Sujet Précédent Sujet Suivant

Virus Win32Small-JMH[trj]

Résolu
jonkob Messages postés 37 Statut Membre -  
 Utilisateur anonyme -
Bonjour,J'ai eu par un de mes contacts ce virus et je n'arrive pas a m'en debarasser avec Avast.
Voila le rapport avec MSN-fix

MSNFix 1.673

C:\Documents and Settings\devress\Bureau\MSNFix\MSNFix
Fix exécuté le 03/03/2008 - 18:11:28,50 By devress
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\real.txt
... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\devress\??????.exe
... C:\Documents and Settings\devress\????????.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\devress\??????.exe
.. OK ... C:\Documents and Settings\devress\????????.exe

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\devress\??????.exe
.. OK ... C:\Documents and Settings\devress\????????.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 03032008_18150882.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

ET avec Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:04, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTTrayp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTTrayp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [MSNFix] C:\Documents and Settings\devress\Bureau\MSNFix\MSNFix\MSNFix.bat /pass2
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
A voir également:

13 réponses

Réponse 1 / 13
Utilisateur anonyme
 
Bonsoir,

Supprime ce rogue : Defenza

Installe IE7 : https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

Puis,
> Télécharge et installe sur ton PC AVG anti-spyware (si tu as déjà les programmes alors fais juste les mises à jour) : http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware, fais les mises à jour puis ferme le programme.

> Télécharge et installe Ccleaner : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html fais les mises à jour puis ferme le programme.
Si besoin est tu trouveras des Tutoriaux ici :
https://kerio.probb.fr/t242-tuto-ccleaner-v-2 , https://www.malekal.com/tutoriel-ccleaner/ et [http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner

> Télécharge Cleaner : http://www.malekal.com/download/clean.zip (différent de Ccleaner),

> Télécharge SDFix sur ton bureau
- Double clique sur l'archive SDFix qui à été créé sur le Bureau et installe le programme (l'installation va créer un dossier (à la racine du disque dur par défaut) nommé SDFix). Ferme ensuite le programme.

> Commence par faire un copier/coller de ce poste : (conseillé)
Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"),
puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte.
Sauvegarde le sur le bureau, tu pourras y avoir accès même déconnecté ou en mode sans échec.

> Démarre en mode sans échec : (image). Si problème : tuto ici

> Lance AVG,
- Clique sur le menu Analyse (de la barre d'outils). Clique après sur l'onglet Paramètres, puis <Dans Comment réagir?> clique sur <Actions recommandées> et choisi <Quarantaine>.
- Vérifie que toutes les cases sont cochées dans <Comment faire l'analyse ?> et dans <Programmes potentiellement dangereux> et vérifie que le bouton-radio <Générer un rapport après chaque analyse> soit aussi coché.
- Vas dans l'onglet 'Analyse', puis clique <Analyse complète du système>.
Remarque : Une fois l'analyse terminée, il faut faire un clique droit sur un fichier infecté et demander à "AVG Anti-Spyware 7.5" de le supprimer.
Puis clique sur "Appliquer toutes les actions" afin de tout supprimer automatiquement.
- Clique sur "Enregistrer le rapport" puis enregistre le sur ton bureau.
- Fais un copier/coller du rapport généré dans ton prochain poste.

> Lance Ccleaner,
- Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
- Dans l'onglet "Nettoyeur" clique sur "Analyse".
- Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
- Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).

> Pour Clean (encore en mode sans échec) :
- Double-clic sur clean.cmd
- Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean
NB : Si besoin, clean : http://mickael.barroux.free.fr/securite/clean.php

> Pour SDFix (toujours en mode sans échec) :
- Vas dans c:/SDFix et double-clique sur RunThis.bat
- Appuie sur < Y > puis < Entrée >....Le nettoyage commance....patience...
- Le programme va te demander de relancer le PC, frappe une touche...
- Le nettoyage se termine...un rapport apparait...
-Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

> Relance ton PC en mode normal

> Relance Hijackthis :
Puis sélectionne < do a system scan and save a logfile >,

Et envoie moi, par collier/coller, ton log Hijackthis stp,

Bon courage,

:)

NB : N'oublie pas de poster TOUS les rapports stp.

A+
0
Réponse 2 / 13
jonkob Messages postés 37 Statut Membre
 
Merci je fais tout ca de suite
0
Réponse 3 / 13
jonkob Messages postés 37 Statut Membre
 
Voila les rapports:
SDFIX

[b]System Report[/b]
*************

Run on 03/03/2008 at 20:08

Microsoft Windows XP [version 5.1.2600]

Current user is an administrator

[b]Running Processes[/b]:

\SystemRoot\System32\smss.exe [560]
\??\C:\WINDOWS\system32\csrss.exe [624]
\??\C:\WINDOWS\system32\winlogon.exe [648]
C:\WINDOWS\system32\services.exe [692]
C:\WINDOWS\system32\lsass.exe [728]
C:\WINDOWS\system32\svchost.exe [880]
C:\WINDOWS\system32\svchost.exe [948]
C:\WINDOWS\System32\svchost.exe [1044]
C:\WINDOWS\system32\svchost.exe [1104]
C:\WINDOWS\system32\svchost.exe [1248]
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1308]
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1412]
C:\Program Files\Alwil Software\Avast4\ashServ.exe [1464]
C:\WINDOWS\system32\spoolsv.exe [1744]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1948]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [1968]
C:\Program Files\Bonjour\mDNSResponder.exe [1992]
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [172]
C:\Program Files\Wireless 802.11g Monitor\WLService.exe [424]
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe [464]
C:\WINDOWS\system32\svchost.exe [584]
C:\WINDOWS\Explorer.EXE [612]
C:\WINDOWS\System32\alg.exe [132]
C:\WINDOWS\system32\WgaTray.exe [2356]
C:\WINDOWS\system32\VTTimer.exe [2556]
C:\WINDOWS\system32\VTTrayp.exe [2608]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2616]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2644]
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe [2748]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2784]
C:\WINDOWS\system32\ctfmon.exe [2816]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2832]
C:\WINDOWS\system32\wscntfy.exe [3232]
C:\WINDOWS\17PHolmes1423.exe [588]
C:\Program Files\Windows Live\Messenger\usnsvc.exe [4016]

[b]Drivers - Running[/b]:

Aavmker4
ACPI
AFD
AFS2K
aswMon2
aswRdr
aswTdi
atapi
audstub
AVG
AvgAsCln
Beep
catchme
Cdfs
Cdrom
Disk
dmio
dmload
Fdc
FETNDIS
Fips
Flpydisk
FltMgr
Ftdisk
Gpc
HdAudAddService
HDAudBus
HPZid412
HPZipr12
HPZius12
HTTP
i8042prt
Imapi
intelppm
IpNat
IPSec
isapnp
Kbdclass
kmixer
KSecDD
MDC8021X
mnmdd
Mouclass
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
Parport
PartMgr
ParVdm
PCI
PCIIde
PptpMiniport
PSched
Ptilink
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
serenum
Serial
sr
Srv
swenum
sysaudio
Tcpip
TermDD
uagp35
Update
usbccgp
usbehci
usbhub
usbprint
usbscan
usbuhci
VgaSave
viagfx
ViaIde
VolSnap
Wanarp
wdmaud
GTNDIS5

[b]Drivers - Stopped[/b]:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
driverhardwarev2
drmkaud
Fastfat
HidUsb
hpn
i2omgmt
i2omp
ini910u
IntelIde
Ip6Fw
IpFilterDriver
IpInIp
IRENUM
lbrtfdc
Modem
mouhid
mraid35x
MSKSSRV
MSPCLOCK
MSPQM
NwlnkFlt
NwlnkFwd
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
rt2571
Secdrv
Sfloppy
Simbad
Sparrow
splitter
swmidi
symc810
symc8xx
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
Udfs
ultra
USBSTOR
WDICA
WudfPf
WudfRd

[b]Services - Running[/b]:

aawservice
ALG
Apple
aswUpdSv
AudioSrv
avast!
AVG
BITS
Bonjour
CryptSvc
DcomLaunch
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventSystem
FastUserSwitchingCompatibility
helpsvc
lanmanserver
lanmanworkstation
LmHosts
MDM
Netman
Nla
PlugPlay
PolicyAgent
ProtectedStorage
R54G
RasMan
RemoteRegistry
RpcSs
SamSs
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
srservice
SSDPSRV
stisvc
TapiSrv
TermService
Themes
TrkWks
usnjsvc
W32Time
WebClient
winmgmt
wscsvc
wuauserv

[b]Services - Stopped[/b]:

Alerter
AppMgmt
avast!
avast!
Browser
CiSvc
ClipSrv
COMSysApp
dmadmin
HidServ
HTTPFilter
ImapiService
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
NtLmSsp
NtmsSvc
ose
Pml
RasAuto
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SCardSvr
SwPrv
SysmonLog
TlntSvr
upnphost
UPS
VSS
WLSetupSvc
WmdmPmSN
Wmi
WmiApSrv
WudfSvc
WZCSVC
xmlprov

[b]Files Created/Modified - 60 Days[/b]:

C:\

3 Mar 2008 19:33:26 230 ..SH. "C:\boot.ini"
3 Mar 2008 19:32:08 523 A.... "C:\hpfr3420.xml"
3 Mar 2008 19:32:08 37 728 A.... "C:\hpfr3425.log"
6 Feb 2008 15:09:56 136 750 614 A.... "C:\My First Sex Teacher - Mrs. Lisa Ann.amv"
15 Feb 2008 16:05:46 108 339 672 A.... "C:\My Friends Hot Mom - Jenaveve Jolie.amv"
6 Feb 2008 15:21:24 100 141 826 A.... "C:\Naughty America - My First Sex Teacher - Mrs Lezley Zen.amv"
6 Feb 2008 15:28:50 69 197 701 A.... "C:\NaughtyAmerica.com - My First Sex Teacher - Ms. Midori.amv"
15 Feb 2008 16:11:54 51 935 019 A.... "C:\Naughty America Latin adultery - Fast Times at Naughty America University - Olivia40.amv"
15 Feb 2008 16:43:38 9 020 839 A.... "C:\Naughty America--My Sister's Hot Friend - Raven Riley.amv"
3 Mar 2008 19:34:16 704 643 072 A.SH. "C:\pagefile.sys"
15 Feb 2008 16:47:36 11 326 177 A.... "C:\Raven Riley & Brooke Skye.amv"
15 Feb 2008 16:48:16 21 620 343 A.... "C:\Raven Riley - White Bikini cumshot.amv"
15 Feb 2008 16:44:08 8 836 163 A.... "C:\raven riley hot striptease.amv"
15 Feb 2008 16:46:26 25 958 667 A.... "C:\Raven Riley Mini Skirt.amv"
15 Feb 2008 16:46:54 10 223 291 A.... "C:\raven riley - super mover.amv"
15 Feb 2008 16:47:10 5 163 694 A.... "C:\Raven Riley cumonass.amv"
21 Feb 2008 19:51:04 244 A..H. "C:\sqmnoopt12.sqm"
23 Feb 2008 8:54:58 244 A..H. "C:\sqmnoopt13.sqm"
20 Feb 2008 11:27:46 244 A..H. "C:\sqmnoopt10.sqm"
20 Feb 2008 19:59:16 244 A..H. "C:\sqmnoopt11.sqm"
26 Feb 2008 10:13:34 244 A..H. "C:\sqmnoopt16.sqm"
27 Feb 2008 13:34:28 244 A..H. "C:\sqmnoopt17.sqm"
25 Feb 2008 13:44:58 244 A..H. "C:\sqmnoopt14.sqm"
25 Feb 2008 17:55:26 244 A..H. "C:\sqmnoopt15.sqm"
3 Mar 2008 18:12:56 244 A..H. "C:\sqmnoopt06.sqm"
3 Mar 2008 18:45:48 244 A..H. "C:\sqmnoopt07.sqm"
2 Mar 2008 20:55:30 244 A..H. "C:\sqmnoopt04.sqm"
3 Mar 2008 11:16:56 244 A..H. "C:\sqmnoopt05.sqm"
27 Feb 2008 16:27:00 244 A..H. "C:\sqmnoopt18.sqm"
27 Feb 2008 16:30:22 244 A..H. "C:\sqmnoopt19.sqm"
19 Feb 2008 15:29:48 244 A..H. "C:\sqmnoopt08.sqm"
19 Feb 2008 20:04:32 244 A..H. "C:\sqmnoopt09.sqm"
20 Feb 2008 11:27:46 268 A..H. "C:\sqmdata10.sqm"
25 Feb 2008 13:44:58 268 A..H. "C:\sqmdata14.sqm"
2 Mar 2008 20:55:30 232 A..H. "C:\sqmdata04.sqm"
27 Feb 2008 16:27:00 268 A..H. "C:\sqmdata18.sqm"
19 Feb 2008 15:29:48 268 A..H. "C:\sqmdata08.sqm"
20 Feb 2008 19:59:16 268 A..H. "C:\sqmdata11.sqm"
25 Feb 2008 17:55:26 268 A..H. "C:\sqmdata15.sqm"
3 Mar 2008 11:16:56 268 A..H. "C:\sqmdata05.sqm"
27 Feb 2008 16:30:22 268 A..H. "C:\sqmdata19.sqm"
19 Feb 2008 20:04:32 268 A..H. "C:\sqmdata09.sqm"
21 Feb 2008 19:51:04 268 A..H. "C:\sqmdata12.sqm"
26 Feb 2008 10:13:34 268 A..H. "C:\sqmdata16.sqm"
3 Mar 2008 18:12:56 232 A..H. "C:\sqmdata06.sqm"
23 Feb 2008 8:54:58 268 A..H. "C:\sqmdata13.sqm"
27 Feb 2008 13:34:28 268 A..H. "C:\sqmdata17.sqm"
3 Mar 2008 18:45:48 232 A..H. "C:\sqmdata07.sqm"
27 Feb 2008 16:47:52 268 A..H. "C:\sqmdata00.sqm"
28 Feb 2008 19:46:36 268 A..H. "C:\sqmdata01.sqm"
29 Feb 2008 18:44:28 268 A..H. "C:\sqmdata02.sqm"
1 Mar 2008 9:09:32 268 A..H. "C:\sqmdata03.sqm"
27 Feb 2008 16:47:52 244 A..H. "C:\sqmnoopt00.sqm"
28 Feb 2008 19:46:36 244 A..H. "C:\sqmnoopt01.sqm"
29 Feb 2008 18:44:28 244 A..H. "C:\sqmnoopt02.sqm"
1 Mar 2008 9:09:32 244 A..H. "C:\sqmnoopt03.sqm"

C:\WINDOWS\

2 Mar 2008 16:51:58 3 120 A.... "C:\WINDOWS\118294.78"
3 Mar 2008 19:34:18 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
3 Mar 2008 19:44:14 37 376 A.... "C:\WINDOWS\mrofinu1423.exe"
3 Mar 2008 19:29:52 1 593 A.... "C:\WINDOWS\msnfix.txt"
27 Jan 2008 19:16:30 385 A.... "C:\WINDOWS\ODBC.INI"
3 Mar 2008 19:28:00 32 548 ..... "C:\WINDOWS\SchedLgU.Txt"
3 Mar 2008 19:33:26 227 A.... "C:\WINDOWS\system.ini"
3 Mar 2008 19:34:40 159 ..... "C:\WINDOWS\wiadebug.log"
3 Mar 2008 19:34:36 50 ..... "C:\WINDOWS\wiaservc.log"
3 Mar 2008 19:33:26 718 A.... "C:\WINDOWS\win.ini"
3 Mar 2008 19:35:48 1 267 539 ..... "C:\WINDOWS\WindowsUpdate.log"
14 Feb 2008 20:16:04 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00001"
14 Feb 2008 20:16:04 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00002"
14 Feb 2008 20:16:04 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00003"
14 Feb 2008 20:16:04 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00004"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00005"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00006"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00007"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00008"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00009"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00010"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00011"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00012"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00013"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00014"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00015"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00016"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00017"
14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00018"
14 Feb 2008 20:16:08 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00019"
14 Feb 2008 20:16:08 12 288 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00020"
14 Feb 2008 20:16:08 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00021"
14 Feb 2008 20:16:08 90 112 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00022"
29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00001"
29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00002"
29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00003"
29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00004"
29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00005"
29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00006"
29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00007"
29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00008"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00009"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00010"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00011"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00012"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00013"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00014"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00015"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00016"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00017"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00018"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00019"
29 Jan 2008 12:42:44 12 288 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00020"
29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00021"
29 Jan 2008 12:42:44 86 016 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00022"
2 Mar 2008 20:12:32 45 056 A.... "C:\WINDOWS\BDOSCAN8\avxdisk.dll"
2 Mar 2008 20:12:32 10 240 A.... "C:\WINDOWS\BDOSCAN8\avxs.dll"
2 Mar 2008 20:12:32 27 136 A.... "C:\WINDOWS\BDOSCAN8\avxt.dll"
2 Mar 2008 20:12:32 181 760 A.... "C:\WINDOWS\BDOSCAN8\bdcore.dll"
2 Mar 2008 20:12:22 87 A.... "C:\WINDOWS\BDOSCAN8\bdoscan.ini"
2 Mar 2008 20:43:36 1 694 A.... "C:\WINDOWS\BDOSCAN8\bdoscan.log"
2 Mar 2008 20:12:32 77 824 A.... "C:\WINDOWS\BDOSCAN8\bdupd.dll.updpnd"
2 Mar 2008 20:12:32 1 878 A.... "C:\WINDOWS\BDOSCAN8\boot.xmd"
2 Mar 2008 20:12:32 142 848 A.... "C:\WINDOWS\BDOSCAN8\libfn.dll"
2 Mar 2008 20:12:32 86 016 A.... "C:\WINDOWS\BDOSCAN8\librtvr.dll"
13 Feb 2008 17:55:00 130 A.... "C:\WINDOWS\BDOSCAN8\live.ini"
2 Mar 2008 20:13:28 14 999 A.... "C:\WINDOWS\BDOSCAN8\plugins.htm"
2 Mar 2008 20:12:32 254 A.... "C:\WINDOWS\BDOSCAN8\rtvr2.html"
2 Mar 2008 20:12:32 4 656 A.... "C:\WINDOWS\BDOSCAN8\rtvr.html"
2 Mar 2008 20:12:32 195 A.... "C:\WINDOWS\BDOSCAN8\scanres2.html"
2 Mar 2008 20:12:32 17 091 A.... "C:\WINDOWS\BDOSCAN8\scanres.html"
2 Mar 2008 20:30:56 18 573 A.... "C:\WINDOWS\BDOSCAN8\scanrep.html"
3 Mar 2008 19:34:18 0 ..... "C:\WINDOWS\Debug\PASSWD.LOG"
13 Feb 2008 17:55:00 130 A.... "C:\WINDOWS\Downloaded Program Files\live.ini"
2 Feb 2008 20:36:48 37 621 A.... "C:\WINDOWS\Help\plyr_err.chw"
3 Mar 2008 11:10:24 13 586 A.... "C:\WINDOWS\Help\winmine.chw"
27 Jan 2008 16:47:18 11 247 A.... "C:\WINDOWS\Help\wschelp.chw"
17 Feb 2008 16:50:12 4 100 A.... "C:\WINDOWS\inf\branches.PNF"
17 Feb 2008 16:50:12 1 379 224 A.... "C:\WINDOWS\inf\INFCACHE.1"
6 Feb 2008 14:35:50 6 228 A.... "C:\WINDOWS\inf\oem1.PNF"
18 Feb 2008 11:16:24 2 488 A.... "C:\WINDOWS\inf\oem2.inf"
28 Feb 2008 13:12:56 7 720 A.... "C:\WINDOWS\inf\oem2.PNF"
5 Jan 2008 12:05:20 11 124 A.... "C:\WINDOWS\inf\ptpusb.PNF"
8 Jan 2008 20:54:20 718 ..... "C:\WINDOWS\pss\win.ini.backup"
2 Mar 2008 16:51:58 3 120 A.... "C:\WINDOWS\system32\118290.54"
27 Jan 2008 17:14:58 3 121 A.... "C:\WINDOWS\system32\CONFIG.NT"
21 Feb 2008 3:04:04 682 496 A.... "C:\WINDOWS\system32\DivX.dll"
21 Feb 2008 3:03:42 156 992 A.... "C:\WINDOWS\system32\DivXCodecVersionChecker.exe"
21 Feb 2008 3:05:52 524 288 A.... "C:\WINDOWS\system32\DivXsm.exe"
21 Feb 2008 3:05:52 4 816 A.... "C:\WINDOWS\system32\divxsm.tlb"
21 Feb 2008 3:03:24 12 288 A.... "C:\WINDOWS\system32\DivXWMPExtType.dll"
21 Feb 2008 3:04:04 823 296 A.... "C:\WINDOWS\system32\divx_xx0c.dll"
21 Feb 2008 3:04:04 823 296 A.... "C:\WINDOWS\system32\divx_xx07.dll"
21 Feb 2008 3:04:04 802 816 A.... "C:\WINDOWS\system32\divx_xx11.dll"
21 Feb 2008 3:04:16 81 920 A.... "C:\WINDOWS\system32\dpl100.dll"
21 Feb 2008 3:04:16 416 A.... "C:\WINDOWS\system32\dpl100.dll.manifest"
21 Feb 2008 3:04:06 294 912 A.... "C:\WINDOWS\system32\dpu10.dll"
21 Feb 2008 3:04:06 294 912 A.... "C:\WINDOWS\system32\dpu11.dll"
21 Feb 2008 3:03:00 8 835 A.... "C:\WINDOWS\system32\dpufr.qm"
21 Feb 2008 3:04:08 53 248 A.... "C:\WINDOWS\system32\dpuGUI10.dll"
21 Feb 2008 3:04:08 593 920 A.... "C:\WINDOWS\system32\dpuGUI11.dll"
21 Feb 2008 3:04:06 344 064 A.... "C:\WINDOWS\system32\dpus11.dll"
21 Feb 2008 3:04:06 57 344 A.... "C:\WINDOWS\system32\dpv11.dll"
21 Feb 2008 3:05:52 9 878 A.... "C:\WINDOWS\system32\dsm_fr.qm"
21 Feb 2008 3:04:16 196 608 A.... "C:\WINDOWS\system32\dtu100.dll"
21 Feb 2008 3:04:16 416 A.... "C:\WINDOWS\system32\dtu100.dll.manifest"
21 Feb 2008 3:11:34 3 162 A.... "C:\WINDOWS\system32\dtu_fr.qm"
3 Mar 2008 18:12:54 9 296 A.... "C:\WINDOWS\system32\jthrpo.exe"
19 Feb 2008 21:06:58 5 532 A.... "C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log"
21 Feb 2008 3:05:34 1 044 480 A.... "C:\WINDOWS\system32\libdivx.dll"
5 Feb 2008 0:09:46 18 214 008 A.... "C:\WINDOWS\system32\MRT.exe"
21 Feb 2008 3:03:58 630 784 A.... "C:\WINDOWS\system32\nsm33.tmp"
2 Mar 2008 20:55:28 9 296 A.... "C:\WINDOWS\system32\oonisy.exe"
21 Feb 2008 3:05:38 551 672 ..... "C:\WINDOWS\system32\px.dll"
21 Feb 2008 3:05:38 129 784 ..... "C:\WINDOWS\system32\pxafs.dll"
21 Feb 2008 3:05:38 66 296 ..... "C:\WINDOWS\system32\pxcpya64.exe"
21 Feb 2008 3:05:38 120 056 ..... "C:\WINDOWS\system32\pxcpyi64.exe"
21 Feb 2008 3:05:38 518 904 ..... "C:\WINDOWS\system32\pxdrv.dll"
21 Feb 2008 3:05:40 72 440 ..... "C:\WINDOWS\system32\pxhpinst.exe"
21 Feb 2008 3:05:38 64 760 ..... "C:\WINDOWS\system32\pxinsa64.exe"
21 Feb 2008 3:05:38 118 520 ..... "C:\WINDOWS\system32\pxinsi64.exe"
21 Feb 2008 3:05:40 187 128 ..... "C:\WINDOWS\system32\pxmas.dll"
21 Feb 2008 3:05:38 1 628 920 ..... "C:\WINDOWS\system32\pxsfs.dll"
21 Feb 2008 3:05:38 379 640 ..... "C:\WINDOWS\system32\pxwave.dll"
21 Feb 2008 3:05:44 3 596 288 A.... "C:\WINDOWS\system32\qt-dx331.dll"
3 Mar 2008 19:33:36 0 A.... "C:\WINDOWS\system32\real.txt"
21 Feb 2008 3:05:34 200 704 A.... "C:\WINDOWS\system32\ssldivx.dll"
29 Jan 2008 12:43:44 265 644 A.... "C:\WINDOWS\system32\TZLog.log"
21 Feb 2008 3:05:38 88 824 ..... "C:\WINDOWS\system32\vxblock.dll"
3 Mar 2008 19:35:08 2 206 A.... "C:\WINDOWS\system32\wpa.dbl"
29 Feb 2008 15:40:04 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
8 Feb 2008 22:22:04 394 A.... "C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1194816107.job"
3 Mar 2008 19:34:24 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
3 Mar 2008 20:07:20 0 A.... "C:\WINDOWS\Temp\scsA.tmp"
14 Feb 2008 20:15:36 9 610 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.inf"
14 Feb 2008 20:15:24 370 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.txt"
14 Feb 2008 20:16:32 18 469 A.... "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.inf"
14 Feb 2008 20:16:08 4 867 A.... "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.txt"
29 Jan 2008 12:44:48 9 321 A.... "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.inf"
29 Jan 2008 12:44:46 365 A.... "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.txt"
29 Jan 2008 12:45:04 12 105 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.inf"
29 Jan 2008 12:44:58 2 232 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.txt"
29 Jan 2008 12:44:40 9 357 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.inf"
29 Jan 2008 12:44:38 363 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.txt"
14 Feb 2008 20:17:10 9 746 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.inf"
14 Feb 2008 20:17:08 368 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.txt"
29 Jan 2008 12:42:30 8 748 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
29 Jan 2008 12:42:20 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
29 Jan 2008 12:43:50 9 963 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
29 Jan 2008 12:43:46 270 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
29 Jan 2008 12:43:10 9 119 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.inf"
29 Jan 2008 12:43:06 360 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.txt"
29 Jan 2008 12:43:00 17 768 A.... "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.inf"
29 Jan 2008 12:42:44 4 776 A.... "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.txt"
29 Jan 2008 12:43:40 8 878 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
29 Jan 2008 12:43:38 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
29 Jan 2008 12:43:22 9 147 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
29 Jan 2008 12:43:14 360 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
30 Jan 2008 20:14:12 8 663 A.... "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.inf"
30 Jan 2008 20:14:08 122 A.... "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.txt"
2 Mar 2008 20:12:32 40 748 A.... "C:\WINDOWS\BDOSCAN8\plugins\7zip.xmd"
2 Mar 2008 20:12:32 3 892 A.... "C:\WINDOWS\BDOSCAN8\plugins\access.xmd"
2 Mar 2008 20:12:34 8 737 A.... "C:\WINDOWS\BDOSCAN8\plugins\ace.xmd"
2 Mar 2008 20:12:34 3 399 A.... "C:\WINDOWS\BDOSCAN8\plugins\adsntfs.xmd"
2 Mar 2008 20:12:34 19 174 A.... "C:\WINDOWS\BDOSCAN8\plugins\alz.xmd"
2 Mar 2008 20:12:34 3 611 A.... "C:\WINDOWS\BDOSCAN8\plugins\arc.xmd"
2 Mar 2008 20:12:34 6 284 A.... "C:\WINDOWS\BDOSCAN8\plugins\arj.xmd"
2 Mar 2008 20:12:34 101 482 A.... "C:\WINDOWS\BDOSCAN8\plugins\aspy_emu.cvd"
2 Mar 2008 20:12:34 6 712 A.... "C:\WINDOWS\BDOSCAN8\plugins\bach.xmd"
2 Mar 2008 20:12:32 1 878 A.... "C:\WINDOWS\BDOSCAN8\plugins\boot.xmd"
2 Mar 2008 20:12:34 19 355 A.... "C:\WINDOWS\BDOSCAN8\plugins\bzip2.xmd"
2 Mar 2008 20:12:34 14 362 A.... "C:\WINDOWS\BDOSCAN8\plugins\cab.xmd"
2 Mar 2008 20:12:34 358 723 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.cvd"
2 Mar 2008 20:12:34 99 252 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.ivd"
2 Mar 2008 20:12:36 396 480 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.rvd"
2 Mar 2008 20:12:36 183 666 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.xmd"
2 Mar 2008 20:12:36 119 029 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_dll.cvd"
2 Mar 2008 20:12:36 111 548 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_emu.cvd"
2 Mar 2008 20:12:38 297 530 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.cvd"
2 Mar 2008 20:12:38 410 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.ivd"
2 Mar 2008 20:12:38 13 189 A.... "C:\WINDOWS\BDOSCAN8\plugins\chm.xmd"
2 Mar 2008 20:12:38 6 626 A.... "C:\WINDOWS\BDOSCAN8\plugins\cookie.cvd"
2 Mar 2008 20:12:38 2 158 A.... "C:\WINDOWS\BDOSCAN8\plugins\cookie.xmd"
2 Mar 2008 20:12:38 3 489 A.... "C:\WINDOWS\BDOSCAN8\plugins\cpio.xmd"
2 Mar 2008 20:12:38 295 343 A.... "C:\WINDOWS\BDOSCAN8\plugins\cran.cvd"
2 Mar 2008 20:12:38 86 016 A.... "C:\WINDOWS\BDOSCAN8\plugins\cran.ivd"
2 Mar 2008 20:12:40 6 060 A.... "C:\WINDOWS\BDOSCAN8\plugins\cran.xmd"
2 Mar 2008 20:12:40 1 346 A.... "C:\WINDOWS\BDOSCAN8\plugins\dbx.xmd"
2 Mar 2008 20:12:40 10 871 A.... "C:\WINDOWS\BDOSCAN8\plugins\docfile.xmd"
2 Mar 2008 20:12:40 34 225 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.001"
2 Mar 2008 20:12:40 35 147 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.002"
2 Mar 2008 20:12:40 33 945 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.003"
2 Mar 2008 20:12:40 33 915 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.004"
2 Mar 2008 20:12:40 30 065 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.005"
2 Mar 2008 20:12:40 32 614 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.006"
2 Mar 2008 20:12:40 30 115 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.007"
2 Mar 2008 20:12:40 30 026 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.008"
2 Mar 2008 20:12:40 30 093 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.009"
2 Mar 2008 20:12:40 30 299 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.010"
2 Mar 2008 20:12:40 30 482 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.011"
2 Mar 2008 20:12:40 30 341 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.012"
2 Mar 2008 20:12:40 12 381 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.013"
2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.014"
2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.015"
2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.016"
2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.017"
2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.018"
2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.019"
2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.020"
2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.021"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.022"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.023"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.024"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.025"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.026"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.027"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.028"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.029"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.030"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.031"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.032"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.033"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.034"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.035"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.036"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.037"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.038"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.039"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.040"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.041"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.042"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.043"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.044"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.045"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.046"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.047"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.048"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.049"
2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.050"
2 Mar 2008 20:12:56 6 500 383 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.cvd"
2 Mar 2008 20:12:58 30 153 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i01"
2 Mar 2008 20:12:58 34 745 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i02"
2 Mar 2008 20:12:58 25 792 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i03"
2 Mar 2008 20:12:58 26 845 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i04"
2 Mar 2008 20:12:58 26 331 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i05"
2 Mar 2008 20:12:58 31 133 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i06"
2 Mar 2008 20:12:58 33 430 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i07"
2 Mar 2008 20:12:58 31 219 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i08"
2 Mar 2008 20:12:58 26 323 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i09"
2 Mar 2008 20:12:58 34 476 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i10"
2 Mar 2008 20:12:58 32 074 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i11"
2 Mar 2008 20:12:58 32 454 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i12"
2 Mar 2008 20:12:58 30 114 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i13"
2 Mar 2008 20:12:58 29 089 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i14"
2 Mar 2008 20:12:58 30 630 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i15"
2 Mar 2008 20:12:58 28 175 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i16"
2 Mar 2008 20:12:58 31 458 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i17"
2 Mar 2008 20:13:00 27 984 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i18"
2 Mar 2008 20:13:00 31 448 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i19"
2 Mar 2008 20:13:00 31 341 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i20"
2 Mar 2008 20:13:00 30 627 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i21"
2 Mar 2008 20:13:00 34 776 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i22"
2 Mar 2008 20:13:00 30 106 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i23"
2 Mar 2008 20:13:00 30 949 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i24"
2 Mar 2008 20:13:00 26 371 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i25"
2 Mar 2008 20:13:00 28 079 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i26"
2 Mar 2008 20:13:00 29 149 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i27"
2 Mar 2008 20:13:00 32 521 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i28"
2 Mar 2008 20:13:00 30 267 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i29"
2 Mar 2008 20:13:00 25 865 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i30"
2 Mar 2008 20:13:00 27 564 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i31"
2 Mar 2008 20:13:00 29 338 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i32"
2 Mar 2008 20:13:00 30 171 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i33"
2 Mar 2008 20:13:00 30 101 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i34"
2 Mar 2008 20:13:02 32 677 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i35"
2 Mar 2008 20:13:02 33 657 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i36"
2 Mar 2008 20:13:02 31 020 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i37"
2 Mar 2008 20:13:02 30 698 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i38"
2 Mar 2008 20:13:02 31 845 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i39"
2 Mar 2008 20:13:02 30 380 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i40"
2 Mar 2008 20:13:02 29 376 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i41"
2 Mar 2008 20:13:02 32 985 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i42"
2 Mar 2008 20:13:02 29 376 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i43"
2 Mar 2008 20:13:02 30 291 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i44"
2 Mar 2008 20:13:02 29 463 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i45"
2 Mar 2008 20:13:02 27 444 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i46"
2 Mar 2008 20:13:02 32 667 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i47"
2 Mar 2008 20:13:02 31 295 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i48"
2 Mar 2008 20:13:02 27 643 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i49"
2 Mar 2008 20:13:02 26 649 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i50"
2 Mar 2008 20:13:02 30 905 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i51"
2 Mar 2008 20:13:04 28 838 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i52"
2 Mar 2008 20:13:04 29 055 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i53"
2 Mar 2008 20:13:04 21 693 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i54"
2 Mar 2008 20:13:04 29 624 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i55"
2 Mar 2008 20:13:04 26 251 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i56"
2 Mar 2008 20:13:04 30 238 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i57"
2 Mar 2008 20:13:04 32 989 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i58"
2 Mar 2008 20:13:04 29 765 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i59"
2 Mar 2008 20:13:04 29 298 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i60"
2 Mar 2008 20:13:04 25 936 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i61"
2 Mar 2008 20:13:04 31 044 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i62"
2 Mar 2008 20:13:04 25 913 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i63"
2 Mar 2008 20:13:04 26 004 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i64"
2 Mar 2008 20:13:04 27 911 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i65"
2 Mar 2008 20:13:04 30 220 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i66"
2 Mar 2008 20:13:04 33 240 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i67"
2 Mar 2008 20:13:04 34 862 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i68"
2 Mar 2008 20:13:04 32 957 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i69"
2 Mar 2008 20:13:06 32 552 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i70"
2 Mar 2008 20:13:06 29 076 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i71"
2 Mar 2008 20:13:06 32 504 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i72"
2 Mar 2008 20:13:06 30 678 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i73"
2 Mar 2008 20:13:06 32 067 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i74"
2 Mar 2008 20:13:06 33 326 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i75"
2 Mar 2008 20:13:06 33 635 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i76"
2 Mar 2008 20:13:06 34 202 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i77"
2 Mar 2008 20:13:06 36 009 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i78"
2 Mar 2008 20:13:06 34 840 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i79"
2 Mar 2008 20:13:06 31 465 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i80"
2 Mar 2008 20:13:06 32 997 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i81"
2 Mar 2008 20:13:06 31 546 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i82"
2 Mar 2008 20:13:06 34 072 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i83"
2 Mar 2008 20:13:06 30 433 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i84"
2 Mar 2008 20:13:06 31 381 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i85"
2 Mar 2008 20:13:08 32 983 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i86"
2 Mar 2008 20:13:08 30 159 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i87"
2 Mar 2008 20:13:08 33 341 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i88"
2 Mar 2008 20:13:08 32 228 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i89"
2 Mar 2008 20:13:08 29 859 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i90"
2 Mar 2008 20:13:08 30 116 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i91"
2 Mar 2008 20:13:08 33 050 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i92"
2 Mar 2008 20:13:08 30 320 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i93"
2 Mar 2008 20:13:08 33 050 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i94"
2 Mar 2008 20:13:08 32 324 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i95"
2 Mar 2008 20:13:08 31 914 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i96"
2 Mar 2008 20:13:08 34 915 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i97"
2 Mar 2008 20:13:10 34 586 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i98"
2 Mar 2008 20:13:10 30 800 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i99"
2 Mar 2008 20:13:10 29 004 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.ivd"
2 Mar 2008 20:13:10 5 001 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.xmd"
2 Mar 2008 20:13:10 2 806 A.... "C:\WINDOWS\BDOSCAN8\plugins\epoc.xmd"
2 Mar 2008 20:13:10 301 831 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.cvd"
2 Mar 2008 20:13:10 59 319 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i01"
2 Mar 2008 20:13:10 57 208 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i02"
2 Mar 2008 20:13:10 51 260 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i03"
2 Mar 2008 20:13:12 50 574 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i04"
2 Mar 2008 20:13:12 55 570 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i05"
2 Mar 2008 20:13:12 55 887 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i06"
2 Mar 2008 20:13:12 49 628 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i07"
2 Mar 2008 20:13:12 34 680 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i08"
2 Mar 2008 20:13:12 26 888 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i09"
2 Mar 2008 20:13:12 31 601 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i10"
2 Mar 2008 20:13:12 31 453 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i11"
2 Mar 2008 20:13:12 31 589 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i12"
2 Mar 2008 20:13:12 29 124 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i13"
2 Mar 2008 20:13:12 20 322 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i14"
2 Mar 2008 20:13:12 32 737 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i15"
2 Mar 2008 20:13:12 22 098 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i16"
2 Mar 2008 20:13:12 29 879 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i17"
2 Mar 2008 20:13:12 5 284 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i18"
2 Mar 2008 20:13:12 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i19"
2 Mar 2008 20:13:12 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i20"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i21"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i22"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i23"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i24"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i25"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i26"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i27"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i28"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i29"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i30"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i31"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i32"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i33"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i34"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i35"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i36"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i37"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i38"
2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i39"
2 Mar 2008 20:13:14 58 430 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.ivd"
2 Mar 2008 20:13:14 122 676 A.... "C:\WINDOWS\BDOSCAN8\plugins\gvmscripts.cvd"
2 Mar 2008 20:13:14 3 842 A.... "C:\WINDOWS\BDOSCAN8\plugins\gzip.xmd"
2 Mar 2008 20:13:14 8 201 A.... "C:\WINDOWS\BDOSCAN8\plugins\ha.xmd"
2 Mar 2008 20:13:14 3 534 A.... "C:\WINDOWS\BDOSCAN8\plugins\hlp.xmd"
2 Mar 2008 20:13:14 4 669 A.... "C:\WINDOWS\BDOSCAN8\plugins\hpe.cvd"
2 Mar 2008 20:13:14 2 537 A.... "C:\WINDOWS\BDOSCAN8\plugins\hpe.xmd"
2 Mar 2008 20:13:14 1 712 A.... "C:\WINDOWS\BDOSCAN8\plugins\hqx.xmd"
2 Mar 2008 20:13:14 18 951 A.... "C:\WINDOWS\BDOSCAN8\plugins\html.xmd"
2 Mar 2008 20:13:14 7 622 A.... "C:\WINDOWS\BDOSCAN8\plugins\imp.xmd"
2 Mar 2008 20:13:14 1 173 A.... "C:\WINDOWS\BDOSCAN8\plugins\inno.xmd"
2 Mar 2008 20:13:14 21 368 A.... "C:\WINDOWS\BDOSCAN8\plugins\instyler.xmd"
2 Mar 2008 20:13:16 37 426 A.... "C:\WINDOWS\BDOSCAN8\plugins\iso.xmd"
2 Mar 2008 20:13:16 3 305 A.... "C:\WINDOWS\BDOSCAN8\plugins\java.cvd"
2 Mar 2008 20:13:16 8 501 A.... "C:\WINDOWS\BDOSCAN8\plugins\java.xmd"
2 Mar 2008 20:13:16 4 795 A.... "C:\WINDOWS\BDOSCAN8\plugins\jpeg.xmd"
2 Mar 2008 20:13:16 9 492 A.... "C:\WINDOWS\BDOSCAN8\plugins\lha.xmd"
2 Mar 2008 20:13:16 930 A.... "C:\WINDOWS\BDOSCAN8\plugins\lnk.xmd"
2 Mar 2008 20:13:16 2 150 A.... "C:\WINDOWS\BDOSCAN8\plugins\mbox.xmd"
2 Mar 2008 20:13:16 791 A.... "C:\WINDOWS\BDOSCAN8\plugins\mbx.xmd"
2 Mar 2008 20:13:16 45 983 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx.xmd"
2 Mar 2008 20:13:16 344 892 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_97.cvd"
2 Mar 2008 20:13:16 172 433 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_97.ivd"
2 Mar 2008 20:13:18 59 489 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_w95.cvd"
2 Mar 2008 20:13:18 9 651 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_x95.cvd"
2 Mar 2008 20:13:18 1 948 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_xf.cvd"
2 Mar 2008 20:13:18 6 996 A.... "C:\WINDOWS\BDOSCAN8\plugins\mime.xmd"
2 Mar 2008 20:13:18 5 672 A.... "C:\WINDOWS\BDOSCAN8\plugins\mobmalware.cvd"
2 Mar 2008 20:13:18 6 864 A.... "C:\WINDOWS\BDOSCAN8\plugins\mobmalware.xmd"
2 Mar 2008 20:13:18 2 082 A.... "C:\WINDOWS\BDOSCAN8\plugins\mso.xmd"
2 Mar 2008 20:13:18 205 A.... "C:\WINDOWS\BDOSCAN8\plugins\na.cvd"
2 Mar 2008 20:13:18 12 596 A.... "C:\WINDOWS\BDOSCAN8\plugins\na.xmd"
2 Mar 2008 20:13:18 18 255 A.... "C:\WINDOWS\BDOSCAN8\plugins\nelf.cvd"
2 Mar 2008 20:13:18 3 036 A.... "C:\WINDOWS\BDOSCAN8\plugins\nelf.xmd"
2 Mar 2008 20:13:18 14 390 A.... "C:\WINDOWS\BDOSCAN8\plugins\nsis.xmd"
2 Mar 2008 20:13:18 1 062 A.... "C:\WINDOWS\BDOSCAN8\plugins\objd.xmd"
2 Mar 2008 20:13:18 12 755 A.... "C:\WINDOWS\BDOSCAN8\plugins\pdf.xmd"
2 Mar 2008 20:13:18 4 278 A.... "C:\WINDOWS\BDOSCAN8\plugins\proc.xmd"
2 Mar 2008 20:13:18 6 155 A.... "C:\WINDOWS\BDOSCAN8\plugins\pst.xmd"
2 Mar 2008 20:13:18 44 859 A.... "C:\WINDOWS\BDOSCAN8\plugins\rar.xmd"
2 Mar 2008 20:13:18 203 A.... "C:\WINDOWS\BDOSCAN8\plugins\regarch.cvd"
2 Mar 2008 20:13:18 13 700 A.... "C:\WINDOWS\BDOSCAN8\plugins\regarch.xmd"
2 Mar 2008 20:13:18 15 292 A.... "C:\WINDOWS\BDOSCAN8\plugins\regscan.cvd"
2 Mar 2008 20:13:18 406 A.... "C:\WINDOWS\BDOSCAN8\plugins\regscan.xmd"
2 Mar 2008 20:13:18 1 187 A.... "C:\WINDOWS\BDOSCAN8\plugins\rpm.xmd"
2 Mar 2008 20:13:18 2 515 A.... "C:\WINDOWS\BDOSCAN8\plugins\rtf.xmd"
2 Mar 2008 20:13:18 1 904 A.... "C:\WINDOWS\BDOSCAN8\plugins\rup.cvd"
2 Mar 2008 20:13:18 1 891 A.... "C:\WINDOWS\BDOSCAN8\plugins\rup.xmd"
2 Mar 2008 20:13:20 191 100 A.... "C:\WINDOWS\BDOSCAN8\plugins\sdx.cvd"
2 Mar 2008 20:13:20 83 489 A.... "C:\WINDOWS\BDOSCAN8\plugins\sdx.ivd"
2 Mar 2008 20:13:20 10 277 A.... "C:\WINDOWS\BDOSCAN8\plugins\sdx.xmd"
2 Mar 2008 20:13:20 13 163 A.... "C:\WINDOWS\BDOSCAN8\plugins\sfx.xmd"
2 Mar 2008 20:13:20 10 540 A.... "C:\WINDOWS\BDOSCAN8\plugins\swf.xmd"
2 Mar 2008 20:13:20 3 998 A.... "C:\WINDOWS\BDOSCAN8\plugins\tar.xmd"
2 Mar 2008 20:13:20 2 863 A.... "C:\WINDOWS\BDOSCAN8\plugins\td0.xmd"
2 Mar 2008 20:13:20 1 102 A.... "C:\WINDOWS\BDOSCAN8\plugins\thebat.xmd"
2 Mar 2008 20:13:20 846 A.... "C:\WINDOWS\BDOSCAN8\plugins\tnef.xmd"
2 Mar 2008 20:13:20 193 418 A.... "C:\WINDOWS\BDOSCAN8\plugins\unpack.cvd"
2 Mar 2008 20:13:20 151 978 A.... "C:\WINDOWS\BDOSCAN8\plugins\unpack.ivd"
2 Mar 2008 20:13:22 45 669 A.... "C:\WINDOWS\BDOSCAN8\plugins\unpack.xmd"
2 Mar 2008 20:13:22 110 A.... "C:\WINDOWS\BDOSCAN8\plugins\update.txt"
2 Mar 2008 20:13:22 1 988 A.... "C:\WINDOWS\BDOSCAN8\plugins\uudecode.xmd"
2 Mar 2008 20:13:22 49 435 A.... "C:\WINDOWS\BDOSCAN8\plugins\ve.cvd"
2 Mar 2008 20:13:22 48 A.... "C:\WINDOWS\BDOSCAN8\plugins\ve.ivd"
2 Mar 2008 20:13:22 79 803 A.... "C:\WINDOWS\BDOSCAN8\plugins\ve.xmd"
2 Mar 2008 20:13:22 688 A.... "C:\WINDOWS\BDOSCAN8\plugins\vedata.cvd"
2 Mar 2008 20:13:22 13 015 A.... "C:\WINDOWS\BDOSCAN8\plugins\viza.xmd"
2 Mar 2008 20:13:22 3 797 A.... "C:\WINDOWS\BDOSCAN8\plugins\wise.xmd"
2 Mar 2008 20:13:22 1 559 A.... "C:\WINDOWS\BDOSCAN8\plugins\xcookies.xmd"
2 Mar 2008 20:13:22 1 247 A.... "C:\WINDOWS\BDOSCAN8\plugins\xishield.xmd"
2 Mar 2008 20:13:22 1 604 A.... "C:\WINDOWS\BDOSCAN8\plugins\z.xmd"
2 Mar 2008 20:13:22 18 937 A.... "C:\WINDOWS\BDOSCAN8\plugins\zip.xmd"
2 Mar 2008 20:13:22 3 667 A.... "C:\WINDOWS\BDOSCAN8\plugins\zoo.xmd"
31 Jan 2008 12:38:08 6 129 A.... "C:\WINDOWS\Downloaded Installations\{C73AF9F8-52A6-40B2-B7BB-A73C87F6A51D}\0x0409.ini"
31 Jan 2008 12:38:08 1 940 A.... "C:\WINDOWS\Downloaded Installations\{C73AF9F8-52A6-40B2-B7BB-A73C87F6A51D}\Setup.INI"
31 Jan 2008 12:38:08 128 625 A.... "C:\WINDOWS\Downloaded Installations\{C73AF9F8-52A6-40B2-B7BB-A73C87F6A51D}\setup.isn"
31 Jan 2008 12:38:14 14 294 016 A.... "C:\WINDOWS\Downloaded Installations\{C73AF9F8-52A6-40B2-B7BB-A73C87F6A51D}\veoh.msi"
21 Feb 2008 3:05:38 9 336 ..... "C:\WINDOWS\system32\drivers\cdr4_xp.sys"
21 Feb 2008 3:05:40 9 464 ..... "C:\WINDOWS\system32\drivers\cdralw2k.sys"
21 Feb 2008 3:05:38 43 528 ..... "C:\WINDOWS\system32\drivers\PxHelp20.sys"
18 Feb 2008 11:16:26 12 090 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT"
2 Mar 2008 20:12:18 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
18 Feb 2008 11:16:26 12 090 A.... "C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\USBAAPL.CAT"
18 Feb 2008 11:16:24 2 488 A.... "C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.inf"
18 Feb 2008 11:16:24 30 464 A.... "C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys"
27 Jan 2008 16:18:10 2 622 A.... "C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log"

C:\Program Files\

20 Feb 2008 15:15:26 816 368 A.... "C:\Program Files\CCleaner\CCleaner.exe"
20 Feb 2008 12:47:04 23 552 A.... "C:\Program Files\CCleaner\lang-1036.dll"
3 Mar 2008 19:18:36 111 313 A.... "C:\Program Files\CCleaner\uninst.exe"
2 Mar 2008 19:59:56 122 054 A.... "C:\Program Files\DivX\DivXBundleUninstall.exe"
2 Mar 2008 19:59:34 122 054 A.... "C:\Program Files\DivX\DivXCodecUninstall.exe"
2 Mar 2008 19:59:40 122 054 A.... "C:\Program Files\DivX\DivXConverterUninstall.exe"
2 Mar 2008 19:59:56 122 054 A.... "C:\Program Files\DivX\DivXContentUploaderUninstall.exe"
2 Mar 2008 19:59:52 122 054 A.... "C:\Program Files\DivX\DivXPlayerUninstall.exe"
2 Mar 2008 19:59:54 122 054 A.... "C:\Program Files\DivX\DivXWebPlayerUninstall.exe"
20 Feb 2008 13:29:52 123 009 A.... "C:\Program Files\LimeWire\uninstall.exe"
21 Feb 2008 3:03:24 69 632 A.... "C:\Program Files\DivX\DivX Codec\config.exe"
21 Feb 2008 3:04:48 341 504 A.... "C:\Program Files\DivX\DivX Codec\DivX EKG.exe"
21 Feb 2008 3:04:48 270 336 A.... "C:\Program Files\DivX\DivX Codec\DivXDRA1031.dll"
21 Feb 2008 3:04:48 262 144 A.... "C:\Program Files\DivX\DivX Codec\DivXDRA1033.dll"
21 Feb 2008 3:04:48 270 336 A.... "C:\Program Files\DivX\DivX Codec\DivXDRA1036.dll"
21 Feb 2008 3:04:48 237 568 A.... "C:\Program Files\DivX\DivX Codec\DivXDRA1041.dll"
21 Feb 2008 3:03:50 1 355 776 A.... "C:\Program Files\DivX\DivX Converter\Converter.exe"
21 Feb 2008 3:03:50 61 440 A.... "C:\Program Files\DivX\DivX Converter\dpil100.dll"
21 Feb 2008 3:03:50 892 928 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1031.dll"
21 Feb 2008 3:03:50 884 736 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1041.dll"
21 Feb 2008 3:03:50 892 928 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1036.dll"
21 Feb 2008 3:03:50 892 928 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1034.dll"
21 Feb 2008 3:03:50 888 832 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1033.dll"
21 Feb 2008 3:03:50 278 528 A.... "C:\Program Files\DivX\DivX Converter\dvd2divxsub.dll"
21 Feb 2008 3:03:50 895 488 A.... "C:\Program Files\DivX\DivX Converter\libxml2.dll"
21 Feb 2008 3:03:50 122 880 A.... "C:\Program Files\DivX\DivX Converter\xdclm.dll"
21 Feb 2008 3:03:50 880 640 A.... "C:\Program Files\DivX\DivX Converter\xdsbp.dll"
21 Feb 2008 3:03:50 479 232 A.... "C:\Program Files\DivX\DivX Converter\xdsbv.dll"
21 Feb 2008 3:03:44 1 933 312 A.... "C:\Program Files\DivX\DivX Content Uploader\ContentUploadCheck.dll"
21 Feb 2008 3:03:44 845 824 A.... "C:\Program Files\DivX\DivX Content Uploader\libxml2.dll"
21 Feb 2008 3:03:44 1 359 872 A.... "C:\Program Files\DivX\DivX Content Uploader\npUpload.dll"
21 Feb 2008 3:04:30 348 160 A.... "C:\Program Files\DivX\DivX Player\DCManager.dll"
21 Feb 2008 3:04:32 1 585 664 A.... "C:\Program Files\DivX\DivX Player\DivX Player.exe"
21 Feb 2008 3:04:52 845 824 A.... "C:\Program Files\DivX\DivX Player\libxml2.dll"
21 Feb 2008 3:04:32 98 304 A.... "C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll"
21 Feb 2008 3:04:30 1 826 816 A.... "C:\Program Files\DivX\DivX Player\PlaybackModule2.dll"
21 Feb 2008 3:05:40 207 608 A.... "C:\Program Files\DivX\DivX Player\primosdk.dll"
21 Feb 2008 3:04:00 1 335 600 A.... "C:\Program Files\DivX\DivX Web Player\npdivx32.dll"
3 Mar 2008 18:19:36 18 725 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\heuristic.dat"
3 Mar 2008 18:17:40 475 893 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe"
2 Mar 2008 16
0
Réponse 4 / 13
jonkob Messages postés 37 Statut Membre
 
ET Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:13, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTTrayp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\17PHolmes1423.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTTrayp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 13
Utilisateur anonyme
 
Re,

Non les rapports doivent être fait en mode sans échec stp...

A+
0
Réponse 6 / 13
jonkob Messages postés 37 Statut Membre
 
[b]SDFix: Version 1.151 [/b]

Run by devress on 03/03/2008 at 20:50

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\devress\Bureau\NOUVEA~1\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\system32\real.txt - Deleted
0
Réponse 7 / 13
jonkob Messages postés 37 Statut Membre
 
MSNFix 1.673

C:\Documents and Settings\devress\Bureau\MSNFix\MSNFix
Fix exécuté le 03/03/2008 - 20:19:45,67 By devress
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\real.txt
... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\devress\??????.exe
... C:\Documents and Settings\devress\????????.exe
... C:\WINDOWS\mrofinu*.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\devress\??????.exe
.. OK ... C:\Documents and Settings\devress\????????.exe
.. OK ... C:\WINDOWS\mrofinu*.exe

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

Aucun Fichier trouvé

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 03032008_20574295.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
Réponse 8 / 13
Utilisateur anonyme
 
Ok,

très bien
mais le rapport SDFix n'est pas complet...reposte le....

oublie pas les autres stp.

Bon courage,

A+
0
Réponse 9 / 13
jonkob Messages postés 37 Statut Membre
 
[b]SDFix: Version 1.151 [/b]

Run by devress on 03/03/2008 at 20:50

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\devress\Bureau\NOUVEA~1\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\system32\real.txt - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 20:58:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe:*:Enabled:pes6.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\DOCUME~1\\devress\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\devress\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\DOCUME~1\devress\Bureau\NOUVEA~1\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sat 1 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 13 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 6 Nov 2007 12,411,017 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\83c13c563430e75d4f8d51aea23aeb03\BIT7B.tmp"
Tue 6 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT1.tmp"

[b]Finished![/b]
0
Réponse 10 / 13
jonkob Messages postés 37 Statut Membre
 
Ya quelque chose qui peut nous laisser croire que les virus sont effacer ??
0
Réponse 11 / 13
Utilisateur anonyme
 
Bonsoir,

Et bin il me manque les autres : AVG et Clean...

ensuite : la suite...

Merci de ne pas oublier de les poster.

A+
0
Réponse 12 / 13
jonkob Messages postés 37 Statut Membre
 
J'arrive pas a obtenir les rapports d'AVG et CClean
0
Réponse 13 / 13
Utilisateur anonyme
 
Bonjour,
Oui, il y a eu du ménage de fait.....mais il en reste.....encore....

> Le rapport clean se trouve ici : C:\rapport_clean.txt poste le stp.

> Pour la rapport AVG tant pis...es tu bien sûr de tout avoir nettoyé ? Sinon refais le stp. et essaye de poster un rapport stp.

> Installe IE7 stp : https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

> Désinstalle pacific poker stp => source d'infections...

> Rends toi ensuite sur ce site virustotal et fais analyser les fichiers suivant stp :
(Si problème : http://pageperso.aol.fr/loraline60/virus_total.htm )

C:\WINDOWS\17PHolmes1423.exe
C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe

et poste le résultat par copier/coller stp. Je pense qu'on va avoir une belle surprise....

Si tu n'arrives pas ouvrir le fichier por l'analyse Virus Total :
> Assure toi d'avoir accès aux fichiers cachés :
Menu démarrer => apparence et thèmes => options des dossiers => affichage
"Afficher les fichiers cachés" => coché
Puis refais les scans virus total que tu n'as pas pu faire.....

> Lance Hijackthis :
- Puis sélectionne < Scan >
- Coche les cases des lignes suivantes :

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257

O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab

Ensuite,
- Ferme toutes les autres fenêtres et applications (même internet)
- Clic sur < fixe checked >

> Télécharge OTMoveIT (de Old_Timer) : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe sur ton bureau...
- Double-clique sur OTMoveIt.exe pour le lancer.
- Assure toi que la case "Unregister Dll's and Ocx's" est bien cochée !!!
- Copie le texte qui se trouve ci-dessous et colle-le dans le cadre de gauche de OTMoveIt nommé <Paste standard List of Files/Folders to be moved>.

C:\WINDOWS\mrofinu1423.exe
C:\PROGRA~1\PACIFI~1\pacificpoker.exe

- Clique sur < MoveIt! > pour lancer la suppression.
- Lorsqu'un résultat apparaît dans le cadre Results clique sur Exit
N.B :Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
Un rapport est créé dans %SYSTEMDRIVE%\_OTMoveIt\MovedFiles\date du jour, copie-colle-le dans ta réponse suivante stp.

> Passe un coup de Ccleaner en mode sans échec stp

> Relance ton PC en mode normal puis Hijackthis :
Puis sélectionne < do a system scan and save a logfile >,

Et envoie, par collier/coller, ton log Hijackthis stp,

> Peux tu refaire un MSNfix stp..... ? Merci de poster aussi le rapport.

> Utilises tu ce service ? http://www.files-ftp.com/~unicorni/phpBB2/index.php (serveur ftp ?)
Car : O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
<=> usurpation possible.....

Bon courage,
C'est pas tout à fait terminé...

A+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Site pour regarder animé sans virus
ShaylahScarlet -
bendrop -

1 réponse