Virus msn et winlogon..
Résolu
Womak
-
Lulout3 -
Lulout3 -
Bonjour,
Voilà, j'ai donc cliqué sur le lien de "ta tof fais quoi sur ce site :p"
Bon j'ai tout de suite compris que j'avais fait une erreur...
Outpost (parefeu) m'a averti que winlogon tentait d'accéder à la toile, je l'ai bloqué.
Le virus n'est donc pas dangereux pour mes compatriotes mais impossible de supprimer winlogon.exe
hypothèse:
Ce winlogon est un faux, une copie modifiée de celui qui est dans C:\WINDOWS\System32 je pense.
Il se trouve dans mon dossier temp système que normalement je peux complètement vider (T:\Temp)
J'ai donc tenté plein de trucs.
-Mon antivirus n'arrive pas à lire ce winlogon..
-dans msconfig, je le désactive, il se relance auto au démarrage (mode sans echec ou pas)
-Msnfix ne marche pas (j'ai une version 9 beta)
-J'ai remplacé manuellement dans ma base de registre tous les winlogon de T:\Temp par C:\windows\system32
La je me dit cool c bon, et bah non, y'a un script qq part..
Je vais supprimé msn,
et tenté un spybot en mode sans echec et lancé aussi celui de outpost,
refaire des nettoyage de registre mais je doute que ça change grand chose.
De toutes façons, winlogon est bloqué par mon parefeu mais j'aime bien qd c clean.
Bon sinon chapeau à/aux auteurs de ce virus..
Si je trouve la solution, je vous tiendrai au courant
Merci d'avance
Womak
Voilà, j'ai donc cliqué sur le lien de "ta tof fais quoi sur ce site :p"
Bon j'ai tout de suite compris que j'avais fait une erreur...
Outpost (parefeu) m'a averti que winlogon tentait d'accéder à la toile, je l'ai bloqué.
Le virus n'est donc pas dangereux pour mes compatriotes mais impossible de supprimer winlogon.exe
hypothèse:
Ce winlogon est un faux, une copie modifiée de celui qui est dans C:\WINDOWS\System32 je pense.
Il se trouve dans mon dossier temp système que normalement je peux complètement vider (T:\Temp)
J'ai donc tenté plein de trucs.
-Mon antivirus n'arrive pas à lire ce winlogon..
-dans msconfig, je le désactive, il se relance auto au démarrage (mode sans echec ou pas)
-Msnfix ne marche pas (j'ai une version 9 beta)
-J'ai remplacé manuellement dans ma base de registre tous les winlogon de T:\Temp par C:\windows\system32
La je me dit cool c bon, et bah non, y'a un script qq part..
Je vais supprimé msn,
et tenté un spybot en mode sans echec et lancé aussi celui de outpost,
refaire des nettoyage de registre mais je doute que ça change grand chose.
De toutes façons, winlogon est bloqué par mon parefeu mais j'aime bien qd c clean.
Bon sinon chapeau à/aux auteurs de ce virus..
Si je trouve la solution, je vous tiendrai au courant
Merci d'avance
Womak
A voir également:
- Virus msn et winlogon..
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Msn messenger - Télécharger - Messagerie
- Virus facebook demande d'amis - Accueil - Facebook
- Msn explorer - Télécharger - Divers Web & Internet
5 réponses
slt
pour virer ce virus:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
pour virer ce virus:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Excellent, vraiment Félicitation à l'auteur de ce fix
Et Merci à toi jlpjlp pour ta réponse on ne peut plus claire
Ce poste est à plus d'un titre utile à toute personne souffrant de ce mal même les plus "débutants" ou simples utilisateurs de pc
winlogon.exe a enfin été supprimé (fallu que je mis prenne à 2 fois, j'avais changé la variable d'environnement des fichiers temporaires, pour ça qu'il manque qq infos au report.txt, si besoin et à votre demande, j'afficherai le 1er)
Malgré mon niveau assez élevé en informatique (programmeur et plus) j'avoue que là je bloquais.
Merci encore (bisous tout plein)
Entre parenthèses dites rien sur mon xp, y'a pas plus performant peu importe sa provenance (à par linux bien sur)
Voici le résultat du programme:
[b]SDFix: Version 1.150 /b
Run by Womak on 02/03/2008 at 00:56
Microsoft Windows XP [version 5.1.2600]
Running From: C:\fix\SDFix
[b]Checking Services /b:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files /b:
Trojan Files Found:
// Trojan non detecté par de nombreux antivirus ou parefeu
T:\Temp\winlogon.exe - Deleted
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 00:58:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:5e,31,90,be,0c,e3,1d,1c,4d,f0,40,4e,f6,b4,f5,82,a7,ce,28,67,60,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:ab,b5,42,7a,f0,fd,50,30,64,fc,e0,59,61,87,e6,5a,58,8b,43,1b,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,78,3a,f3,bf,c3,69,e4,c2,5c,45,8a,c6,ae,06,ce,98,..
"khjeh"=hex:45,a4,b6,f3,eb,b0,c6,2e,e1,64,67,41,99,3f,a5,01,32,e5,7f,23,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,34,67,c5,a3,eb,79,d2,eb,60,3e,3e,dc,b4,d4,7b,77,da,71,26,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:57,15,dc,3e,96,73,61,21,18,78,79,28,e7,69,9e,1a,85,dd,d0,70,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:ab,b5,42,7a,f0,fd,50,30,64,fc,e0,59,61,87,e6,5a,58,8b,43,1b,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,78,3a,f3,bf,c3,69,e4,c2,5c,45,8a,c6,ae,06,ce,98,..
"khjeh"=hex:45,a4,b6,f3,eb,b0,c6,2e,e1,64,67,41,99,3f,a5,01,32,e5,7f,23,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,34,67,c5,a3,eb,79,d2,eb,60,3e,3e,dc,b4,d4,7b,77,da,71,26,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:b9937623
"s2"=dword:809bf4c5
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:57,15,dc,3e,96,73,61,21,18,78,79,28,e7,69,9e,1a,85,dd,d0,70,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:ab,b5,42,7a,f0,fd,50,30,64,fc,e0,59,61,87,e6,5a,58,8b,43,1b,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,78,3a,f3,bf,c3,69,e4,c2,5c,45,8a,c6,ae,06,ce,98,..
"khjeh"=hex:45,a4,b6,f3,eb,b0,c6,2e,e1,64,67,41,99,3f,a5,01,32,e5,7f,23,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,34,67,c5,a3,eb,79,d2,eb,60,3e,3e,dc,b4,d4,7b,77,da,71,26,50,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OOCC06.00.00.01WSSV"="91E6DE11E3B2954B6F60AD71D0EA7C5DA0EA4DAB573599D0338DF231F226290447B47D84C466F8B923E942D2B75BF55F595F67682C9650A87F504DEF361DB1F2F2290D83EDFC7883B40AFA8B4A2F130D490BCA7213CE5A0832613322DF9909DBF545A8D5A34A3AD7B52F2E3BCCB683F9CF6A285E734A8E899DEA4A7217C44EFEB37B93DBF055C73B3ABBD5124A75D91055EBD151F62B271C1988E01BC57E096E923731049D590D045B850E588F268A0B41F0BC090B464500FE48E46D9C582091FE540BD4BDC65CDFB4D51B672CB271FC81D20751E1A66B4A2DB0EB4C0E985FA268254CE722C0EBCC686C622DF63DCDC809DAED11FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D1407A2D97226D213B5553AE908E89F8526C6B620E6AA7217DF20182DC731310B9664A4BD9846B7125C7AD0897AAB51AB9EC8DAF6D4E1D3B87E28FB8DF6C362D2BEA425BE49EAA9FB388DCDF314EA3A1BE9D45379CA5970C491C1E43076256ADDD4EF0711A2C10B037E1E9D03619E164646D20B80DF6BD13DADC9600985B5C0DC68361AE72A53E62357D070C854922099163B34998E4905990F2FBFC249AD66732D7C6FAACE78CDCE91603A06C1E598F15E9DC58334791C46157399BAC6935B3A7B5B61725EE0D16B9B1933B4638EC4A1499B753514522C2041304982EB47A8BCCE7E880E100F0CCF0CDB58FE56D16D6F25EBC3D4D483CEFBBB0FEADE0579D77C48A64581F95A18CA9A1FE8451C4DDE1464D76F40008B239E4ED0E2CAC8B1776A2AA6B9811A6C941E26EAE7191A6FE8BF1B3F7E8784BF494569C6D472CC471B715C68CDF8504426FBACDD20C31AFCE21185133AEEB4C8671E1F5A2DB78CE958ECEC67AC8660B6738FD5281CC1C90E2321FE5A30EFC724274C25051931E69AC9AB0935457D73E62875690F2CC0390C86798B2FB03656A1B5E658578AA5A0AF10F286744A6416D2F53FD3ECE4A45E396E164FBE5123E0E6C678B6F3B796E052CA7BDCDD34F338488E71272E9D8414283EEA164DEAC9C76C0D0163919B323200A36EA6BEBD1CAEE8A98417D373AD95C1615DCCAF1BF353FEC37125FC735F840B42EE26F5E47F312D0466FCF3C61D06C0414885D0421E2CBF2934669442B7AC19D70F3DF86EF35CDEDC76D5383A89E9B450F8F42F867862227E21B64BCD08DEA41658F4CDDF05321DF60C425C37D6AA0203B0F65B516767EF8709C9A99ED2B8FAB245F81406EF14DA1B6F873269A315E05227887E4E839146902EF4C8064DB8BCEAC698F96E294C5D14DC8F2041BDDB5CB8844CD0EE1A9A95E5C733DA93E0C362F94048C46D5408413206E49D722A14D43A6886A06AAA23A2D98125A09E2A9FB2250B9FCB994E55F4"
"OODEFRAG10.00.00.01WORKSTATION"="715C9C029437A4F988B6CE5FA8F7F6B8563BE3714B90F9D31464736434B1A43786E4845C41E185DDCB20890AB5C4E07108C72CD548F61FFBD4755F907F7790A086E4493E5BA4FAEE433083E956C1003FE226178BAC1843A3A52ADE837D9CF5DFBB2A2A1B352B9E02931CBA9EC7D441F686168803C332C840C3EA5A9B27D6CC2D9C6433E391489DAE157C044DBC0629B0C8B7B9334DA7A80C228292C36904A183D92847902CEFB8D1D04F869FDB064CCAB19337947A7FEC07E3A09664232395A1556D1E1E2F3B450C0875BDC1BC25D5667D91E1A575E434EFE4D8CD6B28D7DB0BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794C038D530D6EB3452BA7FD869164D67949EE926197C3006DF6BBA087E93FBD624032C55C9422ACCA0C81D58EEC92D813F646F5EA0BBC8A5EE75EC92469F3F03291835A902D6094DF8BD47D6C8DDA13F1C4809920857E111B50AF439DBE86733057FC76D55671462BB6E41D452559405D5BE781E642CFC608C3A4059C379F014D2081623D9CDE1EDE507A81A5477D409E770642B500EC23E924B9C248AD17CE572B13A212BD5A9E538E6FEC41B7CD39494B957BCE7C47C6AA9B7BE9FBDE64CFB85353012E9C0C9523622A940F7922708612ABF26CE8A9A37F7AB3DA6EF20C83FF4FCD7763AC4C152A70072543EDC095316076F11A80E2E8DE7899265B858FE2C6A26751FC189381519FA8517C7F0D67EBFC91EF8217370E6A7E5A05E32E19D53D58432B3AD2C74E0DBC47673EF5893A2319D64AFE4D0BAD3298C2966FA7F79D8EA9D9AAD2D3F648F82BEB8AA199163ED7EE2C1DAA5310CF6A278D3A9B5E889F49FAD1E5EF346988DE482A650A78E92A401301970199308878E5DAB2309CA6972AEA11266BA3AC5DBA0D87CCB03350D9A56CB30C0786C74D12A1FA0A72045DA33199C2EBDBA08C49194C3DD5919DFE5BB5F33306A02213DB378D7065A286B40AB21740FAE35129255E5754E87595C518540172AE1768DF0A13FD414B4554522E3CDB436D76DAC5066FC56B6BAB96C2B89E2DB0FF09C00C12209186487DED02C766A9B06AC2C21C295058166AB31C5F0707419B4B43D3C0951A2D67772FCFBAD17851BC7F23BAAD347EE460E653E14C3F1E61C551D27793EDC207A31EA70AC9B8673DA2946EB7C0EF56D29C248DFF36BDD6E66916F2BE102895721D6BBFA390D1F4B34381590BB242F7A5FFD871C784F16842BE9431F15982E619B170263ED3ECCE6366B2281FE6B13D1579DA9FB25FD9165D3C408DCA5E5361D6FFDB0F38A100FE6A319051B56DA57F2AEE18C0AF6A95814FB6E7BC01B77212C57818B7CC4847B2DF200A6BB419144A1B9715FD8DBA90CD4741333AEEE7B8175BFF7ADCD434439E0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2ECC5498-1125-3211-410C-9F1CF6076D0A}]
"napklbhflealplpfganlmpcfboma"=hex:69,61,61,6f,70,6f,66,66,6e,6d,66,6f,6b,6c,66,61,6f,65,00,00
"majlffnpaaciidmmmjbnobkmii"=hex:6a,61,6f,6e,6f,6d,6d,65,66,61,6c,64,6f,6c,64,6c,63,6f,68,6b,00,..
"famkmoeepenp"=hex:63,61,61,6f,63,61,00,01
"napklbhflealplpfganlmpbfeoll"=hex:69,61,61,6f,70,6f,66,66,6e,6d,66,6f,6b,6c,66,61,6f,65,00,7c
"majlffnpaaciidmmmjbnlanmhk"=hex:6a,61,6f,6e,6f,6d,6d,65,66,61,6c,64,6f,6c,64,6c,63,6f,68,6b,00,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:Streams Drivers"
"T:\\Temp\\winlogon.exe"="T:\\Temp\\winlogon.exe:*:Enabled:Streams Drivers"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files /b:
File Backups: - C:\fix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
[b]Finished!/b
Yeeeeeeeeeeeeeeesssssssssss (à la Jon) ^^
Et Merci à toi jlpjlp pour ta réponse on ne peut plus claire
Ce poste est à plus d'un titre utile à toute personne souffrant de ce mal même les plus "débutants" ou simples utilisateurs de pc
winlogon.exe a enfin été supprimé (fallu que je mis prenne à 2 fois, j'avais changé la variable d'environnement des fichiers temporaires, pour ça qu'il manque qq infos au report.txt, si besoin et à votre demande, j'afficherai le 1er)
Malgré mon niveau assez élevé en informatique (programmeur et plus) j'avoue que là je bloquais.
Merci encore (bisous tout plein)
Entre parenthèses dites rien sur mon xp, y'a pas plus performant peu importe sa provenance (à par linux bien sur)
Voici le résultat du programme:
[b]SDFix: Version 1.150 /b
Run by Womak on 02/03/2008 at 00:56
Microsoft Windows XP [version 5.1.2600]
Running From: C:\fix\SDFix
[b]Checking Services /b:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files /b:
Trojan Files Found:
// Trojan non detecté par de nombreux antivirus ou parefeu
T:\Temp\winlogon.exe - Deleted
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 00:58:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:5e,31,90,be,0c,e3,1d,1c,4d,f0,40,4e,f6,b4,f5,82,a7,ce,28,67,60,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:ab,b5,42,7a,f0,fd,50,30,64,fc,e0,59,61,87,e6,5a,58,8b,43,1b,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,78,3a,f3,bf,c3,69,e4,c2,5c,45,8a,c6,ae,06,ce,98,..
"khjeh"=hex:45,a4,b6,f3,eb,b0,c6,2e,e1,64,67,41,99,3f,a5,01,32,e5,7f,23,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,34,67,c5,a3,eb,79,d2,eb,60,3e,3e,dc,b4,d4,7b,77,da,71,26,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:57,15,dc,3e,96,73,61,21,18,78,79,28,e7,69,9e,1a,85,dd,d0,70,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:ab,b5,42,7a,f0,fd,50,30,64,fc,e0,59,61,87,e6,5a,58,8b,43,1b,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,78,3a,f3,bf,c3,69,e4,c2,5c,45,8a,c6,ae,06,ce,98,..
"khjeh"=hex:45,a4,b6,f3,eb,b0,c6,2e,e1,64,67,41,99,3f,a5,01,32,e5,7f,23,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,34,67,c5,a3,eb,79,d2,eb,60,3e,3e,dc,b4,d4,7b,77,da,71,26,50,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:b9937623
"s2"=dword:809bf4c5
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:57,15,dc,3e,96,73,61,21,18,78,79,28,e7,69,9e,1a,85,dd,d0,70,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:ab,b5,42,7a,f0,fd,50,30,64,fc,e0,59,61,87,e6,5a,58,8b,43,1b,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d6,78,3a,f3,bf,c3,69,e4,c2,5c,45,8a,c6,ae,06,ce,98,..
"khjeh"=hex:45,a4,b6,f3,eb,b0,c6,2e,e1,64,67,41,99,3f,a5,01,32,e5,7f,23,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:23,34,67,c5,a3,eb,79,d2,eb,60,3e,3e,dc,b4,d4,7b,77,da,71,26,50,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OOCC06.00.00.01WSSV"="91E6DE11E3B2954B6F60AD71D0EA7C5DA0EA4DAB573599D0338DF231F226290447B47D84C466F8B923E942D2B75BF55F595F67682C9650A87F504DEF361DB1F2F2290D83EDFC7883B40AFA8B4A2F130D490BCA7213CE5A0832613322DF9909DBF545A8D5A34A3AD7B52F2E3BCCB683F9CF6A285E734A8E899DEA4A7217C44EFEB37B93DBF055C73B3ABBD5124A75D91055EBD151F62B271C1988E01BC57E096E923731049D590D045B850E588F268A0B41F0BC090B464500FE48E46D9C582091FE540BD4BDC65CDFB4D51B672CB271FC81D20751E1A66B4A2DB0EB4C0E985FA268254CE722C0EBCC686C622DF63DCDC809DAED11FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A9C6AECB7A5D1407A2D97226D213B5553AE908E89F8526C6B620E6AA7217DF20182DC731310B9664A4BD9846B7125C7AD0897AAB51AB9EC8DAF6D4E1D3B87E28FB8DF6C362D2BEA425BE49EAA9FB388DCDF314EA3A1BE9D45379CA5970C491C1E43076256ADDD4EF0711A2C10B037E1E9D03619E164646D20B80DF6BD13DADC9600985B5C0DC68361AE72A53E62357D070C854922099163B34998E4905990F2FBFC249AD66732D7C6FAACE78CDCE91603A06C1E598F15E9DC58334791C46157399BAC6935B3A7B5B61725EE0D16B9B1933B4638EC4A1499B753514522C2041304982EB47A8BCCE7E880E100F0CCF0CDB58FE56D16D6F25EBC3D4D483CEFBBB0FEADE0579D77C48A64581F95A18CA9A1FE8451C4DDE1464D76F40008B239E4ED0E2CAC8B1776A2AA6B9811A6C941E26EAE7191A6FE8BF1B3F7E8784BF494569C6D472CC471B715C68CDF8504426FBACDD20C31AFCE21185133AEEB4C8671E1F5A2DB78CE958ECEC67AC8660B6738FD5281CC1C90E2321FE5A30EFC724274C25051931E69AC9AB0935457D73E62875690F2CC0390C86798B2FB03656A1B5E658578AA5A0AF10F286744A6416D2F53FD3ECE4A45E396E164FBE5123E0E6C678B6F3B796E052CA7BDCDD34F338488E71272E9D8414283EEA164DEAC9C76C0D0163919B323200A36EA6BEBD1CAEE8A98417D373AD95C1615DCCAF1BF353FEC37125FC735F840B42EE26F5E47F312D0466FCF3C61D06C0414885D0421E2CBF2934669442B7AC19D70F3DF86EF35CDEDC76D5383A89E9B450F8F42F867862227E21B64BCD08DEA41658F4CDDF05321DF60C425C37D6AA0203B0F65B516767EF8709C9A99ED2B8FAB245F81406EF14DA1B6F873269A315E05227887E4E839146902EF4C8064DB8BCEAC698F96E294C5D14DC8F2041BDDB5CB8844CD0EE1A9A95E5C733DA93E0C362F94048C46D5408413206E49D722A14D43A6886A06AAA23A2D98125A09E2A9FB2250B9FCB994E55F4"
"OODEFRAG10.00.00.01WORKSTATION"="715C9C029437A4F988B6CE5FA8F7F6B8563BE3714B90F9D31464736434B1A43786E4845C41E185DDCB20890AB5C4E07108C72CD548F61FFBD4755F907F7790A086E4493E5BA4FAEE433083E956C1003FE226178BAC1843A3A52ADE837D9CF5DFBB2A2A1B352B9E02931CBA9EC7D441F686168803C332C840C3EA5A9B27D6CC2D9C6433E391489DAE157C044DBC0629B0C8B7B9334DA7A80C228292C36904A183D92847902CEFB8D1D04F869FDB064CCAB19337947A7FEC07E3A09664232395A1556D1E1E2F3B450C0875BDC1BC25D5667D91E1A575E434EFE4D8CD6B28D7DB0BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794C038D530D6EB3452BA7FD869164D67949EE926197C3006DF6BBA087E93FBD624032C55C9422ACCA0C81D58EEC92D813F646F5EA0BBC8A5EE75EC92469F3F03291835A902D6094DF8BD47D6C8DDA13F1C4809920857E111B50AF439DBE86733057FC76D55671462BB6E41D452559405D5BE781E642CFC608C3A4059C379F014D2081623D9CDE1EDE507A81A5477D409E770642B500EC23E924B9C248AD17CE572B13A212BD5A9E538E6FEC41B7CD39494B957BCE7C47C6AA9B7BE9FBDE64CFB85353012E9C0C9523622A940F7922708612ABF26CE8A9A37F7AB3DA6EF20C83FF4FCD7763AC4C152A70072543EDC095316076F11A80E2E8DE7899265B858FE2C6A26751FC189381519FA8517C7F0D67EBFC91EF8217370E6A7E5A05E32E19D53D58432B3AD2C74E0DBC47673EF5893A2319D64AFE4D0BAD3298C2966FA7F79D8EA9D9AAD2D3F648F82BEB8AA199163ED7EE2C1DAA5310CF6A278D3A9B5E889F49FAD1E5EF346988DE482A650A78E92A401301970199308878E5DAB2309CA6972AEA11266BA3AC5DBA0D87CCB03350D9A56CB30C0786C74D12A1FA0A72045DA33199C2EBDBA08C49194C3DD5919DFE5BB5F33306A02213DB378D7065A286B40AB21740FAE35129255E5754E87595C518540172AE1768DF0A13FD414B4554522E3CDB436D76DAC5066FC56B6BAB96C2B89E2DB0FF09C00C12209186487DED02C766A9B06AC2C21C295058166AB31C5F0707419B4B43D3C0951A2D67772FCFBAD17851BC7F23BAAD347EE460E653E14C3F1E61C551D27793EDC207A31EA70AC9B8673DA2946EB7C0EF56D29C248DFF36BDD6E66916F2BE102895721D6BBFA390D1F4B34381590BB242F7A5FFD871C784F16842BE9431F15982E619B170263ED3ECCE6366B2281FE6B13D1579DA9FB25FD9165D3C408DCA5E5361D6FFDB0F38A100FE6A319051B56DA57F2AEE18C0AF6A95814FB6E7BC01B77212C57818B7CC4847B2DF200A6BB419144A1B9715FD8DBA90CD4741333AEEE7B8175BFF7ADCD434439E0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2ECC5498-1125-3211-410C-9F1CF6076D0A}]
"napklbhflealplpfganlmpcfboma"=hex:69,61,61,6f,70,6f,66,66,6e,6d,66,6f,6b,6c,66,61,6f,65,00,00
"majlffnpaaciidmmmjbnobkmii"=hex:6a,61,6f,6e,6f,6d,6d,65,66,61,6c,64,6f,6c,64,6c,63,6f,68,6b,00,..
"famkmoeepenp"=hex:63,61,61,6f,63,61,00,01
"napklbhflealplpfganlmpbfeoll"=hex:69,61,61,6f,70,6f,66,66,6e,6d,66,6f,6b,6c,66,61,6f,65,00,7c
"majlffnpaaciidmmmjbnlanmhk"=hex:6a,61,6f,6e,6f,6d,6d,65,66,61,6c,64,6f,6c,64,6c,63,6f,68,6b,00,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:Streams Drivers"
"T:\\Temp\\winlogon.exe"="T:\\Temp\\winlogon.exe:*:Enabled:Streams Drivers"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files /b:
File Backups: - C:\fix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
[b]Finished!/b
Yeeeeeeeeeeeeeeesssssssssss (à la Jon) ^^
Un grand merci à toi jlpjlp....Ca a très bien fonctionné...Je te donne le report si ca t'intéresse...bye
[b]SDFix: Version 1.156 [/b]
Run by Alex on 12/03/2008 at 17:48
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Alex\Bureau\SDFix\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\DOCUME~1\Alex\LOCALS~1\Temp\services.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 17:54:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000044
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\DOCUME~1\\Alex\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Alex\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
@=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Alex\Bureau\SDFix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 8 Feb 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT9.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITD.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT5.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITA.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT7.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITC.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT8.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT5.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITB.tmp"
Tue 11 Mar 2008 32,768 ...H. --- "C:\Documents and Settings\Alex\Application Data\Microsoft\Word\~WRL0004.tmp"
Wed 12 Mar 2008 55,296 ...H. --- "C:\Documents and Settings\Alex\Application Data\Microsoft\Word\~WRL0005.tmp"
Thu 29 Jun 2006 4,348 A..H. --- "C:\Documents and Settings\Alex\Bureau\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 29 Jun 2006 20 A..H. --- "C:\Documents and Settings\Alex\Bureau\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 12 May 2006 312 A.SH. --- "C:\Documents and Settings\Alex\Bureau\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sun 15 Oct 2006 125,952 A..H. --- "C:\Documents and Settings\Alex\Mes documents\CRFPA\libert‚s publiques\cour Ach 2006\~WRL0206.tmp"
Fri 13 Oct 2006 125,440 A..H. --- "C:\Documents and Settings\Alex\Mes documents\CRFPA\libert‚s publiques\cour Ach 2006\~WRL0883.tmp"
Sun 15 Oct 2006 125,952 A..H. --- "C:\Documents and Settings\Alex\Mes documents\CRFPA\libert‚s publiques\cour Ach 2006\~WRL1590.tmp"
[b]Finished![/b]
[b]SDFix: Version 1.156 [/b]
Run by Alex on 12/03/2008 at 17:48
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Alex\Bureau\SDFix\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\DOCUME~1\Alex\LOCALS~1\Temp\services.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 17:54:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000044
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\DOCUME~1\\Alex\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Alex\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
@=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\Alex\Bureau\SDFix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 8 Feb 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT9.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITD.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT5.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITA.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT7.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITC.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT8.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT5.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITB.tmp"
Tue 11 Mar 2008 32,768 ...H. --- "C:\Documents and Settings\Alex\Application Data\Microsoft\Word\~WRL0004.tmp"
Wed 12 Mar 2008 55,296 ...H. --- "C:\Documents and Settings\Alex\Application Data\Microsoft\Word\~WRL0005.tmp"
Thu 29 Jun 2006 4,348 A..H. --- "C:\Documents and Settings\Alex\Bureau\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Thu 29 Jun 2006 20 A..H. --- "C:\Documents and Settings\Alex\Bureau\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 12 May 2006 312 A.SH. --- "C:\Documents and Settings\Alex\Bureau\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sun 15 Oct 2006 125,952 A..H. --- "C:\Documents and Settings\Alex\Mes documents\CRFPA\libert‚s publiques\cour Ach 2006\~WRL0206.tmp"
Fri 13 Oct 2006 125,440 A..H. --- "C:\Documents and Settings\Alex\Mes documents\CRFPA\libert‚s publiques\cour Ach 2006\~WRL0883.tmp"
Sun 15 Oct 2006 125,952 A..H. --- "C:\Documents and Settings\Alex\Mes documents\CRFPA\libert‚s publiques\cour Ach 2006\~WRL1590.tmp"
[b]Finished![/b]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merciii d'avoir donner cette aide! J'espère que ça va marcher! =)
Tiens le rapport si ça t'interesse :
[b]SDFix: Version 1.172 [/b]
Run by Lucille on 18/04/2008 at 12:23
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\photos.zip - Deleted
C:\Documents and Settings\Lucille\real.txt - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\DOCUME~1\Lucille\LOCALS~1\Temp\winlogon.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 13:25:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Lucille\\LOCALS~1\\Temp\\winlogon.exe"="C:\\DOCUME~1\\Lucille\\LOCALS~1\\Temp\\winlogon.exe:*:Enabled:Streams Drivers"
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avcenter.exe"="C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avcenter.exe:*:Enabled:avcenter"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Wed 24 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 26 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT8.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT9.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT5.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT4.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2.tmp"
Tue 19 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 5 Feb 2008 72,704 ..SHR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\Setup.exe"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\cygz.dll"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\_Setup.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\tokr3260.dll"
[b]Finished![/b]
Tiens le rapport si ça t'interesse :
[b]SDFix: Version 1.172 [/b]
Run by Lucille on 18/04/2008 at 12:23
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\photos.zip - Deleted
C:\Documents and Settings\Lucille\real.txt - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\DOCUME~1\Lucille\LOCALS~1\Temp\winlogon.exe - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 13:25:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\Lucille\\LOCALS~1\\Temp\\winlogon.exe"="C:\\DOCUME~1\\Lucille\\LOCALS~1\\Temp\\winlogon.exe:*:Enabled:Streams Drivers"
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avcenter.exe"="C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avcenter.exe:*:Enabled:avcenter"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Disabled:Ares p2p for windows"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Fri 9 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Wed 24 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 26 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT8.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT9.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT6.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT5.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT4.tmp"
Mon 7 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT2.tmp"
Tue 19 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 5 Feb 2008 72,704 ..SHR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\Setup.exe"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\cygz.dll"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\_Setup.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Documents and Settings\Lucille\Mes documents\SUPER\mencoder\tokr3260.dll"
[b]Finished![/b]
