jan 2008 21:48:54 323 057 A.... "C:\WINDOWS\tsoc.log"
10 Jan 2008 21:48:54 41 829 A.... "C:\WINDOWS\msgsocm.log"
10 Jan 2008 21:48:54 45 814 A.... "C:\WINDOWS\ocmsn.log"
20 Jan 2008 19:03:58 159 A.... "C:\WINDOWS\wiadebug.log"
20 Jan 2008 19:02:44 50 A.... "C:\WINDOWS\wiaservc.log"
20 Jan 2008 12:36:48 179 416 A.... "C:\WINDOWS\wmsetup.log"
20 Jan 2008 19:02:46 1 225 749 A.... "C:\WINDOWS\WindowsUpdate.log"
20 Jan 2008 19:03:38 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
20 Jan 2008 19:03:40 0 A.... "C:\WINDOWS\0.log"
20 Jan 2008 19:02:44 32 530 A.... "C:\WINDOWS\SchedLgU.Txt"
12 Dec 2007 21:57:42 11 999 A.... "C:\WINDOWS\KB944653.log"
23 Dec 2007 18:02:46 130 418 A.... "C:\WINDOWS\updspapi.log"
20 Jan 2008 17:14:36 116 A.... "C:\WINDOWS\NeroDigital.ini"
23 Dec 2007 18:06:26 15 818 A.... "C:\WINDOWS\spupdsvc.log"
23 Dec 2007 18:11:50 139 765 A.... "C:\WINDOWS\ie7_main.log"
20 Jan 2008 17:25:04 11 536 A.... "C:\WINDOWS\DPINST.LOG"
23 Dec 2007 18:01:06 28 841 A.... "C:\WINDOWS\NLSDownlevelMapping.log"
23 Dec 2007 18:01:50 30 492 A.... "C:\WINDOWS\IDNMitigationAPIs.log"
23 Dec 2007 18:02:52 112 334 A.... "C:\WINDOWS\ie7.log"
11 Dec 2007 21:23:00 1 088 239 A.... "C:\WINDOWS\setupapi.log.1.old"
10 Jan 2008 21:48:50 15 453 A.... "C:\WINDOWS\KB943485.log"
10 Jan 2008 21:48:54 15 275 A.... "C:\WINDOWS\KB941644.log"
12 Dec 2007 21:59:02 30 130 A.... "C:\WINDOWS\KB942763.log"
12 Dec 2007 21:57:48 12 422 A.... "C:\WINDOWS\KB941568.log"
23 Dec 2007 18:03:24 73 464 A.... "C:\WINDOWS\KB942615-IE7.log"
20 Jan 2008 18:59:32 36 864 A.... "C:\WINDOWS\17PHolmes1148.exe"
20 Jan 2008 13:09:56 139 526 A.... "C:\WINDOWS\setupapi.log"
12 Dec 2007 21:58:58 20 854 A.... "C:\WINDOWS\KB941569.log"
20 Jan 2008 13:39:32 36 864 A.... "C:\WINDOWS\mrofinu1148.exe.tmp"
20 Jan 2008 18:55:46 36 864 A.... "C:\WINDOWS\mrofinu1148.exe"
20 Jan 2008 19:04:06 1 158 A.... "C:\WINDOWS\system32\wpa.dbl"
4 Dec 2007 13:54:04 95 608 A.... "C:\WINDOWS\system32\AVASTSS.scr"
20 Jan 2008 19:04:20 451 A.... "C:\WINDOWS\system32\eRLog.ini"
4 Dec 2007 14:04:28 837 496 A.... "C:\WINDOWS\system32\aswBoot.exe"
2 Jan 2008 19:21:36 17 642 616 A.... "C:\WINDOWS\system32\mrt.exe"
23 Dec 2007 16:55:04 4 896 A.... "C:\WINDOWS\system32\lvcoinst.log"
10 Dec 2007 19:45:38 3 121 A.... "C:\WINDOWS\system32\CONFIG.NT"
12 Dec 2007 21:59:00 386 478 A.... "C:\WINDOWS\system32\TZLog.log"
2 Dec 2007 17:51:34 5 474 A.... "C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log"
22 Dec 2007 17:45:50 107 888 A.... "C:\WINDOWS\system32\CmdLineExt.dll"
23 Dec 2007 18:02:52 1 616 A.... "C:\WINDOWS\inf\ieaccess.inf"
13 Jan 2008 11:38:36 1 486 072 A.... "C:\WINDOWS\inf\INFCACHE.1"
26 Dec 2007 10:53:36 4 448 A.... "C:\WINDOWS\inf\ieaccess.PNF"
13 Jan 2008 11:38:36 4 100 A.... "C:\WINDOWS\inf\branches.PNF"
9 Dec 2007 13:51:26 40 988 A.... "C:\WINDOWS\inf\oem26.PNF"
9 Dec 2007 13:54:06 172 310 A.... "C:\WINDOWS\inf\oem27.PNF"
9 Dec 2007 13:56:24 36 512 A.... "C:\WINDOWS\inf\oem28.PNF"
9 Dec 2007 14:10:58 119 106 A.... "C:\WINDOWS\inf\oem29.PNF"
18 Jan 2008 9:47:30 8 628 A..H. "C:\WINDOWS\Help\netcfg.GID"
15 Jan 2008 12:09:04 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_618.dat"
20 Jan 2008 19:03:56 0 A.... "C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt"
20 Jan 2008 19:03:44 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"
2 Jan 2008 20:02:48 0 A.SH. "C:\WINDOWS\Temp\h6boz0pn.TMP"
5 Dec 2007 15:32:16 4 990 A.... "C:\WINDOWS\Temp\CamWizrd.log"
20 Jan 2008 19:04:10 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"
20 Jan 2008 19:05:54 0 A.... "C:\WINDOWS\Temp\scs4.tmp"
12 Dec 2007 15:42:38 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_684.dat"
5 Jan 2008 13:07:16 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_610.dat"
23 Nov 2007 15:10:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_688.dat"
2 Dec 2007 11:20:10 2 048 A.... "C:\WINDOWS\Temp\sqlite_v4aVC3mqtiGDxx4"
2 Dec 2007 12:54:28 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_764.dat"
5 Dec 2007 9:03:02 2 048 A.... "C:\WINDOWS\Temp\sqlite_sqkRFjaCS9PmMQg"
20 Jan 2008 19:03:56 2 048 A.... "C:\WINDOWS\Temp\sqlite_YeHOrO0GRHloxwe"
23 Dec 2007 16:08:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_628.dat"
27 Dec 2007 12:26:00 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_690.dat"
30 Dec 2007 11:19:02 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_694.dat"
20 Jan 2008 19:03:38 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
10 Jan 2008 21:49:52 15 516 A.... "C:\WINDOWS\Debug\mrt.log"
10 Jan 2008 21:49:52 6 394 A.... "C:\WINDOWS\Debug\mrteng.log"
20 Jan 2008 19:03:42 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
2 Dec 2007 11:19:52 94 208 A.... "C:\WINDOWS\Minidump\Mini120207-01.dmp"
4 Dec 2007 15:56:02 93 264 A.... "C:\WINDOWS\system32\drivers\aswmon.sys"
4 Dec 2007 15:55:46 94 544 A.... "C:\WINDOWS\system32\drivers\aswmon2.sys"
4 Dec 2007 15:49:02 26 624 A.... "C:\WINDOWS\system32\drivers\aavmker4.sys"
4 Dec 2007 15:51:52 42 912 A.... "C:\WINDOWS\system32\drivers\aswTdi.sys"
4 Dec 2007 15:53:40 23 152 A.... "C:\WINDOWS\system32\drivers\aswRdr.sys"
20 Jan 2008 13:09:54 408 A.... "C:\WINDOWS\security\logs\scecomp.old"
20 Jan 2008 19:04:00 0 A.... "C:\WINDOWS\Temp\_avast4_\Webshlock.txt"
20 Jan 2008 18:45:20 728 670 A.... "C:\WINDOWS\Debug\WPD\wpdtrace.log"
24 Dec 2007 10:01:44 1 048 689 A.... "C:\WINDOWS\Debug\WPD\wpdtrace.bak.log"
20 Dec 2007 19:35:56 388 A..H. "C:\WINDOWS\network diagnostic\Sqm\NetDiag02.sqm"
23 Dec 2007 18:00:08 9 013 A.... "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.inf"
23 Dec 2007 18:01:04 8 374 A.... "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.inf"
23 Dec 2007 18:01:50 8 960 A.... "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.inf"
23 Dec 2007 18:02:46 361 981 A.... "C:\WINDOWS\ie7\spuninst\spuninst.inf"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00002"
12 Dec 2007 21:58:02 86 016 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00003"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00004"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00005"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00006"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00007"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00008"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00009"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00010"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00011"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00012"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00013"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00014"
12 Dec 2007 21:58:04 12 288 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00015"
12 Dec 2007 21:57:38 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
12 Dec 2007 21:57:42 11 099 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
12 Dec 2007 21:57:46 360 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
12 Dec 2007 21:57:48 11 390 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
12 Dec 2007 21:58:56 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
12 Dec 2007 21:58:56 11 192 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
12 Dec 2007 21:59:00 270 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
12 Dec 2007 21:59:02 12 277 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
10 Jan 2008 21:48:44 360 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.txt"
10 Jan 2008 21:48:50 11 696 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.inf"
10 Jan 2008 21:48:52 363 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.txt"
10 Jan 2008 21:48:54 11 784 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.inf"
10 Jan 2008 21:48:54 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
12 Dec 2007 21:58:04 7 309 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.txt"
23 Dec 2007 18:03:24 22 888 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.inf"
C:\Program Files\
20 Jan 2008 18:49:02 1 402 A.... "C:\Program Files\Netcom\start.htm"
25 Nov 2007 21:06:52 107 512 A.... "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\setup.exe"
25 Nov 2007 21:07:00 155 648 A.... "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\_setup.dll"
4 Dec 2007 14:00:24 79 224 A.... "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
4 Dec 2007 13:54:24 157 048 A.... "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe"
4 Dec 2007 13:51:52 18 432 A.... "C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe"
4 Dec 2007 13:51:58 61 440 A.... "C:\Program Files\Alwil Software\Avast4\ashSkPck.exe"
4 Dec 2007 13:47:36 1 204 224 A.... "C:\Program Files\Alwil Software\Avast4\aswEngin.dll"
4 Dec 2007 15:35:48 659 456 A.... "C:\Program Files\Alwil Software\Avast4\aswAux.dll"
4 Dec 2007 15:36:28 4 608 A.... "C:\Program Files\Alwil Software\Avast4\aswIdle.dll"
4 Dec 2007 13:47:10 22 528 A.... "C:\Program Files\Alwil Software\Avast4\aswInteg.dll"
4 Dec 2007 15:32:34 143 360 A.... "C:\Program Files\Alwil Software\Avast4\aswRes.dll"
4 Dec 2007 13:52:16 271 736 A.... "C:\Program Files\Alwil Software\Avast4\ashAvast.exe"
4 Dec 2007 13:52:06 128 376 A.... "C:\Program Files\Alwil Software\Avast4\ashBug.exe"
4 Dec 2007 13:52:34 66 936 A.... "C:\Program Files\Alwil Software\Avast4\ashChest.exe"
4 Dec 2007 13:48:24 66 936 A.... "C:\Program Files\Alwil Software\Avast4\ashUpd.exe"
4 Dec 2007 13:59:02 345 464 A.... "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
4 Dec 2007 15:36:34 17 272 A.... "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
4 Dec 2007 13:46:48 81 920 A.... "C:\Program Files\Alwil Software\Avast4\aswScan.dll"
4 Dec 2007 13:54:44 212 992 A.... "C:\Program Files\Alwil Software\Avast4\Aavm4h.dll"
4 Dec 2007 14:00:48 188 416 A.... "C:\Program Files\Alwil Software\Avast4\AavmGuih.dll"
4 Dec 2007 13:54:34 20 480 A.... "C:\Program Files\Alwil Software\Avast4\AavmRpch.dll"
4 Dec 2007 13:55:24 35 840 A.... "C:\Program Files\Alwil Software\Avast4\AhResMai.dll"
4 Dec 2007 13:56:24 32 768 A.... "C:\Program Files\Alwil Software\Avast4\ahResMes.dll"
4 Dec 2007 13:55:38 31 744 A.... "C:\Program Files\Alwil Software\Avast4\AhResNS.dll"
4 Dec 2007 14:00:08 29 696 A.... "C:\Program Files\Alwil Software\Avast4\AhResOut.dll"
4 Dec 2007 13:56:12 32 768 A.... "C:\Program Files\Alwil Software\Avast4\ahResP2P.dll"
4 Dec 2007 14:01:10 43 008 A.... "C:\Program Files\Alwil Software\Avast4\AhResStd.dll"
4 Dec 2007 13:55:08 53 248 A.... "C:\Program Files\Alwil Software\Avast4\AhResWS.dll"
4 Dec 2007 13:57:58 65 536 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll"
4 Dec 2007 13:56:22 36 864 A.... "C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll"
4 Dec 2007 13:55:34 36 864 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll"
4 Dec 2007 13:47:52 221 184 A.... "C:\Program Files\Alwil Software\Avast4\ashBase.dll"
4 Dec 2007 13:50:58 98 304 A.... "C:\Program Files\Alwil Software\Avast4\ashCfgP.dll"
4 Dec 2007 13:51:22 131 072 A.... "C:\Program Files\Alwil Software\Avast4\ashCfgT.dll"
4 Dec 2007 13:51:36 151 552 A.... "C:\Program Files\Alwil Software\Avast4\ashChest.dll"
4 Dec 2007 14:00:04 202 104 A.... "C:\Program Files\Alwil Software\Avast4\ashOutXt.dll"
4 Dec 2007 13:53:54 75 128 A.... "C:\Program Files\Alwil Software\Avast4\ashShell.dll"
4 Dec 2007 13:58:24 90 112 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll"
4 Dec 2007 13:56:10 22 016 A.... "C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll"
4 Dec 2007 14:01:06 57 344 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll"
4 Dec 2007 13:57:38 49 152 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll"
4 Dec 2007 13:48:04 53 248 A.... "C:\Program Files\Alwil Software\Avast4\ashSODBC.dll"
4 Dec 2007 13:48:54 233 472 A.... "C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll"
4 Dec 2007 13:49:00 48 128 A.... "C:\Program Files\Alwil Software\Avast4\ashSXML.dll"
4 Dec 2007 13:48:12 110 592 A.... "C:\Program Files\Alwil Software\Avast4\ashTask.dll"
4 Dec 2007 13:50:40 307 200 A.... "C:\Program Files\Alwil Software\Avast4\ashUInt.dll"
4 Dec 2007 13:59:42 118 784 A.... "C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll"
4 Dec 2007 15:50:58 106 496 A.... "C:\Program Files\Alwil Software\Avast4\avCommEx.dll"
4 Dec 2007 15:41:36 6 656 A.... "C:\Program Files\Alwil Software\Avast4\AVSSHOOK.dll"
4 Dec 2007 13:51:48 49 016 A.... "C:\Program Files\Alwil Software\Avast4\ashLogV.exe"
4 Dec 2007 13:59:54 247 160 A.... "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"
4 Dec 2007 14:00:36 206 200 A.... "C:\Program Files\Alwil Software\Avast4\ashPopWz.exe"
4 Dec 2007 13:53:48 279 928 A.... "C:\Program Files\Alwil Software\Avast4\ashQuick.exe"
4 Dec 2007 14:00:16 140 664 A.... "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
4 Dec 2007 13:53:30 128 376 A.... "C:\Program Files\Alwil Software\Avast4\ashSimp2.exe"
4 Dec 2007 14:03:54 66 936 A.... "C:\Program Files\Alwil Software\Avast4\sched.exe"
4 Dec 2007 13:52:22 66 936 A.... "C:\Program Files\Alwil Software\Avast4\VisthAux.exe"
4 Dec 2007 13:54:10 51 576 A.... "C:\Program Files\Alwil Software\Avast4\VisthLic.exe"
4 Dec 2007 13:53:58 51 576 A.... "C:\Program Files\Alwil Software\Avast4\VisthUpd.exe"
4 Dec 2007 15:33:02 131 072 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnB.dll"
4 Dec 2007 15:32:54 69 632 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll"
4 Dec 2007 15:33:16 184 320 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnS.dll"
10 Dec 2007 19:45:32 70 766 A.... "C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm"
20 Jan 2008 19:03:42 391 216 A.... "C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll"
20 Jan 2008 19:03:42 219 192 A.... "C:\Program Files\Alwil Software\Avast4\DATA\dllcc0.dat"
20 Jan 2008 19:03:42 9 080 A.... "C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll"
10 Dec 2007 19:43:44 127 024 ..... "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll"
4 Dec 2007 15:31:08 98 304 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\Base.dll"
4 Dec 2007 15:29:24 17 920 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\Boot.dll"
4 Dec 2007 15:31:06 2 560 000 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\Lang.dll"
4 Dec 2007 15:31:02 61 440 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\LangMai.dll"
4 Dec 2007 15:49:02 26 624 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\Aavmker4.sys"
4 Dec 2007 15:56:02 93 264 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon.sys"
4 Dec 2007 15:55:46 94 544 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon2.sys"
4 Dec 2007 15:52:16 45 648 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMonFlt.sys"
4 Dec 2007 15:53:40 23 152 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AswRdr.sys"
4 Dec 2007 15:51:52 42 912 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AswTdi.sys"
4 Dec 2007 15:49:14 24 656 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\Aavmker4.sys"
4 Dec 2007 15:55:58 75 856 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMon2.sys"
4 Dec 2007 15:52:32 55 888 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMonFlt.sys"
4 Dec 2007 15:53:44 27 216 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswRdr.sys"
4 Dec 2007 15:52:00 48 720 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswTdi.sys"
4 Dec 2007 15:52:24 115 792 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswMonFlt.sys"
4 Dec 2007 15:53:48 55 376 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswRdr.sys"
4 Dec 2007 15:52:02 103 504 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswTdi.sys"
5 Dec 2007 15:26:32 311 428 A.... "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll"
5 Dec 2007 15:26:32 184 452 A.... "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll"
Files with hidden attributes:
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 2 Jan 2008 0 A.SH. --- "C:\WINDOWS\Temp\h6boz0pn.TMP"
Thu 13 Jul 2006 397,312 A.SH. --- "C:\Recycled\Dc41\SIV5.tmp"
Sat 19 Jan 2008 6,656 A..H. --- "C:\Recycled\Dc2013\dummy.exe"
Sat 19 Jan 2008 1,024 A..H. --- "C:\Recycled\Dc2013\dummy.sys"
Tue 1 Aug 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Sat 22 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 27 Oct 2007 401 A..H. --- "C:\Documents and Settings\Fabrice\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sat 22 Jul 2006 4,348 ...H. --- "C:\Documents and Settings\Fabrice\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Wed 12 Jul 2006 312 A.SH. --- "C:\Documents and Settings\Fabrice\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Tue 9 Nov 2004 26,624 A..H. --- "C:\Documents and Settings\Fabrice\Bureau\CIGAG\B- GESTION 2004-2 Šme semestre\~WRL0001.tmp"
Thu 3 Mar 2005 29,696 A..H. --- "C:\Documents and Settings\Fabrice\Bureau\CIGAG\INSTRUCTION CT1-CT2-CSA\CD CT1\CT1 GUINEE\la correspondance militaire\Exercice NE\~WRL2102.tmp"
Thu 3 Mar 2005 29,696 A..H. --- "C:\Documents and Settings\Fabrice\Bureau\CIGAG\INSTRUCTION CT1-CT2-CSA\CD CT1\FS1 GCF\FS1 GCF\R‚daction administrative\Exercice NE\~WRL2102.tmp"
Catchme:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 19:06:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Program Folders:
C:\Program Files\
Acer
Acer Inc
Adobe
Alwil Software
ATI Technologies
Canon
ComPlus Applications
CONEXANT
Creative
CyberLink
eMule
Fichiers communs
Google
Incomplete
IncrediMail
InstallShield Installation Information
Intel
Internet Explorer
Java
Launch Manager
LimeWire
MarkAny
Messenger
microsoft frontpage
Microsoft Office
Movie Maker
MSN
MSN Gaming Zone
MSN Messenger
MSN Toolbar
MSXML 4.0
Nero
Netcom
NetMeeting
NewTech Infosystems
Online Services
Outlook Express
PIXELA
QuickTime
Realtek
Samsung
Serif
Services en ligne
Skype
Sony Corporation
Synaptics
Uninstall Information
Viewpoint
VIH1
Windows Media Player
Windows NT
WindowsUpdate
WinPCap
xerox
C:\Program Files\Fichiers communs\
Acer
Adobe
Ahead
Designer
InstallShield
Java
Logitech
Microsoft Shared
MSSoap
muvee Technologies
NewTech Infosystems
ODBC
Services
Skype
SpeechEngines
SWF Studio
System
Add/Remove Programs:
Programme de gestion Acer OrbiCam
ATI - Utilitaire de désinstallation du logiciel
ATI Display Driver
avast! Antivirus
HDAUDIO Soft Data Fax Modem with SmartCP
Gestionnaire de disques amovible Creative
eMule
Acer ePresentation Management
Acer GridVista
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
NTI CD & DVD-Maker
Acer Empowering Technology framework
NTI Backup NOW! 4
Acer eLock Management
Acer ePerformance Management
Acer eSettings Management
Texas Instruments PCIxx21/x515 drivers.
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
High Definition Audio Driver Package - KB888111
Correctif Windows XP - KB888302
Mise à jour de sécurité pour Windows XP (KB890046)
Correctif Windows XP - KB890859
Windows Media Format SDK Hotfix - KB891122
Correctif Windows XP - KB891781
Mise à jour de sécurité pour Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Mise à jour pour Windows XP (KB894391)
Correctif pour Windows XP (KB896256)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour pour Windows XP (KB898461)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour pour Windows XP (KB900485)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901190)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour pour Windows XP (KB904942)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Correctif pour Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Mise à jour pour Windows XP (KB916595)
Mise à jour de sécurité pour Windows XP (KB917159)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB918899)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920214)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour pour Windows XP (KB920872)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour pour Windows XP (KB922582)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922760)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Windows XP (KB925454)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour pour Windows XP (KB927891)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour pour Windows XP (KB929338)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour pour Windows XP (KB930916)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour pour Windows XP (KB931836)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour pour Windows XP (KB933360)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows XP (KB933729)
Correctif pour Windows XP (KB935448)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour pour Windows XP (KB936357)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour pour Windows XP (KB938828)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour pour Windows XP (KB942763)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944653)
Lame ACM MP3 Codec
LimeWire 4.14.10
Launch Manager
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Barre d'outils MSN
MSN
Netcom 3.1
Microsoft National Language Support Downlevel APIs
Logiciel Intel(R) PROSet/Wireless
QuickTime
Seahorses082006Dem Screen Saver
Adobe Flash Player 9 ActiveX
Synaptics Pointing Device Driver
Creative System Information
Viewpoint Media Player (Remove Only)
Le virus du SIDA version 1.05a
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Lecteur Windows Media 10
Serif PhotoPlus 6.0
NTI CD & DVD-Maker
Acer Empowering Technology framework
Creative Zen MicroPhoto
Google Earth
Picture Package
Google Toolbar for Internet Explorer
mProSafe
Acer Arcade
Creative MediaSource
Java(TM) 6 Update 2
Java(TM) 6 Update 3
MSXML 4.0 SP2 (KB927978)
NTI Backup NOW! 4
Nero 7 Premium
Les Sims™ 2 Animaux & Cie
Acer ePower Management
Sony USB Driver
Skype™ 3.5
Acer eDataSecurity Management
Acer eLock Management
Les Sims 2
Logiciel Acer OrbiCam
Les Sims 2 : La bonne affaire
ATI Catalyst Control Center
mPfMgr
Microsoft Office XP Professional
Microsoft .NET Framework 1.1 French Language Pack
mXML
Adobe Reader 7.0
PowerProducer
Nokia Connectivity Cable Driver
MSXML 4.0 SP2 (KB936181)
Acer eNet Management
Samsung Media Studio
Microsoft .NET Framework 1.1
Acer Screensaver
Google Toolbar for Internet Explorer
Acer ePerformance Management
Les Sims™ 2 Au fil des saisons
Acer eSettings Management
Acer eDataSecurity Management 1.00.23
mCore
mMHouse
Realtek High Definition Audio Driver
SMSC CIR HID V5.3.2600.2
Les Sims™ 2 Bon Voyage
Windows Live Messenger
Windows Live Sign-in Assistant
Les Sims 2 : Nuits de Folie
ImageMixer VCD2
mWlsSafe
TIxx21
Run Values:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SMSTray"="C:\\Program Files\\Samsung\\Samsung Media Studio 5\\SMSTray.exe"
"Netcom"="\"C:\\Program Files\\Netcom\\Netcom.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"Flash Player2"="C:\\DOCUME~1\\Fabrice\\LOCALS~1\\Temp\\services.exe"
"runner1"="C:\\WINDOWS\\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
Bot Check:
SERVICE_NAME: wscsvc
DISPLAY_NAME : Centre de sécurité
START_TYPE : 2 AUTO_START
SERVICE_NAME: sharedaccess
DISPLAY_NAME : Pare-feu Windows / Partage de connexion Internet
START_TYPE : 2 AUTO_START
SERVICE_NAME: wuauserv
DISPLAY_NAME : Mises à jour automatiques
START_TYPE : 2 AUTO_START
SERVICE_NAME: srservice
DISPLAY_NAME : Service de restauration système
START_TYPE : 2 AUTO_START
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"
ShellExecuteHooks:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Environment:
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SecurityProviders:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Authentication Packages:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Non-Default IFEO Debugger:
Non-Default Installed Components:
Non-Default Safeboot Minimal:
File Associations:
[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"
[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[HKEY_CLASSES_ROOT\https\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""
[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"
[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"
Finished!
*************
Run on 20/01/2008 at 19:06
Microsoft Windows XP [version 5.1.2600]
Current user is an administrator
Running Processes:
\SystemRoot\System32\smss.exe [644]
\??\C:\WINDOWS\system32\csrss.exe [692]
\??\C:\WINDOWS\system32\winlogon.exe [720]
C:\WINDOWS\system32\services.exe [764]
C:\WINDOWS\system32\lsass.exe [776]
C:\WINDOWS\system32\Ati2evxx.exe [932]
C:\WINDOWS\system32\svchost.exe [948]
C:\WINDOWS\system32\svchost.exe [1044]
C:\WINDOWS\System32\svchost.exe [1136]
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [1188]
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1216]
C:\WINDOWS\system32\svchost.exe [1280]
C:\WINDOWS\system32\svchost.exe [1392]
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1512]
C:\Program Files\Alwil Software\Avast4\ashServ.exe [1560]
C:\WINDOWS\system32\spoolsv.exe [1916]
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [1996]
C:\WINDOWS\system32\Ati2evxx.exe [240]
C:\WINDOWS\Explorer.EXE [392]
C:\WINDOWS\RTHDCPL.EXE [584]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [604]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [376]
C:\Program Files\Acer\Acer Arcade\PCMService.exe [632]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [108]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [740]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [908]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [988]
C:\Acer\Empowering Technology\eRecovery\Monitor.exe [972]
C:\WINDOWS\system32\LVCOMSX.EXE [1084]
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [1116]
C:\WINDOWS\system32\ElkCtrl.exe [1160]
C:\Acer\Empowering Technology\admtray.exe [1348]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [1364]
C:\Program Files\QuickTime\qttask.exe [1368]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [1604]
C:\Acer\Empowering Technology\admServ.exe [1848]
C:\Program Files\Netcom\Netcom.exe [1856]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [1872]
C:\DOCUME~1\Fabrice\LOCALS~1\Temp\services.exe [1956]
C:\WINDOWS\mrofinu1148.exe [2092]
C:\WINDOWS\system32\ctfmon.exe [2108]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2152]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2228]
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2240]
C:\Program Files\Skype\Phone\Skype.exe [2288]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2324]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2436]
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2456]
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2464]
C:\WINDOWS\system32\CTsvcCDA.exe [2512]
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2560]
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2604]
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe [2636]
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2708]
C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2856]
C:\WINDOWS\system32\svchost.exe [2880]
C:\WINDOWS\system32\wdfmgr.exe [2948]
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [3016]
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [3376]
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [3404]
C:\WINDOWS\system32\wbem\wmiprvse.exe [3700]
C:\WINDOWS\system32\wbem\wmiprvse.exe [4060]
C:\WINDOWS\System32\alg.exe [288]
C:\WINDOWS\system32\wbem\unsecapp.exe [2924]
C:\WINDOWS\system32\wbem\wmiapsrv.exe [3624]
C:\Program Files\Skype\Plugin Manager\skypePM.exe [2012]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [3176]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [420]
C:\WINDOWS\system32\wuauclt.exe [3352]
Drivers - Running:
SERVICE_NAME: Aavmker4
SERVICE_NAME: abp480n5
SERVICE_NAME: ACPI
SERVICE_NAME: ACPIEC
SERVICE_NAME: adpu160m
SERVICE_NAME: AegisP
SERVICE_NAME: AFD
SERVICE_NAME: agp440
SERVICE_NAME: agpCPQ
SERVICE_NAME: Aha154x
SERVICE_NAME: aic78u2
SERVICE_NAME: aic78xx
SERVICE_NAME: AliIde
SERVICE_NAME: alim1541
SERVICE_NAME: amdagp
SERVICE_NAME: amsint
SERVICE_NAME: Arp1394
SERVICE_NAME: asc
SERVICE_NAME: asc3350p
SERVICE_NAME: asc3550
SERVICE_NAME: aswMon2
SERVICE_NAME: aswRdr
SERVICE_NAME: aswTdi
SERVICE_NAME: atapi
SERVICE_NAME: ati2mtag
SERVICE_NAME: audstub
SERVICE_NAME: b57w2k
SERVICE_NAME: Beep
SERVICE_NAME: catchme
SERVICE_NAME: cbidf
SERVICE_NAME: cd20xrnt
SERVICE_NAME: Cdfs
SERVICE_NAME: cdrbsdrv
SERVICE_NAME: Cdrom
SERVICE_NAME: CmBatt
SERVICE_NAME: CmdIde
SERVICE_NAME: Compbatt
SERVICE_NAME: Cpqarray
SERVICE_NAME: dac2w2k
SERVICE_NAME: dac960nt
SERVICE_NAME: Disk
SERVICE_NAME: DKbFltr
SERVICE_NAME: dpti2o
SERVICE_NAME: EpmPsd
SERVICE_NAME: EpmShd
SERVICE_NAME: Fastfat
SERVICE_NAME: Fips
SERVICE_NAME: FltMgr
SERVICE_NAME: Ftdisk
SERVICE_NAME: Gpc
SERVICE_NAME: HDAudBus
SERVICE_NAME: HidUsb
SERVICE_NAME: hpn
SERVICE_NAME: HSFHWAZL
SERVICE_NAME: HSF_DPV
SERVICE_NAME: HTTP
SERVICE_NAME: i2omgmt
SERVICE_NAME: i2omp
SERVICE_NAME: i8042prt
SERVICE_NAME: Imapi
SERVICE_NAME: ini910u
SERVICE_NAME: IntcAzAudAddService
SERVICE_NAME: IntelIde
SERVICE_NAME: intelppm
SERVICE_NAME: IpNat
SERVICE_NAME: IPSec
SERVICE_NAME: irda
SERVICE_NAME: IRENUM
SERVICE_NAME: isapnp
SERVICE_NAME: Kbdclass
SERVICE_NAME: KSecDD
SERVICE_NAME: lv321av
SERVICE_NAME: lvmvdrv
SERVICE_NAME: LVPrcMon
SERVICE_NAME: LVUSBSta
SERVICE_NAME: mdmxsdk
SERVICE_NAME: mnmdd
SERVICE_NAME: Modem
SERVICE_NAME: Mouclass
SERVICE_NAME: mouhid
SERVICE_NAME: MountMgr
SERVICE_NAME: mraid35x
SERVICE_NAME: MRxDAV
SERVICE_NAME: MRxSmb
SERVICE_NAME: Msfs
SERVICE_NAME: mssmbios
SERVICE_NAME: Mup
SERVICE_NAME: NDIS
SERVICE_NAME: NdisFilt
SERVICE_NAME: NdisTapi
SERVICE_NAME: Ndisuio
SERVICE_NAME: NdisWan
SERVICE_NAME: NDProxy
SERVICE_NAME: NetBIOS
SERVICE_NAME: NetBT
SERVICE_NAME: NIC1394
SERVICE_NAME: Npfs
SERVICE_NAME: NTIDrvr
SERVICE_NAME: Null
SERVICE_NAME: ohci1394
SERVICE_NAME: OsaFsLoc
SERVICE_NAME: osaio
SERVICE_NAME: osanbm
SERVICE_NAME: PartMgr
SERVICE_NAME: PCI
SERVICE_NAME: PCIIde
SERVICE_NAME: Pcmcia
SERVICE_NAME: perc2
SERVICE_NAME: perc2hib
SERVICE_NAME: PptpMiniport
SERVICE_NAME: PSched
SERVICE_NAME: Ptilink
SERVICE_NAME: ql1080
SERVICE_NAME: Ql10wnt
SERVICE_NAME: ql12160
SERVICE_NAME: ql1240
SERVICE_NAME: ql1280
SERVICE_NAME: RasAcd
SERVICE_NAME: Rasirda
SERVICE_NAME: Rasl2tp
SERVICE_NAME: RasPppoe
SERVICE_NAME: Raspti
SERVICE_NAME: Rdbss
SERVICE_NAME: RDPCDD
SERVICE_NAME: redbook
SERVICE_NAME: s24trans
SERVICE_NAME: sisagp
SERVICE_NAME: SMCIRDA
SERVICE_NAME: Sparrow
SERVICE_NAME: sr
SERVICE_NAME: Srv
SERVICE_NAME: swenum
SERVICE_NAME: symc810
SERVICE_NAME: symc8xx
SERVICE_NAME: sym_hi
SERVICE_NAME: sym_u3
SERVICE_NAME: SynTP
SERVICE_NAME: sysaudio
SERVICE_NAME: Tcpip
SERVICE_NAME: TermDD
SERVICE_NAME: tifm21
SERVICE_NAME: TosIde
SERVICE_NAME: UBHelper
SERVICE_NAME: ultra
SERVICE_NAME: Update
SERVICE_NAME: usbehci
SERVICE_NAME: usbhub
SERVICE_NAME: usbprint
SERVICE_NAME: usbuhci
SERVICE_NAME: VgaSave
SERVICE_NAME: viaagp
SERVICE_NAME: ViaIde
SERVICE_NAME: VolSnap
SERVICE_NAME: Wanarp
SERVICE_NAME: wdmaud
SERVICE_NAME: winachsf
SERVICE_NAME: WmiAcpi
SERVICE_NAME: int15.sys
Drivers - Stopped:
SERVICE_NAME: Abiosdsk
SERVICE_NAME: aec
SERVICE_NAME: AsyncMac
SERVICE_NAME: Atdisk
SERVICE_NAME: Atmarpc
SERVICE_NAME: AVerM115
SERVICE_NAME: cbidf2k
SERVICE_NAME: CCDECODE
SERVICE_NAME: Cdaudio
SERVICE_NAME: Changer
SERVICE_NAME: dmboot
SERVICE_NAME: dmio
SERVICE_NAME: dmload
SERVICE_NAME: DMusic
SERVICE_NAME: drmkaud
SERVICE_NAME: Fdc
SERVICE_NAME: Flpydisk
SERVICE_NAME: InCDFs
SERVICE_NAME: InCDPass
SERVICE_NAME: InCDRm
SERVICE_NAME: Ip6Fw
SERVICE_NAME: IpFilterDriver
SERVICE_NAME: IpInIp
SERVICE_NAME: kbdhid
SERVICE_NAME: kmixer
SERVICE_NAME: lbrtfdc
SERVICE_NAME: MPE
SERVICE_NAME: MSIRCOMM
SERVICE_NAME: MSKSSRV
SERVICE_NAME: MSPCLOCK
SERVICE_NAME: MSPQM
SERVICE_NAME: MSTEE
SERVICE_NAME: NABTSFEC
SERVICE_NAME: NdisIP
SERVICE_NAME: NETMNT
SERVICE_NAME: nmwcd
SERVICE_NAME: nmwcdc
SERVICE_NAME: nmwcdcj
SERVICE_NAME: nmwcdcm
SERVICE_NAME: NPF
SERVICE_NAME: Ntfs
SERVICE_NAME: NwlnkFlt
SERVICE_NAME: NwlnkFwd
SERVICE_NAME: Parport
SERVICE_NAME: ParVdm
SERVICE_NAME: PCIDump
SERVICE_NAME: PDCOMP
SERVICE_NAME: PDFRAME
SERVICE_NAME: PDRELI
SERVICE_NAME: PDRFRAME
SERVICE_NAME: rdpdr
SERVICE_NAME: RDPWD
SERVICE_NAME: Secdrv
SERVICE_NAME: Serial
SERVICE_NAME: Sfloppy
SERVICE_NAME: Simbad
SERVICE_NAME: SLIP
SERVICE_NAME: SMCB000
SERVICE_NAME: SONYPVU1
SERVICE_NAME: splitter
SERVICE_NAME: streamip
SERVICE_NAME: swmidi
SERVICE_NAME: TDPIPE
SERVICE_NAME: TDTCP
SERVICE_NAME: Udfs
SERVICE_NAME: usbaudio
SERVICE_NAME: usbccgp
SERVICE_NAME: USBSTOR
SERVICE_NAME: w39n51
SERVICE_NAME: WDICA
SERVICE_NAME: WpdUsb
SERVICE_NAME: WSTCODEC
Services - Running:
SERVICE_NAME: ALG
SERVICE_NAME: aswUpdSv
SERVICE_NAME: Ati HotKey Poller
SERVICE_NAME: AudioSrv
SERVICE_NAME: avast! Antivirus
SERVICE_NAME: avast! Mail Scanner
SERVICE_NAME: avast! Web Scanner
SERVICE_NAME: AWService
SERVICE_NAME: CLCapSvc
SERVICE_NAME: CLSched
SERVICE_NAME: Creative Service for CDROM Access
SERVICE_NAME: CryptSvc
SERVICE_NAME: CyberLink Media Library Service
SERVICE_NAME: DcomLaunch
SERVICE_NAME: Dhcp
SERVICE_NAME: Dnscache
SERVICE_NAME: ERSvc
SERVICE_NAME: Eventlog
SERVICE_NAME: EventSystem
SERVICE_NAME: EvtEng
SERVICE_NAME: FastUserSwitchingCompatibility
SERVICE_NAME: helpsvc
SERVICE_NAME: HidServ
SERVICE_NAME: Irmon
SERVICE_NAME: lanmanserver
SERVICE_NAME: lanmanworkstation
SERVICE_NAME: LmHosts
SERVICE_NAME: LVPrcSrv
SERVICE_NAME: Netman
SERVICE_NAME: Nla
SERVICE_NAME: PlugPlay
SERVICE_NAME: PolicyAgent
SERVICE_NAME: ProtectedStorage
SERVICE_NAME: RasMan
SERVICE_NAME: RegSrvc
SERVICE_NAME: RichVideo
SERVICE_NAME: RpcSs
SERVICE_NAME: S24EventMonitor
SERVICE_NAME: SamSs
SERVICE_NAME: Schedule
SERVICE_NAME: seclogon
SERVICE_NAME: SENS
SERVICE_NAME: SharedAccess
SERVICE_NAME: ShellHWDetection
SERVICE_NAME: Spooler
SERVICE_NAME: srservice
SERVICE_NAME: SSDPSRV
SERVICE_NAME: stisvc
SERVICE_NAME: TapiSrv
SERVICE_NAME: TermService
SERVICE_NAME: Themes
SERVICE_NAME: TrkWks
SERVICE_NAME: UMWdf
SERVICE_NAME: W32Time
SERVICE_NAME: WebClient
SERVICE_NAME: winmgmt
SERVICE_NAME: WmiApSrv
SERVICE_NAME: wscsvc
SERVICE_NAME: wuauserv
SERVICE_NAME: WZCSVC
Services - Stopped:
SERVICE_NAME: Alerter
SERVICE_NAME: AppMgmt
SERVICE_NAME: aspnet_state
SERVICE_NAME: BITS
SERVICE_NAME: Browser
SERVICE_NAME: CiSvc
SERVICE_NAME: ClipSrv
SERVICE_NAME: COMSysApp
SERVICE_NAME: dmadmin
SERVICE_NAME: dmserver
SERVICE_NAME: Fax
SERVICE_NAME: gusvc
SERVICE_NAME: HTTPFilter
SERVICE_NAME: ImapiService
SERVICE_NAME: Messenger
SERVICE_NAME: mnmsrvc
SERVICE_NAME: MSDTC
SERVICE_NAME: MSIServer
SERVICE_NAME: NetDDE
SERVICE_NAME: NetDDEdsdm
SERVICE_NAME: Netlogon
SERVICE_NAME: NtLmSsp
SERVICE_NAME: NtmsSvc
SERVICE_NAME: RasAuto
SERVICE_NAME: RDSessMgr
SERVICE_NAME: RemoteAccess
SERVICE_NAME: RpcLocator
SERVICE_NAME: RSVP
SERVICE_NAME: SCardSvr
SERVICE_NAME: SwPrv
SERVICE_NAME: SysmonLog
SERVICE_NAME: upnphost
SERVICE_NAME: UPS
SERVICE_NAME: usnjsvc
SERVICE_NAME: VSS
SERVICE_NAME: WmdmPmSN
SERVICE_NAME: xmlprov
Files Created/Modified - 60 Days :
C:\
26 Dec 2007 10:48:06 244 A..H. "C:\sqmnoopt06.sqm"
26 Dec 2007 10:48:06 268 A..H. "C:\sqmdata06.sqm"
20 Jan 2008 19:03:36 1 071 763 456 A.SH. "C:\hiberfil.sys"
3 Jan 2008 21:14:34 244 A..H. "C:\sqmnoopt07.sqm"
3 Jan 2008 21:14:34 232 A..H. "C:\sqmdata07.sqm"
20 Jan 2008 19:03:34 1 610 612 736 A.SH. "C:\pagefile.sys"
C:\WINDOWS\
20 Jan 2008 18:12:28 614 A.... "C:\WINDOWS\win.ini"
10 Jan 2008 21:48:54 1 374 A.... "C:\WINDOWS\imsins.log"
23 Dec 2007 18:00:10 17 679 A.... "C:\WINDOWS\KB915865.log"
28 Nov 2007 16:04:02 478 A.... "C:\WINDOWS\setuplog.txt"
4 Dec 2007 19:51:54 232 873 A.... "C:\WINDOWS\setupact.log"
10 Jan 2008 21:48:50 1 374 A.... "C:\WINDOWS\imsins.BAK"
20 Jan 2008 19:04:00 4 164 A.... "C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt"
10 Jan 2008 21:48:54 402 410 A.... "C:\WINDOWS\ocgen.log"
10 Jan 2008 21:48:54 847 171 A.... "C:\WINDOWS\FaxSetup.log"
10 Jan 2008 21:48:54 132 646 A.... "C:\WINDOWS\iis6.log"
10 Jan 2008 21:48:54 286 269 A.... "C:\WINDOWS\comsetup.log"
10 Jan 2008 21:48:54 171 718 A.... "C:\WINDOWS\ntdtcsetup.log"
10 Jan 2008 21:48:54 323 057 A.... "C:\WINDOWS\tsoc.log"
10 Jan 2008 21:48:54 41 829 A.... "C:\WINDOWS\msgsocm.log"
10 Jan 2008 21:48:54 45 814 A.... "C:\WINDOWS\ocmsn.log"
20 Jan 2008 19:03:58 159 A.... "C:\WINDOWS\wiadebug.log"
20 Jan 2008 19:02:44 50 A.... "C:\WINDOWS\wiaservc.log"
20 Jan 2008 12:36:48 179 416 A.... "C:\WINDOWS\wmsetup.log"
20 Jan 2008 19:02:46 1 225 749 A.... "C:\WINDOWS\WindowsUpdate.log"
20 Jan 2008 19:03:38 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
20 Jan 2008 19:03:40 0 A.... "C:\WINDOWS\0.log"
20 Jan 2008 19:02:44 32 530 A.... "C:\WINDOWS\SchedLgU.Txt"
12 Dec 2007 21:57:42 11 999 A.... "C:\WINDOWS\KB944653.log"
23 Dec 2007 18:02:46 130 418 A.... "C:\WINDOWS\updspapi.log"
20 Jan 2008 17:14:36 116 A.... "C:\WINDOWS\NeroDigital.ini"
23 Dec 2007 18:06:26 15 818 A.... "C:\WINDOWS\spupdsvc.log"
23 Dec 2007 18:11:50 139 765 A.... "C:\WINDOWS\ie7_main.log"
20 Jan 2008 17:25:04 11 536 A.... "C:\WINDOWS\DPINST.LOG"
23 Dec 2007 18:01:06 28 841 A.... "C:\WINDOWS\NLSDownlevelMapping.log"
23 Dec 2007 18:01:50 30 492 A.... "C:\WINDOWS\IDNMitigationAPIs.log"
23 Dec 2007 18:02:52 112 334 A.... "C:\WINDOWS\ie7.log"
11 Dec 2007 21:23:00 1 088 239 A.... "C:\WINDOWS\setupapi.log.1.old"
10 Jan 2008 21:48:50 15 453 A.... "C:\WINDOWS\KB943485.log"
10 Jan 2008 21:48:54 15 275 A.... "C:\WINDOWS\KB941644.log"
12 Dec 2007 21:59:02 30 130 A.... "C:\WINDOWS\KB942763.log"
12 Dec 2007 21:57:48 12 422 A.... "C:\WINDOWS\KB941568.log"
23 Dec 2007 18:03:24 73 464 A.... "C:\WINDOWS\KB942615-IE7.log"
20 Jan 2008 18:59:32 36 864 A.... "C:\WINDOWS\17PHolmes1148.exe"
20 Jan 2008 13:09:56 139 526 A.... "C:\WINDOWS\setupapi.log"
12 Dec 2007 21:58:58 20 854 A.... "C:\WINDOWS\KB941569.log"
20 Jan 2008 13:39:32 36 864 A.... "C:\WINDOWS\mrofinu1148.exe.tmp"
20 Jan 2008 18:55:46 36 864 A.... "C:\WINDOWS\mrofinu1148.exe"
20 Jan 2008 19:04:06 1 158 A.... "C:\WINDOWS\system32\wpa.dbl"
4 Dec 2007 13:54:04 95 608 A.... "C:\WINDOWS\system32\AVASTSS.scr"
20 Jan 2008 19:04:20 451 A.... "C:\WINDOWS\system32\eRLog.ini"
4 Dec 2007 14:04:28 837 496 A.... "C:\WINDOWS\system32\aswBoot.exe"
2 Jan 2008 19:21:36 17 642 616 A.... "C:\WINDOWS\system32\mrt.exe"
23 Dec 2007 16:55:04 4 896 A.... "C:\WINDOWS\system32\lvcoinst.log"
10 Dec 2007 19:45:38 3 121 A.... "C:\WINDOWS\system32\CONFIG.NT"
12 Dec 2007 21:59:00 386 478 A.... "C:\WINDOWS\system32\TZLog.log"
2 Dec 2007 17:51:34 5 474 A.... "C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log"
22 Dec 2007 17:45:50 107 888 A.... "C:\WINDOWS\system32\CmdLineExt.dll"
23 Dec 2007 18:02:52 1 616 A.... "C:\WINDOWS\inf\ieaccess.inf"
13 Jan 2008 11:38:36 1 486 072 A.... "C:\WINDOWS\inf\INFCACHE.1"
26 Dec 2007 10:53:36 4 448 A.... "C:\WINDOWS\inf\ieaccess.PNF"
13 Jan 2008 11:38:36 4 100 A.... "C:\WINDOWS\inf\branches.PNF"
9 Dec 2007 13:51:26 40 988 A.... "C:\WINDOWS\inf\oem26.PNF"
9 Dec 2007 13:54:06 172 310 A.... "C:\WINDOWS\inf\oem27.PNF"
9 Dec 2007 13:56:24 36 512 A.... "C:\WINDOWS\inf\oem28.PNF"
9 Dec 2007 14:10:58 119 106 A.... "C:\WINDOWS\inf\oem29.PNF"
18 Jan 2008 9:47:30 8 628 A..H. "C:\WINDOWS\Help\netcfg.GID"
15 Jan 2008 12:09:04 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_618.dat"
20 Jan 2008 19:03:56 0 A.... "C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt"
20 Jan 2008 19:03:44 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"
2 Jan 2008 20:02:48 0 A.SH. "C:\WINDOWS\Temp\h6boz0pn.TMP"
5 Dec 2007 15:32:16 4 990 A.... "C:\WINDOWS\Temp\CamWizrd.log"
20 Jan 2008 19:04:10 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"
20 Jan 2008 19:05:54 0 A.... "C:\WINDOWS\Temp\scs4.tmp"
12 Dec 2007 15:42:38 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_684.dat"
5 Jan 2008 13:07:16 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_610.dat"
23 Nov 2007 15:10:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_688.dat"
2 Dec 2007 11:20:10 2 048 A.... "C:\WINDOWS\Temp\sqlite_v4aVC3mqtiGDxx4"
2 Dec 2007 12:54:28 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_764.dat"
5 Dec 2007 9:03:02 2 048 A.... "C:\WINDOWS\Temp\sqlite_sqkRFjaCS9PmMQg"
20 Jan 2008 19:03:56 2 048 A.... "C:\WINDOWS\Temp\sqlite_YeHOrO0GRHloxwe"
23 Dec 2007 16:08:06 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_628.dat"
27 Dec 2007 12:26:00 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_690.dat"
30 Dec 2007 11:19:02 16 384 A.... "C:\WINDOWS\Temp\Perflib_Perfdata_694.dat"
20 Jan 2008 19:03:38 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
10 Jan 2008 21:49:52 15 516 A.... "C:\WINDOWS\Debug\mrt.log"
10 Jan 2008 21:49:52 6 394 A.... "C:\WINDOWS\Debug\mrteng.log"
20 Jan 2008 19:03:42 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
2 Dec 2007 11:19:52 94 208 A.... "C:\WINDOWS\Minidump\Mini120207-01.dmp"
4 Dec 2007 15:56:02 93 264 A.... "C:\WINDOWS\system32\drivers\aswmon.sys"
4 Dec 2007 15:55:46 94 544 A.... "C:\WINDOWS\system32\drivers\aswmon2.sys"
4 Dec 2007 15:49:02 26 624 A.... "C:\WINDOWS\system32\drivers\aavmker4.sys"
4 Dec 2007 15:51:52 42 912 A.... "C:\WINDOWS\system32\drivers\aswTdi.sys"
4 Dec 2007 15:53:40 23 152 A.... "C:\WINDOWS\system32\drivers\aswRdr.sys"
20 Jan 2008 13:09:54 408 A.... "C:\WINDOWS\security\logs\scecomp.old"
20 Jan 2008 19:04:00 0 A.... "C:\WINDOWS\Temp\_avast4_\Webshlock.txt"
20 Jan 2008 18:45:20 728 670 A.... "C:\WINDOWS\Debug\WPD\wpdtrace.log"
24 Dec 2007 10:01:44 1 048 689 A.... "C:\WINDOWS\Debug\WPD\wpdtrace.bak.log"
20 Dec 2007 19:35:56 388 A..H. "C:\WINDOWS\network diagnostic\Sqm\NetDiag02.sqm"
23 Dec 2007 18:00:08 9 013 A.... "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.inf"
23 Dec 2007 18:01:04 8 374 A.... "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.inf"
23 Dec 2007 18:01:50 8 960 A.... "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.inf"
23 Dec 2007 18:02:46 361 981 A.... "C:\WINDOWS\ie7\spuninst\spuninst.inf"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00002"
12 Dec 2007 21:58:02 86 016 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00003"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00004"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00005"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00006"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00007"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00008"
12 Dec 2007 21:58:02 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00009"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00010"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00011"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00012"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00013"
12 Dec 2007 21:58:04 8 192 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00014"
12 Dec 2007 21:58:04 12 288 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\reg00015"
12 Dec 2007 21:57:38 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
12 Dec 2007 21:57:42 11 099 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
12 Dec 2007 21:57:46 360 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
12 Dec 2007 21:57:48 11 390 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
12 Dec 2007 21:58:56 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
12 Dec 2007 21:58:56 11 192 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
12 Dec 2007 21:59:00 270 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
12 Dec 2007 21:59:02 12 277 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
10 Jan 2008 21:48:44 360 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.txt"
10 Jan 2008 21:48:50 11 696 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.inf"
10 Jan 2008 21:48:52 363 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.txt"
10 Jan 2008 21:48:54 11 784 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.inf"
10 Jan 2008 21:48:54 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
12 Dec 2007 21:58:04 7 309 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.txt"
23 Dec 2007 18:03:24 22 888 A.... "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.inf"
C:\Program Files\
20 Jan 2008 18:49:02 1 402 A.... "C:\Program Files\Netcom\start.htm"
25 Nov 2007 21:06:52 107 512 A.... "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\setup.exe"
25 Nov 2007 21:07:00 155 648 A.... "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\_setup.dll"
4 Dec 2007 14:00:24 79 224 A.... "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
4 Dec 2007 13:54:24 157 048 A.... "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe"
4 Dec 2007 13:51:52 18 432 A.... "C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe"
4 Dec 2007 13:51:58 61 440 A.... "C:\Program Files\Alwil Software\Avast4\ashSkPck.exe"
4 Dec 2007 13:47:36 1 204 224 A.... "C:\Program Files\Alwil Software\Avast4\aswEngin.dll"
4 Dec 2007 15:35:48 659 456 A.... "C:\Program Files\Alwil Software\Avast4\aswAux.dll"
4 Dec 2007 15:36:28 4 608 A.... "C:\Program Files\Alwil Software\Avast4\aswIdle.dll"
4 Dec 2007 13:47:10 22 528 A.... "C:\Program Files\Alwil Software\Avast4\aswInteg.dll"
4 Dec 2007 15:32:34 143 360 A.... "C:\Program Files\Alwil Software\Avast4\aswRes.dll"
4 Dec 2007 13:52:16 271 736 A.... "C:\Program Files\Alwil Software\Avast4\ashAvast.exe"
4 Dec 2007 13:52:06 128 376 A.... "C:\Program Files\Alwil Software\Avast4\ashBug.exe"
4 Dec 2007 13:52:34 66 936 A.... "C:\Program Files\Alwil Software\Avast4\ashChest.exe"
4 Dec 2007 13:48:24 66 936 A.... "C:\Program Files\Alwil Software\Avast4\ashUpd.exe"
4 Dec 2007 13:59:02 345 464 A.... "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
4 Dec 2007 15:36:34 17 272 A.... "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
4 Dec 2007 13:46:48 81 920 A.... "C:\Program Files\Alwil Software\Avast4\aswScan.dll"
4 Dec 2007 13:54:44 212 992 A.... "C:\Program Files\Alwil Software\Avast4\Aavm4h.dll"
4 Dec 2007 14:00:48 188 416 A.... "C:\Program Files\Alwil Software\Avast4\AavmGuih.dll"
4 Dec 2007 13:54:34 20 480 A.... "C:\Program Files\Alwil Software\Avast4\AavmRpch.dll"
4 Dec 2007 13:55:24 35 840 A.... "C:\Program Files\Alwil Software\Avast4\AhResMai.dll"
4 Dec 2007 13:56:24 32 768 A.... "C:\Program Files\Alwil Software\Avast4\ahResMes.dll"
4 Dec 2007 13:55:38 31 744 A.... "C:\Program Files\Alwil Software\Avast4\AhResNS.dll"
4 Dec 2007 14:00:08 29 696 A.... "C:\Program Files\Alwil Software\Avast4\AhResOut.dll"
4 Dec 2007 13:56:12 32 768 A.... "C:\Program Files\Alwil Software\Avast4\ahResP2P.dll"
4 Dec 2007 14:01:10 43 008 A.... "C:\Program Files\Alwil Software\Avast4\AhResStd.dll"
4 Dec 2007 13:55:08 53 248 A.... "C:\Program Files\Alwil Software\Avast4\AhResWS.dll"
4 Dec 2007 13:57:58 65 536 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll"
4 Dec 2007 13:56:22 36 864 A.... "C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll"
4 Dec 2007 13:55:34 36 864 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll"
4 Dec 2007 13:47:52 221 184 A.... "C:\Program Files\Alwil Software\Avast4\ashBase.dll"
4 Dec 2007 13:50:58 98 304 A.... "C:\Program Files\Alwil Software\Avast4\ashCfgP.dll"
4 Dec 2007 13:51:22 131 072 A.... "C:\Program Files\Alwil Software\Avast4\ashCfgT.dll"
4 Dec 2007 13:51:36 151 552 A.... "C:\Program Files\Alwil Software\Avast4\ashChest.dll"
4 Dec 2007 14:00:04 202 104 A.... "C:\Program Files\Alwil Software\Avast4\ashOutXt.dll"
4 Dec 2007 13:53:54 75 128 A.... "C:\Program Files\Alwil Software\Avast4\ashShell.dll"
4 Dec 2007 13:58:24 90 112 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll"
4 Dec 2007 13:56:10 22 016 A.... "C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll"
4 Dec 2007 14:01:06 57 344 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll"
4 Dec 2007 13:57:38 49 152 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll"
4 Dec 2007 13:48:04 53 248 A.... "C:\Program Files\Alwil Software\Avast4\ashSODBC.dll"
4 Dec 2007 13:48:54 233 472 A.... "C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll"
4 Dec 2007 13:49:00 48 128 A.... "C:\Program Files\Alwil Software\Avast4\ashSXML.dll"
4 Dec 2007 13:48:12 110 592 A.... "C:\Program Files\Alwil Software\Avast4\ashTask.dll"
4 Dec 2007 13:50:40 307 200 A.... "C:\Program Files\Alwil Software\Avast4\ashUInt.dll"
4 Dec 2007 13:59:42 118 784 A.... "C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll"
4 Dec 2007 15:50:58 106 496 A.... "C:\Program Files\Alwil Software\Avast4\avCommEx.dll"
4 Dec 2007 15:41:36 6 656 A.... "C:\Program Files\Alwil Software\Avast4\AVSSHOOK.dll"
4 Dec 2007 13:51:48 49 016 A.... "C:\Program Files\Alwil Software\Avast4\ashLogV.exe"
4 Dec 2007 13:59:54 247 160 A.... "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"
4 Dec 2007 14:00:36 206 200 A.... "C:\Program Files\Alwil Software\Avast4\ashPopWz.exe"
4 Dec 2007 13:53:48 279 928 A.... "C:\Program Files\Alwil Software\Avast4\ashQuick.exe"
4 Dec 2007 14:00:16 140 664 A.... "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
4 Dec 2007 13:53:30 128 376 A.... "C:\Program Files\Alwil Software\Avast4\ashSimp2.exe"
4 Dec 2007 14:03:54 66 936 A.... "C:\Program Files\Alwil Software\Avast4\sched.exe"
4 Dec 2007 13:52:22 66 936 A.... "C:\Program Files\Alwil Software\Avast4\VisthAux.exe"
4 Dec 2007 13:54:10 51 576 A.... "C:\Program Files\Alwil Software\Avast4\VisthLic.exe"
4 Dec 2007 13:53:58 51 576 A.... "C:\Program Files\Alwil Software\Avast4\VisthUpd.exe"
4 Dec 2007 15:33:02 131 072 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnB.dll"
4 Dec 2007 15:32:54 69 632 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll"
4 Dec 2007 15:33:16 184 320 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnS.dll"
10 Dec 2007 19:45:32 70 766 A.... "C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm"
20 Jan 2008 19:03:42 391 216 A.... "C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll"
20 Jan 2008 19:03:42 219 192 A.... "C:\Program Files\Alwil Software\Avast4\DATA\dllcc0.dat"
20 Jan 2008 19:03:42 9 080 A.... "C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll"
10 Dec 2007 19:43:44 127 024 ..... "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll"
4 Dec 2007 15:31:08 98 304 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\Base.dll"
4 Dec 2007 15:29:24 17 920 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\Boot.dll"
4 Dec 2007 15:31:06 2 560 000 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\Lang.dll"
4 Dec 2007 15:31:02 61 440 A.... "C:\Program Files\Alwil Software\Avast4\FRENCH\LangMai.dll"
4 Dec 2007 15:49:02 26 624 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\Aavmker4.sys"
4 Dec 2007 15:56:02 93 264 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon.sys"
4 Dec 2007 15:55:46 94 544 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMon2.sys"
4 Dec 2007 15:52:16 45 648 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\aswMonFlt.sys"
4 Dec 2007 15:53:40 23 152 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AswRdr.sys"
4 Dec 2007 15:51:52 42 912 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AswTdi.sys"
4 Dec 2007 15:49:14 24 656 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\Aavmker4.sys"
4 Dec 2007 15:55:58 75 856 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMon2.sys"
4 Dec 2007 15:52:32 55 888 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswMonFlt.sys"
4 Dec 2007 15:53:44 27 216 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswRdr.sys"
4 Dec 2007 15:52:00 48 720 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\AMD64\aswTdi.sys"
4 Dec 2007 15:52:24 115 792 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswMonFlt.sys"
4 Dec 2007 15:53:48 55 376 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswRdr.sys"
4 Dec 2007 15:52:02 103 504 A.... "C:\Program Files\Alwil Software\Avast4\Setup\INF\IA64\aswTdi.sys"
5 Dec 2007 15:26:32 311 428 A.... "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll"
5 Dec 2007 15:26:32 184 452 A.... "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll"
Files with hidden attributes:
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 5 Apr 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 2 Jan 2008 0 A.SH. --- "C:\WINDOWS\Temp\h6boz0pn.TMP"
Thu 13 Jul 2006 397,312 A.SH. --- "C:\Recycled\Dc41\SIV5.tmp"
Sat 19 Jan 2008 6,656 A..H. --- "C:\Recycled\Dc2013\dummy.exe"
Sat 19 Jan 2008 1,024 A..H. --- "C:\Recycled\Dc2013\dummy.sys"
Tue 1 Aug 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Sat 22 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 27 Oct 2007 401 A..H. --- "C:\Documents and Settings\Fabrice\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sat 22 Jul 2006 4,348 ...H. --- "C:\Documents and Settings\Fabrice\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Wed 12 Jul 2006 312 A.SH. --- "C:\Documents and Settings\Fabrice\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Tue 9 Nov 2004 26,624 A..H. --- "C:\Documents and Settings\Fabrice\Bureau\CIGAG\B- GESTION 2004-2 Šme semestre\~WRL0001.tmp"
Thu 3 Mar 2005 29,696 A..H. --- "C:\Documents and Settings\Fabrice\Bureau\CIGAG\INSTRUCTION CT1-CT2-CSA\CD CT1\CT1 GUINEE\la correspondance militaire\Exercice NE\~WRL2102.tmp"
Thu 3 Mar 2005 29,696 A..H. --- "C:\Documents and Settings\Fabrice\Bureau\CIGAG\INSTRUCTION CT1-CT2-CSA\CD CT1\FS1 GCF\FS1 GCF\R‚daction administrative\Exercice NE\~WRL2102.tmp"
Catchme:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 19:06:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Program Folders:
C:\Program Files\
Acer
Acer Inc
Adobe
Alwil Software
ATI Technologies
Canon
ComPlus Applications
CONEXANT
Creative
CyberLink
eMule
Fichiers communs
Incomplete
IncrediMail
InstallShield Installation Information
Intel
Internet Explorer
Java
Launch Manager
LimeWire
MarkAny
Messenger
microsoft frontpage
Microsoft Office
Movie Maker
MSN
MSN Gaming Zone
MSN Messenger
MSN Toolbar
MSXML 4.0
Nero
Netcom
NetMeeting
NewTech Infosystems
Online Services
Outlook Express
PIXELA
QuickTime
Realtek
Samsung
Serif
Services en ligne
Skype
Sony Corporation
Synaptics
Uninstall Information
Viewpoint
VIH1
Windows Media Player
Windows NT
WindowsUpdate
WinPCap
xerox
C:\Program Files\Fichiers communs\
Acer
Adobe
Ahead
Designer
InstallShield
Java
Logitech
Microsoft Shared
MSSoap
muvee Technologies
NewTech Infosystems
ODBC
Services
Skype
SpeechEngines
SWF Studio
System
Add/Remove Programs:
Programme de gestion Acer OrbiCam
ATI - Utilitaire de désinstallation du logiciel
ATI Display Driver
avast! Antivirus
HDAUDIO Soft Data Fax Modem with SmartCP
Gestionnaire de disques amovible Creative
eMule
Acer ePresentation Management
Acer GridVista
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
NTI CD & DVD-Maker
Acer Empowering Technology framework
NTI Backup NOW! 4
Acer eLock Management
Acer ePerformance Management
Acer eSettings Management
Texas Instruments PCIxx21/x515 drivers.
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB885884
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
High Definition Audio Driver Package - KB888111
Correctif Windows XP - KB888302
Mise à jour de sécurité pour Windows XP (KB890046)
Correctif Windows XP - KB890859
Windows Media Format SDK Hotfix - KB891122
Correctif Windows XP - KB891781
Mise à jour de sécurité pour Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Mise à jour pour Windows XP (KB894391)
Correctif pour Windows XP (KB896256)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour pour Windows XP (KB898461)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour pour Windows XP (KB900485)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901190)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour pour Windows XP (KB904942)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Correctif pour Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Mise à jour pour Windows XP (KB916595)
Mise à jour de sécurité pour Windows XP (KB917159)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB918899)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920214)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour pour Windows XP (KB920872)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour pour Windows XP (KB922582)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922760)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Windows XP (KB925454)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour pour Windows XP (KB927891)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour pour Windows XP (KB929338)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour pour Windows XP (KB930916)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour pour Windows XP (KB931836)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour pour Windows XP (KB933360)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows XP (KB933729)
Correctif pour Windows XP (KB935448)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour pour Windows XP (KB936357)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour pour Windows XP (KB938828)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour pour Windows XP (KB942763)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944653)
Lame ACM MP3 Codec
LimeWire 4.14.10
Launch Manager
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Barre d'outils MSN
MSN
Netcom 3.1
Microsoft National Language Support Downlevel APIs
Logiciel Intel(R) PROSet/Wireless
QuickTime
Seahorses082006Dem Screen Saver
Adobe Flash Player 9 ActiveX
Synaptics Pointing Device Driver
Creative System Information
Viewpoint Media Player (Remove Only)
Le virus du SIDA version 1.05a
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Lecteur Windows Media 10
Serif PhotoPlus 6.0
NTI CD & DVD-Maker
Acer Empowering Technology framework
Creative Zen MicroPhoto
Google Earth
Picture Package
Google Toolbar for Internet Explorer
mProSafe
Acer Arcade
Creative MediaSource
Java(TM) 6 Update 2
Java(TM) 6 Update 3
MSXML 4.0 SP2 (KB927978)
NTI Backup NOW! 4
Nero 7 Premium
Les Sims™ 2 Animaux & Cie
Acer ePower Management
Sony USB Driver
Skype™ 3.5
Acer eDataSecurity Management
Acer eLock Management
Les Sims 2
Logiciel Acer OrbiCam
Les Sims 2 : La bonne affaire
ATI Catalyst Control Center
mPfMgr
Microsoft Office XP Professional
Microsoft .NET Framework 1.1 French Language Pack
mXML
Adobe Reader 7.0
PowerProducer
Nokia Connectivity Cable Driver
MSXML 4.0 SP2 (KB936181)
Acer eNet Management
Samsung Media Studio
Microsoft .NET Framework 1.1
Acer Screensaver
Google Toolbar for Internet Explorer
Acer ePerformance Management
Les Sims™ 2 Au fil des saisons
Acer eSettings Management
Acer eDataSecurity Management 1.00.23
mCore
mMHouse
Realtek High Definition Audio Driver
SMSC CIR HID V5.3.2600.2
Les Sims™ 2 Bon Voyage
Windows Live Messenger
Windows Live Sign-in Assistant
Les Sims 2 : Nuits de Folie
ImageMixer VCD2
mWlsSafe
TIxx21
Run Values:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NWEReboot"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SMSTray"="C:\\Program Files\\Samsung\\Samsung Media Studio 5\\SMSTray.exe"
"Netcom"="\"C:\\Program Files\\Netcom\\Netcom.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"Flash Player2"="C:\\DOCUME~1\\Fabrice\\LOCALS~1\\Temp\\services.exe"
"runner1"="C:\\WINDOWS\\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
@=""
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\""
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
Bot Check:
SERVICE_NAME: wscsvc
DISPLAY_NAME : Centre de sécurité
START_TYPE : 2 AUTO_START
SERVICE_NAME: sharedaccess
DISPLAY_NAME : Pare-feu Windows / Partage de connexion Internet
START_TYPE : 2 AUTO_START
SERVICE_NAME: wuauserv
DISPLAY_NAME : Mises à jour automatiques
START_TYPE : 2 AUTO_START
SERVICE_NAME: srservice
DISPLAY_NAME : Service de restauration système
START_TYPE : 2 AUTO_START
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"WaitToKillServiceTimeout"="20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"
ShellExecuteHooks:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Environment:
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
SecurityProviders:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Authentication Packages:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Non-Default IFEO Debugger:
Non-Default Installed Components:
Non-Default Safeboot Minimal:
File Associations:
[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"
[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[HKEY_CLASSES_ROOT\https\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"
[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""
[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"
[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"
Finished!
SDFix: Version 1.129
Run by FAMILY on 19/01/2008 at 19:55
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Documents and Settings\FAMILY\new.txt - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 20:02:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 100
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Test\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Test\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sat 4 Aug 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Fri 20 Jul 2007 192 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti8.tmp"
Wed 2 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT1.tmp"
Finished!
Run by FAMILY on 19/01/2008 at 19:55
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Documents and Settings\FAMILY\new.txt - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 20:02:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 100
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Test\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Test\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sat 4 Aug 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Fri 20 Jul 2007 192 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti8.tmp"
Wed 2 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Tue 16 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT1.tmp"
Finished!
MSNFix 1.639
C:\Documents and Settings\Utilisateur\Bureau\MSNFix\MSNFix
Fix exécuté le dim. 20/01/2008 - 20:04:04,21 By Utilisateur
mode normal
************************ Recherche les fichiers présents
... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Utilisateur\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
... C:\Program Files\Dot1XCfg\
... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\
************************ Suppression des fichiers
.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\*.dmp
/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Utilisateur\??????.exe
/!\ ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Suppression des dossiers
.. OK ... C:\Program Files\Dot1XCfg\
/!\ ... C:\Program Files\InetGet2\
.. OK ... C:\Program Files\Temporary\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier dim. 20012008_20105562.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
C:\Documents and Settings\Utilisateur\Bureau\MSNFix\MSNFix
Fix exécuté le dim. 20/01/2008 - 20:04:04,21 By Utilisateur
mode normal
************************ Recherche les fichiers présents
... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Utilisateur\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
... C:\Program Files\Dot1XCfg\
... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\
************************ Suppression des fichiers
.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\*.dmp
/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Utilisateur\??????.exe
/!\ ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Suppression des dossiers
.. OK ... C:\Program Files\Dot1XCfg\
/!\ ... C:\Program Files\InetGet2\
.. OK ... C:\Program Files\Temporary\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier dim. 20012008_20105562.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Hey vla mon rapport
SDFix: Version 1.129
Run by WTrust-Enigma on 20/01/2008 at 21:23
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\WTRUST~1\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
Generic Host Process for Win-32 Service
Path:
"C:\WINDOWS.0\svchost.exe"
Generic Host Process for Win-32 Service - Deleted
C:\WINDOWS.0\system32\Microsoft\backup.ftp Found
C:\WINDOWS.0\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS.0\system32\Microsoft\backup.ftp
C:\WINDOWS.0\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS.0\system32\ftp.exe
C:\WINDOWS.0\system32\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS.0\system32\Microsoft\backup.ftp
C:\WINDOWS.0\system32\Microsoft\backup.tftp
C:\WINDOWS.0\system32\ftp.exe
C:\WINDOWS.0\system32\tftp.exe
C:\WINDOWS.0\system32\dllcache\ftp.exe
C:\WINDOWS.0\system32\dllcache\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\WTRUST~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS.0\17PHolmes*.exe - Deleted
C:\WINDOWS.0\b12?.exe - Deleted
C:\WINDOWS.0\mrofinu*.exe - Deleted
C:\WINDOWS.0\mrofinu*.exe.tmp - Deleted
C:\WINDOWS.0\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS.0\system32\Microsoft\backup.tftp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS.0
No streams found.
C:\WINDOWS.0\system32
No streams found.
C:\WINDOWS.0\system32\svchost.exe
No streams found.
C:\WINDOWS.0\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 21:41:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\DOCUME~1\\WTRUST~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\WTRUST~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\WTRUST~1\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 5 May 1999 95,874 ..SH. --- "C:\COMMAND.COM"
Wed 5 May 1999 53,248 ...H. --- "C:\Program Files\Accessoires\mspcx32.dll"
Fri 10 Aug 2007 625,152 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Fri 10 Aug 2007 124,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 10 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Dec 2007 1,745 ...HR --- "C:\Documents and Settings\WTrust-Enigma\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!
SDFix: Version 1.129
Run by WTrust-Enigma on 20/01/2008 at 21:23
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\WTRUST~1\Bureau\SDFix
Safe Mode:
Checking Services:
Name:
Generic Host Process for Win-32 Service
Path:
"C:\WINDOWS.0\svchost.exe"
Generic Host Process for Win-32 Service - Deleted
C:\WINDOWS.0\system32\Microsoft\backup.ftp Found
C:\WINDOWS.0\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS.0\system32\Microsoft\backup.ftp
C:\WINDOWS.0\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS.0\system32\ftp.exe
C:\WINDOWS.0\system32\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS.0\system32\Microsoft\backup.ftp
C:\WINDOWS.0\system32\Microsoft\backup.tftp
C:\WINDOWS.0\system32\ftp.exe
C:\WINDOWS.0\system32\tftp.exe
C:\WINDOWS.0\system32\dllcache\ftp.exe
C:\WINDOWS.0\system32\dllcache\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\WTRUST~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS.0\17PHolmes*.exe - Deleted
C:\WINDOWS.0\b12?.exe - Deleted
C:\WINDOWS.0\mrofinu*.exe - Deleted
C:\WINDOWS.0\mrofinu*.exe.tmp - Deleted
C:\WINDOWS.0\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS.0\system32\Microsoft\backup.tftp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS.0
No streams found.
C:\WINDOWS.0\system32
No streams found.
C:\WINDOWS.0\system32\svchost.exe
No streams found.
C:\WINDOWS.0\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 21:41:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\DOCUME~1\\WTRUST~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\WTRUST~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\WTRUST~1\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 5 May 1999 95,874 ..SH. --- "C:\COMMAND.COM"
Wed 5 May 1999 53,248 ...H. --- "C:\Program Files\Accessoires\mspcx32.dll"
Fri 10 Aug 2007 625,152 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
Fri 10 Aug 2007 124,928 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 10 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Dec 2007 1,745 ...HR --- "C:\Documents and Settings\WTrust-Enigma\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!
SDFix: Version 1.129
Run by ADMIN on 20/01/2008 at 22:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ADMIN\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\ADMIN\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 22:12:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\DOCUME~1\\ADMIN\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\ADMIN\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\ADMIN\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 12 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT1.tmp"
Wed 12 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4147a8e69c2ca6d401c0a8a62e9bf23\BIT1C.tmp"
Finished!
Run by ADMIN on 20/01/2008 at 22:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ADMIN\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\ADMIN\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 22:12:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\DOCUME~1\\ADMIN\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\ADMIN\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\ADMIN\Bureau\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 12 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 21 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT1.tmp"
Wed 12 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4147a8e69c2ca6d401c0a8a62e9bf23\BIT1C.tmp"
Finished!
alor g fé skia écri en hau,mé mintenan je c pa si je doi éfacé SDfix de mon bureau é comen savoir si sa a bien marché
SDFix: Version 1.129
Run by M‚me la Miss on 20/01/2008 at 23:22
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\MMELAM~1\APPLIC~1\MICROS~1\WINDOWS\RAYIOU.EXE - Deleted
C:\Documents and Settings\M‚me la Miss\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\M‚me la Miss\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\M‚me la Miss\Application Data\WinTouch\WTUninstaller.exe - Deleted
C:\Program Files\Router\Router.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\DOCUME~1\MMELAM~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b13?.exe - Deleted
C:\WINDOWS\b15?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
Folder C:\Documents and Settings\M‚me la Miss\Application Data\WinTouch - Removed
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 23:40:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\Program Files\Softwin\BitDefender9\as2urldb.dat.gzip
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 28
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE:*:Enabled:SC3UpdaterMFC"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform"
"C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\eMule\\emule.exe"="C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\Mes t‚l‚chargements\\Shareaza\\Shareaza.exe"="C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\Mes t‚l‚chargements\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\Mes t‚l‚chargements\\Shareaza\\Shareaza1.exe"="C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\Mes t‚l‚chargements\\Shareaza\\Shareaza1.exe:*:Enabled:Shareaza"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\MMELAM~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MMELAM~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 20 Oct 2006 72,704 ..SHR --- "C:\Program Files\Food Force - Version Fran‡aise\Setup.exe"
Sat 12 Aug 2006 15,872 A.SHR --- "C:\Program Files\Food Force - Version Fran‡aise\_Setup.dll"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 14 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 19 Jan 2008 68,608 ..SHR --- "C:\Program Files\Common Files\??pPatch\chkntfs.exe"
Sat 6 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 15 Jan 2008 230,400 ..SHR --- "C:\Documents and Settings\M‚me la Miss\Mes documents\a?sembly\r?ndll.exe"
Mon 4 Sep 2006 2,038 A..H. --- "C:\Documents and Settings\Utilisateur\Local Settings\Temp\Off18.tmp"
Sun 18 Feb 2007 19,456 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 18 Feb 2007 19,968 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL1925.tmp"
Sun 18 Feb 2007 19,456 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL2716.tmp"
Sun 18 Feb 2007 19,456 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL3093.tmp"
Sun 18 Feb 2007 20,480 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL3184.tmp"
Sun 18 Feb 2007 19,456 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL3352.tmp"
Finished!
Run by M‚me la Miss on 20/01/2008 at 23:22
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\MMELAM~1\APPLIC~1\MICROS~1\WINDOWS\RAYIOU.EXE - Deleted
C:\Documents and Settings\M‚me la Miss\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\M‚me la Miss\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\M‚me la Miss\Application Data\WinTouch\WTUninstaller.exe - Deleted
C:\Program Files\Router\Router.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\DOCUME~1\MMELAM~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b13?.exe - Deleted
C:\WINDOWS\b15?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
Folder C:\Documents and Settings\M‚me la Miss\Application Data\WinTouch - Removed
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 23:40:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\Program Files\Softwin\BitDefender9\as2urldb.dat.gzip
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 28
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 World Edition\\Apps\\Updater\\UPDATER.EXE:*:Enabled:SC3UpdaterMFC"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform"
"C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\eMule\\emule.exe"="C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\Mes t‚l‚chargements\\Shareaza\\Shareaza.exe"="C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\Mes t‚l‚chargements\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\Mes t‚l‚chargements\\Shareaza\\Shareaza1.exe"="C:\\Documents and Settings\\M‚me la Miss\\Mes documents\\Mes t‚l‚chargements\\Shareaza\\Shareaza1.exe:*:Enabled:Shareaza"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\MMELAM~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MMELAM~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 20 Oct 2006 72,704 ..SHR --- "C:\Program Files\Food Force - Version Fran‡aise\Setup.exe"
Sat 12 Aug 2006 15,872 A.SHR --- "C:\Program Files\Food Force - Version Fran‡aise\_Setup.dll"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 14 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 19 Jan 2008 68,608 ..SHR --- "C:\Program Files\Common Files\??pPatch\chkntfs.exe"
Sat 6 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 15 Jan 2008 230,400 ..SHR --- "C:\Documents and Settings\M‚me la Miss\Mes documents\a?sembly\r?ndll.exe"
Mon 4 Sep 2006 2,038 A..H. --- "C:\Documents and Settings\Utilisateur\Local Settings\Temp\Off18.tmp"
Sun 18 Feb 2007 19,456 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 18 Feb 2007 19,968 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL1925.tmp"
Sun 18 Feb 2007 19,456 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL2716.tmp"
Sun 18 Feb 2007 19,456 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL3093.tmp"
Sun 18 Feb 2007 20,480 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL3184.tmp"
Sun 18 Feb 2007 19,456 ...H. --- "C:\Documents and Settings\Tomtom\Application Data\Microsoft\Word\~WRL3352.tmp"
Finished!
Salut tout le monde !!!
Moi aussi, j'avais ce fameux problème et j'ai suivi la procédure en début de page et, pour le moment, çà a formidablement bien marché !!! Je remercie Maijin et tout le monde de m'avoir sortis de ce pétrin.
Voici mon rapport :
SDFix: Version 1.129
Run by THOMAS on 21/01/2008 at 00:05
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\QZMYFK~1.XML - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\THOMAS\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 00:15:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\THOMAS\\Mes documents\\Divers\\emule_emule_0.42d_francais_10876\\emule.exe"="C:\\Documents and Settings\\THOMAS\\Mes documents\\Divers\\emule_emule_0.42d_francais_10876\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Club-Internet\\naviclub\\naviclub.exe"="C:\\Program Files\\Club-Internet\\naviclub\\naviclub.exe:*:Enabled:Club Internet"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Battle of the Sea\\Battle of the Sea.exe"="C:\\Program Files\\Battle of the Sea\\Battle of the Sea.exe:*:Enabled:Battle of the Sea"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\SpeedyZone\\DisServer.exe"="C:\\Program Files\\SpeedyZone\\DisServer.exe:*:Disabled:DisServer"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\THOMAS\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\THOMAS\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 25 Jul 2003 193 A.SHR --- "C:\BOOT.BAK"
Mon 28 May 2001 48,640 A..H. --- "C:\WINDOWS\vStrip.exe"
Mon 28 May 2001 44,544 A..H. --- "C:\WINDOWS\vStrip_css.dll"
Fri 21 Nov 2003 90,112 A..H. --- "C:\WINDOWS\vstriplangue.exe"
Sun 3 Jul 2005 56 ..SHR --- "C:\WINDOWS\system32\6924519DFA.sys"
Sun 20 Jan 2008 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 22 Nov 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 14 May 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Mon 24 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388293.sys"
Tue 25 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388392.sys"
Sun 30 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388457.sys"
Sun 30 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP685\A0388633.sys"
Tue 1 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP685\A0388709.sys"
Sat 5 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP686\A0388736.sys"
Sun 6 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP687\A0388844.sys"
Mon 7 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389025.sys"
Thu 10 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389088.sys"
Thu 10 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389138.sys"
Sun 13 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389269.sys"
Sat 19 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP689\A0389340.sys"
Fri 17 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 10 Feb 2004 24,064 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\~WRL2071.tmp"
Sat 22 Nov 2003 4,348 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 14 May 2004 401 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 9 Nov 2003 312 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 14 May 2004 1,536 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL0003.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL0005.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL1202.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL1731.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2128.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2133.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2497.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL3934.tmp"
Sat 1 Apr 2006 33,280 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0001.tmp"
Wed 5 Apr 2006 34,816 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0004.tmp"
Wed 5 Apr 2006 43,008 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0595.tmp"
Wed 5 Apr 2006 43,008 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0711.tmp"
Wed 5 Apr 2006 37,376 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1147.tmp"
Wed 5 Apr 2006 42,496 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1298.tmp"
Wed 5 Apr 2006 36,352 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1803.tmp"
Wed 5 Apr 2006 39,424 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL2218.tmp"
Wed 5 Apr 2006 38,400 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL2753.tmp"
Wed 5 Apr 2006 48,128 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3140.tmp"
Wed 5 Apr 2006 47,104 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3216.tmp"
Wed 5 Apr 2006 39,936 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3564.tmp"
Mon 21 Aug 2006 207,360 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\MASTER 1\2ND SEMESTRE\RAPPORT DE STAGE\~WRL0002.tmp"
Finished!
Encore merci ...
Moi aussi, j'avais ce fameux problème et j'ai suivi la procédure en début de page et, pour le moment, çà a formidablement bien marché !!! Je remercie Maijin et tout le monde de m'avoir sortis de ce pétrin.
Voici mon rapport :
SDFix: Version 1.129
Run by THOMAS on 21/01/2008 at 00:05
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\QZMYFK~1.XML - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\THOMAS\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 00:15:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\THOMAS\\Mes documents\\Divers\\emule_emule_0.42d_francais_10876\\emule.exe"="C:\\Documents and Settings\\THOMAS\\Mes documents\\Divers\\emule_emule_0.42d_francais_10876\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Club-Internet\\naviclub\\naviclub.exe"="C:\\Program Files\\Club-Internet\\naviclub\\naviclub.exe:*:Enabled:Club Internet"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Battle of the Sea\\Battle of the Sea.exe"="C:\\Program Files\\Battle of the Sea\\Battle of the Sea.exe:*:Enabled:Battle of the Sea"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\SpeedyZone\\DisServer.exe"="C:\\Program Files\\SpeedyZone\\DisServer.exe:*:Disabled:DisServer"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\THOMAS\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\THOMAS\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 25 Jul 2003 193 A.SHR --- "C:\BOOT.BAK"
Mon 28 May 2001 48,640 A..H. --- "C:\WINDOWS\vStrip.exe"
Mon 28 May 2001 44,544 A..H. --- "C:\WINDOWS\vStrip_css.dll"
Fri 21 Nov 2003 90,112 A..H. --- "C:\WINDOWS\vstriplangue.exe"
Sun 3 Jul 2005 56 ..SHR --- "C:\WINDOWS\system32\6924519DFA.sys"
Sun 20 Jan 2008 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 22 Nov 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 14 May 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Mon 24 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388293.sys"
Tue 25 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388392.sys"
Sun 30 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388457.sys"
Sun 30 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP685\A0388633.sys"
Tue 1 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP685\A0388709.sys"
Sat 5 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP686\A0388736.sys"
Sun 6 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP687\A0388844.sys"
Mon 7 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389025.sys"
Thu 10 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389088.sys"
Thu 10 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389138.sys"
Sun 13 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389269.sys"
Sat 19 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP689\A0389340.sys"
Fri 17 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 10 Feb 2004 24,064 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\~WRL2071.tmp"
Sat 22 Nov 2003 4,348 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 14 May 2004 401 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 9 Nov 2003 312 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 14 May 2004 1,536 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL0003.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL0005.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL1202.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL1731.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2128.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2133.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2497.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL3934.tmp"
Sat 1 Apr 2006 33,280 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0001.tmp"
Wed 5 Apr 2006 34,816 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0004.tmp"
Wed 5 Apr 2006 43,008 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0595.tmp"
Wed 5 Apr 2006 43,008 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0711.tmp"
Wed 5 Apr 2006 37,376 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1147.tmp"
Wed 5 Apr 2006 42,496 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1298.tmp"
Wed 5 Apr 2006 36,352 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1803.tmp"
Wed 5 Apr 2006 39,424 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL2218.tmp"
Wed 5 Apr 2006 38,400 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL2753.tmp"
Wed 5 Apr 2006 48,128 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3140.tmp"
Wed 5 Apr 2006 47,104 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3216.tmp"
Wed 5 Apr 2006 39,936 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3564.tmp"
Mon 21 Aug 2006 207,360 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\MASTER 1\2ND SEMESTRE\RAPPORT DE STAGE\~WRL0002.tmp"
Finished!
Encore merci ...
Salut tout le monde !!!
Merci à Maijin pour la soluce.
Voici mon rapport :
SDFix: Version 1.129
Run by THOMAS on 21/01/2008 at 00:05
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\QZMYFK~1.XML - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\THOMAS\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 00:15:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\THOMAS\\Mes documents\\Divers\\emule_emule_0.42d_francais_10876\\emule.exe"="C:\\Documents and Settings\\THOMAS\\Mes documents\\Divers\\emule_emule_0.42d_francais_10876\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Club-Internet\\naviclub\\naviclub.exe"="C:\\Program Files\\Club-Internet\\naviclub\\naviclub.exe:*:Enabled:Club Internet"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Battle of the Sea\\Battle of the Sea.exe"="C:\\Program Files\\Battle of the Sea\\Battle of the Sea.exe:*:Enabled:Battle of the Sea"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\SpeedyZone\\DisServer.exe"="C:\\Program Files\\SpeedyZone\\DisServer.exe:*:Disabled:DisServer"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\THOMAS\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\THOMAS\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 25 Jul 2003 193 A.SHR --- "C:\BOOT.BAK"
Mon 28 May 2001 48,640 A..H. --- "C:\WINDOWS\vStrip.exe"
Mon 28 May 2001 44,544 A..H. --- "C:\WINDOWS\vStrip_css.dll"
Fri 21 Nov 2003 90,112 A..H. --- "C:\WINDOWS\vstriplangue.exe"
Sun 3 Jul 2005 56 ..SHR --- "C:\WINDOWS\system32\6924519DFA.sys"
Sun 20 Jan 2008 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 22 Nov 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 14 May 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Mon 24 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388293.sys"
Tue 25 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388392.sys"
Sun 30 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388457.sys"
Sun 30 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP685\A0388633.sys"
Tue 1 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP685\A0388709.sys"
Sat 5 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP686\A0388736.sys"
Sun 6 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP687\A0388844.sys"
Mon 7 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389025.sys"
Thu 10 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389088.sys"
Thu 10 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389138.sys"
Sun 13 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389269.sys"
Sat 19 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP689\A0389340.sys"
Fri 17 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 10 Feb 2004 24,064 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\~WRL2071.tmp"
Sat 22 Nov 2003 4,348 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 14 May 2004 401 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 9 Nov 2003 312 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 14 May 2004 1,536 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL0003.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL0005.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL1202.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL1731.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2128.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2133.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2497.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL3934.tmp"
Sat 1 Apr 2006 33,280 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0001.tmp"
Wed 5 Apr 2006 34,816 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0004.tmp"
Wed 5 Apr 2006 43,008 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0595.tmp"
Wed 5 Apr 2006 43,008 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0711.tmp"
Wed 5 Apr 2006 37,376 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1147.tmp"
Wed 5 Apr 2006 42,496 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1298.tmp"
Wed 5 Apr 2006 36,352 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1803.tmp"
Wed 5 Apr 2006 39,424 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL2218.tmp"
Wed 5 Apr 2006 38,400 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL2753.tmp"
Wed 5 Apr 2006 48,128 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3140.tmp"
Wed 5 Apr 2006 47,104 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3216.tmp"
Wed 5 Apr 2006 39,936 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3564.tmp"
Mon 21 Aug 2006 207,360 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\MASTER 1\2ND SEMESTRE\RAPPORT DE STAGE\~WRL0002.tmp"
Finished!
Merci.
Merci à Maijin pour la soluce.
Voici mon rapport :
SDFix: Version 1.129
Run by THOMAS on 21/01/2008 at 00:05
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\QZMYFK~1.XML - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\THOMAS\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\17PHolmes*.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\mrofinu*.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 00:15:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\THOMAS\\Mes documents\\Divers\\emule_emule_0.42d_francais_10876\\emule.exe"="C:\\Documents and Settings\\THOMAS\\Mes documents\\Divers\\emule_emule_0.42d_francais_10876\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_01\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Club-Internet\\naviclub\\naviclub.exe"="C:\\Program Files\\Club-Internet\\naviclub\\naviclub.exe:*:Enabled:Club Internet"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\Battle of the Sea\\Battle of the Sea.exe"="C:\\Program Files\\Battle of the Sea\\Battle of the Sea.exe:*:Enabled:Battle of the Sea"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\SpeedyZone\\DisServer.exe"="C:\\Program Files\\SpeedyZone\\DisServer.exe:*:Disabled:DisServer"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\THOMAS\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\THOMAS\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 25 Jul 2003 193 A.SHR --- "C:\BOOT.BAK"
Mon 28 May 2001 48,640 A..H. --- "C:\WINDOWS\vStrip.exe"
Mon 28 May 2001 44,544 A..H. --- "C:\WINDOWS\vStrip_css.dll"
Fri 21 Nov 2003 90,112 A..H. --- "C:\WINDOWS\vstriplangue.exe"
Sun 3 Jul 2005 56 ..SHR --- "C:\WINDOWS\system32\6924519DFA.sys"
Sun 20 Jan 2008 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 22 Nov 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 14 May 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Mon 24 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388293.sys"
Tue 25 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388392.sys"
Sun 30 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP684\A0388457.sys"
Sun 30 Dec 2007 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP685\A0388633.sys"
Tue 1 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP685\A0388709.sys"
Sat 5 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP686\A0388736.sys"
Sun 6 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP687\A0388844.sys"
Mon 7 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389025.sys"
Thu 10 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389088.sys"
Thu 10 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389138.sys"
Sun 13 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP688\A0389269.sys"
Sat 19 Jan 2008 12,208 A.SH. --- "C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP689\A0389340.sys"
Fri 17 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Tue 10 Feb 2004 24,064 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\~WRL2071.tmp"
Sat 22 Nov 2003 4,348 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 14 May 2004 401 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 9 Nov 2003 312 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Fri 14 May 2004 1,536 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL0003.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL0005.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL1202.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL1731.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2128.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2133.tmp"
Sat 11 Feb 2006 20,480 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL2497.tmp"
Sat 11 Feb 2006 19,456 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\STEP\~WRL3934.tmp"
Sat 1 Apr 2006 33,280 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0001.tmp"
Wed 5 Apr 2006 34,816 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0004.tmp"
Wed 5 Apr 2006 43,008 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0595.tmp"
Wed 5 Apr 2006 43,008 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL0711.tmp"
Wed 5 Apr 2006 37,376 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1147.tmp"
Wed 5 Apr 2006 42,496 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1298.tmp"
Wed 5 Apr 2006 36,352 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL1803.tmp"
Wed 5 Apr 2006 39,424 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL2218.tmp"
Wed 5 Apr 2006 38,400 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL2753.tmp"
Wed 5 Apr 2006 48,128 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3140.tmp"
Wed 5 Apr 2006 47,104 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3216.tmp"
Wed 5 Apr 2006 39,936 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\B.E.M.F. - 1ER DEGRE\L.I.A\L.I.A. - Interm‚diaire\~WRL3564.tmp"
Mon 21 Aug 2006 207,360 ...H. --- "C:\Documents and Settings\THOMAS\Mes documents\Mes cours\MASTER 1\2ND SEMESTRE\RAPPORT DE STAGE\~WRL0002.tmp"
Finished!
Merci.
doudou71100
Messages postés
11
Date d'inscription
dimanche 20 janvier 2008
Statut
Membre
Dernière intervention
21 janvier 2008
1
21 janv. 2008 à 03:13
21 janv. 2008 à 03:13
J'ai eu ce virus, ai suivi les instructions mais depuis je ne peux plus me connecter a internet ....
Bonjour,
J'ai eu également ce problème recement,et le souci c'est que mon pc ne s'allume plus maintenant. Je m'explique, ma tour s'allume et mon ecran apparait noir avec un petit curseur blanc en haut a gauche qui clignote!Rien ne se passe.
Juste avant de l'eteindre hier,j'ai fais une analyse avec avast et spyware doctor,et là c'est fou toute les infection que j'avais à cause de ce virus près de 1000. QUE PUIS-JE FAIRE POUR RETROUVER MON ORDINATEUR NET,ou du moins ouvrir ma session!
MERCI A VOUS.
J'ai eu également ce problème recement,et le souci c'est que mon pc ne s'allume plus maintenant. Je m'explique, ma tour s'allume et mon ecran apparait noir avec un petit curseur blanc en haut a gauche qui clignote!Rien ne se passe.
Juste avant de l'eteindre hier,j'ai fais une analyse avec avast et spyware doctor,et là c'est fou toute les infection que j'avais à cause de ce virus près de 1000. QUE PUIS-JE FAIRE POUR RETROUVER MON ORDINATEUR NET,ou du moins ouvrir ma session!
MERCI A VOUS.
mmary
Messages postés
5
Date d'inscription
lundi 21 janvier 2008
Statut
Membre
Dernière intervention
1 février 2008
21 janv. 2008 à 11:44
21 janv. 2008 à 11:44
SDFix: Version 1.129
Run by Arnaud - Lucia on 21/01/2008 at 11:17
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Internet Security Service 23
Path:
"C:\WINDOWS\mssq.exe"
Internet Security Service 23 - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\InetGet2\FINAL -- Fort 5.6_MST-ONLY.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\UnInstall.exe - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b14?.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Words - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 11:30:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0015b97062af"=hex:72,91,43,1b,b1,10,c6,0f,45,5b,44,f7,16,a8,30,63
"0015a8334430"=hex:f9,36,a5,6f,73,13,e9,37,61,7e,60,67,d9,d7,bc,8c
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:614ee1f2
"s2"=dword:4092f3d7
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:e4,64,e7,7f,b1,89,70,3a,fd,69,db,b8,7a,69,7d,1c,4e,a7,07,04,33,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0015b97062af"=hex:72,91,43,1b,b1,10,c6,0f,45,5b,44,f7,16,a8,30,63
"0015a8334430"=hex:f9,36,a5,6f,73,13,e9,37,61,7e,60,67,d9,d7,bc,8c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:e4,64,e7,7f,b1,89,70,3a,fd,69,db,b8,7a,69,7d,1c,4e,a7,07,04,33,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Documents and Settings\\Matthieu\\Bureau\\emule.exe"="C:\\Documents and Settings\\Matthieu\\Bureau\\emule.exe:*:Disabled:eMule"
"H:\\Matthieu\\SteamApps\\matt29051988\\half-life 2 deathmatch\\hl2.exe"="H:\\Matthieu\\SteamApps\\matt29051988\\half-life 2 deathmatch\\hl2.exe:*:Disabled:hl2"
"C:\\Documents and Settings\\Matthieu\\Bureau\\jeu\\emule.exe"="C:\\Documents and Settings\\Matthieu\\Bureau\\jeu\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"="C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"C:\\Program Files\\THQ2\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ2\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ2\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ2\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe:*:Enabled:pes6.exe"
"C:\\Doomsday\\Bin\\Doomsday.exe"="C:\\Doomsday\\Bin\\Doomsday.exe:*:Enabled:Doomsday"
"C:\\Program Files\\Roger Wilco\\roger.exe"="C:\\Program Files\\Roger Wilco\\roger.exe:*:Enabled:Roger Wilco"
"C:\\Program Files\\Roger Wilco\\rwbs\\rwbs.exe"="C:\\Program Files\\Roger Wilco\\rwbs\\rwbs.exe:*:Enabled:rwbs"
"H:\\Matthieu\\Steam.exe"="H:\\Matthieu\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\magiconline.exe"="C:\\magiconline.exe:*:Enabled:Magic: The Gathering Online"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\DOCUME~1\\Matthieu\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Matthieu\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Nov 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 9 May 2007 18,410,658 A..HR --- "C:\Documents and Settings\All Users\Bureau\WDM_A398.zip"
Sun 13 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT5.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT9.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT8.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT4.tmp"
Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT3.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d03f71700772ecd1d20bacc33c473cd5\BIT3.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Mon 12 Nov 2007 444 ...HR --- "C:\Documents and Settings\Arnaud - Lucia\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 16 Jul 2007 444 ...HR --- "C:\Documents and Settings\Matthieu\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!
Run by Arnaud - Lucia on 21/01/2008 at 11:17
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Internet Security Service 23
Path:
"C:\WINDOWS\mssq.exe"
Internet Security Service 23 - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\InetGet2\FINAL -- Fort 5.6_MST-ONLY.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\UnInstall.exe - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\b12?.exe - Deleted
C:\WINDOWS\b14?.exe - Deleted
C:\WINDOWS\mrofinu*.exe.tmp - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Words - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 11:30:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0015b97062af"=hex:72,91,43,1b,b1,10,c6,0f,45,5b,44,f7,16,a8,30,63
"0015a8334430"=hex:f9,36,a5,6f,73,13,e9,37,61,7e,60,67,d9,d7,bc,8c
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:614ee1f2
"s2"=dword:4092f3d7
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:e4,64,e7,7f,b1,89,70,3a,fd,69,db,b8,7a,69,7d,1c,4e,a7,07,04,33,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0008f4000527]
"0015b97062af"=hex:72,91,43,1b,b1,10,c6,0f,45,5b,44,f7,16,a8,30,63
"0015a8334430"=hex:f9,36,a5,6f,73,13,e9,37,61,7e,60,67,d9,d7,bc,8c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:e4,64,e7,7f,b1,89,70,3a,fd,69,db,b8,7a,69,7d,1c,4e,a7,07,04,33,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Documents and Settings\\Matthieu\\Bureau\\emule.exe"="C:\\Documents and Settings\\Matthieu\\Bureau\\emule.exe:*:Disabled:eMule"
"H:\\Matthieu\\SteamApps\\matt29051988\\half-life 2 deathmatch\\hl2.exe"="H:\\Matthieu\\SteamApps\\matt29051988\\half-life 2 deathmatch\\hl2.exe:*:Disabled:hl2"
"C:\\Documents and Settings\\Matthieu\\Bureau\\jeu\\emule.exe"="C:\\Documents and Settings\\Matthieu\\Bureau\\jeu\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"="C:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe:*:Enabled:Star Wars Galactic Battlegrounds"
"C:\\Program Files\\THQ2\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ2\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\Program Files\\THQ2\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ2\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe:*:Enabled:pes6.exe"
"C:\\Doomsday\\Bin\\Doomsday.exe"="C:\\Doomsday\\Bin\\Doomsday.exe:*:Enabled:Doomsday"
"C:\\Program Files\\Roger Wilco\\roger.exe"="C:\\Program Files\\Roger Wilco\\roger.exe:*:Enabled:Roger Wilco"
"C:\\Program Files\\Roger Wilco\\rwbs\\rwbs.exe"="C:\\Program Files\\Roger Wilco\\rwbs\\rwbs.exe:*:Enabled:rwbs"
"H:\\Matthieu\\Steam.exe"="H:\\Matthieu\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\magiconline.exe"="C:\\magiconline.exe:*:Enabled:Magic: The Gathering Online"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\DOCUME~1\\Matthieu\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Matthieu\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Thu 1 Nov 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 9 May 2007 18,410,658 A..HR --- "C:\Documents and Settings\All Users\Bureau\WDM_A398.zip"
Sun 13 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 15 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT5.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT9.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT8.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT4.tmp"
Sun 13 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT3.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d03f71700772ecd1d20bacc33c473cd5\BIT3.tmp"
Wed 12 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Mon 12 Nov 2007 444 ...HR --- "C:\Documents and Settings\Arnaud - Lucia\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 16 Jul 2007 444 ...HR --- "C:\Documents and Settings\Matthieu\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!
Bonjour, moi aussi comme les 3/4 du monde on dirait jai clicker sur le lien jai fait ce que t uas dit delby, mais comment vais je savoir si ça a marcher?!
Voici le rapport
SDFix: Version 1.129
Run by Utilisateur on lun. 21/01/2008 at 11:29
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\UTILIS~1\MESDOC~1\SDFix
Safe Mode:
Checking Services:
Name:
rqxxavdi
Path:
system32\drivers\kvkuiqzr.dat
rqxxavdi - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service rqxxavdi - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\drivers\kvkuiqzr.dat - Deleted
C:\WINDOWS\SYSTEM32\AUDIOSR.DLL - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 11:41:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\Utilisateur\\pswgnu.exe"="C:\\Documents and Settings\\Utilisateur\\pswgnu.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\Utilisateur\\orjfig.exe"="C:\\Documents and Settings\\Utilisateur\\orjfig.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\Utilisateur\\zjiaaq.exe"="C:\\Documents and Settings\\Utilisateur\\zjiaaq.exe:*:Enabled:Windows Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\UTILIS~1\MESDOC~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 13 Oct 2006 208 A.SHR --- "C:\BOOT.BAK"
Sun 20 Jan 2008 31,232 ..SHR --- "C:\WINDOWS\htssv32.exe"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Utilisateur\Application Data\U3\temp\Launchpad Removal.exe"
Fri 23 Nov 2007 34,304 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\--Arielle\info-madame Charlier\~WRL0005.tmp"
Finished!
Voici le rapport
SDFix: Version 1.129
Run by Utilisateur on lun. 21/01/2008 at 11:29
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\UTILIS~1\MESDOC~1\SDFix
Safe Mode:
Checking Services:
Name:
rqxxavdi
Path:
system32\drivers\kvkuiqzr.dat
rqxxavdi - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service rqxxavdi - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\drivers\kvkuiqzr.dat - Deleted
C:\WINDOWS\SYSTEM32\AUDIOSR.DLL - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 11:41:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\UTILIS~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Documents and Settings\\Utilisateur\\pswgnu.exe"="C:\\Documents and Settings\\Utilisateur\\pswgnu.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\Utilisateur\\orjfig.exe"="C:\\Documents and Settings\\Utilisateur\\orjfig.exe:*:Enabled:Windows Service"
"C:\\Documents and Settings\\Utilisateur\\zjiaaq.exe"="C:\\Documents and Settings\\Utilisateur\\zjiaaq.exe:*:Enabled:Windows Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\UTILIS~1\MESDOC~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 13 Oct 2006 208 A.SHR --- "C:\BOOT.BAK"
Sun 20 Jan 2008 31,232 ..SHR --- "C:\WINDOWS\htssv32.exe"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Utilisateur\Application Data\U3\temp\Launchpad Removal.exe"
Fri 23 Nov 2007 34,304 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\--Arielle\info-madame Charlier\~WRL0005.tmp"
Finished!
G MOI AUSSI ATRAPPE CE VIRUS G EU DES DIFFICULTES A POUVOIR ENTRER LA FONCTION R IL Y AVAIT ERROR MAINTENANT JE SUIS ALLE A L EMPLACEMENT DU DOSSIER ET J Y SUIS ARRIVE JE NE SAIS PAS POURQUOI IL FAUT POSTER LE RAPPORT SI QQ UN PEUT ME RENSEIGNER LA DESSUS? EN TOUT CAS LE VOICI
MSNFix 1.639-2
C:\Program Files\MSNFix
Fix exécuté le 21/01/2008 - 14:09:55,32 By alain
mode normal
************************ Recherche les fichiers présents
... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\?.exe
... C:\DOCUME~1\alain\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\alain\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
... C:\Program Files\Dot1XCfg\
... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\
************************ Suppression des fichiers
.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\?.exe
.. OK ... C:\DOCUME~1\alain\LOCALS~1\Temp\*.dmp
/!\ ... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\alain\??????.exe
/!\ ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Suppression des dossiers
.. OK ... C:\Program Files\Dot1XCfg\
/!\ ... C:\Program Files\InetGet2\
.. OK ... C:\Program Files\Temporary\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\bhij.exe] 2038494FE293CB155CF79109DC3A4330
[C:\cvbkwtb.exe] B6F5748C05BD0952BD5588F1E57A235A
[C:\upaq.exe] F6E57C3E854EE7780F960AA9B50BC69E
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21012008_14195207.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
MERCI A CEUX QUI ONT TOUJOURS DES BONNES INFOS POUR NOUS TIRER DE LA GALERNETIENNE
MSNFix 1.639-2
C:\Program Files\MSNFix
Fix exécuté le 21/01/2008 - 14:09:55,32 By alain
mode normal
************************ Recherche les fichiers présents
... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\?.exe
... C:\DOCUME~1\alain\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\alain\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
... C:\Program Files\Dot1XCfg\
... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\
************************ Suppression des fichiers
.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\?.exe
.. OK ... C:\DOCUME~1\alain\LOCALS~1\Temp\*.dmp
/!\ ... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\alain\??????.exe
/!\ ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Suppression des dossiers
.. OK ... C:\Program Files\Dot1XCfg\
/!\ ... C:\Program Files\InetGet2\
.. OK ... C:\Program Files\Temporary\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\alain\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\bhij.exe] 2038494FE293CB155CF79109DC3A4330
[C:\cvbkwtb.exe] B6F5748C05BD0952BD5588F1E57A235A
[C:\upaq.exe] F6E57C3E854EE7780F960AA9B50BC69E
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21012008_14195207.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
MERCI A CEUX QUI ONT TOUJOURS DES BONNES INFOS POUR NOUS TIRER DE LA GALERNETIENNE