Virus Win32Small-JMH[trj]

Résolu
jonkob Messages postés 37 Statut Membre -  
 Utilisateur anonyme -
Bonjour,J'ai eu par un de mes contacts ce virus et je n'arrive pas a m'en debarasser avec Avast.
Voila le rapport avec MSN-fix

MSNFix 1.673

C:\Documents and Settings\devress\Bureau\MSNFix\MSNFix
Fix exécuté le 03/03/2008 - 18:11:28,50 By devress
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\real.txt
... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\devress\??????.exe
... C:\Documents and Settings\devress\????????.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\devress\??????.exe
.. OK ... C:\Documents and Settings\devress\????????.exe

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\devress\??????.exe
.. OK ... C:\Documents and Settings\devress\????????.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 03032008_18150882.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

ET avec Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:04, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTTrayp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Defenza\pcd-as.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTTrayp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [MSNFix] C:\Documents and Settings\devress\Bureau\MSNFix\MSNFix\MSNFix.bat /pass2
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe

--
End of file - 7682 bytes

Merci pour votre aide
Configuration: Windows XP
Internet Explorer 6.0

13 réponses

  1. Utilisateur anonyme
     
    Bonsoir,

    Supprime ce rogue : Defenza

    Installe IE7 : https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    Puis,
    > Télécharge et installe sur ton PC AVG anti-spyware (si tu as déjà les programmes alors fais juste les mises à jour) : http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware, fais les mises à jour puis ferme le programme.

    > Télécharge et installe Ccleaner : https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html fais les mises à jour puis ferme le programme.
    Si besoin est tu trouveras des Tutoriaux ici :
    https://kerio.probb.fr/t242-tuto-ccleaner-v-2 , https://www.malekal.com/tutoriel-ccleaner/ et [http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner

    > Télécharge Cleaner : http://www.malekal.com/download/clean.zip (différent de Ccleaner),

    > Télécharge SDFix sur ton bureau
    - Double clique sur l'archive SDFix qui à été créé sur le Bureau et installe le programme (l'installation va créer un dossier (à la racine du disque dur par défaut) nommé SDFix). Ferme ensuite le programme.

    > Commence par faire un copier/coller de ce poste : (conseillé)
    Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"),
    puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte.
    Sauvegarde le sur le bureau, tu pourras y avoir accès même déconnecté ou en mode sans échec.

    > Démarre en mode sans échec : (image). Si problème : tuto ici

    > Lance AVG,
    - Clique sur le menu Analyse (de la barre d'outils). Clique après sur l'onglet Paramètres, puis <Dans Comment réagir?> clique sur <Actions recommandées> et choisi <Quarantaine>.
    - Vérifie que toutes les cases sont cochées dans <Comment faire l'analyse ?> et dans <Programmes potentiellement dangereux> et vérifie que le bouton-radio <Générer un rapport après chaque analyse> soit aussi coché.
    - Vas dans l'onglet 'Analyse', puis clique <Analyse complète du système>.
    Remarque : Une fois l'analyse terminée, il faut faire un clique droit sur un fichier infecté et demander à "AVG Anti-Spyware 7.5" de le supprimer.
    Puis clique sur "Appliquer toutes les actions" afin de tout supprimer automatiquement.
    - Clique sur "Enregistrer le rapport" puis enregistre le sur ton bureau.
    - Fais un copier/coller du rapport généré dans ton prochain poste.

    > Lance Ccleaner,
    - Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
    - Dans l'onglet "Nettoyeur" clique sur "Analyse".
    - Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
    - Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
    N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
    Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).

    > Pour Clean (encore en mode sans échec) :
    - Double-clic sur clean.cmd
    - Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean
    NB : Si besoin, clean : http://mickael.barroux.free.fr/securite/clean.php

    > Pour SDFix (toujours en mode sans échec) :
    - Vas dans c:/SDFix et double-clique sur RunThis.bat
    - Appuie sur < Y > puis < Entrée >....Le nettoyage commance....patience...
    - Le programme va te demander de relancer le PC, frappe une touche...
    - Le nettoyage se termine...un rapport apparait...
    -Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

    > Relance ton PC en mode normal

    > Relance Hijackthis :
    Puis sélectionne < do a system scan and save a logfile >,

    Et envoie moi, par collier/coller, ton log Hijackthis stp,

    Bon courage,

    :)

    NB : N'oublie pas de poster TOUS les rapports stp.

    A+
    0
  2. jonkob Messages postés 37 Statut Membre
     
    Merci je fais tout ca de suite
    0
  3. jonkob Messages postés 37 Statut Membre
     
    Voila les rapports:
    SDFIX

    [b]System Report[/b]
    *************

    Run on 03/03/2008 at 20:08

    Microsoft Windows XP [version 5.1.2600]

    Current user is an administrator

    [b]Running Processes[/b]:

    \SystemRoot\System32\smss.exe [560]
    \??\C:\WINDOWS\system32\csrss.exe [624]
    \??\C:\WINDOWS\system32\winlogon.exe [648]
    C:\WINDOWS\system32\services.exe [692]
    C:\WINDOWS\system32\lsass.exe [728]
    C:\WINDOWS\system32\svchost.exe [880]
    C:\WINDOWS\system32\svchost.exe [948]
    C:\WINDOWS\System32\svchost.exe [1044]
    C:\WINDOWS\system32\svchost.exe [1104]
    C:\WINDOWS\system32\svchost.exe [1248]
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [1308]
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1412]
    C:\Program Files\Alwil Software\Avast4\ashServ.exe [1464]
    C:\WINDOWS\system32\spoolsv.exe [1744]
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1948]
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [1968]
    C:\Program Files\Bonjour\mDNSResponder.exe [1992]
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [172]
    C:\Program Files\Wireless 802.11g Monitor\WLService.exe [424]
    C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe [464]
    C:\WINDOWS\system32\svchost.exe [584]
    C:\WINDOWS\Explorer.EXE [612]
    C:\WINDOWS\System32\alg.exe [132]
    C:\WINDOWS\system32\WgaTray.exe [2356]
    C:\WINDOWS\system32\VTTimer.exe [2556]
    C:\WINDOWS\system32\VTTrayp.exe [2608]
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2616]
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2644]
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe [2748]
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2784]
    C:\WINDOWS\system32\ctfmon.exe [2816]
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2832]
    C:\WINDOWS\system32\wscntfy.exe [3232]
    C:\WINDOWS\17PHolmes1423.exe [588]
    C:\Program Files\Windows Live\Messenger\usnsvc.exe [4016]

    [b]Drivers - Running[/b]:

    Aavmker4
    ACPI
    AFD
    AFS2K
    aswMon2
    aswRdr
    aswTdi
    atapi
    audstub
    AVG
    AvgAsCln
    Beep
    catchme
    Cdfs
    Cdrom
    Disk
    dmio
    dmload
    Fdc
    FETNDIS
    Fips
    Flpydisk
    FltMgr
    Ftdisk
    Gpc
    HdAudAddService
    HDAudBus
    HPZid412
    HPZipr12
    HPZius12
    HTTP
    i8042prt
    Imapi
    intelppm
    IpNat
    IPSec
    isapnp
    Kbdclass
    kmixer
    KSecDD
    MDC8021X
    mnmdd
    Mouclass
    MountMgr
    MRxDAV
    MRxSmb
    Msfs
    mssmbios
    Mup
    NDIS
    NdisTapi
    Ndisuio
    NdisWan
    NDProxy
    NetBIOS
    NetBT
    Npfs
    Ntfs
    Null
    Parport
    PartMgr
    ParVdm
    PCI
    PCIIde
    PptpMiniport
    PSched
    Ptilink
    PxHelp20
    RasAcd
    Rasl2tp
    RasPppoe
    Raspti
    Rdbss
    RDPCDD
    rdpdr
    redbook
    serenum
    Serial
    sr
    Srv
    swenum
    sysaudio
    Tcpip
    TermDD
    uagp35
    Update
    usbccgp
    usbehci
    usbhub
    usbprint
    usbscan
    usbuhci
    VgaSave
    viagfx
    ViaIde
    VolSnap
    Wanarp
    wdmaud
    GTNDIS5

    [b]Drivers - Stopped[/b]:

    Abiosdsk
    abp480n5
    ACPIEC
    adpu160m
    aec
    Aha154x
    aic78u2
    aic78xx
    AliIde
    amsint
    asc
    asc3350p
    asc3550
    AsyncMac
    Atdisk
    Atmarpc
    cbidf2k
    cd20xrnt
    Cdaudio
    Changer
    CmdIde
    Cpqarray
    dac960nt
    dmboot
    DMusic
    dpti2o
    driverhardwarev2
    drmkaud
    Fastfat
    HidUsb
    hpn
    i2omgmt
    i2omp
    ini910u
    IntelIde
    Ip6Fw
    IpFilterDriver
    IpInIp
    IRENUM
    lbrtfdc
    Modem
    mouhid
    mraid35x
    MSKSSRV
    MSPCLOCK
    MSPQM
    NwlnkFlt
    NwlnkFwd
    PCIDump
    Pcmcia
    PDCOMP
    PDFRAME
    PDRELI
    PDRFRAME
    perc2
    perc2hib
    ql1080
    Ql10wnt
    ql12160
    ql1240
    ql1280
    RDPWD
    rt2571
    Secdrv
    Sfloppy
    Simbad
    Sparrow
    splitter
    swmidi
    symc810
    symc8xx
    sym_hi
    sym_u3
    TDPIPE
    TDTCP
    TosIde
    Udfs
    ultra
    USBSTOR
    WDICA
    WudfPf
    WudfRd

    [b]Services - Running[/b]:

    aawservice
    ALG
    Apple
    aswUpdSv
    AudioSrv
    avast!
    AVG
    BITS
    Bonjour
    CryptSvc
    DcomLaunch
    Dhcp
    dmserver
    Dnscache
    ERSvc
    Eventlog
    EventSystem
    FastUserSwitchingCompatibility
    helpsvc
    lanmanserver
    lanmanworkstation
    LmHosts
    MDM
    Netman
    Nla
    PlugPlay
    PolicyAgent
    ProtectedStorage
    R54G
    RasMan
    RemoteRegistry
    RpcSs
    SamSs
    Schedule
    seclogon
    SENS
    SharedAccess
    ShellHWDetection
    Spooler
    srservice
    SSDPSRV
    stisvc
    TapiSrv
    TermService
    Themes
    TrkWks
    usnjsvc
    W32Time
    WebClient
    winmgmt
    wscsvc
    wuauserv

    [b]Services - Stopped[/b]:

    Alerter
    AppMgmt
    avast!
    avast!
    Browser
    CiSvc
    ClipSrv
    COMSysApp
    dmadmin
    HidServ
    HTTPFilter
    ImapiService
    Messenger
    mnmsrvc
    MSDTC
    MSIServer
    NetDDE
    NetDDEdsdm
    Netlogon
    NtLmSsp
    NtmsSvc
    ose
    Pml
    RasAuto
    RDSessMgr
    RemoteAccess
    RpcLocator
    RSVP
    SCardSvr
    SwPrv
    SysmonLog
    TlntSvr
    upnphost
    UPS
    VSS
    WLSetupSvc
    WmdmPmSN
    Wmi
    WmiApSrv
    WudfSvc
    WZCSVC
    xmlprov

    [b]Files Created/Modified - 60 Days[/b]:

    C:\

    3 Mar 2008 19:33:26 230 ..SH. "C:\boot.ini"
    3 Mar 2008 19:32:08 523 A.... "C:\hpfr3420.xml"
    3 Mar 2008 19:32:08 37 728 A.... "C:\hpfr3425.log"
    6 Feb 2008 15:09:56 136 750 614 A.... "C:\My First Sex Teacher - Mrs. Lisa Ann.amv"
    15 Feb 2008 16:05:46 108 339 672 A.... "C:\My Friends Hot Mom - Jenaveve Jolie.amv"
    6 Feb 2008 15:21:24 100 141 826 A.... "C:\Naughty America - My First Sex Teacher - Mrs Lezley Zen.amv"
    6 Feb 2008 15:28:50 69 197 701 A.... "C:\NaughtyAmerica.com - My First Sex Teacher - Ms. Midori.amv"
    15 Feb 2008 16:11:54 51 935 019 A.... "C:\Naughty America Latin adultery - Fast Times at Naughty America University - Olivia40.amv"
    15 Feb 2008 16:43:38 9 020 839 A.... "C:\Naughty America--My Sister's Hot Friend - Raven Riley.amv"
    3 Mar 2008 19:34:16 704 643 072 A.SH. "C:\pagefile.sys"
    15 Feb 2008 16:47:36 11 326 177 A.... "C:\Raven Riley & Brooke Skye.amv"
    15 Feb 2008 16:48:16 21 620 343 A.... "C:\Raven Riley - White Bikini cumshot.amv"
    15 Feb 2008 16:44:08 8 836 163 A.... "C:\raven riley hot striptease.amv"
    15 Feb 2008 16:46:26 25 958 667 A.... "C:\Raven Riley Mini Skirt.amv"
    15 Feb 2008 16:46:54 10 223 291 A.... "C:\raven riley - super mover.amv"
    15 Feb 2008 16:47:10 5 163 694 A.... "C:\Raven Riley cumonass.amv"
    21 Feb 2008 19:51:04 244 A..H. "C:\sqmnoopt12.sqm"
    23 Feb 2008 8:54:58 244 A..H. "C:\sqmnoopt13.sqm"
    20 Feb 2008 11:27:46 244 A..H. "C:\sqmnoopt10.sqm"
    20 Feb 2008 19:59:16 244 A..H. "C:\sqmnoopt11.sqm"
    26 Feb 2008 10:13:34 244 A..H. "C:\sqmnoopt16.sqm"
    27 Feb 2008 13:34:28 244 A..H. "C:\sqmnoopt17.sqm"
    25 Feb 2008 13:44:58 244 A..H. "C:\sqmnoopt14.sqm"
    25 Feb 2008 17:55:26 244 A..H. "C:\sqmnoopt15.sqm"
    3 Mar 2008 18:12:56 244 A..H. "C:\sqmnoopt06.sqm"
    3 Mar 2008 18:45:48 244 A..H. "C:\sqmnoopt07.sqm"
    2 Mar 2008 20:55:30 244 A..H. "C:\sqmnoopt04.sqm"
    3 Mar 2008 11:16:56 244 A..H. "C:\sqmnoopt05.sqm"
    27 Feb 2008 16:27:00 244 A..H. "C:\sqmnoopt18.sqm"
    27 Feb 2008 16:30:22 244 A..H. "C:\sqmnoopt19.sqm"
    19 Feb 2008 15:29:48 244 A..H. "C:\sqmnoopt08.sqm"
    19 Feb 2008 20:04:32 244 A..H. "C:\sqmnoopt09.sqm"
    20 Feb 2008 11:27:46 268 A..H. "C:\sqmdata10.sqm"
    25 Feb 2008 13:44:58 268 A..H. "C:\sqmdata14.sqm"
    2 Mar 2008 20:55:30 232 A..H. "C:\sqmdata04.sqm"
    27 Feb 2008 16:27:00 268 A..H. "C:\sqmdata18.sqm"
    19 Feb 2008 15:29:48 268 A..H. "C:\sqmdata08.sqm"
    20 Feb 2008 19:59:16 268 A..H. "C:\sqmdata11.sqm"
    25 Feb 2008 17:55:26 268 A..H. "C:\sqmdata15.sqm"
    3 Mar 2008 11:16:56 268 A..H. "C:\sqmdata05.sqm"
    27 Feb 2008 16:30:22 268 A..H. "C:\sqmdata19.sqm"
    19 Feb 2008 20:04:32 268 A..H. "C:\sqmdata09.sqm"
    21 Feb 2008 19:51:04 268 A..H. "C:\sqmdata12.sqm"
    26 Feb 2008 10:13:34 268 A..H. "C:\sqmdata16.sqm"
    3 Mar 2008 18:12:56 232 A..H. "C:\sqmdata06.sqm"
    23 Feb 2008 8:54:58 268 A..H. "C:\sqmdata13.sqm"
    27 Feb 2008 13:34:28 268 A..H. "C:\sqmdata17.sqm"
    3 Mar 2008 18:45:48 232 A..H. "C:\sqmdata07.sqm"
    27 Feb 2008 16:47:52 268 A..H. "C:\sqmdata00.sqm"
    28 Feb 2008 19:46:36 268 A..H. "C:\sqmdata01.sqm"
    29 Feb 2008 18:44:28 268 A..H. "C:\sqmdata02.sqm"
    1 Mar 2008 9:09:32 268 A..H. "C:\sqmdata03.sqm"
    27 Feb 2008 16:47:52 244 A..H. "C:\sqmnoopt00.sqm"
    28 Feb 2008 19:46:36 244 A..H. "C:\sqmnoopt01.sqm"
    29 Feb 2008 18:44:28 244 A..H. "C:\sqmnoopt02.sqm"
    1 Mar 2008 9:09:32 244 A..H. "C:\sqmnoopt03.sqm"

    C:\WINDOWS\

    2 Mar 2008 16:51:58 3 120 A.... "C:\WINDOWS\118294.78"
    3 Mar 2008 19:34:18 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
    3 Mar 2008 19:44:14 37 376 A.... "C:\WINDOWS\mrofinu1423.exe"
    3 Mar 2008 19:29:52 1 593 A.... "C:\WINDOWS\msnfix.txt"
    27 Jan 2008 19:16:30 385 A.... "C:\WINDOWS\ODBC.INI"
    3 Mar 2008 19:28:00 32 548 ..... "C:\WINDOWS\SchedLgU.Txt"
    3 Mar 2008 19:33:26 227 A.... "C:\WINDOWS\system.ini"
    3 Mar 2008 19:34:40 159 ..... "C:\WINDOWS\wiadebug.log"
    3 Mar 2008 19:34:36 50 ..... "C:\WINDOWS\wiaservc.log"
    3 Mar 2008 19:33:26 718 A.... "C:\WINDOWS\win.ini"
    3 Mar 2008 19:35:48 1 267 539 ..... "C:\WINDOWS\WindowsUpdate.log"
    14 Feb 2008 20:16:04 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00001"
    14 Feb 2008 20:16:04 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00002"
    14 Feb 2008 20:16:04 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00003"
    14 Feb 2008 20:16:04 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00004"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00005"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00006"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00007"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00008"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00009"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00010"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00011"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00012"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00013"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00014"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00015"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00016"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00017"
    14 Feb 2008 20:16:06 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00018"
    14 Feb 2008 20:16:08 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00019"
    14 Feb 2008 20:16:08 12 288 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00020"
    14 Feb 2008 20:16:08 8 192 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00021"
    14 Feb 2008 20:16:08 90 112 A.... "C:\WINDOWS\$NtUninstallKB944533$\reg00022"
    29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00001"
    29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00002"
    29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00003"
    29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00004"
    29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00005"
    29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00006"
    29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00007"
    29 Jan 2008 12:42:42 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00008"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00009"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00010"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00011"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00012"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00013"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00014"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00015"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00016"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00017"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00018"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00019"
    29 Jan 2008 12:42:44 12 288 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00020"
    29 Jan 2008 12:42:44 8 192 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00021"
    29 Jan 2008 12:42:44 86 016 A.... "C:\WINDOWS\$NtUninstallKB942615$\reg00022"
    2 Mar 2008 20:12:32 45 056 A.... "C:\WINDOWS\BDOSCAN8\avxdisk.dll"
    2 Mar 2008 20:12:32 10 240 A.... "C:\WINDOWS\BDOSCAN8\avxs.dll"
    2 Mar 2008 20:12:32 27 136 A.... "C:\WINDOWS\BDOSCAN8\avxt.dll"
    2 Mar 2008 20:12:32 181 760 A.... "C:\WINDOWS\BDOSCAN8\bdcore.dll"
    2 Mar 2008 20:12:22 87 A.... "C:\WINDOWS\BDOSCAN8\bdoscan.ini"
    2 Mar 2008 20:43:36 1 694 A.... "C:\WINDOWS\BDOSCAN8\bdoscan.log"
    2 Mar 2008 20:12:32 77 824 A.... "C:\WINDOWS\BDOSCAN8\bdupd.dll.updpnd"
    2 Mar 2008 20:12:32 1 878 A.... "C:\WINDOWS\BDOSCAN8\boot.xmd"
    2 Mar 2008 20:12:32 142 848 A.... "C:\WINDOWS\BDOSCAN8\libfn.dll"
    2 Mar 2008 20:12:32 86 016 A.... "C:\WINDOWS\BDOSCAN8\librtvr.dll"
    13 Feb 2008 17:55:00 130 A.... "C:\WINDOWS\BDOSCAN8\live.ini"
    2 Mar 2008 20:13:28 14 999 A.... "C:\WINDOWS\BDOSCAN8\plugins.htm"
    2 Mar 2008 20:12:32 254 A.... "C:\WINDOWS\BDOSCAN8\rtvr2.html"
    2 Mar 2008 20:12:32 4 656 A.... "C:\WINDOWS\BDOSCAN8\rtvr.html"
    2 Mar 2008 20:12:32 195 A.... "C:\WINDOWS\BDOSCAN8\scanres2.html"
    2 Mar 2008 20:12:32 17 091 A.... "C:\WINDOWS\BDOSCAN8\scanres.html"
    2 Mar 2008 20:30:56 18 573 A.... "C:\WINDOWS\BDOSCAN8\scanrep.html"
    3 Mar 2008 19:34:18 0 ..... "C:\WINDOWS\Debug\PASSWD.LOG"
    13 Feb 2008 17:55:00 130 A.... "C:\WINDOWS\Downloaded Program Files\live.ini"
    2 Feb 2008 20:36:48 37 621 A.... "C:\WINDOWS\Help\plyr_err.chw"
    3 Mar 2008 11:10:24 13 586 A.... "C:\WINDOWS\Help\winmine.chw"
    27 Jan 2008 16:47:18 11 247 A.... "C:\WINDOWS\Help\wschelp.chw"
    17 Feb 2008 16:50:12 4 100 A.... "C:\WINDOWS\inf\branches.PNF"
    17 Feb 2008 16:50:12 1 379 224 A.... "C:\WINDOWS\inf\INFCACHE.1"
    6 Feb 2008 14:35:50 6 228 A.... "C:\WINDOWS\inf\oem1.PNF"
    18 Feb 2008 11:16:24 2 488 A.... "C:\WINDOWS\inf\oem2.inf"
    28 Feb 2008 13:12:56 7 720 A.... "C:\WINDOWS\inf\oem2.PNF"
    5 Jan 2008 12:05:20 11 124 A.... "C:\WINDOWS\inf\ptpusb.PNF"
    8 Jan 2008 20:54:20 718 ..... "C:\WINDOWS\pss\win.ini.backup"
    2 Mar 2008 16:51:58 3 120 A.... "C:\WINDOWS\system32\118290.54"
    27 Jan 2008 17:14:58 3 121 A.... "C:\WINDOWS\system32\CONFIG.NT"
    21 Feb 2008 3:04:04 682 496 A.... "C:\WINDOWS\system32\DivX.dll"
    21 Feb 2008 3:03:42 156 992 A.... "C:\WINDOWS\system32\DivXCodecVersionChecker.exe"
    21 Feb 2008 3:05:52 524 288 A.... "C:\WINDOWS\system32\DivXsm.exe"
    21 Feb 2008 3:05:52 4 816 A.... "C:\WINDOWS\system32\divxsm.tlb"
    21 Feb 2008 3:03:24 12 288 A.... "C:\WINDOWS\system32\DivXWMPExtType.dll"
    21 Feb 2008 3:04:04 823 296 A.... "C:\WINDOWS\system32\divx_xx0c.dll"
    21 Feb 2008 3:04:04 823 296 A.... "C:\WINDOWS\system32\divx_xx07.dll"
    21 Feb 2008 3:04:04 802 816 A.... "C:\WINDOWS\system32\divx_xx11.dll"
    21 Feb 2008 3:04:16 81 920 A.... "C:\WINDOWS\system32\dpl100.dll"
    21 Feb 2008 3:04:16 416 A.... "C:\WINDOWS\system32\dpl100.dll.manifest"
    21 Feb 2008 3:04:06 294 912 A.... "C:\WINDOWS\system32\dpu10.dll"
    21 Feb 2008 3:04:06 294 912 A.... "C:\WINDOWS\system32\dpu11.dll"
    21 Feb 2008 3:03:00 8 835 A.... "C:\WINDOWS\system32\dpufr.qm"
    21 Feb 2008 3:04:08 53 248 A.... "C:\WINDOWS\system32\dpuGUI10.dll"
    21 Feb 2008 3:04:08 593 920 A.... "C:\WINDOWS\system32\dpuGUI11.dll"
    21 Feb 2008 3:04:06 344 064 A.... "C:\WINDOWS\system32\dpus11.dll"
    21 Feb 2008 3:04:06 57 344 A.... "C:\WINDOWS\system32\dpv11.dll"
    21 Feb 2008 3:05:52 9 878 A.... "C:\WINDOWS\system32\dsm_fr.qm"
    21 Feb 2008 3:04:16 196 608 A.... "C:\WINDOWS\system32\dtu100.dll"
    21 Feb 2008 3:04:16 416 A.... "C:\WINDOWS\system32\dtu100.dll.manifest"
    21 Feb 2008 3:11:34 3 162 A.... "C:\WINDOWS\system32\dtu_fr.qm"
    3 Mar 2008 18:12:54 9 296 A.... "C:\WINDOWS\system32\jthrpo.exe"
    19 Feb 2008 21:06:58 5 532 A.... "C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log"
    21 Feb 2008 3:05:34 1 044 480 A.... "C:\WINDOWS\system32\libdivx.dll"
    5 Feb 2008 0:09:46 18 214 008 A.... "C:\WINDOWS\system32\MRT.exe"
    21 Feb 2008 3:03:58 630 784 A.... "C:\WINDOWS\system32\nsm33.tmp"
    2 Mar 2008 20:55:28 9 296 A.... "C:\WINDOWS\system32\oonisy.exe"
    21 Feb 2008 3:05:38 551 672 ..... "C:\WINDOWS\system32\px.dll"
    21 Feb 2008 3:05:38 129 784 ..... "C:\WINDOWS\system32\pxafs.dll"
    21 Feb 2008 3:05:38 66 296 ..... "C:\WINDOWS\system32\pxcpya64.exe"
    21 Feb 2008 3:05:38 120 056 ..... "C:\WINDOWS\system32\pxcpyi64.exe"
    21 Feb 2008 3:05:38 518 904 ..... "C:\WINDOWS\system32\pxdrv.dll"
    21 Feb 2008 3:05:40 72 440 ..... "C:\WINDOWS\system32\pxhpinst.exe"
    21 Feb 2008 3:05:38 64 760 ..... "C:\WINDOWS\system32\pxinsa64.exe"
    21 Feb 2008 3:05:38 118 520 ..... "C:\WINDOWS\system32\pxinsi64.exe"
    21 Feb 2008 3:05:40 187 128 ..... "C:\WINDOWS\system32\pxmas.dll"
    21 Feb 2008 3:05:38 1 628 920 ..... "C:\WINDOWS\system32\pxsfs.dll"
    21 Feb 2008 3:05:38 379 640 ..... "C:\WINDOWS\system32\pxwave.dll"
    21 Feb 2008 3:05:44 3 596 288 A.... "C:\WINDOWS\system32\qt-dx331.dll"
    3 Mar 2008 19:33:36 0 A.... "C:\WINDOWS\system32\real.txt"
    21 Feb 2008 3:05:34 200 704 A.... "C:\WINDOWS\system32\ssldivx.dll"
    29 Jan 2008 12:43:44 265 644 A.... "C:\WINDOWS\system32\TZLog.log"
    21 Feb 2008 3:05:38 88 824 ..... "C:\WINDOWS\system32\vxblock.dll"
    3 Mar 2008 19:35:08 2 206 A.... "C:\WINDOWS\system32\wpa.dbl"
    29 Feb 2008 15:40:04 284 A.... "C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    8 Feb 2008 22:22:04 394 A.... "C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1194816107.job"
    3 Mar 2008 19:34:24 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
    3 Mar 2008 20:07:20 0 A.... "C:\WINDOWS\Temp\scsA.tmp"
    14 Feb 2008 20:15:36 9 610 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.inf"
    14 Feb 2008 20:15:24 370 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.txt"
    14 Feb 2008 20:16:32 18 469 A.... "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.inf"
    14 Feb 2008 20:16:08 4 867 A.... "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.txt"
    29 Jan 2008 12:44:48 9 321 A.... "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.inf"
    29 Jan 2008 12:44:46 365 A.... "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.txt"
    29 Jan 2008 12:45:04 12 105 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.inf"
    29 Jan 2008 12:44:58 2 232 A.... "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.txt"
    29 Jan 2008 12:44:40 9 357 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.inf"
    29 Jan 2008 12:44:38 363 A.... "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.txt"
    14 Feb 2008 20:17:10 9 746 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.inf"
    14 Feb 2008 20:17:08 368 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.txt"
    29 Jan 2008 12:42:30 8 748 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.inf"
    29 Jan 2008 12:42:20 272 A.... "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.txt"
    29 Jan 2008 12:43:50 9 963 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.inf"
    29 Jan 2008 12:43:46 270 A.... "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.txt"
    29 Jan 2008 12:43:10 9 119 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.inf"
    29 Jan 2008 12:43:06 360 A.... "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.txt"
    29 Jan 2008 12:43:00 17 768 A.... "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.inf"
    29 Jan 2008 12:42:44 4 776 A.... "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.txt"
    29 Jan 2008 12:43:40 8 878 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.inf"
    29 Jan 2008 12:43:38 301 A.... "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.txt"
    29 Jan 2008 12:43:22 9 147 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.inf"
    29 Jan 2008 12:43:14 360 A.... "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.txt"
    30 Jan 2008 20:14:12 8 663 A.... "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.inf"
    30 Jan 2008 20:14:08 122 A.... "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.txt"
    2 Mar 2008 20:12:32 40 748 A.... "C:\WINDOWS\BDOSCAN8\plugins\7zip.xmd"
    2 Mar 2008 20:12:32 3 892 A.... "C:\WINDOWS\BDOSCAN8\plugins\access.xmd"
    2 Mar 2008 20:12:34 8 737 A.... "C:\WINDOWS\BDOSCAN8\plugins\ace.xmd"
    2 Mar 2008 20:12:34 3 399 A.... "C:\WINDOWS\BDOSCAN8\plugins\adsntfs.xmd"
    2 Mar 2008 20:12:34 19 174 A.... "C:\WINDOWS\BDOSCAN8\plugins\alz.xmd"
    2 Mar 2008 20:12:34 3 611 A.... "C:\WINDOWS\BDOSCAN8\plugins\arc.xmd"
    2 Mar 2008 20:12:34 6 284 A.... "C:\WINDOWS\BDOSCAN8\plugins\arj.xmd"
    2 Mar 2008 20:12:34 101 482 A.... "C:\WINDOWS\BDOSCAN8\plugins\aspy_emu.cvd"
    2 Mar 2008 20:12:34 6 712 A.... "C:\WINDOWS\BDOSCAN8\plugins\bach.xmd"
    2 Mar 2008 20:12:32 1 878 A.... "C:\WINDOWS\BDOSCAN8\plugins\boot.xmd"
    2 Mar 2008 20:12:34 19 355 A.... "C:\WINDOWS\BDOSCAN8\plugins\bzip2.xmd"
    2 Mar 2008 20:12:34 14 362 A.... "C:\WINDOWS\BDOSCAN8\plugins\cab.xmd"
    2 Mar 2008 20:12:34 358 723 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.cvd"
    2 Mar 2008 20:12:34 99 252 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.ivd"
    2 Mar 2008 20:12:36 396 480 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.rvd"
    2 Mar 2008 20:12:36 183 666 A.... "C:\WINDOWS\BDOSCAN8\plugins\cevakrnl.xmd"
    2 Mar 2008 20:12:36 119 029 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_dll.cvd"
    2 Mar 2008 20:12:36 111 548 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_emu.cvd"
    2 Mar 2008 20:12:38 297 530 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.cvd"
    2 Mar 2008 20:12:38 410 A.... "C:\WINDOWS\BDOSCAN8\plugins\ceva_vfs.ivd"
    2 Mar 2008 20:12:38 13 189 A.... "C:\WINDOWS\BDOSCAN8\plugins\chm.xmd"
    2 Mar 2008 20:12:38 6 626 A.... "C:\WINDOWS\BDOSCAN8\plugins\cookie.cvd"
    2 Mar 2008 20:12:38 2 158 A.... "C:\WINDOWS\BDOSCAN8\plugins\cookie.xmd"
    2 Mar 2008 20:12:38 3 489 A.... "C:\WINDOWS\BDOSCAN8\plugins\cpio.xmd"
    2 Mar 2008 20:12:38 295 343 A.... "C:\WINDOWS\BDOSCAN8\plugins\cran.cvd"
    2 Mar 2008 20:12:38 86 016 A.... "C:\WINDOWS\BDOSCAN8\plugins\cran.ivd"
    2 Mar 2008 20:12:40 6 060 A.... "C:\WINDOWS\BDOSCAN8\plugins\cran.xmd"
    2 Mar 2008 20:12:40 1 346 A.... "C:\WINDOWS\BDOSCAN8\plugins\dbx.xmd"
    2 Mar 2008 20:12:40 10 871 A.... "C:\WINDOWS\BDOSCAN8\plugins\docfile.xmd"
    2 Mar 2008 20:12:40 34 225 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.001"
    2 Mar 2008 20:12:40 35 147 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.002"
    2 Mar 2008 20:12:40 33 945 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.003"
    2 Mar 2008 20:12:40 33 915 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.004"
    2 Mar 2008 20:12:40 30 065 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.005"
    2 Mar 2008 20:12:40 32 614 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.006"
    2 Mar 2008 20:12:40 30 115 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.007"
    2 Mar 2008 20:12:40 30 026 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.008"
    2 Mar 2008 20:12:40 30 093 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.009"
    2 Mar 2008 20:12:40 30 299 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.010"
    2 Mar 2008 20:12:40 30 482 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.011"
    2 Mar 2008 20:12:40 30 341 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.012"
    2 Mar 2008 20:12:40 12 381 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.013"
    2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.014"
    2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.015"
    2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.016"
    2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.017"
    2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.018"
    2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.019"
    2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.020"
    2 Mar 2008 20:12:40 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.021"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.022"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.023"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.024"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.025"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.026"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.027"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.028"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.029"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.030"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.031"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.032"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.033"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.034"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.035"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.036"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.037"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.038"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.039"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.040"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.041"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.042"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.043"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.044"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.045"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.046"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.047"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.048"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.049"
    2 Mar 2008 20:12:42 73 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.050"
    2 Mar 2008 20:12:56 6 500 383 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.cvd"
    2 Mar 2008 20:12:58 30 153 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i01"
    2 Mar 2008 20:12:58 34 745 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i02"
    2 Mar 2008 20:12:58 25 792 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i03"
    2 Mar 2008 20:12:58 26 845 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i04"
    2 Mar 2008 20:12:58 26 331 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i05"
    2 Mar 2008 20:12:58 31 133 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i06"
    2 Mar 2008 20:12:58 33 430 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i07"
    2 Mar 2008 20:12:58 31 219 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i08"
    2 Mar 2008 20:12:58 26 323 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i09"
    2 Mar 2008 20:12:58 34 476 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i10"
    2 Mar 2008 20:12:58 32 074 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i11"
    2 Mar 2008 20:12:58 32 454 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i12"
    2 Mar 2008 20:12:58 30 114 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i13"
    2 Mar 2008 20:12:58 29 089 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i14"
    2 Mar 2008 20:12:58 30 630 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i15"
    2 Mar 2008 20:12:58 28 175 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i16"
    2 Mar 2008 20:12:58 31 458 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i17"
    2 Mar 2008 20:13:00 27 984 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i18"
    2 Mar 2008 20:13:00 31 448 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i19"
    2 Mar 2008 20:13:00 31 341 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i20"
    2 Mar 2008 20:13:00 30 627 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i21"
    2 Mar 2008 20:13:00 34 776 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i22"
    2 Mar 2008 20:13:00 30 106 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i23"
    2 Mar 2008 20:13:00 30 949 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i24"
    2 Mar 2008 20:13:00 26 371 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i25"
    2 Mar 2008 20:13:00 28 079 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i26"
    2 Mar 2008 20:13:00 29 149 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i27"
    2 Mar 2008 20:13:00 32 521 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i28"
    2 Mar 2008 20:13:00 30 267 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i29"
    2 Mar 2008 20:13:00 25 865 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i30"
    2 Mar 2008 20:13:00 27 564 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i31"
    2 Mar 2008 20:13:00 29 338 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i32"
    2 Mar 2008 20:13:00 30 171 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i33"
    2 Mar 2008 20:13:00 30 101 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i34"
    2 Mar 2008 20:13:02 32 677 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i35"
    2 Mar 2008 20:13:02 33 657 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i36"
    2 Mar 2008 20:13:02 31 020 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i37"
    2 Mar 2008 20:13:02 30 698 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i38"
    2 Mar 2008 20:13:02 31 845 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i39"
    2 Mar 2008 20:13:02 30 380 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i40"
    2 Mar 2008 20:13:02 29 376 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i41"
    2 Mar 2008 20:13:02 32 985 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i42"
    2 Mar 2008 20:13:02 29 376 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i43"
    2 Mar 2008 20:13:02 30 291 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i44"
    2 Mar 2008 20:13:02 29 463 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i45"
    2 Mar 2008 20:13:02 27 444 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i46"
    2 Mar 2008 20:13:02 32 667 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i47"
    2 Mar 2008 20:13:02 31 295 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i48"
    2 Mar 2008 20:13:02 27 643 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i49"
    2 Mar 2008 20:13:02 26 649 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i50"
    2 Mar 2008 20:13:02 30 905 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i51"
    2 Mar 2008 20:13:04 28 838 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i52"
    2 Mar 2008 20:13:04 29 055 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i53"
    2 Mar 2008 20:13:04 21 693 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i54"
    2 Mar 2008 20:13:04 29 624 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i55"
    2 Mar 2008 20:13:04 26 251 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i56"
    2 Mar 2008 20:13:04 30 238 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i57"
    2 Mar 2008 20:13:04 32 989 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i58"
    2 Mar 2008 20:13:04 29 765 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i59"
    2 Mar 2008 20:13:04 29 298 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i60"
    2 Mar 2008 20:13:04 25 936 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i61"
    2 Mar 2008 20:13:04 31 044 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i62"
    2 Mar 2008 20:13:04 25 913 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i63"
    2 Mar 2008 20:13:04 26 004 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i64"
    2 Mar 2008 20:13:04 27 911 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i65"
    2 Mar 2008 20:13:04 30 220 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i66"
    2 Mar 2008 20:13:04 33 240 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i67"
    2 Mar 2008 20:13:04 34 862 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i68"
    2 Mar 2008 20:13:04 32 957 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i69"
    2 Mar 2008 20:13:06 32 552 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i70"
    2 Mar 2008 20:13:06 29 076 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i71"
    2 Mar 2008 20:13:06 32 504 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i72"
    2 Mar 2008 20:13:06 30 678 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i73"
    2 Mar 2008 20:13:06 32 067 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i74"
    2 Mar 2008 20:13:06 33 326 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i75"
    2 Mar 2008 20:13:06 33 635 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i76"
    2 Mar 2008 20:13:06 34 202 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i77"
    2 Mar 2008 20:13:06 36 009 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i78"
    2 Mar 2008 20:13:06 34 840 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i79"
    2 Mar 2008 20:13:06 31 465 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i80"
    2 Mar 2008 20:13:06 32 997 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i81"
    2 Mar 2008 20:13:06 31 546 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i82"
    2 Mar 2008 20:13:06 34 072 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i83"
    2 Mar 2008 20:13:06 30 433 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i84"
    2 Mar 2008 20:13:06 31 381 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i85"
    2 Mar 2008 20:13:08 32 983 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i86"
    2 Mar 2008 20:13:08 30 159 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i87"
    2 Mar 2008 20:13:08 33 341 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i88"
    2 Mar 2008 20:13:08 32 228 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i89"
    2 Mar 2008 20:13:08 29 859 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i90"
    2 Mar 2008 20:13:08 30 116 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i91"
    2 Mar 2008 20:13:08 33 050 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i92"
    2 Mar 2008 20:13:08 30 320 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i93"
    2 Mar 2008 20:13:08 33 050 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i94"
    2 Mar 2008 20:13:08 32 324 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i95"
    2 Mar 2008 20:13:08 31 914 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i96"
    2 Mar 2008 20:13:08 34 915 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i97"
    2 Mar 2008 20:13:10 34 586 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i98"
    2 Mar 2008 20:13:10 30 800 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.i99"
    2 Mar 2008 20:13:10 29 004 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.ivd"
    2 Mar 2008 20:13:10 5 001 A.... "C:\WINDOWS\BDOSCAN8\plugins\emalware.xmd"
    2 Mar 2008 20:13:10 2 806 A.... "C:\WINDOWS\BDOSCAN8\plugins\epoc.xmd"
    2 Mar 2008 20:13:10 301 831 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.cvd"
    2 Mar 2008 20:13:10 59 319 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i01"
    2 Mar 2008 20:13:10 57 208 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i02"
    2 Mar 2008 20:13:10 51 260 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i03"
    2 Mar 2008 20:13:12 50 574 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i04"
    2 Mar 2008 20:13:12 55 570 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i05"
    2 Mar 2008 20:13:12 55 887 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i06"
    2 Mar 2008 20:13:12 49 628 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i07"
    2 Mar 2008 20:13:12 34 680 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i08"
    2 Mar 2008 20:13:12 26 888 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i09"
    2 Mar 2008 20:13:12 31 601 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i10"
    2 Mar 2008 20:13:12 31 453 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i11"
    2 Mar 2008 20:13:12 31 589 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i12"
    2 Mar 2008 20:13:12 29 124 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i13"
    2 Mar 2008 20:13:12 20 322 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i14"
    2 Mar 2008 20:13:12 32 737 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i15"
    2 Mar 2008 20:13:12 22 098 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i16"
    2 Mar 2008 20:13:12 29 879 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i17"
    2 Mar 2008 20:13:12 5 284 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i18"
    2 Mar 2008 20:13:12 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i19"
    2 Mar 2008 20:13:12 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i20"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i21"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i22"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i23"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i24"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i25"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i26"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i27"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i28"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i29"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i30"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i31"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i32"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i33"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i34"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i35"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i36"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i37"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i38"
    2 Mar 2008 20:13:14 62 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.i39"
    2 Mar 2008 20:13:14 58 430 A.... "C:\WINDOWS\BDOSCAN8\plugins\e_spyw.ivd"
    2 Mar 2008 20:13:14 122 676 A.... "C:\WINDOWS\BDOSCAN8\plugins\gvmscripts.cvd"
    2 Mar 2008 20:13:14 3 842 A.... "C:\WINDOWS\BDOSCAN8\plugins\gzip.xmd"
    2 Mar 2008 20:13:14 8 201 A.... "C:\WINDOWS\BDOSCAN8\plugins\ha.xmd"
    2 Mar 2008 20:13:14 3 534 A.... "C:\WINDOWS\BDOSCAN8\plugins\hlp.xmd"
    2 Mar 2008 20:13:14 4 669 A.... "C:\WINDOWS\BDOSCAN8\plugins\hpe.cvd"
    2 Mar 2008 20:13:14 2 537 A.... "C:\WINDOWS\BDOSCAN8\plugins\hpe.xmd"
    2 Mar 2008 20:13:14 1 712 A.... "C:\WINDOWS\BDOSCAN8\plugins\hqx.xmd"
    2 Mar 2008 20:13:14 18 951 A.... "C:\WINDOWS\BDOSCAN8\plugins\html.xmd"
    2 Mar 2008 20:13:14 7 622 A.... "C:\WINDOWS\BDOSCAN8\plugins\imp.xmd"
    2 Mar 2008 20:13:14 1 173 A.... "C:\WINDOWS\BDOSCAN8\plugins\inno.xmd"
    2 Mar 2008 20:13:14 21 368 A.... "C:\WINDOWS\BDOSCAN8\plugins\instyler.xmd"
    2 Mar 2008 20:13:16 37 426 A.... "C:\WINDOWS\BDOSCAN8\plugins\iso.xmd"
    2 Mar 2008 20:13:16 3 305 A.... "C:\WINDOWS\BDOSCAN8\plugins\java.cvd"
    2 Mar 2008 20:13:16 8 501 A.... "C:\WINDOWS\BDOSCAN8\plugins\java.xmd"
    2 Mar 2008 20:13:16 4 795 A.... "C:\WINDOWS\BDOSCAN8\plugins\jpeg.xmd"
    2 Mar 2008 20:13:16 9 492 A.... "C:\WINDOWS\BDOSCAN8\plugins\lha.xmd"
    2 Mar 2008 20:13:16 930 A.... "C:\WINDOWS\BDOSCAN8\plugins\lnk.xmd"
    2 Mar 2008 20:13:16 2 150 A.... "C:\WINDOWS\BDOSCAN8\plugins\mbox.xmd"
    2 Mar 2008 20:13:16 791 A.... "C:\WINDOWS\BDOSCAN8\plugins\mbx.xmd"
    2 Mar 2008 20:13:16 45 983 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx.xmd"
    2 Mar 2008 20:13:16 344 892 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_97.cvd"
    2 Mar 2008 20:13:16 172 433 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_97.ivd"
    2 Mar 2008 20:13:18 59 489 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_w95.cvd"
    2 Mar 2008 20:13:18 9 651 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_x95.cvd"
    2 Mar 2008 20:13:18 1 948 A.... "C:\WINDOWS\BDOSCAN8\plugins\mdx_xf.cvd"
    2 Mar 2008 20:13:18 6 996 A.... "C:\WINDOWS\BDOSCAN8\plugins\mime.xmd"
    2 Mar 2008 20:13:18 5 672 A.... "C:\WINDOWS\BDOSCAN8\plugins\mobmalware.cvd"
    2 Mar 2008 20:13:18 6 864 A.... "C:\WINDOWS\BDOSCAN8\plugins\mobmalware.xmd"
    2 Mar 2008 20:13:18 2 082 A.... "C:\WINDOWS\BDOSCAN8\plugins\mso.xmd"
    2 Mar 2008 20:13:18 205 A.... "C:\WINDOWS\BDOSCAN8\plugins\na.cvd"
    2 Mar 2008 20:13:18 12 596 A.... "C:\WINDOWS\BDOSCAN8\plugins\na.xmd"
    2 Mar 2008 20:13:18 18 255 A.... "C:\WINDOWS\BDOSCAN8\plugins\nelf.cvd"
    2 Mar 2008 20:13:18 3 036 A.... "C:\WINDOWS\BDOSCAN8\plugins\nelf.xmd"
    2 Mar 2008 20:13:18 14 390 A.... "C:\WINDOWS\BDOSCAN8\plugins\nsis.xmd"
    2 Mar 2008 20:13:18 1 062 A.... "C:\WINDOWS\BDOSCAN8\plugins\objd.xmd"
    2 Mar 2008 20:13:18 12 755 A.... "C:\WINDOWS\BDOSCAN8\plugins\pdf.xmd"
    2 Mar 2008 20:13:18 4 278 A.... "C:\WINDOWS\BDOSCAN8\plugins\proc.xmd"
    2 Mar 2008 20:13:18 6 155 A.... "C:\WINDOWS\BDOSCAN8\plugins\pst.xmd"
    2 Mar 2008 20:13:18 44 859 A.... "C:\WINDOWS\BDOSCAN8\plugins\rar.xmd"
    2 Mar 2008 20:13:18 203 A.... "C:\WINDOWS\BDOSCAN8\plugins\regarch.cvd"
    2 Mar 2008 20:13:18 13 700 A.... "C:\WINDOWS\BDOSCAN8\plugins\regarch.xmd"
    2 Mar 2008 20:13:18 15 292 A.... "C:\WINDOWS\BDOSCAN8\plugins\regscan.cvd"
    2 Mar 2008 20:13:18 406 A.... "C:\WINDOWS\BDOSCAN8\plugins\regscan.xmd"
    2 Mar 2008 20:13:18 1 187 A.... "C:\WINDOWS\BDOSCAN8\plugins\rpm.xmd"
    2 Mar 2008 20:13:18 2 515 A.... "C:\WINDOWS\BDOSCAN8\plugins\rtf.xmd"
    2 Mar 2008 20:13:18 1 904 A.... "C:\WINDOWS\BDOSCAN8\plugins\rup.cvd"
    2 Mar 2008 20:13:18 1 891 A.... "C:\WINDOWS\BDOSCAN8\plugins\rup.xmd"
    2 Mar 2008 20:13:20 191 100 A.... "C:\WINDOWS\BDOSCAN8\plugins\sdx.cvd"
    2 Mar 2008 20:13:20 83 489 A.... "C:\WINDOWS\BDOSCAN8\plugins\sdx.ivd"
    2 Mar 2008 20:13:20 10 277 A.... "C:\WINDOWS\BDOSCAN8\plugins\sdx.xmd"
    2 Mar 2008 20:13:20 13 163 A.... "C:\WINDOWS\BDOSCAN8\plugins\sfx.xmd"
    2 Mar 2008 20:13:20 10 540 A.... "C:\WINDOWS\BDOSCAN8\plugins\swf.xmd"
    2 Mar 2008 20:13:20 3 998 A.... "C:\WINDOWS\BDOSCAN8\plugins\tar.xmd"
    2 Mar 2008 20:13:20 2 863 A.... "C:\WINDOWS\BDOSCAN8\plugins\td0.xmd"
    2 Mar 2008 20:13:20 1 102 A.... "C:\WINDOWS\BDOSCAN8\plugins\thebat.xmd"
    2 Mar 2008 20:13:20 846 A.... "C:\WINDOWS\BDOSCAN8\plugins\tnef.xmd"
    2 Mar 2008 20:13:20 193 418 A.... "C:\WINDOWS\BDOSCAN8\plugins\unpack.cvd"
    2 Mar 2008 20:13:20 151 978 A.... "C:\WINDOWS\BDOSCAN8\plugins\unpack.ivd"
    2 Mar 2008 20:13:22 45 669 A.... "C:\WINDOWS\BDOSCAN8\plugins\unpack.xmd"
    2 Mar 2008 20:13:22 110 A.... "C:\WINDOWS\BDOSCAN8\plugins\update.txt"
    2 Mar 2008 20:13:22 1 988 A.... "C:\WINDOWS\BDOSCAN8\plugins\uudecode.xmd"
    2 Mar 2008 20:13:22 49 435 A.... "C:\WINDOWS\BDOSCAN8\plugins\ve.cvd"
    2 Mar 2008 20:13:22 48 A.... "C:\WINDOWS\BDOSCAN8\plugins\ve.ivd"
    2 Mar 2008 20:13:22 79 803 A.... "C:\WINDOWS\BDOSCAN8\plugins\ve.xmd"
    2 Mar 2008 20:13:22 688 A.... "C:\WINDOWS\BDOSCAN8\plugins\vedata.cvd"
    2 Mar 2008 20:13:22 13 015 A.... "C:\WINDOWS\BDOSCAN8\plugins\viza.xmd"
    2 Mar 2008 20:13:22 3 797 A.... "C:\WINDOWS\BDOSCAN8\plugins\wise.xmd"
    2 Mar 2008 20:13:22 1 559 A.... "C:\WINDOWS\BDOSCAN8\plugins\xcookies.xmd"
    2 Mar 2008 20:13:22 1 247 A.... "C:\WINDOWS\BDOSCAN8\plugins\xishield.xmd"
    2 Mar 2008 20:13:22 1 604 A.... "C:\WINDOWS\BDOSCAN8\plugins\z.xmd"
    2 Mar 2008 20:13:22 18 937 A.... "C:\WINDOWS\BDOSCAN8\plugins\zip.xmd"
    2 Mar 2008 20:13:22 3 667 A.... "C:\WINDOWS\BDOSCAN8\plugins\zoo.xmd"
    31 Jan 2008 12:38:08 6 129 A.... "C:\WINDOWS\Downloaded Installations\{C73AF9F8-52A6-40B2-B7BB-A73C87F6A51D}\0x0409.ini"
    31 Jan 2008 12:38:08 1 940 A.... "C:\WINDOWS\Downloaded Installations\{C73AF9F8-52A6-40B2-B7BB-A73C87F6A51D}\Setup.INI"
    31 Jan 2008 12:38:08 128 625 A.... "C:\WINDOWS\Downloaded Installations\{C73AF9F8-52A6-40B2-B7BB-A73C87F6A51D}\setup.isn"
    31 Jan 2008 12:38:14 14 294 016 A.... "C:\WINDOWS\Downloaded Installations\{C73AF9F8-52A6-40B2-B7BB-A73C87F6A51D}\veoh.msi"
    21 Feb 2008 3:05:38 9 336 ..... "C:\WINDOWS\system32\drivers\cdr4_xp.sys"
    21 Feb 2008 3:05:40 9 464 ..... "C:\WINDOWS\system32\drivers\cdralw2k.sys"
    21 Feb 2008 3:05:38 43 528 ..... "C:\WINDOWS\system32\drivers\PxHelp20.sys"
    18 Feb 2008 11:16:26 12 090 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT"
    2 Mar 2008 20:12:18 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
    18 Feb 2008 11:16:26 12 090 A.... "C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\USBAAPL.CAT"
    18 Feb 2008 11:16:24 2 488 A.... "C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.inf"
    18 Feb 2008 11:16:24 30 464 A.... "C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys"
    27 Jan 2008 16:18:10 2 622 A.... "C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log"

    C:\Program Files\

    20 Feb 2008 15:15:26 816 368 A.... "C:\Program Files\CCleaner\CCleaner.exe"
    20 Feb 2008 12:47:04 23 552 A.... "C:\Program Files\CCleaner\lang-1036.dll"
    3 Mar 2008 19:18:36 111 313 A.... "C:\Program Files\CCleaner\uninst.exe"
    2 Mar 2008 19:59:56 122 054 A.... "C:\Program Files\DivX\DivXBundleUninstall.exe"
    2 Mar 2008 19:59:34 122 054 A.... "C:\Program Files\DivX\DivXCodecUninstall.exe"
    2 Mar 2008 19:59:40 122 054 A.... "C:\Program Files\DivX\DivXConverterUninstall.exe"
    2 Mar 2008 19:59:56 122 054 A.... "C:\Program Files\DivX\DivXContentUploaderUninstall.exe"
    2 Mar 2008 19:59:52 122 054 A.... "C:\Program Files\DivX\DivXPlayerUninstall.exe"
    2 Mar 2008 19:59:54 122 054 A.... "C:\Program Files\DivX\DivXWebPlayerUninstall.exe"
    20 Feb 2008 13:29:52 123 009 A.... "C:\Program Files\LimeWire\uninstall.exe"
    21 Feb 2008 3:03:24 69 632 A.... "C:\Program Files\DivX\DivX Codec\config.exe"
    21 Feb 2008 3:04:48 341 504 A.... "C:\Program Files\DivX\DivX Codec\DivX EKG.exe"
    21 Feb 2008 3:04:48 270 336 A.... "C:\Program Files\DivX\DivX Codec\DivXDRA1031.dll"
    21 Feb 2008 3:04:48 262 144 A.... "C:\Program Files\DivX\DivX Codec\DivXDRA1033.dll"
    21 Feb 2008 3:04:48 270 336 A.... "C:\Program Files\DivX\DivX Codec\DivXDRA1036.dll"
    21 Feb 2008 3:04:48 237 568 A.... "C:\Program Files\DivX\DivX Codec\DivXDRA1041.dll"
    21 Feb 2008 3:03:50 1 355 776 A.... "C:\Program Files\DivX\DivX Converter\Converter.exe"
    21 Feb 2008 3:03:50 61 440 A.... "C:\Program Files\DivX\DivX Converter\dpil100.dll"
    21 Feb 2008 3:03:50 892 928 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1031.dll"
    21 Feb 2008 3:03:50 884 736 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1041.dll"
    21 Feb 2008 3:03:50 892 928 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1036.dll"
    21 Feb 2008 3:03:50 892 928 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1034.dll"
    21 Feb 2008 3:03:50 888 832 A.... "C:\Program Files\DivX\DivX Converter\DSConverter1033.dll"
    21 Feb 2008 3:03:50 278 528 A.... "C:\Program Files\DivX\DivX Converter\dvd2divxsub.dll"
    21 Feb 2008 3:03:50 895 488 A.... "C:\Program Files\DivX\DivX Converter\libxml2.dll"
    21 Feb 2008 3:03:50 122 880 A.... "C:\Program Files\DivX\DivX Converter\xdclm.dll"
    21 Feb 2008 3:03:50 880 640 A.... "C:\Program Files\DivX\DivX Converter\xdsbp.dll"
    21 Feb 2008 3:03:50 479 232 A.... "C:\Program Files\DivX\DivX Converter\xdsbv.dll"
    21 Feb 2008 3:03:44 1 933 312 A.... "C:\Program Files\DivX\DivX Content Uploader\ContentUploadCheck.dll"
    21 Feb 2008 3:03:44 845 824 A.... "C:\Program Files\DivX\DivX Content Uploader\libxml2.dll"
    21 Feb 2008 3:03:44 1 359 872 A.... "C:\Program Files\DivX\DivX Content Uploader\npUpload.dll"
    21 Feb 2008 3:04:30 348 160 A.... "C:\Program Files\DivX\DivX Player\DCManager.dll"
    21 Feb 2008 3:04:32 1 585 664 A.... "C:\Program Files\DivX\DivX Player\DivX Player.exe"
    21 Feb 2008 3:04:52 845 824 A.... "C:\Program Files\DivX\DivX Player\libxml2.dll"
    21 Feb 2008 3:04:32 98 304 A.... "C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll"
    21 Feb 2008 3:04:30 1 826 816 A.... "C:\Program Files\DivX\DivX Player\PlaybackModule2.dll"
    21 Feb 2008 3:05:40 207 608 A.... "C:\Program Files\DivX\DivX Player\primosdk.dll"
    21 Feb 2008 3:04:00 1 335 600 A.... "C:\Program Files\DivX\DivX Web Player\npdivx32.dll"
    3 Mar 2008 18:19:36 18 725 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\heuristic.dat"
    3 Mar 2008 18:17:40 475 893 A.... "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe"
    2 Mar 2008 16
    0
  4. jonkob Messages postés 37 Statut Membre
     
    ET Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:10:13, on 03/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTTrayp.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\17PHolmes1423.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTTrayp.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Re,

    Non les rapports doivent être fait en mode sans échec stp...

    A+
    0
  7. jonkob Messages postés 37 Statut Membre
     
    [b]SDFix: Version 1.151 [/b]

    Run by devress on 03/03/2008 at 20:50

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\devress\Bureau\NOUVEA~1\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe - Deleted
    C:\WINDOWS\system32\real.txt - Deleted
    0
  8. jonkob Messages postés 37 Statut Membre
     
    MSNFix 1.673

    C:\Documents and Settings\devress\Bureau\MSNFix\MSNFix
    Fix exécuté le 03/03/2008 - 20:19:45,67 By devress
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\WINDOWS\system32\real.txt
    ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
    ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
    ... C:\Documents and Settings\devress\??????.exe
    ... C:\Documents and Settings\devress\????????.exe
    ... C:\WINDOWS\mrofinu*.exe

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\real.txt
    /!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
    /!\ ... C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe
    .. OK ... C:\Documents and Settings\devress\??????.exe
    .. OK ... C:\Documents and Settings\devress\????????.exe
    .. OK ... C:\WINDOWS\mrofinu*.exe

    ************************ Nettoyage du registre

    Les fichiers encore présents seront supprimés au prochain redémarrage

    Aucun Fichier trouvé

    ************************ Fichiers suspects

    Aucun Fichier trouvé

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 03032008_20574295.zip

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------
    0
  9. Utilisateur anonyme
     
    Ok,

    très bien
    mais le rapport SDFix n'est pas complet...reposte le....

    oublie pas les autres stp.

    Bon courage,

    A+
    0
  10. jonkob Messages postés 37 Statut Membre
     
    [b]SDFix: Version 1.151 [/b]

    Run by devress on 03/03/2008 at 20:50

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\devress\Bureau\NOUVEA~1\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe - Deleted
    C:\WINDOWS\system32\real.txt - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-03 20:58:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe:*:Enabled:pes6.exe"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
    "C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\DOCUME~1\\devress\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\devress\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\devress\Bureau\NOUVEA~1\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Sat 1 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 13 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Tue 6 Nov 2007 12,411,017 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\83c13c563430e75d4f8d51aea23aeb03\BIT7B.tmp"
    Tue 6 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT1.tmp"

    [b]Finished![/b]
    0
  11. jonkob Messages postés 37 Statut Membre
     
    Ya quelque chose qui peut nous laisser croire que les virus sont effacer ??
    0
  12. Utilisateur anonyme
     
    Bonsoir,

    Et bin il me manque les autres : AVG et Clean...

    ensuite : la suite...

    Merci de ne pas oublier de les poster.

    A+
    0
  13. jonkob Messages postés 37 Statut Membre
     
    J'arrive pas a obtenir les rapports d'AVG et CClean
    0
  14. Utilisateur anonyme
     
    Bonjour,
    Oui, il y a eu du ménage de fait.....mais il en reste.....encore....

    > Le rapport clean se trouve ici : C:\rapport_clean.txt poste le stp.

    > Pour la rapport AVG tant pis...es tu bien sûr de tout avoir nettoyé ? Sinon refais le stp. et essaye de poster un rapport stp.

    > Installe IE7 stp : https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    > Désinstalle pacific poker stp => source d'infections...

    > Rends toi ensuite sur ce site virustotal et fais analyser les fichiers suivant stp :
    (Si problème : http://pageperso.aol.fr/loraline60/virus_total.htm )

    C:\WINDOWS\17PHolmes1423.exe
    C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe

    et poste le résultat par copier/coller stp. Je pense qu'on va avoir une belle surprise....

    Si tu n'arrives pas ouvrir le fichier por l'analyse Virus Total :
    > Assure toi d'avoir accès aux fichiers cachés :
    Menu démarrer => apparence et thèmes => options des dossiers => affichage
    "Afficher les fichiers cachés" => coché
    Puis refais les scans virus total que tu n'as pas pu faire.....

    > Lance Hijackthis :
    - Puis sélectionne < Scan >
    - Coche les cases des lignes suivantes :

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\devress\LOCALS~1\Temp\services.exe

    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257

    O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe

    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_9.cab

    Ensuite,
    - Ferme toutes les autres fenêtres et applications (même internet)
    - Clic sur < fixe checked >

    > Télécharge OTMoveIT (de Old_Timer) : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe sur ton bureau...
    - Double-clique sur OTMoveIt.exe pour le lancer.
    - Assure toi que la case "Unregister Dll's and Ocx's" est bien cochée !!!
    - Copie le texte qui se trouve ci-dessous et colle-le dans le cadre de gauche de OTMoveIt nommé <Paste standard List of Files/Folders to be moved>.

    C:\WINDOWS\mrofinu1423.exe
    C:\PROGRA~1\PACIFI~1\pacificpoker.exe

    - Clique sur < MoveIt! > pour lancer la suppression.
    - Lorsqu'un résultat apparaît dans le cadre Results clique sur Exit
    N.B :Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
    Un rapport est créé dans %SYSTEMDRIVE%\_OTMoveIt\MovedFiles\date du jour, copie-colle-le dans ta réponse suivante stp.

    > Passe un coup de Ccleaner en mode sans échec stp

    > Relance ton PC en mode normal puis Hijackthis :
    Puis sélectionne < do a system scan and save a logfile >,

    Et envoie, par collier/coller, ton log Hijackthis stp,

    > Peux tu refaire un MSNfix stp..... ? Merci de poster aussi le rapport.

    > Utilises tu ce service ? http://www.files-ftp.com/~unicorni/phpBB2/index.php (serveur ftp ?)
    Car : O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
    <=> usurpation possible.....

    Bon courage,
    C'est pas tout à fait terminé...

    A+
    0