Virus Srosa.Sys Bagle Gen Win 32

Question

Bonjour, je suis infecté par le Virus Bagen Win 32 (vista recherche de solution aux problème due a un Bsod).
HijackThis : fonctionne pas
Eglibagla: ne supprime rien mais indique la présence d'un  Srosa.sys et de hldrrr.exe
Norton : fonctionne pas
Avast : fonctionne pas
Combo Fix: où est le rapport svp ?
Gmer : trouve Srosa (HIDDEN), mais impossible de désactiver ou de supprimer le service.


Merci de vos prochaines réponses

jlpjlp · Accepted Answer

slt
a tous
pour voir:



* Téléchargez ELIBAGLA en bas de cette page http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Clique sur le bouton Descargar Elibagla cela va télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\
* Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse 
(colle le rapport)

________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Leahkim · Answer

poste ton rapport hijackthis

maxouxd · Answer

Ne fonctionne pas , meme en le renommant !! voici mon Combo Fix : 



ComboFix 08-08-16.01 - SYSTEM 2008-08-18 10:23:10.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1679 [GMT 2:00]
Endroit: C:\Users\Max\Desktop\Tralala.exe
 * Resident AV is active

.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Users\Enzo\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Users\Max\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@bluestreak[1].txt
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@edt02[2].txt
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Cookies\max@serving-sys[1].txt
C:\Users\Sophie\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Cookies\sophie@edt02[2].txt
C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Cookies\sophie@serving-sys[2].txt
C:\Windows\msnimport.exe
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\x64

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-18 to 2008-08-18  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 07:34	---------	d-----w	C:\Program Files\Sophos
2008-08-18 01:08	---------	d-----w	C:\Program Files\Windows Mail
2008-08-17 23:18	---------	d-----w	C:\Program Files\Norton Internet Security
2008-08-17 23:18	---------	d-----w	C:\Program Files\Microsoft Works
2008-08-17 23:18	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-08-17 19:12	---------	d-----w	C:\Program Files\Trend Micro
2008-08-17 13:02	---------	d-----w	C:\Program Files\EsetOnlineScanner
2008-08-16 19:51	---------	d-----w	C:\Users\Max\AppData\Roaming\Malwarebytes
2008-08-16 19:51	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 19:51	---------	d-----w	C:\PROGRA~2\Malwarebytes
2008-08-16 19:36	---------	d-----w	C:\Program Files\Panda Security
2008-08-16 18:00	---------	d-----w	C:\Program Files\Alwil Software
2008-08-16 17:11	---------	d-----w	C:\PROGRA~2\Symantec
2008-08-16 16:45	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27	---------	d-----w	C:\Program Files\Common Files\Steam
2008-08-06 08:54	---------	d-----w	C:\Program Files\Microsoft Money 2005
2008-08-04 16:22	---------	d-----w	C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 11:15	---------	d-----w	C:\Program Files\VirtualDJ
2008-07-22 09:51	---------	d-----w	C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07	---------	d-----w	C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06	---------	d-----w	C:\Program Files\iTunes
2008-07-22 09:06	---------	d-----w	C:\Program Files\iPod
2008-07-22 09:06	---------	d-----w	C:\PROGRA~2\Apple Computer
2008-07-21 19:27	---------	d-----w	C:\Program Files\QuickTime
2008-07-21 19:27	---------	d-----w	C:\Program Files\Bonjour
2008-07-21 19:25	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-21 19:24	---------	d-----w	C:\Program Files\Common Files\Apple
2008-07-21 19:24	---------	d-----w	C:\PROGRA~2\Apple
2008-07-10 15:05	174	--sha-w	C:\Program Files\desktop.ini
2008-07-03 11:33	---------	d-----w	C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33	---------	d-----w	C:\Program Files\OpenAL
2008-07-03 01:55	---------	d-----w	C:\Users\Max\AppData\Roaming\Free Download Manager
2008-06-28 17:28	---------	d-----w	C:\Program Files\Picasa2
2008-06-28 17:28	---------	d-----w	C:\Program Files\Google
2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-05-06 16:03	22,328	----a-w	C:\Users\Max\AppData\Roaming\PnkBstrK.sys
2006-04-30 21:10	7,158,784	----a-w	C:\Users\Max\Oblivion.exe
2006-03-25 14:57	22,016	----a-w	C:\Users\Max\Oblivion_All_Languages_NoDVD.exe
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-08-18 10:19 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2008-08-18 10:19 22696]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2006-08-08 10:06 708616]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-08 10:06 708616]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2006-08-08 10:06 708616 C:\Windows\System32\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys [2007-11-06 18:07]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
S2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS
msgopro.sys [2006-09-27 17:37]
S2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS
msunidr.sys [2006-10-19 16:49]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 06:34]
S3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-18 C:\Windows\Tasks\User_Feed_Synchronization-{08F52541-BB99-43D5-B22D-6E24A2A342B5}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-17 C:\Windows\Tasks\User_Feed_Synchronization-{399B12F5-B8AF-4FB0-AE82-B196D11AB044}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-18 C:\Windows\Tasks\User_Feed_Synchronization-{7069164B-34C3-444F-A488-9B5EFDB50680}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IgfxTray - C:\Windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - C:\Windows\system32\hkcmd.exe
HKLM-Run-Persistence - C:\Windows\system32\igfxpers.exe
HKLM-Run-Apanel - C:\ACERSW\config\SetApanel.cmd
HKLM-Run-zzz_ImInstaller_IncrediMail - C:\Users\Sophie\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins
pitunes.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 10:28:40
Windows 6.0.6000  NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\HelpPane.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-18 10:33:07 - machine was rebooted [SYSTEM]
ComboFix-quarantined-files.txt  2008-08-18 08:31:59

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 44,149,485,568 octets libres

229	--- E O F ---	2008-08-18 01:02:51

Leahkim · Answer

non non, file moi ton rapport hijackthis, c'est plus facilement decryptable lol

maxouxd · Answer

mais tu le fais exprès, HIJACKTHIS ne fonctionne pas !!!! (Application Win32 non valide !)

Leahkim · Answer

arg, la t'as un gros probleme ... tu as une sauvegarde de ton registre avant coup ?

maxouxd · Answer

Je ne sais pas, comment fait t on pour savoir si une sauvegarde du registre a été effectuée ? (désolé c'est le PC famillial =S)  (et j'ai 14 ans)

Leahkim · Answer

si c'est le PC familial et que y a une merde de ce genre la, telecharge avast, et prie pour qu'au redemarrage d'apres il ait tout enlevé

maxouxd · Answer

jpris quoi !!!! LIS MON PREMIER MESSAGE !!!!! AUCUN ANTIVIRUS NE FONCTIONNE!

Utilisateur anonyme · Answer

Salut max,

Telecharge FindB sur ton bureau :

https://www.sendspace.com/file/nantsy


Dézippe FindB

Dans le dossier créé, 
Double clic sur FindB ou FindB.cmd

post le rapport FindB.txt qui c est ouvert
note : le rapport FindB.txt est sauvegerdé a la racine du disque

maxouxd · Answer

Voila le rapport FindB ^^ :

+- FindB par Chiquitine29



+- Execute le : 2008-08-18 a 11:49:28.29



+- Recherche de fichier bagle :


C:\Windows\system32\mdelk.exe Absent 
C:\Windows\system32\wintems.exe Absent 
C:\Windows\system32\ban_list.txt Absent 
C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Présent!!
C:\Windows\system32\drivers\hldrrr.exe Présent!!
C:\Users\Max\AppData\Roaming\m\flec006.exe Absent 
C:\Windows\system32\drivers\downld Présent!!
C:\Users\Max\AppData\Roaming\m Absent 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    RtHDVCpl    REG_SZ    RtHDVCpl.exe
    ccApp    REG_SZ    "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    osCheck    REG_SZ    "c:\Program Files\Norton Internet Security\osCheck.exe"
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Symantec PIF AlertEng    REG_SZ    "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    SunJavaUpdateSched    REG_SZ    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam    REG_SZ    "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition    REG_SZ    "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    Real Desktop    REG_SZ    "C:\Program Files\Real Desktop\Real Desktop.exe"


+- Recherche terminee !



+- Fin du compte rendu

Merci de ton aide.

Utilisateur anonyme · Answer

1) supprime tout tes cracks, et keygens, sinon l infection va se relancer 

2)télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\srosa.sys
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\downld  

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 


3) relance Tralala.exe (combofix) et post son rapport

maxouxd · Answer

snif :

File move failed. C:\Windows\system32\drivers\mdelk.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\srosa.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\hldrrr.exe scheduled to be moved on reboot.
Folder move failed. C:\Windows\system32\drivers\downld scheduled to be moved on reboot.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08182008_120259

Files moved on Reboot...
File move failed. C:\Windows\system32\drivers\mdelk.exe scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\srosa.sys scheduled to be moved on reboot.
File move failed. C:\Windows\system32\drivers\hldrrr.exe scheduled to be moved on reboot.
Folder move failed. C:\Windows\system32\drivers\downld scheduled to be moved on reboot.

Utilisateur anonyme · Answer

ok redémarre et passe tralala.exe (combofix)

Hadrienen · Answer

Bonjour, je suis infecté par le Virus Bagen Win 32 (vista recherche de solution aux problème due a un Bsod). 
HijackThis : fonctionne pas 
Eglibagla: ne supprime rien mais indique la présence d'un Srosa.sys et de hldrrr.exe 
Norton : fonctionne pas 
Avast : fonctionne pas 
Combo Fix: où est le rapport svp ? 
Gmer : trouve Srosa (HIDDEN), mais impossible de désactiver ou de supprimer le service. 


Merci de vos prochaines réponses

Juste pour précision, 2 AntiVirus sur un ordi,  l'ordi aura beaucoup plus de risques. Surtout avec Norton et Avast...

Mais je pense que Chiquitine fera le nécessaire :)

Bonne journée.

maxouxd · Answer

t'inquiete, les 2 n'ont pas été testé avec une installation commune ;)

Log combo fix : 


ComboFix 08-08-16.01 - SYSTEM 2008-08-18 12:33:33.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1691 [GMT 2:00]
Endroit: C:\Users\Max\Desktop\Tralala.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Max\AppData\Roaming\Microsoft\SystemCertificates\My
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
.
---- Previous Run -------
.
C:\Users\Max\AppData\Roaming\Microsoft\SystemCertificates\My

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Legacy_SROSA
-------\Service_srosa


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-18 to 2008-08-18  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 09:02	---------	d-----w	C:\Program Files\Human
2008-08-18 07:34	---------	d-----w	C:\Program Files\Sophos
2008-08-18 01:08	---------	d-----w	C:\Program Files\Windows Mail
2008-08-17 23:18	---------	d-----w	C:\Program Files\Norton Internet Security
2008-08-17 23:18	---------	d-----w	C:\Program Files\Microsoft Works
2008-08-17 23:18	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-08-17 13:02	---------	d-----w	C:\Program Files\EsetOnlineScanner
2008-08-16 19:51	---------	d-----w	C:\Users\Max\AppData\Roaming\Malwarebytes
2008-08-16 19:51	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-16 19:51	---------	d-----w	C:\PROGRA~2\Malwarebytes
2008-08-16 19:36	---------	d-----w	C:\Program Files\Panda Security
2008-08-16 18:00	---------	d-----w	C:\Program Files\Alwil Software
2008-08-16 17:11	---------	d-----w	C:\PROGRA~2\Symantec
2008-08-16 16:45	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27	---------	d-----w	C:\Program Files\Common Files\Steam
2008-08-06 08:54	---------	d-----w	C:\Program Files\Microsoft Money 2005
2008-08-04 16:22	---------	d-----w	C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 09:51	---------	d-----w	C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07	---------	d-----w	C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06	---------	d-----w	C:\Program Files\iTunes
2008-07-22 09:06	---------	d-----w	C:\Program Files\iPod
2008-07-22 09:06	---------	d-----w	C:\PROGRA~2\Apple Computer
2008-07-21 19:27	---------	d-----w	C:\Program Files\QuickTime
2008-07-21 19:27	---------	d-----w	C:\Program Files\Bonjour
2008-07-21 19:25	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-21 19:24	---------	d-----w	C:\Program Files\Common Files\Apple
2008-07-21 19:24	---------	d-----w	C:\PROGRA~2\Apple
2008-07-10 15:05	174	--sha-w	C:\Program Files\desktop.ini
2008-07-03 11:33	---------	d-----w	C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33	---------	d-----w	C:\Program Files\OpenAL
2008-07-03 01:55	---------	d-----w	C:\Users\Max\AppData\Roaming\Free Download Manager
2008-06-28 17:28	---------	d-----w	C:\Program Files\Picasa2
2008-06-28 17:28	---------	d-----w	C:\Program Files\Google
2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-05-06 16:03	22,328	----a-w	C:\Users\Max\AppData\Roaming\PnkBstrK.sys
2006-04-30 21:10	7,158,784	----a-w	C:\Users\Max\Oblivion.exe
2006-03-25 14:57	22,016	----a-w	C:\Users\Max\Oblivion_All_Languages_NoDVD.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-08-18_10.31.42.94   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-18 08:28:14	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-08-18 10:38:33	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-08-18 10:38:33	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat.LOG1
- 2008-08-18 08:28:14	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
+ 2008-08-18 10:38:33	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
+ 2008-08-18 10:38:33	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat.LOG1
- 2008-08-18 08:28:17	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-18 10:38:35	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-18 08:33:00	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008081820080819\index.dat
- 2008-08-18 08:28:17	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-18 10:38:35	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-18 08:28:39	53,248	----a-w	C:\Windows\System32\config\systemprofile\AppData\Local\Temp\catchme.dll
+ 2008-08-18 10:38:58	53,248	----a-w	C:\Windows\System32\config\systemprofile\AppData\Local\Temp\catchme.dll
- 2008-08-18 08:28:17	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-18 10:38:35	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-25 11:51:40	387,928	----a-w	C:\Windows\System32\FNTCACHE.DAT
+ 2008-08-18 10:05:08	387,968	----a-w	C:\Windows\System32\FNTCACHE.DAT
- 2008-08-18 08:26:32	107,004	----a-w	C:\Windows\System32\perfc009.dat
+ 2008-08-18 10:36:00	107,004	----a-w	C:\Windows\System32\perfc009.dat
- 2008-08-18 08:26:32	121,436	----a-w	C:\Windows\System32\perfc00C.dat
+ 2008-08-18 10:36:00	121,436	----a-w	C:\Windows\System32\perfc00C.dat
- 2008-08-18 08:26:32	617,860	----a-w	C:\Windows\System32\perfh009.dat
+ 2008-08-18 10:36:00	617,860	----a-w	C:\Windows\System32\perfh009.dat
- 2008-08-18 08:26:32	699,236	----a-w	C:\Windows\System32\perfh00C.dat
+ 2008-08-18 10:36:00	699,236	----a-w	C:\Windows\System32\perfh00C.dat
- 2008-08-18 08:19:16	4,336	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
+ 2008-08-18 10:11:50	4,644	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
- 2008-08-18 08:19:16	62,788	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-18 10:11:49	62,922	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-18 08:19:13	41,810	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-18 10:11:48	42,056	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-08-18 12:29 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2008-08-18 12:29 22696]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2006-08-08 10:06 708616]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-08 10:06 708616]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2006-08-08 10:06 708616 C:\Windows\System32\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys [2007-11-06 18:07]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
S2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS
msgopro.sys [2006-09-27 17:37]
S2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS
msunidr.sys [2006-10-19 16:49]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 06:34]
S3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-18 C:\Windows\Tasks\User_Feed_Synchronization-{08F52541-BB99-43D5-B22D-6E24A2A342B5}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-17 C:\Windows\Tasks\User_Feed_Synchronization-{399B12F5-B8AF-4FB0-AE82-B196D11AB044}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-18 C:\Windows\Tasks\User_Feed_Synchronization-{7069164B-34C3-444F-A488-9B5EFDB50680}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins
pitunes.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 12:38:58
Windows 6.0.6000  NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\HelpPane.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-18 12:43:18 - machine was rebooted [SYSTEM]
ComboFix-quarantined-files.txt  2008-08-18 10:42:11
ComboFix2.txt  2008-08-18 08:33:08

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 43,910,684,672 octets libres

251	--- E O F ---	2008-08-18 01:02:51

Utilisateur anonyme · Answer

Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


Télécharge HijackThis ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

maxouxd · Answer

Tools Cleaner :
-->- Recherche: 

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\Max\Desktop\avenger.exe: trouvé !
C:\Users\Max\Downloads\fsbl.exe: trouvé !
C:\Users\Max\Downloads\OtMoveIt2.exe: trouvé !
C:\Users\Max\Downloads\HijackThis.exe: trouvé !
C:\Users\Max\Downloads\HJTInstall.exe: trouvé !
C:\Users\Odile\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sam\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sophie\Desktop\HijackThis.lnk: trouvé !
C:\Windows\Gmer.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Users\Max\Desktop\avenger.exe: supprimé !
C:\Users\Max\Downloads\fsbl.exe: supprimé !
C:\Users\Max\Downloads\OtMoveIt2.exe: supprimé !
C:\Users\Max\Downloads\HijackThis.exe: supprimé !
C:\Users\Max\Downloads\HJTInstall.exe: supprimé !
C:\Users\Odile\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sam\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sophie\Desktop\HijackThis.lnk: supprimé !
C:\Windows\Gmer.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !



Ensuite, Hijackthis : Application Win32 non valide -_-'

Utilisateur anonyme · Answer

Affiche tous les fichiers et dossiers : 
Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cacher 

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK 


Télécharge sur ton bureau DSS (ex Comboscan) de Deckard: 

http://deckard.geekstogo.com/dss.exe


(choisis enregistrer, puis Bureau comme emplacement) 

Ferme toutes les applications en cours. 

Double-clic sur DSS.exe pour lancer l'outil. 

Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK. 

A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK. 

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse. 
Si un rapport complémentaire a été créé ( extra.txt ), poste le aussi dans ta réponse. 

Les rapports sont ici : 
(!) C:\Deckard\System Scanner\main.txt 
(!) C:\Deckard\System Scanner\extra.txt 

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

maxouxd · Answer

eu regarde ton lien, il marche pas =S et il conseillle de ne pas le télécharger autre part aussi...

Utilisateur anonyme · Answer

apparemment le telechargement est stoppé

refais un scan FindB et post le rapport stp 

ensuite :


Telecharge malwarebytes 

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
PS : j attend le rapport FinDB , ensuite je dois sortir je serais de retour vers 17H

maxouxd · Answer

Le findB:


+- FindB par Chiquitine29



+- Execute le : 2008-08-18 a 13:29:33.94



+- Recherche de fichier bagle :


C:\Windows\system32\mdelk.exe Absent 
C:\Windows\system32\wintems.exe Absent 
C:\Windows\system32\ban_list.txt Absent 
C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Présent!!
C:\Windows\system32\drivers\hldrrr.exe Présent!!
C:\Users\Max\AppData\Roaming\m\flec006.exe Absent 
C:\Windows\system32\drivers\downld Présent!!
C:\Users\Max\AppData\Roaming\m Absent 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    RtHDVCpl    REG_SZ    RtHDVCpl.exe
    ccApp    REG_SZ    "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    osCheck    REG_SZ    "c:\Program Files\Norton Internet Security\osCheck.exe"
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Symantec PIF AlertEng    REG_SZ    "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    SunJavaUpdateSched    REG_SZ    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam    REG_SZ    "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition    REG_SZ    "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    Real Desktop    REG_SZ    "C:\Program Files\Real Desktop\Real Desktop.exe"


+- Recherche terminee !



+- Fin du compte rendu



Mise a jour de malware impossible.

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 6.0.6000 

14:24:45 2008-08-18
mbam-log-08-18-2008 (14-24-45).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 166049
Temps écoulé: 45 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\Acer_Normal\Install_Flash_Player_9_AX_9.0.28.0.exe (BHO.Baidu) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
C:\Windows\System32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

maxouxd · Answer

Ya rien à faire, faut trouvé le "crack" qui fait sa... le virus reviens continuellement . Merci , merci beaucoup pour ton aide.

Leahkim · Answer

dans le pire des cas, reinstalle ton systeme; ça pourra pas lui faire de mal

Hadrienen · Answer

maxoud, attends Chiquitine, il/elle t'aidera ;) il faut etre simplement patient, il/elle revient à 17H, j'espere que tu seras patient.

maxouxd · Answer

be normalement je le suis, et c'est IL ^^(regarde son profil) , merci pour vos aides.

Utilisateur anonyme · Answer

re

réouvre malewarebyte
va sur quarantaine
supprime tout

refais un scan FindB et post le rapport stp

maxouxd · Answer

+- FindB par Chiquitine29



+- Execute le : 2008-08-18 a 23:04:10.64



+- Recherche de fichier bagle :


C:\Windows\system32\mdelk.exe Absent 
C:\Windows\system32\wintems.exe Absent 
C:\Windows\system32\ban_list.txt Absent 
C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Présent!!
C:\Windows\system32\drivers\hldrrr.exe Présent!!
C:\Users\Max\AppData\Roaming\m\flec006.exe Absent 
C:\Windows\system32\drivers\downld Présent!!
C:\Users\Max\AppData\Roaming\m Absent 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    RtHDVCpl    REG_SZ    RtHDVCpl.exe
    ccApp    REG_SZ    "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    osCheck    REG_SZ    "c:\Program Files\Norton Internet Security\osCheck.exe"
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Symantec PIF AlertEng    REG_SZ    "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    SunJavaUpdateSched    REG_SZ    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam    REG_SZ    "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition    REG_SZ    "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    Real Desktop    REG_SZ    "C:\Program Files\Real Desktop\Real Desktop.exe"


+- Recherche terminee !



+- Fin du compte rendu

maxouxd · Answer

UP, =S c'est vraiment la galere ce virus... Svp aidez un ado désespéré

Leahkim · Answer

tu as essayé avec hiajckthis ? poste le rapport ici

maxouxd · Answer

comme je vais le répété, le virus empêche son utilisation... tu le fais exprès j'ai l'impression.

Utilisateur anonyme · Answer

Salut jlpjlp

merci d avoir posté , je suis pas tres present ces derniers temps

thanks donc

jlpjlp · Answer

slt  Chiquitine29!

maxouxd · Answer

Eglibagla se ferme tout seul au bout d'une dizaine de secondes ! mais je l'ai déjà fait, il m'indique la présence de Srosa et Hdlrr (un truc comme sa) mais ne le supprime pas, je lance le scan en ligne

jlpjlp · Answer

essaye de refaire en mode sans echec ave prise en charge du reseau

(demarrer l'ordi en appuayant plueirus fois sur F8 ou F5 ou SUPPR en général)

combofix puis elibaga puis un scan en ligne

maxouxd · Answer

eu, =S, j'ai un dual boot, et sa marche pas F5, F8 et suppr ! (win XP+ vista)

jlpjlp · Answer

si cela devrait marcher 
regarde dans ton manuel sinon essaye F2


ou alors ceci:

https://www.malekal.com/demarrer-windows-mode-sans-echec/

sKe69 · Answer

Salut à tous,

Si en mode sans échec , cela ne fonctionne toujours pas ,

et juste pour donner une autre technique pour cette salté de bagle ...  ;)


1-IMPORTANT RAPPEL : 
je rappelle que bagle est amené par un crack et qu'il se relance dès que tu te sers de celui ci; même si tu ne sers pas, il peut se relancer de lui même au démarrage de ton PC . En claire : 
Essayes surtout de te rappeler si récemment tu n' as pas clicker sur un "patch" ou un "keygen" pour instaler un logiciel, un jeu cracké ou avoir une version complète d'un soft , et qu'il ne se soit rien passé de particulier ... C'est la que les bagles s'infiltrent ! Si tu retrouves ce crack en particulier ,scratch tout ( le crack, le soft ou encore les zip concernés). Si tu ne te rappelles plus trop , je te conseille fortement de supprimer tous les cracks qui sont sur ton PC ... ;)

Note importante  : 
si tu as déjà le "Elibagla" sur ton PC -> supprimes le !!! On va reprendre exactement ainsi :


2- tu vas faire ceci dans l'ordre indiqué et en respectant les consignes . 
Rends toi sur ce site : 
http://www.zonavirus.com/datos/descargas/95/elibagla.asp 

A -Tout en bas de cette page tu trouveras un outil à télécharger, 
cliques sur "Descargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour) 
choisis --->"enregistrer " ---> et enregistres le à la racine de ton disk dur et pas ailleur !
( c.a.d. ici -> C:\Elibagla.XXXXX.exe )


B- Puis clik droit sur ce dernier et choisi "renommé" : tapes " mdelk.exe " . 

Note :
/!\ Attention, un mauvais renommage rendra l'astuce et la désinfection inefficace !

 
! Déconnectes toi et fermes toutes tes applications en cours (si tu en as ...) !


C- Pour exécuter Elibagla renommé : 

Appuyer simultanément sur les touches Windows (drapeau à côté de alt) + R (pour ouvrir le Menu Démarrer -> "Exécuter") 
Dans la boîte de dialogue "Exécuter" taper : cmd et valider
 
Dans la fenêtre de "l'invite de commande" qui s'ouvra, taper : 
C:\mdelk.exe  et Valider avec la touche [Entrée] 

L'outil ce lance :
-->laisses la case "eliminar ficheros automaticamente" coché  .
-->cliques sur " explorar " .
-->laisses-le travailler 
-->Enfin postes le rapport final qui sera dans " C:\infosat.txt " 

PS : Si, dans le rapport, tu vois un texte semblable à celui-ci 

Por favor, envienos una muestra del fichero 
C:MuestrasHLDRRR.EXE.Muestra EliBagle v10.24 
a "virus@satinfo.es". Gracias; 

Envoies ce(s) fichier(s) (dans l'exemple C:MuestrasHLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es). 

--> L'outil a rencontré un fichier qu'il reconnaît mais ne sait pas encore éradiquer ... 

3- Une fois le scan terminé : redémarres le pc, c'est très important.
 
Avant l'apparition du bureau, Elibagla va se relancer et neutraliser le reste de l'infection. 
Dès que le menu principal d'Elibagla apparaîtra : 
- Laisser la case "Eliminar ficheros automaticamente" cochée 
- Clic sur "Explorar" pour lancer le scan complet du pc. 
Une fois le scan terminé, refermer l'outil pour permettre au bureau de réapparaître ...

--> postes ce nouveau rapport pour analyse et attends la suite ...

maxouxd · Answer

Mon problème: j'ai très bien compris que ya encore un crack quel que part, j'ai essayé de tous les supprimés mais le bagle reviens, il faudrai un logiciel qui détecte les logiciels crackés, et je les enleves sur le chan !

Utilisateur anonyme · Answer

Salut max,

peux tu faire ceci :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

- Vas dans "Démarrer" puis Panneau de configuration. 
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs. 
- Clique sur Continuer. 
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur. 
- Valide par OK et redémarre. 

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517



Telecharge FindyKill sur ton bureau

https://www.sendspace.com/file/sy8otm

dezippe le , puis double clic sur FindyKill ou FindyKill.cmd
choisi l option1 et post le rapport FindyKill.txt qui s est ouvert sur le forum stp

PS: le rapport FindyKill.txt est sauvegardé a la racine du disque

maxouxd · Answer

il était déjà désactiver,

 Recherche executee le 2008-08-20 a 17:32:04.86 
 
*** Recherche des fichiers dans C: 
 
 
*** Recherche des fichiers dans C:\Windows\Prefetch 
 
 
*** Recherche des fichiers dans C:\Windows\system32 
 
 
*** Recherche des fichiers dans C:\Windows\system32\drivers 
 
 
*** Recherche des fichiers dans C:\Users\Max\AppData\Roaming 
 
Merci c'est vraiment super sympa de te donner du mal pour m'aider

Utilisateur anonyme · Answer

De rien Max,

Réouvre FindyKill

Choisi cette fois l option 2
le fix va t informer qu il va redémarrer le pc, laisse le faire 

Une fois le pc redémarré


Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

maxouxd · Answer

j'vais t'embêter, ton lien marche plus, jlavais supprimé le logiciel déjà =S

Hadrienen · Answer

Les liens fonctionne tous.

Utilisateur anonyme · Answer

desolé max :voila pour findyKill : https://www.sendspace.com/file/xuforv

maxouxd · Answer

Alors findy kill a bien suprrimé, mais "Select a file to crack" est re-apparu 3 fois de suite =S. Tools Cleaner a bugué , alors je me suis mis en Mode Sans Echec avec assistance réseau, voila le rapport ! :

-->- Recherche: 

\Program Files\Trend Micro\HijackThis: trouvé !
\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
\Users\Administrateur\Desktop\HijackThis.lnk: trouvé !
\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
\Users\Enzo\Desktop\HijackThis.lnk: trouvé !
\Users\Max\Desktop\HijackThis.lnk: trouvé !
\Users\Odile\Desktop\HijackThis.lnk: trouvé !
\Users\Sam\Desktop\HijackThis.lnk: trouvé !
\Users\Sophie\Desktop\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression: 

\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
\Users\Administrateur\Desktop\HijackThis.lnk: supprimé !
\Users\Enzo\Desktop\HijackThis.lnk: supprimé !
\Users\Max\Desktop\HijackThis.lnk: supprimé !
\Users\Odile\Desktop\HijackThis.lnk: supprimé !
\Users\Sam\Desktop\HijackThis.lnk: supprimé !
\Users\Sophie\Desktop\HijackThis.lnk: supprimé !
\Program Files\Trend Micro\HijackThis: supprimé !
\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Utilisateur anonyme · Answer

Réouvre FindyKill et choisi l option 3

Puis post le rapport FindyKill.txt qui s est ouvert sur le forum stp

PS: le rapport FindyKill.txt est sauvegardé a la racine du disque


ensuite en mode normal :


Télécharge HijackThis ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

maxouxd · Answer

Script execute en mode normal 
Rapport FindyKill par Chiquitine29 
Script execute en mode normal 2008-08-20 a 18:49:03.16 

Microsoft Windows [version 6.0.6000]
 
*** Suppression des fichiers dans C: 
 
 
*** Suppression des fichiers dans C:\Windows\Prefetch 
 
 
*** Suppression des fichiers dans C:\Windows\system32 
 
 
*** Suppression des fichiers dans C:\Windows\system32\drivers 
 
 
*** Suppression des fichiers dans  
 
***Suppression des clefs du registre.. 
 
***Suppression des clefs du registre effectuee.. 
 
        Mode sans echec de nouveau fonctionnel !

maxouxd · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50, on 2008-08-20
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Users\Max\Downloads\ELIBAGLA.%D8A%D8IB%D8%D8H.EXE
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

maxouxd · Answer

SA MARCHEEEEE  =DDD
Grand début. 

Merci

Utilisateur anonyme · Answer

ok


tu vas pouvoir aller en mode normal

supprime FindB et findyKill

norton logiquement est "n est pas une ... win32 valide si c est le cas désinstal le et réinstal le 

pour désinstaller norton telcharge cet outil


http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20050414110429924?OpenDocument&seg=hm&lg=fr&ct=fr


windows defender est HS , si  c est le cas fais ceci :

Démarrer >accesoire puis executer > tape : services.msc 

- double Clic sur le service cité - windows defender 


type de démarrge le mettre en automatique 
clic sur appliquer 
en haut a gauche clic sur demarrer le service 


idem pour parefeu windows


ensuite reviens sur le forum avec un rapport hijackthis effectué en mode normal

maxouxd · Answer

Super, Win32 non valide.... Mais pas de "select file to crack",

Utilisateur anonyme · Answer

OK

telecharge ce fichier : 


http://perso.orange.fr/-Gof/DL/VaccinUSB.exe 

il faut l executer et cliquer sur fix 

post le rapport VaccinUSB.txt dans la prochaine réponse stp


ensuite redémarre et test pour win32 non valide

maxouxd · Answer

Sa fait toujours Win 32 non valide, mais il est ou ce rapport ?

Utilisateur anonyme · Answer

Sa fait toujours Win 32 non valide

laisse le rapport 

windows defender ok ?

norton ok ? 

parefeu ok ? 

fais le point stp

maxouxd · Answer

Je me suis trompé dans son utilisation, tiens : 
-------------------------------------------------------
- Operation: 1 Supprimer fichier
%CURRENT_DIRECTORY%\adober.exe
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 2 Supprimer fichier
%CURRENT_DIRECTORY%\autorun.inf
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 3 Supprimer fichier
%CURRENT_DIRECTORY%\comment.htt
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 4 Supprimer fichier
%CURRENT_DIRECTORY%\copy.exe
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 5 Supprimer fichier
%CURRENT_DIRECTORY%\host.exe
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 6 Supprimer fichier
%CURRENT_DIRECTORY%\msvcr71.dll
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 7 Supprimer fichier
%CURRENT_DIRECTORY%avmon.exe
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 8 Supprimer fichier
%CURRENT_DIRECTORY%avmon.log
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 9 Supprimer fichier
%CURRENT_DIRECTORY%	emp.exe
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 10 Supprimer fichier
%CURRENT_DIRECTORY%	emp1.exe
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 11 Supprimer fichier
%CURRENT_DIRECTORY%	emp2.exe
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 12 Supprimer fichier
%CURRENT_DIRECTORY%\winfile.exe
Result: Error! Fichier introuvable
-------------------------------------------------------


-------------------------------------------------------
- Operation: 13 Créer dossier
%CURRENT_DIRECTORY%\adober.exe
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 14 Créer dossier
%CURRENT_DIRECTORY%\comment.htt
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 15 Créer dossier
%CURRENT_DIRECTORY%\copy.exe
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 16 Créer dossier
%CURRENT_DIRECTORY%\host.exe
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 17 Créer dossier
%CURRENT_DIRECTORY%avmon.exe
Result: Error! Opération réussie.
 
-------------------------------------------------------


-------------------------------------------------------
- Operation: 18 Créer dossier
%CURRENT_DIRECTORY%\msvcr71.dll
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 19 Créer dossier
%CURRENT_DIRECTORY%avmon.log
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 20 Créer dossier
%CURRENT_DIRECTORY%	emp.exe
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 21 Créer dossier
%CURRENT_DIRECTORY%	emp1.exe
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 22 Créer dossier
%CURRENT_DIRECTORY%	emp2.exe
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 23 Créer dossier
%CURRENT_DIRECTORY%\winfile.exe
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 24 Créer dossier
%CURRENT_DIRECTORY%\autorun.inf
Result: Success
-------------------------------------------------------


-------------------------------------------------------
- Operation: 25 Executer
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Vaccin_USB-Lisez_moi.html
Result: Success
-------------------------------------------------------


Je redémarre.

maxouxd · Answer

Norton: ciao ^^
Pare feu : OK https://www.casimages.com/i/080820082716109440.jpg.html
Windows Defender: "windows defender est désactivé" https://www.casimages.com/i/080820082917476135.jpg.html
https://www.casimages.com/i/080820082553232498.jpg.html
J'ai alors installé Avast "Application win32 non valide"
Hijackthis : "Application win32 non valide"

Utilisateur anonyme · Answer

si tu fais cette manip :

windows defender est HS , si c est le cas fais ceci : 

Démarrer >accesoire puis executer > tape : services.msc 

- double Clic sur le service cité - windows defender 


type de démarrge le mettre en automatique 
clic sur appliquer 
en haut a gauche clic sur demarrer le service 

il t es impossible de demarrer le services ? 

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:\Users\Max\AppData\Roaming\PnkBstrK.sys 
C:\Users\Max\Oblivion.exe 
C:\Users\Max\Oblivion_All_Languages_NoDVD.exe 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

maxouxd · Answer

C:\Users\Max\AppData\Roaming\PnkBstrK.sys moved successfully.
C:\Users\Max\Oblivion.exe moved successfully.
C:\Users\Max\Oblivion_All_Languages_NoDVD.exe moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08202008_203257



Non, on peut pas redémmarer le service, punaise , en plus j'ai le CD de oblivion, jespere que c'est pas sa =S

https://www.casimages.com/i/080820083825504904.jpg.html    Pour t'éclairer

Utilisateur anonyme · Answer

on va repasser combofix 

supprime tralala.exe et le dossier combofix dans programmes 

repasse combofix sans le renomer 



Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir avant de lancer ce FIX

-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

maxouxd · Answer

"lancer ce FIX  "            quel fix ? et pourquoi mettre une clé usb ?

Utilisateur anonyme · Answer

FIX = combofix les clé usb branches les ainsi je verrai si elles sont infectées ou pas sur le rapport

maxouxd · Answer

https://www.casimages.com/i/08082009003625289.jpg.html


Je redémarre

maxouxd · Answer

Log Combo fix : 

ComboFix 08-08-19.03 - Max 2008-08-20 21:01:05.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1137 [GMT 2:00]
 * Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\Users\Max\AppData\Local\Microsoft\Windows\Temporary Internet Files\Vaccin_USB-Lisez_moi.html
C:\Users\Max\AppData\Roaming\m
C:\Users\Max\AppData\Roaming\m\data.oct
C:\Users\Max\AppData\Roaming\m\flec006.exe
C:\Users\Max\AppData\Roaming\m\list.oct
C:\Users\Max\AppData\Roaming\m\shared
C:\Users\Max\AppData\Roaming\m\shared\LOWA Typing Warmups 1.2.zip
C:\Users\Max\AppData\Roaming\m\shared\Lowcarb 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\lowdisk32 1.0.0.12.zip
C:\Users\Max\AppData\Roaming\m\shared\LOWER 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lower Blood Pressure 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lower Case Switcher 2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lower Cholesterol 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lowney Math Flash 2.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Lowry Park Zoo Screensaver 2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LowToSleep 1.6.zip
C:\Users\Max\AppData\Roaming\m\shared\Loyalty Tracking System 1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Lozdodge 1.09.zip
C:\Users\Max\AppData\Roaming\m\shared\LP-Calc 1.01.zip
C:\Users\Max\AppData\Roaming\m\shared\LP-Text 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LP Recorder 8.8.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LP Ripper 9.0.2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LPDForm 1.31B.zip
C:\Users\Max\AppData\Roaming\m\shared\lphant 3.50.zip
C:\Users\Max\AppData\Roaming\m\shared\LPI 117-102 Practice Test Exam Questions.zip
C:\Users\Max\AppData\Roaming\m\shared\LPS - Live Playlist Signature (Winamp Plugin) 0.11.zip
C:\Users\Max\AppData\Roaming\m\shared\LQ RichTextBox 1.8.0.7.zip
C:\Users\Max\AppData\Roaming\m\shared\LS-CRM 1.53.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Addressbook 1.0.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Archiver 2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Cleanup 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Countdown Timer 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Image Converter 2.67.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Jukebox.zip
C:\Users\Max\AppData\Roaming\m\shared\LS MP3 Encoder 0.2.12 beta.zip
C:\Users\Max\AppData\Roaming\m\shared\LS MyLib 0.92 RC.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Photo Album 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Screen Capture 1.0.2193.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Speller 3.0.5.zip
C:\Users\Max\AppData\Roaming\m\shared\LS Stock Ticker 2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LS_CDRun 1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\LSASecretsDump 1.00.zip
C:\Users\Max\AppData\Roaming\m\shared\LSASecretsView 1.12.zip
C:\Users\Max\AppData\Roaming\m\shared\LSDTech BP 1.02.zip
C:\Users\Max\AppData\Roaming\m\shared\LSDTech PrivateDisk 1.30.zip
C:\Users\Max\AppData\Roaming\m\shared\LSExecuter 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LSFindReplaceDialogW 1.0.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LSL Plus 0.2.0 Alpha.zip
C:\Users\Max\AppData\Roaming\m\shared\LSMC 2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LSP-Fix 1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\LsT 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LSText 0.22.zip
C:\Users\Max\AppData\Roaming\m\shared\LSVG 0.0.1.31.zip
C:\Users\Max\AppData\Roaming\m\shared\LSZip 2.60.zip
C:\Users\Max\AppData\Roaming\m\shared\LT Calendar 1.2.1.zip
C:\Users\Max\AppData\Roaming\m\shared\LT Expander 2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LTA Singapore Road Monitoring 2.15.zip
C:\Users\Max\AppData\Roaming\m\shared\LTC Password Generator 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LTC System Monitor 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LTF-Cimulator 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LTFCrypt 1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\LTMonitor 2.2.10.zip
C:\Users\Max\AppData\Roaming\m\shared\LTProf 1.4.8.zip
C:\Users\Max\AppData\Roaming\m\shared\Ltrack 5.9.8.zip
C:\Users\Max\AppData\Roaming\m\shared\Luach 1.1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Luay's Digital Image watermarking 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucane 0.7.5.zip
C:\Users\Max\AppData\Roaming\m\shared\LucasRipper 1.0 Beta 4.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucent Clock Screensaver 2.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucid Ocean screensaver 2.03.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucid Spec 1.1.0.23487.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucid v1.2.zip
C:\Users\Max\AppData\Roaming\m\shared\LucidLink Home Office Edition 2.2.zip
C:\Users\Max\AppData\Roaming\m\shared\LucidLink Wireless Client 2.2.zip
C:\Users\Max\AppData\Roaming\m\shared\LucidLink Wireless LAN Security 2.22.zip
C:\Users\Max\AppData\Roaming\m\shared\LucidLog.Net 1.0.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LucidScan ActiveX Component 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucifer Wordlist Filter 0.5.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucille 2.zip
C:\Users\Max\AppData\Roaming\m\shared\Luck and Fortune Smiley Collection 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Luck of the Draw 1.0.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucky Clovers Screensaver.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucky Downloads search 1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucky Google 1.5,1.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucky Number 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucky Pattys Day Screensaver 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LUCKYme 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LuckyPhoto 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LuckyView 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LuckyZoom 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lucy Liu 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LuggageNet 2.18.zip
C:\Users\Max\AppData\Roaming\m\shared\Lullaby Drop-In Administrator 1.10.zip
C:\Users\Max\AppData\Roaming\m\shared\Lullaby Management 6.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lulu 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lum 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Luma Clock Screensaver 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LumiCode Home Edition 2.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Lumina 3D 0.3.4.zip
C:\Users\Max\AppData\Roaming\m\shared\LuminaXYs 2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Luminescent Clock ScreenSaver 2.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Luminous Cross 1.03.zip
C:\Users\Max\AppData\Roaming\m\shared\Lumisoft UI Controls 1.1.1384.0b.zip
C:\Users\Max\AppData\Roaming\m\shared\Lump Tool 1.0.7.zip
C:\Users\Max\AppData\Roaming\m\shared\LUNA Free 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Luna Royale 3.2.zip
C:\Users\Max\AppData\Roaming\m\shared\Luna Screensaver 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunabase 0.92 beta 4.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunar Calculator 2.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunar Calendar 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunar Calendars and Eclipse Finder 8.01.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunar Colongitude 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunar Date 1.4.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunar Picture of the Day 2.63.zip
C:\Users\Max\AppData\Roaming\m\shared\LunarCal 6.24.zip
C:\Users\Max\AppData\Roaming\m\shared\LunarCell 1.7.0.zip
C:\Users\Max\AppData\Roaming\m\shared\LunarEclipse 1.2.7.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunarmark 0.6.0 Beta.zip
C:\Users\Max\AppData\Roaming\m\shared\LunarPhase 2.70.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunascape 4.1.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Lunch Picker 3.0.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Lundlay Property Browser 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lung Mass Evaluation 1.zip
C:\Users\Max\AppData\Roaming\m\shared\luntbuild 1.1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Lupa 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lupas Rename 5.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lupo PenSuite 6.53.zip
C:\Users\Max\AppData\Roaming\m\shared\LuraDocument Capture 5.1.07.23.zip
C:\Users\Max\AppData\Roaming\m\shared\LuraDocument PDF Compressor 4.2.02.15.zip
C:\Users\Max\AppData\Roaming\m\shared\LuraWave Smart Compress 2.1.05.03.zip
C:\Users\Max\AppData\Roaming\m\shared\Luscious Landscapes Screensaver 1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Lush.zip
C:\Users\Max\AppData\Roaming\m\shared\lust screensaver 01.zip
C:\Users\Max\AppData\Roaming\m\shared\Lutow 3.1.8.45.zip
C:\Users\Max\AppData\Roaming\m\shared\Lutz Roeder's .NET Reflector 5.0.25.0.zip
C:\Users\Max\AppData\Roaming\m\srvlist.oct
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\695951.exe
C:\Windows\system32\drivers\downld\719585.exe
C:\Windows\system32\drivers\downld\733189.exe
C:\Windows\system32\drivers\downld\739850.exe
C:\Windows\system32\drivers\downld\861281.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\drivers\srosa.sys
G:\AUTORUN.INF
L:\autorun.inf

.
(((((((((((((((((((((((((((((   Fichiers créés 2008-07-20 to 2008-08-20  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 17:31	167,936	----a-w	C:\VaccinUSB.exe
2008-08-20 17:03	---------	d-----w	C:\Program Files\Alwil Software
2008-08-20 16:50	---------	d-----w	C:\Program Files\Trend Micro
2008-08-20 15:18	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-18 11:32	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 07:34	---------	d-----w	C:\Program Files\Sophos
2008-08-18 01:08	---------	d-----w	C:\Program Files\Windows Mail
2008-08-17 23:18	---------	d-----w	C:\Program Files\Norton Internet Security
2008-08-17 23:18	---------	d-----w	C:\Program Files\Microsoft Works
2008-08-17 23:18	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-08-17 13:02	---------	d-----w	C:\Program Files\EsetOnlineScanner
2008-08-17 13:01	38,472	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01	17,144	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-08-16 23:58	---------	d-----w	C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-08-16 19:51	---------	d-----w	C:\Users\Max\AppData\Roaming\Malwarebytes
2008-08-16 19:51	---------	d-----w	C:\ProgramData\Malwarebytes
2008-08-16 19:36	---------	d-----w	C:\Program Files\Panda Security
2008-08-16 17:11	---------	d-----w	C:\ProgramData\Symantec
2008-08-16 16:45	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27	---------	d-----w	C:\Program Files\Common Files\Steam
2008-08-06 08:54	---------	d-----w	C:\Program Files\Microsoft Money 2005
2008-08-04 16:22	---------	d-----w	C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 09:51	---------	d-----w	C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07	---------	d-----w	C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06	---------	d-----w	C:\ProgramData\Apple Computer
2008-07-22 09:06	---------	d-----w	C:\Program Files\iTunes
2008-07-22 09:06	---------	d-----w	C:\Program Files\iPod
2008-07-21 19:27	---------	d-----w	C:\Program Files\QuickTime
2008-07-21 19:25	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-21 19:24	---------	d-----w	C:\ProgramData\Apple
2008-07-21 19:24	---------	d-----w	C:\Program Files\Common Files\Apple
2008-07-19 14:36	51,280	----a-w	C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-15 23:48	2,048	----a-w	C:\Windows\System32	zres.dll
2008-07-10 15:05	174	--sha-w	C:\Program Files\desktop.ini
2008-07-03 11:33	413,696	----a-w	C:\Windows\System32\wrap_oal.dll
2008-07-03 11:33	110,592	----a-w	C:\Windows\System32\OpenAL32.dll
2008-07-03 11:33	---------	d-----w	C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33	---------	d-----w	C:\Program Files\OpenAL
2008-06-28 17:28	---------	d-----w	C:\Program Files\Picasa2
2008-06-28 17:28	---------	d-----w	C:\Program Files\Google
2008-06-27 03:54	826,368	----a-w	C:\Windows\System32\wininet.dll
2008-06-27 03:54	56,320	----a-w	C:\Windows\System32\iesetup.dll
2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34	7,964,672	----a-w	C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33	9,892,864	----a-w	C:\Windows\System32\NlsLexicons000a.dll
2008-06-19 03:25	61,440	----a-w	C:\Windows\System32\winipsec.dll
2008-06-19 03:25	361,984	----a-w	C:\Windows\System32\IPSECSVC.DLL
2008-06-19 03:25	28,672	----a-w	C:\Windows\System32\FwRemoteSvr.dll
2008-06-19 03:25	272,896	----a-w	C:\Windows\System32\polstore.dll
2008-06-12 06:54	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:00 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-02 17:42 3739672]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-04-01 17:17 1271032]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2006-11-02 11:45 49664]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-08-20 19:43 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2008-08-20 19:43 22696]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2006-08-08 10:06 708616]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-08 10:06 708616]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-08-20 19:03 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2006-08-08 10:06 708616 C:\Windows\System32\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys [2007-11-06 18:07]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS
msgopro.sys [2006-09-27 17:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS
msunidr.sys [2006-10-19 16:49]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
R3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0547faaa-8ad8-11dc-8a8c-806e6f6e6963}]
\shell\AutoRun\command - L:
ideiect.com
\shell\explore\Command - L:
ideiect.com
\shell\open\Command - L:
ideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45ff02a1-63aa-11dd-b405-001c25271e2f}]
\shell\AutoRun\command - G:
ideiect.com
\shell\explore\Command - G:
ideiect.com
\shell\open\Command - G:
ideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0f45cd0-8b77-11dc-aaad-001c25271e2f}]
\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede7cdf6-8a73-11dc-b37c-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede7cfb8-8a73-11dc-b37c-001c25271e2f}]
\shell\AutoRun\command - G:\SETUP.EXE
\shell\configure\command - G:\SETUP.EXE
\shell\install\command - G:\SETUP.EXE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-07-25 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Max.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2008-08-20 19:26]

2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{08F52541-BB99-43D5-B22D-6E24A2A342B5}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{399B12F5-B8AF-4FB0-AE82-B196D11AB044}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{7069164B-34C3-444F-A488-9B5EFDB50680}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Real Desktop - C:\Program Files\Real Desktop\Real Desktop.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1iof34ro.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins
pitunes.dll
.
.
------- File Associations (Beta) -------
.
VBEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
VBSFile="%SystemRoot%\System32\WScript.exe" "%1" %*
vbefile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
vbsfile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
jsefile\shell\open\command=%SystemRoot%\System32\WScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 21:04:41
Windows 6.0.6000  NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32unonce.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 21:06:23 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-20 19:06:00
ComboFix2.txt  2008-08-18 10:43:19

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 43,677,483,008 octets libres

408	--- E O F ---	2008-08-18 01:02:51

Utilisateur anonyme · Answer

OK Laisse tes clé branché je te dis la suite

maxouxd · Answer

Okay, j'attends avec impatience, merci , et merci encore.

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 

File:: 
C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\IDSvix86.sys 
L:
ideiect.com 
G:
ideiect.com 
L:\LaunchU3.exe -a
L:\LaunchU3.exe
F:\autorun.exe 
G:\SETUP.EXE

Folder:: 
C:\PROGRA~2\Symantec
C:\Program Files\Panda Security 
C:\ProgramData\Symantec 
C:\Program Files\Common Files\Symantec Shared

Registry:: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"CCUTRAYICON"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Symantec PIF AlertEng"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0547faaa-8ad8-11dc-8a8c-806e6f6e6963}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45ff02a1-63aa-11dd-b405-001c25271e2f}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0f45cd0-8b77-11dc-aaad-001c25271e2f}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede7cdf6-8a73-11dc-b37c-806e6f6e6963}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede7cfb8-8a73-11dc-b37c-001c25271e2f}] 

Driver::
pavboot
IDSvix86

DirLook:: 
C:\Users\Max\AppData\Roaming\Real Desktop 
C:\Users\Max\AppData\Roaming\GetRightToGo 






Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt  

S'il n'y a pas de rédémarrage, poste quand même le rapport.

maxouxd · Answer

Après redémarrage, pendant l'édition du rapport : select a file to crack (dans system32) + Bsod

Mais j'ai trouvé sa :

File::
C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\­IDSvix86.sys
L:
ideiect.com
G:
ideiect.com
L:\LaunchU3.exe -a
L:\LaunchU3.exe
F:\autorun.exe
G:\SETUP.EXE

Folder::
C:\PROGRA~2\Symantec
C:\Program Files\Panda Security
C:\ProgramData\Symantec
C:\Program Files\Common Files\Symantec Shared

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run]
"CCUTRAYICON"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0547faaa-8ad8-11dc-8a8c-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45ff02a1-63aa-11dd-b405-001c25271e2f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0f45cd0-8b77-11dc-aaad-001c25271e2f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede7cdf6-8a73-11dc-b37c-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede7cfb8-8a73-11dc-b37c-001c25271e2f}]

Driver::
pavboot
IDSvix86

DirLook::
C:\Users\Max\AppData\Roaming\Real Desktop
C:\Users\Max\AppData\Roaming\GetRightToGo

Utilisateur anonyme · Answer

ça c est pas le rapport c est le CFScript que yu dois gilsser sur l icone combofix

ouvre le menu demarer dans rechercher tape  : Combofix.txt et post le rapport stp

maxouxd · Answer

ya que des vieux rapports =S, il a pas pu le finir a cause du BSOD !!! Donc je recommence.

Utilisateur anonyme · Answer

ok au pire fais le en mode sans echec

afideg · Answer

Hello,

Afficher un rapport ComboFix
* Fais ceci et si un rapport s'affiche poste-le :
Démarrer -> Exécuter - > copier/coller notepad C:\Combofix.txt
Valider avec - > touche [Entrée]


Al

maxouxd · Answer

BSOD a répétition, j'en ai trop marre des bsod et des select files to crack et des app non valide win32.



ComboFix 08-08-19.03 - Max 2008-08-20 22:15:48.6 - NTFSx86
Endroit: C:\Users\Max\Desktop\Jeanmi.exe
Command switches used :: C:\Users\Max\Desktop\CFScript.txt
 * Création d'un nouveau point de restauration

FILE ::
C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080122.002\­IDSvix86.sys
F:\autorun.exe
G:
ideiect.com
G:\SETUP.EXE
L:\LaunchU3.exe
L:\LaunchU3.exe -a
L:
ideiect.com
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\ban_list.txt
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\110635.exe
C:\Windows\system32\drivers\downld\129605.exe
C:\Windows\system32\drivers\downld\130822.exe
C:\Windows\system32\drivers\downld\139324.exe
C:\Windows\system32\drivers\downld\139558.exe
C:\Windows\system32\drivers\downld\158294.exe
C:\Windows\system32\drivers\downld\169276.exe
C:\Windows\system32\drivers\downld\172755.exe
C:\Windows\system32\drivers\downld\178402.exe
C:\Windows\system32\drivers\downld\258758.exe
C:\Windows\system32\drivers\downld\266917.exe
C:\Windows\system32\drivers\downld\272221.exe
C:\Windows\system32\drivers\downld\275014.exe
C:\Windows\system32\drivers\downld\68843.exe
C:\Windows\system32\drivers\downld\69576.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\mdelk.exe
C:\Windows\system32\wintems.exe
G:
ideiect.com
L:
ideiect.com
F:\autorun.exe . . . . Echec de suppression
.
---- Previous Run -------
.
C:\PROGRA~2\Symantec
C:\PROGRA~2\Symantec\Common Client\settings.bak
C:\PROGRA~2\Symantec\Common Client\settings.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\IDS9xx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\IDSVia64.cat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\IDSVia64.INF
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\IDSviA64.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\IDSVix86.cat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\IDSVix86.INF
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\IDSvix86.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\IDSxpx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\Metadata.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\sigs.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\SymIDSCo.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\SymIDSCo.vxd
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\SymIDSI.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\v.grd
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\v.sig
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080116.003\zdone.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\IDS9xx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\IDSVia64.cat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\IDSVia64.INF
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\IDSviA64.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\IDSVix86.cat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\IDSVix86.INF
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\IDSvix86.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\IDSxpx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\Metadata.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\sigs.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\SymIDSCo.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\SymIDSCo.vxd
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\SymIDSI.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\v.grd
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\v.sig
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\20080122.002\zdone.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\catalog.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\ids9xx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVia64.cat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVia64.inf
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSviA64.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVix86.CAT
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSVix86.INF
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\IDSvix86.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\idsxpx86.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\metadata.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\sigs.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\symidsco.sys
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\symidsco.vxd
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\SymIDSI.dll
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\v.grd
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\v.sig
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\virscan1.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\BinHub\zdone.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\definfo.dat
C:\PROGRA~2\Symantec\Definitions\SymcData\idsdefs\usage.dat
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\Catalog.dat
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\full-webauth.sql.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\hub.scr
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\Identifiers.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\Indicators.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008
ppw.zip
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\PopularSites.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\Redirectors.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\Resources.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\SafeList.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\SearchServices.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\Throttle.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\TrustedDomains.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\URLAnalysis.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\v.grd
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\v.sig
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\virscan1.dat
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080201.008\WebHostingSites.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\Catalog.dat
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\full-webauth.sql.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\hub.scr
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\Identifiers.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\Indicators.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001
ppw.zip
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\PopularSites.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\Redirectors.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\Resources.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\SafeList.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\SearchServices.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\Throttle.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\TrustedDomains.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\URLAnalysis.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\v.grd
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\v.sig
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\virscan1.dat
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\20080202.001\WebHostingSites.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\catalog.dat
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\Identifiers.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\Indicators.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\PopularSites.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\Redirectors.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\Resources.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\SafeList.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\SearchServices.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\Throttle.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\TrustedDomains.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\URLAnalysis.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\v.grd
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\v.sig
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\virscan1.dat
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\BinHub\WebHostingSites.xml.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\definfo.dat
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\latest-hub-webauth.sql.bin
C:\PROGRA~2\Symantec\Definitions\SymcData
co1.0defs\usage.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080131.004\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\vscanmsx.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\20080201.007\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\catalog.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\ERASER.grd
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\ERASER.sig
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\ERASER.spm
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\esrdef.bin
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\hh
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub
aveng.sys
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub
aveng32.dll
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub
avex15.sys
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub
avex32a.dll
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub
csacert.txt
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\scrauth.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\symaveng.cat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\symaveng.inf
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\SymErase.cat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\SymErase.inf
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	cdefs.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	cscan7.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	cscan8.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	cscan9.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	echnote.txt
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	inf.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	infidx.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	infl.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	scan1.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub	scan1hd.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\v.grd
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\v.sig
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan.inf
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan1.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan2.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan3.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan4.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan5.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan6.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan7.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan8.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\virscan9.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\whatsnew.txt
C:\PROGRA~2\Symantec\Definitions\VirusDefs\BinHub\zdone.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\definfo.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs\TextHub\virscant.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1991.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp19b5.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\cur.scr
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\ESRDEF.999
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp
co.dis
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\sesmvirdef32incr.dis
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\TCDEFS.998
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\TCSCAN7.997
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\TCSCAN8.996
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\TCSCAN9.995
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\TINF.994
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\TINFL.993
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\TSCAN1.992
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\V.990
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\V.991
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\VIRSCAN1.989
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\VIRSCAN2.988
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\VIRSCAN3.987
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\VIRSCAN4.986
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\VIRSCAN5.985
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\VIRSCAN6.984
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\VIRSCAN7.983
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\VIRSCAN8.982
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\VIRSCAN9.981
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\virscant.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp1b70.tmp\WHATSNEW.980
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\cur.scr
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\ESRDEF.999
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp
co.dis
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\sesmvirdef32incr.dis
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\TCDEFS.998
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\TCSCAN7.997
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\TCSCAN8.996
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\TCSCAN9.995
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\TINF.994
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\TINFL.993
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\TSCAN1.992
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\V.990
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\V.991
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\VIRSCAN1.989
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\VIRSCAN2.988
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\VIRSCAN3.987
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\VIRSCAN4.986
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\VIRSCAN5.985
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\VIRSCAN6.984
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\VIRSCAN7.983
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\VIRSCAN8.982
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\VIRSCAN9.981
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\virscant.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp22ce.tmp\WHATSNEW.980
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26be.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp26ec.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp2fee.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3015.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\cur.scr
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\ESRDEF.999
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp
co.dis
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\sesmvirdef32incr.dis
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\TCDEFS.998
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\TCSCAN7.997
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\TCSCAN8.996
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\TCSCAN9.995
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\TINF.994
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\TINFL.993
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\TSCAN1.992
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\V.990
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\V.991
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\VIRSCAN1.989
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\VIRSCAN2.988
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\VIRSCAN3.987
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\VIRSCAN4.986
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\VIRSCAN5.985
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\VIRSCAN6.984
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\VIRSCAN7.983
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\VIRSCAN8.982
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\VIRSCAN9.981
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\virscant.dat
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3032.tmp\WHATSNEW.980
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3bc3.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3be4.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d22.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\CATALOG.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\CCERASER.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\ECBOOTIL.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\ECMSVR32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\EECTRL.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\ERASER.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\ERASER.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\ERASER.SPM
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\ERASER.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\ESRDEF.BIN
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\HH
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\NAVENG.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\NAVENG.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\NAVENG.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\NAVENG32.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\NAVEX15.EXP
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\NAVEX15.SYS
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\NAVEX15.VXD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\NAVEX32A.DLL
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\NCSACERT.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\SCRAUTH.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\SYMAVENG.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\SYMAVENG.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\SYMERASE.CAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\SYMERASE.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TCDEFS.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TCSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TCSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TCSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TECHNOTE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TINF.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TINFIDX.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TINFL.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\TSCAN1HD.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\UPDATE.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\V.GRD
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\V.SIG
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN.INF
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN1.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN2.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN3.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN4.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN5.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN6.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN7.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN8.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCAN9.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\VIRSCANT.DAT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\WHATSNEW.TXT
C:\PROGRA~2\Symantec\Definitions\VirusDefs	mp3d49.tmp\ZDONE.DAT
C:\PROGRA~2\Symantec\Definitions\Viru

maxouxd · Answer

BSOD a répétion, horrible.

C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4791.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4abc.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4e90.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4eb4.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f1f.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp4f43.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5642.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mp56bc.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57dd.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp57fd.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5bf0.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d0e.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp5d2f.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mp6144.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mp66ca.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7832.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp795a.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7987.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79b2.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp79dc.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\WHATSNEW.TXT
C:\ProgramData\Sym

maxouxd · Answer

C:\ProgramData\Symantec\Definitions\VirusDefs	mp7ef0.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp7f1b.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mp8da.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\cur.scr
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\ESRDEF.999
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp
co.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\sesmvirdef32incr.dis
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\TCDEFS.998
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\TCSCAN7.997
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\TCSCAN8.996
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\TCSCAN9.995
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\TINF.994
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\TINFL.993
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\TSCAN1.992
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\V.990
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\V.991
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\VIRSCAN1.989
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\VIRSCAN2.988
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\VIRSCAN3.987
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\VIRSCAN4.986
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\VIRSCAN5.985
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\VIRSCAN6.984
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\VIRSCAN7.983
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\VIRSCAN8.982
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\VIRSCAN9.981
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\virscant.dat
C:\ProgramData\Symantec\Definitions\VirusDefs	mpeb6.tmp\WHATSNEW.980
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpedd.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\CATALOG.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\CCERASER.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\ECBOOTIL.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\ECMSVR32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\EECTRL.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\ERASER.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\ERASER.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\ERASER.SPM
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\ERASER.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\ESRDEF.BIN
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\HH
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\NAVENG.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\NAVENG.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\NAVENG.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\NAVENG32.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\NAVEX15.EXP
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\NAVEX15.SYS
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\NAVEX15.VXD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\NAVEX32A.DLL
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\NCSACERT.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\SCRAUTH.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\SYMAVENG.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\SYMAVENG.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\SYMERASE.CAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\SYMERASE.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TCDEFS.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TCSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TCSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TCSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TECHNOTE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TINF.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TINFIDX.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TINFL.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\TSCAN1HD.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\UPDATE.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\V.GRD
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\V.SIG
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN.INF
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN1.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN2.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN3.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN4.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN5.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN6.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN7.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN8.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCAN9.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\VIRSCANT.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\WHATSNEW.TXT
C:\ProgramData\Symantec\Definitions\VirusDefs	mpefd.tmp\ZDONE.DAT
C:\ProgramData\Symantec\Definitions\VirusDefs\usage.dat
C:\ProgramData\Symantec\IDS\IDSSettg.BAK
C:\ProgramData\Symantec\IDS\IDSSettg.dat
C:\ProgramData\Symantec\LiveUpdate\2008-08-17_Log.ALUSchedulerSvc.LiveUpdate
C:\ProgramData\Symantec\LiveUpdate\2008-08-18_Log.ALUSchedulerSvc.LiveUpdate
C:\ProgramData\Symantec\LiveUpdate\2008-08-20_Log.ALUSchedulerSvc.LiveUpdate
C:\ProgramData\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
C:\ProgramData\Symantec\LiveUpdate\Settings.LiveUpdate
C:\ProgramData\Symantec
ppw.zip
C:\ProgramData\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\PollManager_Current.dat
C:\ProgramData\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\PollManager_Job.dat
C:\ProgramData\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SVAR\SVAR_{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}.dat
C:\ProgramData\Symantecmt.dat
C:\ProgramData\Symantec\Shared\QBackup\{00E04411-30E5-4190-9F76-A2C81098E6A7}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{00E04411-30E5-4190-9F76-A2C81098E6A7}\{555A091A-FA7A-426C-9F8F-45A9C390FA42}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{00E04411-30E5-4190-9F76-A2C81098E6A7}\{555A091A-FA7A-426C-9F8F-45A9C390FA42}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{110DAC0A-EDFE-4B8F-B3B8-66BECC16CD9F}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{110DAC0A-EDFE-4B8F-B3B8-66BECC16CD9F}\{597DD44A-C4EA-4DF1-8B9B-6EC5A1A96B03}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{110DAC0A-EDFE-4B8F-B3B8-66BECC16CD9F}\{597DD44A-C4EA-4DF1-8B9B-6EC5A1A96B03}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{183AE88A-1D48-4501-8860-04F77FB5EBB6}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{183AE88A-1D48-4501-8860-04F77FB5EBB6}\{7B54EE8B-9777-4908-B849-4CE43BDE5933}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{183AE88A-1D48-4501-8860-04F77FB5EBB6}\{7B54EE8B-9777-4908-B849-4CE43BDE5933}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{7E621D2A-ECA6-4A37-8F83-97484A869D82}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{7E621D2A-ECA6-4A37-8F83-97484A869D82}\{EF621ED8-7C9E-4B89-9CE2-E0098CF94EAF}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{7E621D2A-ECA6-4A37-8F83-97484A869D82}\{EF621ED8-7C9E-4B89-9CE2-E0098CF94EAF}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{9BC5DC7A-0FA0-47E8-A99C-6DB3361F1415}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{9BC5DC7A-0FA0-47E8-A99C-6DB3361F1415}\{A3BB3494-FA78-4F8E-8C4C-748ACD2C40F8}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{9BC5DC7A-0FA0-47E8-A99C-6DB3361F1415}\{A3BB3494-FA78-4F8E-8C4C-748ACD2C40F8}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{9BC5DC7A-0FA0-47E8-A99C-6DB3361F1415}\{E135B403-4A4E-4105-B59E-F3C767516D3C}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{9BC5DC7A-0FA0-47E8-A99C-6DB3361F1415}\{E135B403-4A4E-4105-B59E-F3C767516D3C}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{9E5AD642-7469-4B56-91C6-A0884B440E2D}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{9E5AD642-7469-4B56-91C6-A0884B440E2D}\{51C8ECDA-7647-49A6-A228-3E58859682F7}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{9E5AD642-7469-4B56-91C6-A0884B440E2D}\{51C8ECDA-7647-49A6-A228-3E58859682F7}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{9E5AD642-7469-4B56-91C6-A0884B440E2D}\{6E6F55D4-CACB-48D5-97E2-731A16BDBA5F}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{9E5AD642-7469-4B56-91C6-A0884B440E2D}\{6E6F55D4-CACB-48D5-97E2-731A16BDBA5F}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{9E658285-AB27-441D-B00E-AF03FA39A88C}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{9E658285-AB27-441D-B00E-AF03FA39A88C}\{46937476-BFA8-4E4C-9BAD-6D77A297133C}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{9E658285-AB27-441D-B00E-AF03FA39A88C}\{46937476-BFA8-4E4C-9BAD-6D77A297133C}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{A4A8DD4B-85BE-4715-B3DA-2282C23D135D}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{A4A8DD4B-85BE-4715-B3DA-2282C23D135D}\{A88BB9E8-DCE0-4E56-B6AF-3BB639D2E2CE}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{A4A8DD4B-85BE-4715-B3DA-2282C23D135D}\{A88BB9E8-DCE0-4E56-B6AF-3BB639D2E2CE}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{B0B45303-F742-4911-9100-72FAFDDEB7C0}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{B0B45303-F742-4911-9100-72FAFDDEB7C0}\{2B11186B-5AB5-4306-A294-980AEF37D1F7}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{B0B45303-F742-4911-9100-72FAFDDEB7C0}\{2B11186B-5AB5-4306-A294-980AEF37D1F7}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{B453481B-2084-4043-A03E-B650F99BF221}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{B453481B-2084-4043-A03E-B650F99BF221}\{484FEBFC-21AD-4592-87EC-5800DE3118A2}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{B453481B-2084-4043-A03E-B650F99BF221}\{484FEBFC-21AD-4592-87EC-5800DE3118A2}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{B453481B-2084-4043-A03E-B650F99BF221}\{6F085827-6D2D-4ECE-A275-F05EB1E33750}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{B453481B-2084-4043-A03E-B650F99BF221}\{6F085827-6D2D-4ECE-A275-F05EB1E33750}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{B63BF5C0-5356-4B04-950E-7829CD756CC8}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{B63BF5C0-5356-4B04-950E-7829CD756CC8}\{70C809E4-6BF4-416C-9005-26F7FDDA7DCF}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{B63BF5C0-5356-4B04-950E-7829CD756CC8}\{70C809E4-6BF4-416C-9005-26F7FDDA7DCF}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{BCC4676E-A9C8-4B2C-B673-50D39ED61D47}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{BCC4676E-A9C8-4B2C-B673-50D39ED61D47}\{38CE0490-925E-4E59-8834-DB2D2A7CB582}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{BCC4676E-A9C8-4B2C-B673-50D39ED61D47}\{38CE0490-925E-4E59-8834-DB2D2A7CB582}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{BCC4676E-A9C8-4B2C-B673-50D39ED61D47}\{D20BB96E-5A6D-4059-A7B6-74EE7922A7F4}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{BCC4676E-A9C8-4B2C-B673-50D39ED61D47}\{D20BB96E-5A6D-4059-A7B6-74EE7922A7F4}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{C678FCA2-A063-4948-A30A-D64A1B470728}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{C678FCA2-A063-4948-A30A-D64A1B470728}\{4C759D46-93C8-43E4-87DF-F8165A5B5C0D}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{C678FCA2-A063-4948-A30A-D64A1B470728}\{4C759D46-93C8-43E4-87DF-F8165A5B5C0D}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{C678FCA2-A063-4948-A30A-D64A1B470728}\{C68909D3-1E62-44A6-BDB5-A24DC857BECF}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{C678FCA2-A063-4948-A30A-D64A1B470728}\{C68909D3-1E62-44A6-BDB5-A24DC857BECF}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{DB16386C-1B64-4502-BBBB-ED4CFEB222FD}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{DB16386C-1B64-4502-BBBB-ED4CFEB222FD}\{F403E584-0463-478A-82E9-4DF1CA254962}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{DB16386C-1B64-4502-BBBB-ED4CFEB222FD}\{F403E584-0463-478A-82E9-4DF1CA254962}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{FE6F05E5-2472-4909-A0F6-1587E482F862}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{FE6F05E5-2472-4909-A0F6-1587E482F862}\{5199E196-93CB-437F-94A5-50A8EE303E74}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{FE6F05E5-2472-4909-A0F6-1587E482F862}\{5199E196-93CB-437F-94A5-50A8EE303E74}.qbi
C:\ProgramData\Symantec\Shared\QBackup\{FE6F05E5-2472-4909-A0F6-1587E482F862}\{766E6CDB-459E-47DB-8D12-68DA199AB1FA}.qbd
C:\ProgramData\Symantec\Shared\QBackup\{FE6F05E5-2472-4909-A0F6-1587E482F862}\{766E6CDB-459E-47DB-8D12-68DA199AB1FA}.qbi
C:\ProgramData\Symantec\Shared\QBackup\index.qbs
C:\ProgramData\Symantec\SubEng\SCD.xml
C:\ProgramData\Symantec\SubEng\submissions.idx
C:\ProgramData\Symantec\SyKnAppS\cohcol.grd
C:\ProgramData\Symantec\SyKnAppS\cohcol.sig
C:\ProgramData\Symantec\SyKnAppS\cohcol.wlt
C:\ProgramData\Symantec\SyKnAppS\Freezer\CAV\COHCOL.grd
C:\ProgramData\Symantec\SyKnAppS\Freezer\CAV\COHCOL.sig
C:\ProgramData\Symantec\SyKnAppS\Freezer\CAV\COHCOL.wlt
C:\ProgramData\Symantec\SyKnAppS\Freezer\CAV\SyKnAppS.dll
C:\ProgramData\Symantec\SyKnAppS\patch25.dll
C:\ProgramData\Symantec\SyKnAppS\SyKnAppS.dll
C:\ProgramData\Symantec\SyKnAppS\SyKnAppS.grd
C:\ProgramData\Symantec\SyKnAppS\SyKnAppS.sig
C:\ProgramData\Symantec\SyKnAppS\SyKnAppS.spm
C:\ProgramData\Symantec\SymNetDrv\Default.rul
C:\ProgramData\Symantec\SymNetDrv\Firewall.BAK
C:\ProgramData\Symantec\SymNetDrv\Firewall.rul
C:\ProgramData\Symantec\SymNetDrv\LocationMap.dat
C:\ProgramData\Symantec\SymNetDrv\Persist.BAK
C:\ProgramData\Symantec\SymNetDrv\Persist.Dat
C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log
C:\ProgramData\Symantec\SymNetDrv\SNDCON.log
C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log
C:\ProgramData\Symantec\SymNetDrv\SNDFW.log
C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log
C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log
C:\ProgramData\Symantec\SymNetDrv\TModule.Dat
C:\ProgramData\Symantec\SymNetDrv\TParent.Dat
C:\ProgramData\Symantec\wcid0.log
C:\ProgramData\Symantec\wds.dat
G:
ideiect.com
G:\SETUP.EXE
L:
ideiect.com
F:\autorun.exe . . . . Echec de suppression

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IDSVIX86
-------\Legacy_PAVBOOT
-------\Service_IDSvix86
-------\Service_pavboot
-------\Legacy_SROSA
-------\Service_srosa


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-20 to 2008-08-20  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 17:31	167,936	----a-w	C:\VaccinUSB.exe
2008-08-20 17:03	---------	d-----w	C:\Program Files\Alwil Software
2008-08-20 16:50	---------	d-----w	C:\Program Files\Trend Micro
2008-08-20 15:18	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-18 11:32	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 07:34	---------	d-----w	C:\Program Files\Sophos
2008-08-18 01:08	---------	d-----w	C:\Program Files\Windows Mail
2008-08-17 23:18	---------	d-----w	C:\Program Files\Norton Internet Security
2008-08-17 23:18	---------	d-----w	C:\Program Files\Microsoft Works
2008-08-17 13:02	---------	d-----w	C:\Program Files\EsetOnlineScanner
2008-08-17 13:01	38,472	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01	17,144	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-08-16 23:58	---------	d-----w	C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-08-16 19:51	---------	d-----w	C:\Users\Max\AppData\Roaming\Malwarebytes
2008-08-16 19:51	---------	d-----w	C:\ProgramData\Malwarebytes
2008-08-16 16:45	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27	---------	d-----w	C:\Program Files\Common Files\Steam
2008-08-06 08:54	---------	d-----w	C:\Program Files\Microsoft Money 2005
2008-08-04 16:22	---------	d-----w	C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 09:51	---------	d-----w	C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07	---------	d-----w	C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06	---------	d-----w	C:\ProgramData\Apple Computer
2008-07-22 09:06	---------	d-----w	C:\Program Files\iTunes
2008-07-22 09:06	---------	d-----w	C:\Program Files\iPod
2008-07-21 19:27	---------	d-----w	C:\Program Files\QuickTime
2008-07-21 19:25	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-21 19:24	---------	d-----w	C:\ProgramData\Apple
2008-07-21 19:24	---------	d-----w	C:\Program Files\Common Files\Apple
2008-07-19 14:36	51,280	----a-w	C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-10 15:05	174	--sha-w	C:\Program Files\desktop.ini
2008-07-03 11:33	---------	d-----w	C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33	---------	d-----w	C:\Program Files\OpenAL
2008-06-28 17:28	---------	d-----w	C:\Program Files\Picasa2
2008-06-28 17:28	---------	d-----w	C:\Program Files\Google
2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Users\Max\AppData\Roaming\GetRightToGo ----

2008-07-22 11:51	0	--a------	C:\Users\Max\AppData\Roaming\GetRightToGo\download-install_virtualdj_trial_v5_0.exe.data 
2008-07-22 11:51	0	--a------	C:\Users\Max\AppData\Roaming\GetRightToGo\download-install_virtualdj_trial_v5_0.exe.d000 
2008-07-22 11:49	10966	--a------	C:\Users\Max\AppData\Roaming\GetRightToGo\download-install_virtualdj_trial_v5_0.exe.htm 

---- Directory of C:\Users\Max\AppData\Roaming\Real Desktop ----



(((((((((((((((((((((((((((((   snapshot@2008-08-20_21.05.13.92   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-20 19:02:41	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-08-20 20:22:56	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-08-20 20:22:56	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat.LOG1
- 2008-08-20 19:02:30	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
+ 2008-08-20 20:22:56	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
+ 2008-08-20 20:22:56	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat.LOG1
- 2008-08-20 18:48:38	107,416	----a-w	C:\Windows\System32\perfc009.dat
+ 2008-08-20 19:53:58	107,416	----a-w	C:\Windows\System32\perfc009.dat
- 2008-08-20 18:48:38	121,814	----a-w	C:\Windows\System32\perfc00C.dat
+ 2008-08-20 19:53:58	121,814	----a-w	C:\Windows\System32\perfc00C.dat
- 2008-08-20 18:48:38	618,272	----a-w	C:\Windows\System32\perfh009.dat
+ 2008-08-20 19:53:58	618,272	----a-w	C:\Windows\System32\perfh009.dat
- 2008-08-20 18:48:38	699,984	----a-w	C:\Windows\System32\perfh00C.dat
+ 2008-08-20 19:53:58	699,984	----a-w	C:\Windows\System32\perfh00C.dat
- 2006-08-08 08:06:00	708,616	----a-w	C:\Windows\System32\RtHDVCpl.exe
+ 2008-08-20 20:23:29	709,120	----a-w	C:\Windows\System32\RtHDVCpl.exe
- 2008-08-20 19:02:34	5,114	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
+ 2008-08-20 20:13:57	5,482	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
- 2008-08-20 19:02:34	63,814	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-20 20:13:57	63,990	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-20 19:02:29	42,952	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-20 20:13:54	43,384	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:00 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-02 17:42 3739672]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-04-01 17:17 1271032]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2006-11-02 11:45 49664]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [BU]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2008-08-20 21:50 22696]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2006-08-08 10:06 708616]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-08 10:06 708616]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"RtHDVCpl"="RtHDVCpl.exe" [2006-08-08 10:06 708616 C:\Windows\System32\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000007

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS
msgopro.sys [2006-09-27 17:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS
msunidr.sys [2006-10-19 16:49]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
R3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{08F52541-BB99-43D5-B22D-6E24A2A342B5}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{399B12F5-B8AF-4FB0-AE82-B196D11AB044}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{7069164B-34C3-444F-A488-9B5EFDB50680}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 22:23:14
Windows 6.0.6000  NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\conime.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32undll32.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-20 22:28:17 - machine was rebooted [Max]
ComboFix-quarantined-files.txt  2008-08-20 20:28:13

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 44,809,052,160 octets libres

4891	--- E O F ---	2008-08-18 01:02:51

Utilisateur anonyme · Answer

ok on test hijackthis 

supprime le si tu l a et :


Télécharge HijackThis ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

maxouxd · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59, on 2008-08-20
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

Utilisateur anonyme · Answer

Je précise, je suis en mode sans échec.

yes et je voulais que tu le fasse en mode normal stp pour test si win32 blabla supprime hijackthis et retelecharge le

maxouxd · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:37, on 20/08/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\V0230Mon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

Utilisateur anonyme · Answer

instal un antivirus 

regarde ceci concernant avast : 

antivir vs avast : 

-> http://forum.malekal.com/ftopic3528.php 


alors je te conseille  desinstaller et d´installer antivir a la place 

Telecharge et instales l'antivirus Antivir Personal Edition Classic : 

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

tuto : https://www.malekal.com/avira-free-security-antivirus-gratuit/
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59 


désinstal java car pas a jours et telecharge et instal cette version :

https://sdlc-esd.oracle.com/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe?GroupName=JSC&FilePath=/ESD44/JSCDL/jdk/6u7/jre-6u7-windows-i586-p-s.exe&BHost=javadl.sun.com&File=jre-6u7-windows-i586-p-s.exe&AuthParam=1580978146_46494a57fbc0e7c89e79cfb72e28cd3a&ext=.exe


idem pour adobe reader : 

http://ardownload.adobe.com/pub/adobe/reader/win/9.x/9.0/fra/AdbeRdr90_fr_FR.exe


ensuite désinstal liveupdatre de symantec 

apres dis nous comment va le pc stp windows defender etc

maxouxd · Answer

jme met en pause, je télécharge tout sa, et je recommence demain. Bonne nuit et encore merci.

Utilisateur anonyme · Answer

ok a demain

jlpjlp · Answer

slt a tous en passant dans combofix il y a ceci: F:\autorun.exe . . . . Echec de suppression peux tu nous faire ceci: Télécharge RavAntivirus d'Evosla : http://ww25.evosla.com/compteur.php?soft=rav_antivirus # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau # Doucle-clique sur >> RAV.exe << afin de lancer l'outil. # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles) # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain . # Retire tes disques amovibles et redémarrez votre ordinateur. # Poste le rapport, si infection! et tu nous colleras comme indiqué un rapport avec antivir

maxouxd · Answer

j'vais pété un cable, WIN32 non valide. Mais putain j'en ai trop marre là.

Bon jme remet en sans échec , jespere que sa va fonctionner.

afideg · Answer

Bonjour à tous

Max, en attendant Chiquitine, accepterais-tu de lancer cette commande de recherche, SVP:

ATTENTION : Sous VISTA ==> Pour cette ligne de commande de Startvir, essaie de lancer la console de commande comme indiqué ici: https://www.astucesinternet.com/modules/smartfaq/faq.php?faqid=142 
C'est-à-dire Clic sur [Démarrer] > "Exécuter" > puis, copier/coller CMD dans la zone de saisie; 
ensuite, valide en enfonçant simultanément ces trois touches clavier : [Ctrl + Shift + Entrée] 
Une page DOS (noire) s'affiche.
 
Et là où tu vois un tiret clignotant, colle la ligne de commande: 
findstr /S /I /M /L "Themida" C:*.exe>>"%userprofile%bureauStartvir.txt" 
puis [Enter]

Note: Si [Enter] ne va pas, alors fais [Ctrl + Shift + Entrée] .

Merci pour ta collaboration.

Pas de souci, on va te dépanner.
As-tu téléchargé Antivir Personal Edition Classic , et supprimé AVAST (la passoire) ?

Al.

maxouxd · Answer

C'est fait, mais sa m'a rien affiché !

afideg · Answer

(suite) Commence par ceci: Désactive la restauration système. Clic droit sur poste de travail > propriétés > onglet restauration système Coche "désactiver la restauration système sur tous les lecteurs". clic sur ok pour valider Télécharge l'outil Flash_Disinfector de sUBs: http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe Enregistre Flash_Disinfector.exe sur ton bureau. Double clique sur Flash_Disinfector.exe pour l'exécuter. Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra : Connecte au pc, clé USB, DD externes, susceptibles d'avoir été infectés. Puis clic sur Ok Les icônes sur le bureau vont disparaître jusqu'à l'apparition du message: [Done!!] Appuies ensuite sur OK, pour faire réapparaître le bureau. Si tout a bien fonctionné jusque là, l'infection est supprimé en totalité. Réactive la restauration système. Clic droit sur poste de travail > propriétés > onglet restauration système Décoche "désactiver la restauration système sur tous les lecteurs". Clic sur ok pour valider. Fais ensuite un ScanOnline chez Bitdefender : < http://www.bitdefender.fr/bd/site/page.php > ou < https://www.bitdefender.fr/ > ( fonctionne uniquement sous Internet Explorer en acceptant l’ activeX) * En bas, à gauche de la fenêtre, clique sur "BitDefender SCAN ONLINE" * Dans la nouvelle fenêtre, clique sur "I agree" (Accepte la licence ) Accepter et installer le contrôle des ActivesX * La fenêtre change encore, clique sur "Click here to scan" * Les signatures se chargent, etc. •- Sauvegarde le rapport comme ceci: Clic sur "Enregistrer sous..." > choisis « bureau » ( en "nom" mettre "rapport BitD" par exemple ; et en "type" choisir "fichier HTML" (*.html) • > ouvrir le fichier sauvegardé > copier/coller le rapport sur le forum. Tuto Morgane < http://pageperso.aol.fr/loraline60/bitdefender_scan.htm > Merci Al

maxouxd · Answer

je suis sous vista. J'ai pas de poste de travail et ya pas cet onglet.

afideg · Answer

Agrr..
Saleté de Vista!

Désactiver et réactiver la restauration système sous Vista
https://forum.malekal.com/viewtopic.php?f=59&t=5385


Merci
Al.


As-tu téléchargé Antivir Personal Edition Classic , et supprimé AVAST (la passoire) ?

maxouxd · Answer

https://www.casimages.com/i/080821121120297860.jpg.html

regardez moi sa, impossible de télécharger, que ce soit avec Mozilla ou Internet Explorer.

Encore merci pour vos aides.



PS: je suis en sans échec , pas de problème pour la protection, elle est désactivée d'office (onglet non présent)

PS2: plus de passoire, mais impossible de télécharger antivir...

afideg · Answer

(suite)
Tu t'en souviendras des cracks et P2P.  ;)

Télécharge ce fichier : http://ww11.kellys-korner-xp.com/regs_edits/exefix.reg 
Exécute-le
Accepte éventuellement la fusion

Al.

maxouxd · Answer

et jle télécharge comment ? Sa fait pareil!!

j'ai fait une manip, et j'ai réussi. MAIS : https://www.casimages.com/i/080821124036563134.jpg.html

Utilisateur anonyme · Answer

re 

merci d etre intervenu les gars 

Max ou en est tu ? 

peut tu telecharger ainsi ?

Antivir : clic droit sur le lien , enregister la cible sous .....bureau :

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

afideg · Answer

"Scan en ligne de Kaspersky" https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr  sous "Internet Explorer".
Branche ton Disque Externe (clé USB) éventuellement
- Clique sur "Démarrer Online-Scanner" (en bas à droite de la page) .
- Clique maintenant sur "J'accepte". 
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire. 
- Patiente pendant l'installation des "Mises à jour". 
Clic sur « Paramètres d'analyse » 
Coche la case "Étendue" >> Ok 
- Choisis par la suite l'analyse du "Poste de travail" pour faire un « Scan complet ». 
- Sauvegarde puis colle le rapport généré en fin d'analyse.
 http://i204.photobucket.com/albums/bb106/Juliet702/Kas-SaveReport-1.gif 
http://i204.photobucket.com/albums/bb106/Juliet702/Kas-Savetxt.gif 

AIDE : Configurer le contrôle des ActiveX < http://www.inoculer.com/activex.php3  >
Tuto ici si problème : http://www.vista-xp.fr/forum/topic109.html  , ou là : https://forum.pcastuces.com/sujet.asp?f=25&s=37641  (par Morgane & nico_dodo)
                           
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

maxouxd · Answer

jvous explique, quand je fais enregistrer la cible sous, le fichier arrive et disparait tout de suite !! Il reste que le   .part, et si jessaye de l'ouvrir, il me dis que le fichier n'existe pas =S. Donc , pas de antivir.



Je lance le scan !

Utilisateur anonyme · Answer

tu as toujours combofix ?,

maxouxd · Answer

J'ai combofix ! (renomé "jeanmi")

Utilisateur anonyme · Answer

ok c est un bon début -;)

Branche toutes tes clé usb et disques externes (sans les ouvrirs) et scan avec combofix 

ensuite tu post le rapport stp

maxouxd · Answer

J'arrête kaspery Online ?

Utilisateur anonyme · Answer

oui pour l instant on le passera after

maxouxd · Answer

un Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51, on 2008-08-21
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

-- 



Je lance comboFIX

maxouxd · Answer

ComboFix 08-08-19.06 - SYSTEM 2008-08-21 13:54:16.7 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.1421 [GMT 2:00]
Endroit: C:\Users\Max\Desktop\Jeanmi.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Max\AppData\Roaming\m
C:\Users\Max\AppData\Roaming\m\data.oct
C:\Users\Max\AppData\Roaming\m\flec006.exe
C:\Users\Max\AppData\Roaming\m\list.oct
C:\Users\Max\AppData\Roaming\m\shared
C:\Users\Max\AppData\Roaming\m\shared\1602_A.D._1.zip
C:\Users\Max\AppData\Roaming\m\shared\3D_Object_Converter_4.00_[Crack].zip
C:\Users\Max\AppData\Roaming\m\shared\4_Yeo_In_Font_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Aardvark_2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Acoustica_MP3_Audio_Mixer_2.471b_[Serial].zip
C:\Users\Max\AppData\Roaming\m\shared\Active_WebTraffic_8.0.6.2_[Key].zip
C:\Users\Max\AppData\Roaming\m\shared\Address_Uno_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\ALink_1.01.zip
C:\Users\Max\AppData\Roaming\m\shared\AllDay_DJ_Mass_Import_Tool_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\ALTools_Lunar_Zodiac_Horse_Wallpaper_2005.zip
C:\Users\Max\AppData\Roaming\m\shared\AntiPlagiarist_1.8.zip
C:\Users\Max\AppData\Roaming\m\shared\AntiVir.Personal.Edition.Classic.v7.0.Final.zip
C:\Users\Max\AppData\Roaming\m\shared\ASCII_Decoder_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Auto_Installer_1.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Barcode_DLL_for_Pocket_PC_5.zip
C:\Users\Max\AppData\Roaming\m\shared\Beautiful_Calculator_3.2.6.zip
C:\Users\Max\AppData\Roaming\m\shared\bitsoft_Text2HTML_Converter_1.1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Blurb_BookSmart_1.3.1_beta.zip
C:\Users\Max\AppData\Roaming\m\shared\CloseCD_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Code_Converter_1.03b.zip
C:\Users\Max\AppData\Roaming\m\shared\Collect_the_Red_Dots_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Collidoscope_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Company_Management_System_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Console_Palette_Changer_1.03.zip
C:\Users\Max\AppData\Roaming\m\shared\Convert2ISO_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Cutline_Filter_1.11.zip
C:\Users\Max\AppData\Roaming\m\shared\Deepnet_Explorer_1.5.3_beta_3.zip
C:\Users\Max\AppData\Roaming\m\shared\Delta_Force_Black_Hawk_Down_gameplay_movie_2.zip
C:\Users\Max\AppData\Roaming\m\shared\Diggles_The_Myth_of_Fenris_demo.zip
C:\Users\Max\AppData\Roaming\m\shared\Digital_Camera_Poster_Creator_2.52.zip
C:\Users\Max\AppData\Roaming\m\shared\DILEMMA_1.0_Patch.zip
C:\Users\Max\AppData\Roaming\m\shared\DopeWars_(Palm)_2.4.6.zip
C:\Users\Max\AppData\Roaming\m\shared\Download_Statusbar_0.9.5.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Driving_Speed_1.16.zip
C:\Users\Max\AppData\Roaming\m\shared\Drum_Station_DT-010_1.09.zip
C:\Users\Max\AppData\Roaming\m\shared\DrWeb.4.33.PL.i.EN.+key.zip
C:\Users\Max\AppData\Roaming\m\shared\DVD_Rip_Factory_Pro_7.3.3.16_(Patch).zip
C:\Users\Max\AppData\Roaming\m\shared\DVD_to_Zune_Converter_+_Video_to_Zune_Converter_Suite_3.6_[Key].zip
C:\Users\Max\AppData\Roaming\m\shared\DWeb_Pro_3.4.1.zip
C:\Users\Max\AppData\Roaming\m\shared\EfreeSoft_Boss_Key_3.30.zip
C:\Users\Max\AppData\Roaming\m\shared\Ekspos_Image_Viewer_0.8.3.zip
C:\Users\Max\AppData\Roaming\m\shared\FeedReader_2.9.zip
C:\Users\Max\AppData\Roaming\m\shared\FilesCollection_2.0b_KeyGen.zip
C:\Users\Max\AppData\Roaming\m\shared\Flash_Horizontal_Menu_Wizard_2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\FlashKeeper_2.1_Key+Serial.zip
C:\Users\Max\AppData\Roaming\m\shared\Flv_Recorder_2.0.0.852.zip
C:\Users\Max\AppData\Roaming\m\shared\FontCreator_Home_Edition_5.6_(Patch).zip
C:\Users\Max\AppData\Roaming\m\shared\Free_Registry_Defrag_2.32.zip
C:\Users\Max\AppData\Roaming\m\shared\FroogleUp_1.2.3.zip
C:\Users\Max\AppData\Roaming\m\shared\FTP_Commander_Pro_8.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Games_Folder_0.31_Alpha_3.zip
C:\Users\Max\AppData\Roaming\m\shared\GeoLocateFox_0.2.zip
C:\Users\Max\AppData\Roaming\m\shared\H&H_Germany2Go_Talking_Phrase_Book_(Palm_OS)_3.zip
C:\Users\Max\AppData\Roaming\m\shared\HP0-265_Practice_Exam_Testing_Engine_Software_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\HzTail_1.0_(Key+Serial).zip
C:\Users\Max\AppData\Roaming\m\shared\ICQ_Monitor_Sniffer_3.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Ikaros_1.0.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Internet_Anywhere_Toolkit_3.2.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Jackson_Hole_Web_Cams_1.7.zip
C:\Users\Max\AppData\Roaming\m\shared\Jimmy_Neutron_Rescue_Jet_Fusion_1.zip
C:\Users\Max\AppData\Roaming\m\shared\jPDFText_1.11.zip
C:\Users\Max\AppData\Roaming\m\shared\KIBASE_Power_Pointer_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Killer_1.zip
C:\Users\Max\AppData\Roaming\m\shared\Limerick_Europe_3.1.zip
C:\Users\Max\AppData\Roaming\m\shared\LingvoSoft_Talking_Picture_Dictionary_2007_French_-_Russian_1.1.18.zip
C:\Users\Max\AppData\Roaming\m\shared\LogObserver_1.4.0.1564.zip
C:\Users\Max\AppData\Roaming\m\shared\LollyDex_Correspondence_Index_2.0_[Crack].zip
C:\Users\Max\AppData\Roaming\m\shared\MainActor_5.1.zip
C:\Users\Max\AppData\Roaming\m\shared\MakoButton_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Masters_of_Orion_II_Update_(PowerPC)_1.6.zip
C:\Users\Max\AppData\Roaming\m\shared\MB4-219_Practice_Exam_Testing_Engine_Software_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Media_Fortress_1.0.1_Cracked.zip
C:\Users\Max\AppData\Roaming\m\shared\Melopolis_Studio_1.018.zip
C:\Users\Max\AppData\Roaming\m\shared\memecats_1.0_[Crack].zip
C:\Users\Max\AppData\Roaming\m\shared\MindChart_Business_Edition_2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Mocha_TN5250_for_Vista_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\MP3_Output_Plug-in_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\MP3_Splitter_&_Joiner_Pro_3.46_[Key+Serial].zip
C:\Users\Max\AppData\Roaming\m\shared\Multicom_2.0.zip
C:\Users\Max\AppData\Roaming\m\shared\MultiMemories_2.9.zip
C:\Users\Max\AppData\Roaming\m\shared\My_Sporting_Hero_Recorder_1.01_(Patch).zip
C:\Users\Max\AppData\Roaming\m\shared\My_Videogame_Collection_1.zip
C:\Users\Max\AppData\Roaming\m\shared\MySimpleFTP_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\MySQL-to-Oracle_2.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Navicat_PostgreSQL_7.2.11_[Key+Serial].zip
C:\Users\Max\AppData\Roaming\m\shared\Norms_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Pack-X_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Panda-Arroz_Con_Leche-2000-NoGrp.zip
C:\Users\Max\AppData\Roaming\m\shared\Panda_TruPrevent_Corporate_3.06_KeyGen.zip
C:\Users\Max\AppData\Roaming\m\shared\Personal_Health_Desk_1.1.zip
C:\Users\Max\AppData\Roaming\m\shared\Photo_SlideShow_Maker_2.9_Cracked.zip
C:\Users\Max\AppData\Roaming\m\shared\Photo_to_Sketch_3.5.zip
C:\Users\Max\AppData\Roaming\m\shared\Picalo_4.12.zip
C:\Users\Max\AppData\Roaming\m\shared\Power_Spy_2007_6.10.zip
C:\Users\Max\AppData\Roaming\m\shared\PSPShuffle_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\QIC_Webfotoalbum_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Quick_Album_1.zip
C:\Users\Max\AppData\Roaming\m\shared\RaidenMAILD_1.9.1.3_Key+Serial.zip
C:\Users\Max\AppData\Roaming\m\shared\Real_Estate_Notebook_2.21_[Serial].zip
C:\Users\Max\AppData\Roaming\m\shared\Recovery_for_Access_2.2.0715.zip
C:\Users\Max\AppData\Roaming\m\shared\Rheinturmuhr_2.1.zip
C:\Users\Max\AppData\Roaming\m\shared\RustemSoft.Controls_.NET_2.0_assembly_2.30.05_(KeyGen).zip
C:\Users\Max\AppData\Roaming\m\shared\Second_Backup_2007.2.1_(Serial).zip
C:\Users\Max\AppData\Roaming\m\shared\Sexy_Buffy_Screensaver_-_BabeSaver.com_1.zip
C:\Users\Max\AppData\Roaming\m\shared\ShadowServer_2.5.zip
C:\Users\Max\AppData\Roaming\m\shared\Sid_Meier's_Alien_Crossfire_demo_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Sigmasoft_eRecruitment_1.1_(With_Crack).zip
C:\Users\Max\AppData\Roaming\m\shared\SmarThumb_my.shredder_2.1.3.zip
C:\Users\Max\AppData\Roaming\m\shared\Soundy_Mouse_1.zip
C:\Users\Max\AppData\Roaming\m\shared\Speak_I.D._1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Spirits_On_The_Wind2_1.0.6.2634.zip
C:\Users\Max\AppData\Roaming\m\shared\Steel's_World_II_(Dungeon_Siege).zip
C:\Users\Max\AppData\Roaming\m\shared\SupportMonkey_2002_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\Talking_Maritime_Encyclopedia_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\The_Wireless_Toolkit_2.5_[With_Crack].zip
C:\Users\Max\AppData\Roaming\m\shared\Timer_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\USA_Shield_2.15.zip
C:\Users\Max\AppData\Roaming\m\shared\Vanga_Rengi_Mangaro_1.0.4.492_Crack.zip
C:\Users\Max\AppData\Roaming\m\shared\VCamChat_1.6-rev10.zip
C:\Users\Max\AppData\Roaming\m\shared\Visual_Horse_2.2.zip
C:\Users\Max\AppData\Roaming\m\shared\ViVi_DVD_Ripper_3.1.7.zip
C:\Users\Max\AppData\Roaming\m\shared\VK_TypeHelp_1.2.zip
C:\Users\Max\AppData\Roaming\m\shared\Winter_Day_Demo_Screensaver_1.0_Cracked.zip
C:\Users\Max\AppData\Roaming\m\shared\Wireless_Snif_4.2.120_(Crack).zip
C:\Users\Max\AppData\Roaming\m\shared\WordPerfect_to_XML_HTML_-_WP_2_Web_Publisher_1.0.zip
C:\Users\Max\AppData\Roaming\m\shared\XN_Resource_Editor_3.0.0.1_Build_6000.zip
C:\Users\Max\AppData\Roaming\m\shared\Zagat_To_Go_for_Blackberry_4.0.1.zip
C:\Users\Max\AppData\Roaming\m\shared\ZeroTraces_WinCleaner_N'_Optimizer_2.6.1.1_Serial.zip
C:\Users\Max\AppData\Roaming\m\shared\Zoho_CRM_5.0.zip
C:\Users\Max\AppData\Roaming\m\srvlist.oct
C:\Windows\system32\ban_list.txt
C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\108592.exe
C:\Windows\system32\drivers\downld\109403.exe
C:\Windows\system32\drivers\downld\115113.exe
C:\Windows\system32\drivers\downld\125222.exe
C:\Windows\system32\drivers\downld\132850.exe
C:\Windows\system32\drivers\downld\137140.exe
C:\Windows\system32\drivers\downld\141539.exe
C:\Windows\system32\drivers\downld\143552.exe
C:\Windows\system32\drivers\downld\147093.exe
C:\Windows\system32\drivers\downld\149604.exe
C:\Windows\system32\drivers\downld\154206.exe
C:\Windows\system32\drivers\downld\229664.exe
C:\Windows\system32\drivers\downld\230257.exe
C:\Windows\system32\drivers\downld\239024.exe
C:\Windows\system32\drivers\downld\250288.exe
C:\Windows\system32\drivers\downld\253392.exe
C:\Windows\system32\drivers\downld\265264.exe
C:\Windows\system32\drivers\downld\59841.exe
C:\Windows\system32\drivers\downld\75972.exe
C:\Windows\system32\drivers\downld\84536.exe
C:\Windows\system32\drivers\downld\85394.exe
C:\Windows\system32\drivers\downld\97719.exe
C:\Windows\system32\drivers\hldrrr.exe
C:\Windows\system32\drivers\mdelk.exe
C:\Windows\system32\mdelk.exe
C:\Windows\system32\wintems.exe
G:\autorun.inf
L:\autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_srosa


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-21 to 2008-08-21  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 10:41	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-08-21 10:27	---------	d-----w	C:\Program Files\Trend Micro
2008-08-20 21:17	---------	d-----w	C:\ProgramData\Symantec
2008-08-20 17:31	167,936	----a-w	C:\VaccinUSB.exe
2008-08-20 17:03	---------	d-----w	C:\Program Files\Alwil Software
2008-08-20 15:18	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-18 11:32	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 07:34	---------	d-----w	C:\Program Files\Sophos
2008-08-18 01:08	---------	d-----w	C:\Program Files\Windows Mail
2008-08-17 23:18	---------	d-----w	C:\Program Files\Norton Internet Security
2008-08-17 23:18	---------	d-----w	C:\Program Files\Microsoft Works
2008-08-17 13:02	---------	d-----w	C:\Program Files\EsetOnlineScanner
2008-08-17 13:01	38,472	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01	17,144	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-08-16 23:58	---------	d-----w	C:\Users\Sam\AppData\Roaming\Malwarebytes
2008-08-16 19:51	---------	d-----w	C:\Users\Max\AppData\Roaming\Malwarebytes
2008-08-16 19:51	---------	d-----w	C:\ProgramData\Malwarebytes
2008-08-16 16:45	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27	---------	d-----w	C:\Program Files\Common Files\Steam
2008-08-06 08:54	---------	d-----w	C:\Program Files\Microsoft Money 2005
2008-08-04 16:22	---------	d-----w	C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 09:51	---------	d-----w	C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07	---------	d-----w	C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06	---------	d-----w	C:\ProgramData\Apple Computer
2008-07-22 09:06	---------	d-----w	C:\Program Files\iTunes
2008-07-22 09:06	---------	d-----w	C:\Program Files\iPod
2008-07-21 19:27	---------	d-----w	C:\Program Files\QuickTime
2008-07-21 19:25	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-21 19:24	---------	d-----w	C:\ProgramData\Apple
2008-07-21 19:24	---------	d-----w	C:\Program Files\Common Files\Apple
2008-07-10 15:05	174	--sha-w	C:\Program Files\desktop.ini
2008-07-03 11:33	---------	d-----w	C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33	---------	d-----w	C:\Program Files\OpenAL
2008-06-28 17:28	---------	d-----w	C:\Program Files\Picasa2
2008-06-28 17:28	---------	d-----w	C:\Program Files\Google
2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
.

(((((((((((((((((((((((((((((   snapshot_2008-08-20_22.27.32.74   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-20 20:22:56	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-08-21 11:58:16	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-08-21 11:58:16	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat.LOG1
- 2008-08-20 20:22:56	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
+ 2008-08-21 11:58:16	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
+ 2008-08-21 11:58:16	262,144	---ha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat.LOG1
- 2007-11-04 01:33:47	70,104	----a-w	C:\Windows\System32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2008-08-20 20:37:04	105,256	----a-w	C:\Windows\System32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2008-08-20 20:40:16	16,384	----a-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-08-20 17:03:42	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-21 11:58:18	49,152	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-20 20:40:15	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008082020080821\index.dat
+ 2008-08-21 11:30:06	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008082120080822\index.dat
+ 2008-08-21 10:41:47	78,924	----a-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat
- 2008-08-20 17:03:42	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-21 11:58:18	180,224	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-18 10:38:58	53,248	----a-w	C:\Windows\System32\config\systemprofile\AppData\Local\Temp\catchme.dll
+ 2008-08-21 11:58:44	53,248	----a-w	C:\Windows\System32\config\systemprofile\AppData\Local\Temp\catchme.dll
+ 2008-08-21 11:33:36	64,690	----a-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\8.0\UserCache.bin
+ 2008-08-21 10:38:55	20,040	----a-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
- 2008-08-20 17:03:42	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-21 11:58:18	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-17 13:33:02	142,730	----a-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\compreg.dat
+ 2008-08-21 10:27:32	142,730	----a-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\compreg.dat
- 2008-08-20 16:49:42	14,183	----a-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\pluginreg.dat
+ 2008-08-21 10:28:13	10,875	----a-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\pluginreg.dat
- 2008-08-17 13:33:02	96,112	----a-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\xpti.dat
+ 2008-08-21 10:27:31	96,112	----a-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\xpti.dat
- 2008-08-20 18:56:00	262,144	----a-w	C:\Windows\System32\config\systemprofile
tuser.dat
+ 2008-08-21 11:54:13	262,144	----a-w	C:\Windows\System32\config\systemprofile
tuser.dat
+ 2008-08-21 11:54:13	262,144	---ha-w	C:\Windows\System32\config\systemprofile
tuser.dat.LOG1
+ 2005-05-16 17:34:48	213,048	----a-w	C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26	65,536	----a-w	C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26	798,720	----a-w	C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-08-20 20:23:29	709,120	----a-w	C:\Windows\System32\RtHDVCpl.exe
+ 2006-08-08 08:06:00	708,616	----a-w	C:\Windows\System32\RtHDVCpl.exe
- 2008-07-15 10:52:43	3,036	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1001_UserData.bin
+ 2008-08-21 00:04:21	3,238	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1001_UserData.bin
- 2008-08-20 20:13:57	5,482	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
+ 2008-08-21 10:16:23	5,954	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3006126301-1578542936-2715256611-1003_UserData.bin
- 2008-08-20 20:13:57	63,990	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-21 10:16:23	64,118	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-20 20:13:54	43,384	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-21 10:16:21	43,744	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [BU]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2008-08-21 12:15 22696]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2006-08-08 10:06 708616]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-08 10:06 708616]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"RtHDVCpl"="RtHDVCpl.exe" [2006-08-08 10:06 708616 C:\Windows\System32\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1001]
"EnableNotificationsRef"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000007

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
S2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
S2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS
msgopro.sys [2006-09-27 17:37]
S2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS
msunidr.sys [2006-10-19 16:49]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]
S3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-21 C:\Windows\Tasks\User_Feed_Synchronization-{08F52541-BB99-43D5-B22D-6E24A2A342B5}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-21 C:\Windows\Tasks\User_Feed_Synchronization-{399B12F5-B8AF-4FB0-AE82-B196D11AB044}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]

2008-08-20 C:\Windows\Tasks\User_Feed_Synchronization-{7069164B-34C3-444F-A488-9B5EFDB50680}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Windows\System32\config\SYSTEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\feblkjzc.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins
pitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 13:58:44
Windows 6.0.6000  NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-21 14:03:58 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-21 12:02:56
ComboFix2.txt  2008-08-20 20:28:18

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 62,817,169,408 octets libres

412	--- E O F ---	2008-08-18 01:02:51



dsl double post

Utilisateur anonyme · Answer

tu peux telecharger mantenant ??

maxouxd · Answer

non, si je met une cible ou que je fais exécuter (internet explorer) sa télécharge mais après rien ne se passe. Et sous firefox, pareil on peut rien faire.

Utilisateur anonyme · Answer

voila l ennui , je dois sortir

je te propose de faire le scan en ligne comme le propose AL. :

http://www.commentcamarche.net/forum/affich 7950743 virus srosa sys bagle gen win 32?entiere#95

si t as un soucis jlpjlp, Ske ou Al t aideront 

moi je reviens a 17H environ 

j ai hate de lire ton rapport kaspersky 

courage 

@Toute

maxouxd · Answer

Merci beaucoup. je lance kapersky online.


A tte !!

Utilisateur anonyme · Answer

re

ma sortie est annulée= temps pourris lol

maxouxd · Answer

A toulouse : Superbe Soleil


PS : kapersky 85%  1 virus+2fichiers infectés

Utilisateur anonyme · Answer

ici  (en bretagne) ça va, mais il a plus cette nuit et pour ce que je devais faire (desheber) pas top

maxouxd · Answer

Lol, en effet. 99% 3virus et 6 fichiers infectés

afideg · Answer

Salut Chiquitine,

A)- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
"GrpConv"="grpconv -o" [X]  ==> je ne vois vraiment pas à quoi sert ce convertisseur avec Vista.


B)- Dans le premier ComboFix § "Suppression":
C:\Users\Enzo\AppData\Roaming\Microsoft\SystemCertificates\M­y 
C:\Users\Max\AppData\Roaming\Microsoft\SystemCertificates\My­ 
C:\Users\Sophie\AppData\Roaming\Microsoft\SystemCertificates­\My 
Je voudrais voir s'il reste des traces de My 
Par exemple celle-ci:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My 
Lancer une recherche avec OAD sur le mot My

C)- Idem pour Megadrv3 (qui est le fichier de srosa.sys)

D)- Idem pour localiser le driver srosa.sys 


Qu'en penses-tu ?

Je vais quitter le PC ==> beau soleil dans la botte du Hainaut-Belgique.
Je vais pulvériser les orties dans les haies en façade.  Hi,hi.

Al.

maxouxd · Answer

J'adore ton charabia. Je connais que le Xhtml, CSS et un tout pti peu de C.

afideg · Answer

Hey
Et moi, je ne connais que kaspersky qui a l'air de bien travailler (sauf si c'est pour nous signaler les outils utilisés)

maxouxd · Answer

99%  3 virus  7 fichiers infectés

Leahkim · Answer

presque presque

Utilisateur anonyme · Answer

-;)

maxouxd · Answer

toujours 99%    Total de fichiers analysés : 576924 
Nombre de virus trouvés : 7 
Nombre d'objets infectés : 33 
Nombre d'objets suspects : 0 
Durée de l'analyse : 01:09:01

Utilisateur anonyme · Answer

tu as le rapport complet 

http://i204.photobucket.com/albums/bb106/Juliet702/Kas-SaveReport-1.gif 
http://i204.photobucket.com/albums/bb106/Juliet702/Kas-Savetxt.gif

maxouxd · Answer

Non mais c'est toujours a 99% 

Total de fichiers analysés : 768023 
Nombre de virus trouvés : 7 
Nombre d'objets infectés : 33 
Nombre d'objets suspects : 0 
Durée de l'analyse : 01:24:15

Leahkim · Answer

768 000 fichiers !!! mais qu'est-ce que tu stockes ? j'en aié  "a peine" 435 000 moi

maxouxd · Answer

Des photos principalement.

Utilisateur anonyme · Answer

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe 
- Enregistre le sur ton bureau 

Double clique sur le OAD pour le lancer 

- nom de fichier à rechercher tape ou fais un copier coller de : 

My

- Type de recherche : sélectionne l'option 6 puis valide 

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé. 
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé. 

- Fais un copier / coller de ce rapport dans ton prochain post. 

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

jlpjlp · Answer

slt pour kaspersky il faudrait que tu nous mettes le rapport donnant le nom des fichiers inféctés sinon on aura du mal!

maxouxd · Answer

faudrai ptet que l'analyse soit terminée pour que jte mette le rapport ! Je rapelle, jpeux pas télécharger !!


Total de fichiers analysés : 1021826 
Nombre de virus trouvés : 7 
Nombre d'objets infectés : 37 
Nombre d'objets suspects : 0 
Durée de l'analyse :01:41:07 


99%

Utilisateur anonyme · Answer

ah sorry l analyse n est pas finie j avais pas compris donc patience

Utilisateur anonyme · Answer

Edit merci

maxouxd · Answer

+- FindB mis a jours le 21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\Windows\Prefetch :


C:\Windows\Prefetch\WINTEMS.EXE Absent 
C:\Windows\Prefetch\MDELK.EXE Absent 
C:\Windows\Prefetch\HLDRRR.EXE Absent 
C:\Windows\Prefetch\FLEC006.EXE Absent 
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent 
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Absent 
C:\Windows\Prefetch\MDELK.EXE-????????.pf Absent 
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent 
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Présent!!


+- Recherche dans : C:\Windows\system32 :


C:\Windows\system32\hldrrr.exe Absent 
C:\Windows\system32\mdelk.exe Absent 
C:\Windows\system32\wintems.exe Absent 
C:\Windows\system32\ban_list.txt Absent 


+- Recherche dans : C:\Windows\system32\drivers :


C:\Windows\system32\drivers\mdelk.exe Absent 
C:\Windows\system32\drivers\srosa.sys Absent 
C:\Windows\system32\drivers\hldrrr.exe Absent 
C:\Windows\system32\drivers\downld Absent 


+- Recherche dans :  :


\m\flec006.exe Absent 
\m\list.oct Absent 
\m\data.oct Absent 
\m\srvlist.oct Absent 
\m\ Absent 
\m\shared\ Absent 


+- Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    RtHDVCpl    REG_SZ    RtHDVCpl.exe
    ccApp    REG_SZ    "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    osCheck    REG_SZ    "c:\Program Files\Norton Internet Security\osCheck.exe"
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background


+- Recherche terminee !



+- Execute le : 2008-08-21 a 17:06:26.78

maxouxd · Answer

http://www.megaupload.com/?d=7CW8S09R
	



Rapport kapersky ^^

Utilisateur anonyme · Answer

ton lien marche pas ou c est moi .. je vois pas max.txt

maxouxd · Answer

Tu sais pas utilisé megaupload ?

maxouxd · Answer

https://www.sendspace.com/file/devnoo

Utilisateur anonyme · Answer

lu, je te prepare la suite

maxouxd · Answer

ok ^^

maxouxd · Answer

https://www.casimages.com/i/080821043425958647.jpg.html


pourquoi mon bureau est la ? c'est ptet pour sa que les téléchargement marche pas!!!

Non c'est pas sa, j'essaye d'enregistrer la cible sous : une clé usb, et il n'y apparait quand meme aucun fichier.

Utilisateur anonyme · Answer

supprime flash desinfector en attendant

maxouxd · Answer

ben jpeux pas! il mindique que le fichier est introuvable.

Utilisateur anonyme · Answer

Vide ce dossier : C:\Windows\Prefetch sauf le dossier ready boost et le fichier layout.ini si present

maxouxd · Answer

https://www.casimages.com/i/080821044339850719.jpg.html


Fait !



Je fait pareil dans le disque D ?? (avec WinXP ?)



+- FindB mis a jours le 21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\Windows\Prefetch :


C:\Windows\Prefetch\WINTEMS.EXE Absent 
C:\Windows\Prefetch\MDELK.EXE Absent 
C:\Windows\Prefetch\HLDRRR.EXE Absent 
C:\Windows\Prefetch\FLEC006.EXE Absent 
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent 
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Absent 
C:\Windows\Prefetch\MDELK.EXE-????????.pf Absent 
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent 
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent 


+- Recherche dans : C:\Windows\system32 :


C:\Windows\system32\hldrrr.exe Absent 
C:\Windows\system32\mdelk.exe Absent 
C:\Windows\system32\wintems.exe Absent 
C:\Windows\system32\ban_list.txt Absent 


+- Recherche dans : C:\Windows\system32\drivers :


C:\Windows\system32\drivers\mdelk.exe Absent 
C:\Windows\system32\drivers\srosa.sys Absent 
C:\Windows\system32\drivers\hldrrr.exe Absent 
C:\Windows\system32\drivers\downld Absent 


+- Recherche dans :  :


\m\flec006.exe Absent 
\m\list.oct Absent 
\m\data.oct Absent 
\m\srvlist.oct Absent 
\m\ Absent 
\m\shared\ Absent 


+- Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    RtHDVCpl    REG_SZ    RtHDVCpl.exe
    ccApp    REG_SZ    "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    osCheck    REG_SZ    "c:\Program Files\Norton Internet Security\osCheck.exe"
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background


+- Recherche terminee !



+- Execute le : 2008-08-21 a 17:49:39.14

jlpjlp · Answer

slt

Utilisateur anonyme · Answer

bug g posté mais il apparait pas

maxouxd · Answer

salut ! regarde le FindB ! VIERGE

Utilisateur anonyme · Answer

RRR faut je recommance 

ps : salut jlpjlp

maxouxd · Answer

ouai ben moi aussi, mes rapports kapersky jpouvais pas les poster, alors je les ai mis en ligne.

jlpjlp · Answer

oui moi aussi

déjà vire ce qui est dans le dossier quarantine en allant dans poste de travail puis C puis qoobox 

chiquine prepare la suite je pense si il arrive a poster car apparement impossible de recuperer le rapport kaspersky 


sinon on il faudra que l'on indique que faire pour virer les fichiers infécté selon kaspersky

a plus

afideg · Answer

Up

Bravo Kaspersky

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\Documents and Settings\Sam\Downloads\ophcrack-win32-installer-3.0.exe/data0013	Infecté : not-a-virus:PSWTool.Win32.PWDump.h	ignoré
C:\Documents and Settings\Sam\Downloads\ophcrack-win32-installer-3.0.exe/data0014	Infecté : not-a-virus:PSWTool.Win32.PWDump.f	ignoré
C:\Documents and Settings\Sam\Downloads\ophcrack-win32-installer-3.0.exe/data0015	Infecté : not-a-virus:PSWTool.Win32.PWDump.f	ignoré
C:\Documents and Settings\Sam\Downloads\ophcrack-win32-installer-3.0.exe	NSIS: infecté - 3	ignoré
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.66	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\Program Files\Picasa2\PicasaMediaDetector.exe	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\QooBox\Quarantine\C\Users\Max\AppData\Roaming\m\flec006.exe.vir	Infecté : Email-Worm.Win32.Bagle.of	ignoré
C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\115113.exe.vir	Infecté : Email-Worm.Win32.Bagle.of	ignoré
C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\130822.exe.vir	Infecté : Email-Worm.Win32.Bagle.of	ignoré
C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\139324.exe.vir	Infecté : Email-Worm.Win32.Bagle.of	ignoré
C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\719585.exe.vir	Infecté : Email-Worm.Win32.Bagle.of	ignoré
C:\QooBox\Quarantine\C\Windows\System32\drivers\downld\97719.exe.vir	Infecté : Email-Worm.Win32.Bagle.of	ignoré
C:\QooBox\Quarantine\C\Windows\System32\drivers\hldrrr.exe.vir	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\QooBox\Quarantine\C\Windows\System32\drivers\mdelk.exe.vir	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\QooBox\Quarantine\C\Windows\System32\drivers\srosa.sys.vir	Infecté : Trojan-Downloader.Win32.Bagle.vj	ignoré
C:\QooBox\Quarantine\C\Windows\System32\mdelk.exe.vir	Infecté : Email-Worm.Win32.Bagle.of	ignoré
C:\QooBox\Quarantine\C\Windows\System32\wintems.exe.vir	Infecté : Email-Worm.Win32.Bagle.of	ignoré
C:\QooBox\Quarantine\G\AUTORUN.INF.vir	Infecté : Trojan-PSW.Win32.Nilage.bvl	ignoré
C:\QooBox\Quarantine\G\av4.zip/Qoobox/Quarantine/G/nideiect.com.vir	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\QooBox\Quarantine\G\av4.zip	ZIP: infecté - 1	ignoré
C:\QooBox\Quarantine\G\av6.zip/Qoobox/Quarantine/G/nideiect.com.vir	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\QooBox\Quarantine\G\av6.zip/Qoobox/Quarantine/G/autorun.inf.vir	Infecté : Trojan-PSW.Win32.Nilage.bvl	ignoré
C:\QooBox\Quarantine\G\av6.zip	ZIP: infecté - 2	ignoré
C:\QooBox\Quarantine\L\autorun.inf.vir	Infecté : Trojan-PSW.Win32.Nilage.bvl	ignoré
C:\QooBox\Quarantine\L\av4.zip/Qoobox/Quarantine/L/nideiect.com.vir	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\QooBox\Quarantine\L\av4.zip	ZIP: infecté - 1	ignoré
C:\QooBox\Quarantine\L\av6.zip/Qoobox/Quarantine/L/nideiect.com.vir	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\QooBox\Quarantine\L\av6.zip/Qoobox/Quarantine/L/autorun.inf.vir	Infecté : Trojan-PSW.Win32.Nilage.bvl	ignoré
C:\QooBox\Quarantine\L\av6.zip	ZIP: infecté - 2	ignoré
C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat	Infecté : Trojan-Downloader.Win32.Bagle.hp	ignoré
C:\QooBox\Quarantine\Registry_backups\Service_srosa.reg.dat	Infecté : Trojan-Downloader.Win32.Bagle.hp	ignoré
C:\Users\Sam\Downloads\ophcrack-win32-installer-3.0.exe/data0013	Infecté : not-a-virus:PSWTool.Win32.PWDump.h	ignoré
C:\Users\Sam\Downloads\ophcrack-win32-installer-3.0.exe/data0014	Infecté : not-a-virus:PSWTool.Win32.PWDump.f	ignoré
C:\Users\Sam\Downloads\ophcrack-win32-installer-3.0.exe/data0015	Infecté : not-a-virus:PSWTool.Win32.PWDump.f	ignoré
C:\Users\Sam\Downloads\ophcrack-win32-installer-3.0.exe	NSIS: infecté - 3	ignoré
C:\Windows\System32\RtHDVCpl.exe	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
D:\Documents and Settings\Sam.BQC\Local Settings\Temporary Internet Files\Content.IE5\WLUB0DEZ\hardwaredetection_2_0_4_9[1].cab/setupmconfig.exe	Infecté : Backdoor.Win32.VB.erb	ignoré
D:\Documents and Settings\Sam.BQC\Local Settings\Temporary Internet Files\Content.IE5\WLUB0DEZ\hardwaredetection_2_0_4_9[1].cab	CAB: infecté - 1	ignoré
G:
ideiect.com	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
L:
ideiect.com	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré


SEO
Je n'ai pas relu.
Infection dans des fichiers sains  !!! (ou présentant des failles de sécurité) 

Al.

maxouxd · Answer

jfais quoi de ce que tu as mis en gras ?

Utilisateur anonyme · Answer

on va attendre un peux car mon cfscript passe pas meme pas en mp

afideg · Answer

Calme un peu, veux-tu ?
Tu attends Chiquitine qui fait un script.

Merci
Salut jlpjlp  ;)

Al

maxouxd · Answer

a ok, met le en téléchargement

noctambule28 · Answer

salut

tu me dis si c'est pas la qu'il faut le mettre , chiquitine

***************************************
	
Branche tous tes disques sans les ouvrirs

on va utiliser combofix

Copie le texte ci-dessous :

File::
C:\Muestras
D:\WINDOWS.0\Temp\setupmconfig.exe
G:
ideiect.com
L:
ideiect.com
C:\Windows\System32\RtHDVCpl.exe
C:\Users\Sam\Downloads\ophcrack-win3­2-installer-3.0.exe
C:\Users\Sam\Downloads\ophcrack-win3­2-installer-3.0.exe
C:\VaccinUSB.exe

Folder::
C:\Users\Sam\Downloads\ophcrack-win3­2-installer-3.0.exe
C:\Users\Sam\Downloads\ophcrack-win3­2-installer-3.0.exe
C:\Program Files\Picasa2
C:\Program Files\Trend Micro
C:\ProgramData\Symantec
C:\Program Files\Alwil Software
C:\Program Files\Norton Internet Security
C:\Program Files\EsetOnlineScanner

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microso­ft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"=-
"RtHDVCpl"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o"

DirLook::
C:	mp
D:\WINDOWS.0\Temp






Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

S'il n'y a pas de rédémarrage, poste quand même le rapport



-- 
A découvrir : Estopa, Rosario Flores, La Oreja De Van Gogh
                   Bonne écoute 
                   @ + TChiki.

afideg · Answer

Chiquitine29,

Envoie un up
Puis, édite ce up
Et colle ton CFSript

Al.

jlpjlp · Answer

slt  Al!

chiquine essaye de faire le script a partir du post de Afideg pour voir tu pourra peux etre copier les fichiers
contrairement au rapport kaspersky fourni car cela me fais la meme chose

afideg · Answer

Up
Salut F.

Regarde là 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
"GrpConv"=-      ( ... "grpconv -o" )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microso­ft\Windows\CurrentVersi­on\Run] 
"CCUTRAYICON"=-      ( ... "FactoryMode")

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

Et je supprimerais ce fichier  (malgré la clé citée) 
C:\Windows\System32\RtHDVCpl.exe

C:\QooBox


Al.
Amicalement

maxouxd · Answer

jfais quoi ?

afideg · Answer

Up Merci Il n'est pas passé. Je recommence (suite) J'espère que Chiquitine peux régler son souci de "postage". En attendant, tu peux lancer ce CFScript: 1°- Tu as toujours l'icône de ComboFix sur le bureau. 2°- Etant donné que ANTIVIR détecte un risque sécuritaire dans l'outil suivant : nircmd.cfexe qui appartient en fait à ComboFix, il faut que tu désactives le bouclier d'Antivir le temps du scan : ==> Fais un clic-droit sur l'icône d'Antivir dans la barre des tâches et décoche "Antivir Guard enable" ==> Réactive-le en fin de cette procédure ComboFix. 3°- Sélectionne (mettre en surbrillance) tout le texte en caractères gras suivant : killall:: File:: C:\Muestras C:\QooBox D:\WINDOWS.0\Temp\setupmconfig.exe G: ideiect.com L: ideiect.com C:\Windows\System32\RtHDVCpl.exe C:\Users\Sam\Downloads\ophcrack-win32-installer-3.0.exe C:\VaccinUSB.exe C:\Acer\Empowering Technology\eDataSecurity Folder:: C:\Users\Sam\Downloads\ophcrack-win32-installer-3.0.exe C:\Program Files\Picasa2 C:\Program Files\Trend Micro C:\ProgramData\Symantec C:\Program Files\Alwil Software C:\Program Files\Norton Internet Security C:\Program Files\EsetOnlineScanner D:\Documents and Settings\Sam.BQC\Local Settings\Temporary Internet Files\Content.IE5\WLUB0DEZ Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCUTRAYICON"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "osCheck"=- "RtHDVCpl"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"=- DirLook:: C: mp D:\WINDOWS.0\Temp 4°- Copie le texte sélectionné (CTRL+C) ==> en appuyant simultanément sur les touches CTRL et C. Ouvre le bloc-notes (programme>Accessoires >bloc-notes). Colle (bien dans le coin supérieur gauche) ce texte dans ce bloc-notes (CTRL+V) ==> en appuyant simultanément sur les touches CTRL et V . Sauvegarde (enregistre-le sur le bureau) sous le nom CFScript1.txt • Regarde ici (ce n’est qu’un exemple !) < http://img509.imageshack.us/img509/5984/screenshot332wc3.png > 5°- Ensuite, dépose ce fichier texte sur l'application de ComboFix (icône rouge “ComboFix.exe” sur le bureau) en faisant un “glisser/déposer” de ce fichier “ gras>CFScript1.txt ” sur le fichier “ComboFix.exe” comme sur la capture: < http://apu.mabul.org/up/apu/2008/08/12/img-210914jjufm.gif > L'icône ComboFix.exe (Tristan.exe) change alors de "brillance" dans sa couleur. Un module s'affiche ==> clic sur "Exécuter" Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal! (CAUTION: Do not mouse-click ComboFix's window while it is running. = Ne touche à rien tant que le scan n'est pas terminé. That may cause it to stall.) 6°- Une fois le scan achevé, un rapport va s'afficher: poste son contenu sur le forum. Si le fichier n'apparaît pas, il se trouve ici > C:\ComboFix.txt 7°- Arrêter puis redémarrer le PC Relance une analyse avec Kaspersky Bonne chance Al.

maxouxd · Answer

https://www.sendspace.com/file/vmg276

LOG comboFIX

C'est parti pour kapersky !

Utilisateur anonyme · Answer

re 

j ai eu de la visite 

max peutx tu telecharger maintenant :

Télécharge HijackThis ici : 

->  Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
->  http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
->  ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation 

-> Clique sur Install ensuite sur I Accept 

-> Clique sur Do a scan system and save log file 

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

Utilisateur anonyme · Answer

cool ça passe 

ps : merci Al

maxouxd · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09, on 2008-08-21
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\Windows\V0230Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

maxouxd · Answer

Jpeux télécharger !!

Utilisateur anonyme · Answer

désinstal liveupdate de symantec

redémarre enn mode normal

refais un scan hijackthis et post le rapport

essai ensuite de faire ceci en mode normal :



Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


et dis nous

afideg · Answer

(suite)

Et l'analyse avec Kaspersky en ligne  ???


Al.

Utilisateur anonyme · Answer

re Al. 

je veux voir comment se comporte le pc en mode normal, installer antivir

m occuper de ça :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
"GrpConv"=- 


ensuite tu veux refaire un scan en ligne ? oui je suis daccord 

Chiki.

Utilisateur anonyme · Answer

RE Al.

dilem 

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré
C:\Acer\Empowering Technology\SysMonitor.exe	Infecté : Trojan-Downloader.Win32.Bagle.wv	ignoré

j hesite a supprimer ... les exe

maxouxd · Answer

+- FindB mis a jours le 21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\Windows\Prefetch :


C:\Windows\Prefetch\WINTEMS.EXE Absent 
C:\Windows\Prefetch\MDELK.EXE Absent 
C:\Windows\Prefetch\HLDRRR.EXE Absent 
C:\Windows\Prefetch\FLEC006.EXE Absent 
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent 
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Absent 
C:\Windows\Prefetch\MDELK.EXE-????????.pf Absent 
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent 
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent 


+- Recherche dans : C:\Windows\system32 :


C:\Windows\system32\hldrrr.exe Absent 
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Présent!!
C:\Windows\system32\ban_list.txt Présent!!


+- Recherche dans : C:\Windows\system32\drivers :


C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Présent!!
C:\Windows\system32\drivers\hldrrr.exe Présent!!
C:\Windows\system32\drivers\downld Présent!!


+- Recherche dans : C:\Users\Max\AppData\Roaming :


C:\Users\Max\AppData\Roaming\m\flec006.exe Absent 
C:\Users\Max\AppData\Roaming\m\list.oct Absent 
C:\Users\Max\AppData\Roaming\m\data.oct Absent 
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent 
C:\Users\Max\AppData\Roaming\m\ Absent 
C:\Users\Max\AppData\Roaming\m\shared\ Absent 


+- Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam    REG_SZ    "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition    REG_SZ    "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe


+- Recherche terminee !



+- Execute le : 21/08/2008 a 19:26:18,58





QUE DAL ! impossible d'installé Antivir ! il me dit en anglais que quelques fichiers doivent être mis, faut que je redémarre et que je ferme les programmes ! rien y fait. Le virus reviens. Hijackthis impossible!

sKe69 · Answer

Et bien ... je pense que l'utilisation d'Elibagla renommé s'impose ... non ?

-->http://www.commentcamarche.net/forum/affich 7950743 virus srosa sys bagle gen win 32?page=2#38

Qu'en pensez vous ?

maxouxd · Answer

-->- Recherche: 

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\QooBox\Quarantine\C\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\Administrateur\Desktop\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Enzo\Desktop\HijackThis.lnk: trouvé !
C:\Users\Max\Desktop\HijackThis.lnk: trouvé !
C:\Users\Max\Downloads\HJTInstall.exe: trouvé !
C:\Users\Odile\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sam\Desktop\HijackThis.lnk: trouvé !
C:\Users\Sophie\Desktop\HijackThis.lnk: trouvé !
C:\Windows\System32\config\systemprofile\Desktop\HijackThis.lnk: trouvé !
C:\Windows\System32\config\systemprofile\Desktop\HJTInstall.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Administrateur\Desktop\HijackThis.lnk: supprimé !
C:\Users\Enzo\Desktop\HijackThis.lnk: supprimé !
C:\Users\Max\Desktop\HijackThis.lnk: supprimé !
C:\Users\Max\Downloads\HJTInstall.exe: supprimé !
C:\Users\Odile\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sam\Desktop\HijackThis.lnk: supprimé !
C:\Users\Sophie\Desktop\HijackThis.lnk: supprimé !
C:\Windows\System32\config\systemprofile\Desktop\HijackThis.lnk: supprimé !
C:\Windows\System32\config\systemprofile\Desktop\HJTInstall.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

maxouxd · Answer

Eglibagla, il fout rien ce logiciel, il vois les bagle, mais il fait rien.

Utilisateur anonyme · Answer

dis moi max , quel est la session administrateur stp ?

maxouxd · Answer

La mienne l'est : Max, Sam, Sophie .

J'ai essayé elibagla mais il se ferme tout seul! trop bizarre.

Utilisateur anonyme · Answer

Pour elibagla fait un clic drot dessus, executer en tant qu administrateur

puis post le rapport info.sat stp

maxouxd · Answer

Thu Aug 21 19:38:18 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.66
 a "virus@satinfo.es".  Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Renombrado a .VIR
Reinicie para Completar la Limpieza.

	  Thu Aug 21 19:38:46 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Thu Aug 21 19:38:47 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

	  Thu Aug 21 19:40:52 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Thu Aug 21 19:40:55 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

	  Thu Aug 21 19:41:36 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Thu Aug 21 19:41:37 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

maxouxd · Answer

+- FindB mis a jours le 21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\Windows\Prefetch :


C:\Windows\Prefetch\WINTEMS.EXE Absent 
C:\Windows\Prefetch\MDELK.EXE Absent 
C:\Windows\Prefetch\HLDRRR.EXE Absent 
C:\Windows\Prefetch\FLEC006.EXE Absent 
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent 
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent 
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent 


+- Recherche dans : C:\Windows\system32 :


C:\Windows\system32\hldrrr.exe Absent 
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent 
C:\Windows\system32\ban_list.txt Présent!!


+- Recherche dans : C:\Windows\system32\drivers :


C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent 
C:\Windows\system32\drivers\hldrrr.exe Absent 
C:\Windows\system32\drivers\downld Présent!!


+- Recherche dans : C:\Users\Max\AppData\Roaming :


C:\Users\Max\AppData\Roaming\m\flec006.exe Absent 
C:\Users\Max\AppData\Roaming\m\list.oct Absent 
C:\Users\Max\AppData\Roaming\m\data.oct Absent 
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent 
C:\Users\Max\AppData\Roaming\m\ Absent 
C:\Users\Max\AppData\Roaming\m\shared\ Absent 


+- Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam    REG_SZ    "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition    REG_SZ    "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe


+- Recherche terminee !



+- Execute le : 21/08/2008 a 18:45:31,06

Utilisateur anonyme · Answer

fais ceci :

http://www.commentcamarche.net/forum/affich 7950743 virus srosa sys bagle gen win 32?page=9#179

apres refais un scan FindB et post le rapport stp

maxouxd · Answer

Thu Aug 21 19:43:24 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
Reinicie para Completar la Limpieza.

	  Thu Aug 21 18:48:03 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\Drivers\HLDRRR.EXE.VIR --> Eliminado

maxouxd · Answer

+- FindB mis a jours le 21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\Windows\Prefetch :


C:\Windows\Prefetch\WINTEMS.EXE Absent 
C:\Windows\Prefetch\MDELK.EXE Absent 
C:\Windows\Prefetch\HLDRRR.EXE Absent 
C:\Windows\Prefetch\FLEC006.EXE Absent 
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent 
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent 
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent 


+- Recherche dans : C:\Windows\system32 :


C:\Windows\system32\hldrrr.exe Absent 
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent 
C:\Windows\system32\ban_list.txt Présent!!


+- Recherche dans : C:\Windows\system32\drivers :


C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent 
C:\Windows\system32\drivers\hldrrr.exe Absent 
C:\Windows\system32\drivers\downld Présent!!


+- Recherche dans : C:\Users\Max\AppData\Roaming :


C:\Users\Max\AppData\Roaming\m\flec006.exe Absent 
C:\Users\Max\AppData\Roaming\m\list.oct Absent 
C:\Users\Max\AppData\Roaming\m\data.oct Absent 
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent 
C:\Users\Max\AppData\Roaming\m\ Absent 
C:\Users\Max\AppData\Roaming\m\shared\ Absent 


+- Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam    REG_SZ    "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition    REG_SZ    "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe


+- Recherche terminee !



+- Execute le : 21/08/2008 a 18:46:09,40

sKe69 · Answer

Si vous permettez :

Je pense qu'il faut reprendre depuis le début avec Elibagla et en procédant EXACTEMENT comme indiquer pour espérer un résultat :

A - Il faut absolument le mettre à la racine de ton disk dur et pas ailleur !
( c.a.d. ici -> C:\Elibagla.XXXXX.exe )

B- Puis clik droit sur ce dernier et choisi "renommé" : tapes " mdelk.exe " . 

Note :
/!\ Attention, un mauvais renommage rendra l'astuce et la désinfection inefficace !
 
Déconnectes toi et fermes toutes tes applications en cours (si tu en as ...). 

C- Pour exécuter Elibagla renommé : 

Appuyer simultanément sur les touches Windows (drapeau à côté de alt) + R (pour ouvrir le Menu Démarrer -> "Exécuter") 
Dans la boîte de dialogue "Exécuter" taper : cmd et valider
 
Dans la fenêtre de "l'invite de commande" qui s'ouvra, taper : 
C:\mdelk.exe  et Valider avec la touche [Entrée] 

L'outil ce lance :
-->laisses la case "eliminar ficheros automaticamente" coché  .
-->cliques sur " explorar " .
-->laisses-le travailler 
-->Enfin postes le rapport final qui sera dans " C:\infosat.txt " 

PS : Si, dans le rapport, tu vois un texte semblable à celui-ci 

Por favor, envienos una muestra del fichero 
C:MuestrasHLDRRR.EXE.Muestra EliBagle v10.24 
a "virus@satinfo.es". Gracias; 

Envoies ce(s) fichier(s) (dans l'exemple C:MuestrasHLDRRR.EXE.Muestra EliBagle v10.24 ) à l'adresse e-mail indiquée (virus@satinfo.es). 

--> L'outil a rencontré un fichier qu'il reconnaît mais ne sait pas encore éradiquer ... 

3- Une fois le scan terminé : redémarres le pc, c'est très important.
 
Avant l'apparition du bureau, Elibagla va se relancer et neutraliser le reste de l'infection. 
Dès que le menu principal d'Elibagla apparaîtra : 
- Laisser la case "Eliminar ficheros automaticamente" cochée 
- Clic sur "Explorar" pour lancer le scan complet du pc. 
Une fois le scan terminé, refermer l'outil pour permettre au bureau de réapparaître ...

--> postes ce nouveau rapport pour analyse et attends la suite ...

( Il va falloir réutiliser Combofix renommé au téléchargement donc ... )

Utilisateur anonyme · Answer

edit

maxouxd · Answer

je suis peut etre entrain de rever, mais Antivir scan, et il fonctionne parfaitement !

Utilisateur anonyme · Answer

ok ske 

max suit sKe stp

maxouxd · Answer

Ouai ok, jattend la fin du scan de antivir.

Utilisateur anonyme · Answer

pense a envoyer le rapport antivir stp

maxouxd · Answer

Je n'y manquerai pas ;)

maxouxd · Answer

Avira AntiVir Personal
Report file date: jeudi 21 août 2008  18:55

Scanning for 1369550 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows Vista
Windows version:  (plain)  [6.0.6000]
Boot mode:        Normally booted
Username:         Max
Computer name:    BQC

Version information:
BUILD.DAT     : 8.1.0.331      16934 Bytes  12/08/2008 11:46:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes  26/06/2008 08:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 07:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes  24/06/2008 13:54:15
ANTIVIR2.VDF  : 7.0.5.20      142336 Bytes  30/06/2008 05:20:53
ANTIVIR3.VDF  : 7.0.5.23       17408 Bytes  30/06/2008 09:24:47
Engineversion : 8.1.1.19  
AEVDF.DLL     : 8.1.0.5       102772 Bytes  25/02/2008 09:58:21
AESCRIPT.DLL  : 8.1.0.63      311673 Bytes  06/08/2008 13:13:47
AESCN.DLL     : 8.1.0.23      119156 Bytes  10/07/2008 12:44:49
AERDL.DLL     : 8.1.0.20      418165 Bytes  24/04/2008 12:37:48
AEPACK.DLL    : 8.1.2.1       364917 Bytes  15/07/2008 12:58:35
AEOFFICE.DLL  : 8.1.0.21      192891 Bytes  18/07/2008 06:35:21
AEHEUR.DLL    : 8.1.0.47     1368437 Bytes  06/08/2008 13:13:47
AEHELP.DLL    : 8.1.0.15      115063 Bytes  10/07/2008 12:44:48
AEGEN.DLL     : 8.1.0.35      315764 Bytes  06/08/2008 14:38:47
AEEMU.DLL     : 8.1.0.7       430452 Bytes  31/07/2008 08:33:21
AECORE.DLL    : 8.1.1.8       172406 Bytes  31/07/2008 08:33:21
AEBB.DLL      : 8.1.0.1        53617 Bytes  10/07/2008 12:44:48
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 09:28:01
AVREP.DLL     : 7.0.0.1       155688 Bytes  30/06/2008 14:35:20
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 21 août 2008  18:55

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wpcumi.exe' - '1' Module(s) have been scanned
Scan process 'V0230Mon.exe' - '1' Module(s) have been scanned
Scan process 'IntelHCTAgent.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'AlertService.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!
Master boot sector HD2
    [INFO]      No virus was found!
Master boot sector HD3
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD4
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD5
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD6
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.
    [INFO]      Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\Windows\system32'
C:\Windows\system32\mdelk.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE]      The file was moved to '49129e93.qua'!
C:\Windows\system32\drivers\downld\60840.exe
    [DETECTION] Is the TR/Crypt.TPM.Gen Trojan
    [NOTE]      The file was moved to '48e59e87.qua'!
C:\Windows\system32\drivers\downld\91478.exe
    [DETECTION] Is the TR/Bagle.Gen.B Trojan
    [NOTE]      The file was moved to '48e19e89.qua'!


End of the scan: jeudi 21 août 2008  18:59
Used time: 04:23 Minute(s)

The scan has been done completely.

   1169 Scanning directories
  54699 Files were scanned
      3 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      3 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
  54696 Files not concerned
    440 Archives were scanned
      4 Warnings
      3 Notes

sKe69 · Answer

très bien !

passes à la manipe d'ELIBAGLA maintenant ...

maxouxd · Answer

Toutes les 10 secondes j'ai "acceso denegado a la carpeta"

Tu parles, aucun rapport, pourtant j'ai fait exactement ce que ta dis !! J'ai redémarrer : rien ! juste antivir qui me signale 2 virus (Acer Emporing..)

maxouxd · Answer

Virus or unwanted program 'TR/Dldr.Bagle.WU [trojan]'
detected in file 'C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe.
Action performed: Move file to quarantine
Virus or unwanted program 'TR/Dldr.Bagle.WU [trojan]'
detected in file 'C:\Acer\Empowering Technology\SysMonitor.exe.
Action performed: Move file to quarantine

sKe69 · Answer

Tu as renommé Elibagla en " mdelk.exe " et installer sous C ?

maxouxd · Answer

Exactement, je le lance en admin a partir de CMD

sKe69 · Answer

on va essayer autrement ... 

tu peux télécharger maintenant ?

maxouxd · Answer

Ouai ^^

sKe69 · Answer

Si tu peux télécharger , fais se qui suit :


Supprimes ton Elibagla renommé .

( n'oublis pas -> clik droit / "exécuter entant qu'admin ..." )

* Télécharges Kb2 sur ce lien : (merci a moe pour la réalisation !)  :
http://sd-1.archive-host.com/membres/up/1366464061/KB2.exe 
---> copies le sur ton bureau ( et pas ailleurs! ) .

 * Rends toi sur ce site : 
http://www.zonavirus.com/datos/descargas/95/elibagla.asp 
Tout en bas de cette page tu trouveras un outil à télécharger, 
cliques sur "escargar Elibagla" (le numéro de version change au fur et à mesure des mises à jour) 
et instales ce fichier sur le bureau (et pas ailleurs !).  

Etape 1 : 

Si tu as connecté une cle usb depuis que tu as été infecté branche la sans l´ouvrir... 

Etape 2 : 

Sur ton bureau double clic sur KB.exe. 
Tu verras apparaître sur le bureau, un raccourci nommé " KillB ". 
Fais glisser le fichier Elibagla.exe sur ce raccourci, exactement comme si tu voulais le déposer dans un dossier. 

Elibagla va se lancer automatiquement. 
Cliques sur " Ok " aux premières boîtes de dialogue qui peuvent apparaître avant le menu principal de l'outil : 

Por favor, envienos una muestra del fichero 
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18 
a "virus@satinfo.es". Gracias 
et/ou 
Eliminando Gusano BAGLE 

Une fois fait, le menu principal d'Elibagla apparaîtra : 

- Laisses la case "Eliminar ficheros automaticamente" coché 
- Cliques sur "Explorar" pour lancer le scan.
 
ATTENTION :
/!\ Pendant toute la durée du scan, n'utilises pas ton pc, n'ouvre aucun programmes et laisses l'outil travailler. s
/!\ Ne redemarres pas le pc après le scan. 

Le scan terminé, copie/colle sur le forum le rapport situé dans C:\KB\KB.txt et celui d'Elibagla situé dans C:\Infosat.txt  et attends la suite ...

Utilisateur anonyme · Answer

juste pour etre le 200 eme 

-;)

afideg · Answer

(suite) 

Après le CFSript ==> ?

Et l'analyse avec Kaspersky en ligne ???   ==> on ne veut plus ?

Et lancer une recherche avec OAD sur le mot Megadrv3 , ensuite sur le mot srosa.sys    ===> on ne veut plus ?

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe - Enregistre le sur ton bureau 
Sous Windows Vista il procéder à l'élévation des privilèges pour l'utiliser :
Clic droit sur OAD.exe et sur Exécuter en tant qu'administrateur dans le menu.
Comme nom de fichier à rechercher fais un copier coller de : Megadrv3
- Type de recherche : sélectionne l'option 6 puis valide 
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé. 
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé. 
- Fais un copier / coller de ce rapport dans ton prochain post. 

Recherche ensuite à partir du mot srosa.sys  


Al.

maxouxd · Answer

KB : Exécuté le : 21/08/2008 à 19:36:35

+- Processus infectieux actifs :
 - Aucun processus infectieux en cours d'utilisation.


+- Affichage des fichiers cachés :
 - Réparé.


+- Service Ndisuio :

 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]
   Start	REG_DWORD      	4 (0x4)

[SC] OpenService ‚chec(s) 5 :

AccŠs refus‚.


 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]
   Start	REG_DWORD      	4 (0x4)

+- Fin du rapport

sKe69 · Answer

Ok ...et C:\Infosat.txt  stp ...

maxouxd · Answer

Ya pas. Il marche vraiment pas bien ce logiciel sur mon PC

maxouxd · Answer

Tout tes fichiers sont introuvables avec OAD !!

sKe69 · Answer

passes directement à ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !): 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide . 

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) . 

Appuyes sur la touche Y (Yes) pour démarrer le scan . 

Attention : 
--> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
--> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire . 
--> si un message d'erreur windows apparait à un momment  : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) 

Le rapport sera crée dans: C:\Combofix.txt 
 
Postes le rapport Combofix pour analyse et attends la suite ...

maxouxd · Answer

ComboFix 08-08-19.06 - Max 2008-08-21 20:32:37.9 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.993 [GMT 2:00]
Endroit: C:\Users\Max\Desktop\Jeanmi.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\downld
C:\Windows\system32\drivers\downld\134129.exe
C:\Windows\system32\drivers\downld\142241.exe
C:\Windows\system32\drivers\downld\146126.exe
C:\Windows\system32\drivers\downld\238291.exe
C:\Windows\system32\drivers\downld\259492.exe
C:\Windows\system32\drivers\downld\77204.exe
C:\Windows\system32\drivers\mdelk.exe
G:\autorun.inf
L:\autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-07-21 to 2008-08-21  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 17:34	---------	d-----w	C:\Program Files\Trend Micro
2008-08-21 16:54	---------	d-----w	C:\Program Files\Avira
2008-08-21 16:54	---------	d-----w	C:\PROGRA~2\Avira
2008-08-21 10:41	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-08-20 15:18	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-18 11:32	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 07:34	---------	d-----w	C:\Program Files\Sophos
2008-08-18 01:08	---------	d-----w	C:\Program Files\Windows Mail
2008-08-17 23:18	---------	d-----w	C:\Program Files\Microsoft Works
2008-08-17 13:01	38,472	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01	17,144	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-08-16 19:51	---------	d-----w	C:\Users\Max\AppData\Roaming\Malwarebytes
2008-08-16 19:51	---------	d-----w	C:\PROGRA~2\Malwarebytes
2008-08-16 16:45	---------	d-----w	C:\Program Files\Spybot - Search & Destroy
2008-08-06 11:27	---------	d-----w	C:\Program Files\Common Files\Steam
2008-08-06 08:54	---------	d-----w	C:\Program Files\Microsoft Money 2005
2008-08-04 16:22	---------	d-----w	C:\Users\Max\AppData\Roaming\Real Desktop
2008-07-22 09:51	---------	d-----w	C:\Users\Max\AppData\Roaming\GetRightToGo
2008-07-22 09:07	---------	d-----w	C:\Users\Max\AppData\Roaming\Apple Computer
2008-07-22 09:06	---------	d-----w	C:\Program Files\iTunes
2008-07-22 09:06	---------	d-----w	C:\Program Files\iPod
2008-07-22 09:06	---------	d-----w	C:\PROGRA~2\Apple Computer
2008-07-21 19:27	---------	d-----w	C:\Program Files\QuickTime
2008-07-21 19:25	---------	d-----w	C:\Program Files\Apple Software Update
2008-07-21 19:24	---------	d-----w	C:\Program Files\Common Files\Apple
2008-07-21 19:24	---------	d-----w	C:\PROGRA~2\Apple
2008-07-10 15:05	174	--sha-w	C:\Program Files\desktop.ini
2008-07-03 11:33	---------	d-----w	C:\Program Files\Trials 2 Second Edition
2008-07-03 11:33	---------	d-----w	C:\Program Files\OpenAL
2008-06-28 17:28	---------	d-----w	C:\Program Files\Google
2008-06-27 03:54	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:00 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-12-02 17:42 3739672]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-04-01 17:17 1271032]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2006-11-02 11:45 49664]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"V0230Mon.exe"="C:\Windows\V0230Mon.exe" [2006-09-07 02:01 32768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 14:35 176128]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-12-02 17:42 3739672]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-03 19:07:23 528384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1001]
"EnableNotificationsRef"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3006126301-1578542936-2715256611-1003]
"EnableNotificationsRef"=dword:00000007

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{722D1D9F-5885-4D78-9DA5-2079562B23C7}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BE342372-9CEB-4827-80F2-75D04B42BCD6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E6316576-679F-4665-9D38-E34D3DFC70A6}"= C:\Program Files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{34B087DC-CD9D-44C6-B626-3F79DC528461}"= C:\Program Files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{AE078BE2-6F15-4D46-9C88-57063ADCD039}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{A0645421-8520-4699-BD1C-254AAC4ACF0C}"= C:\Program Files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{A267EABF-3BE8-45D5-97BE-20BDC6E94454}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{B65BD99F-0C27-4848-9D05-2EF76839A98F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{63ED5734-C34C-4108-B30E-7A68A4E37CF7}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{5C9100D0-6E96-4D13-A069-91D6253E974F}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{1FEA4046-16A6-4104-BBA3-4A52AC6058CA}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F21B0008-368B-464F-B72B-32C2ED450D31}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{72E5566D-93F1-447B-B55F-36D91E7CE801}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{CBB98356-FEB1-4F1D-AD20-328376C01391}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{4EA560A4-A1AD-490E-B7DC-8A5CA26B32F3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{13FCDB65-9605-496A-9376-EE958E7CE785}"= Disabled:UDP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{06B24F33-CCFA-4591-8C2A-43D8780ED991}"= Disabled:TCP:C:\Users\Sophie\Desktop\incredimail_install.exe:IncrediMail Installer
"{3EAFD950-B855-4343-B5E6-D4EE1C5CFE80}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0DAD94A7-6615-4A29-8E0E-5C5B489A60F8}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{0BA2B1EF-2E95-4136-9A26-66CCE3C4F8DD}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9BD7D90E-C2C5-48D6-A0A6-B1D24AC6D299}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C976A610-71D2-4138-9C3D-3D13A03BDDC8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ED7352BB-FCAF-42B9-A79B-37BBEF79A40C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{23972178-9F29-4C36-9836-81AB27CB1B4A}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{69F65F90-AE40-409B-84D8-E82490A5C3CF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{4B2B9988-801D-46A7-B7F7-2B5B772D2D33}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{9BC49054-781C-4BCD-B99E-2F39D931C498}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C25FCB01-05AD-4438-8D7D-33F9F851B9E2}"= UDP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{1BE80DFF-11FE-4C2A-BD20-317488140744}"= TCP:C:\Users\Max\AppData\Roaming\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{045C99CF-81E6-4F27-8D3E-2CE8A4C1FD42}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{70D07A8C-0B5D-49B9-9307-4A3B7AC694D9}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{C3305525-5063-4753-9991-26A4E629A15F}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"UDP Query User{7120ECFE-090D-4255-8008-E2A3FD5EDEA8}C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cococerise\counter-strike source\hl2.exe:hl2
"{834019A6-1007-4639-AD21-2C2390734716}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"{7C515A61-FD49-401B-836A-0ED2C3D00E27}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) 
"TCP Query User{3E5FF350-6E17-49BB-9CBD-ACF024C7B720}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7E4081CB-839A-450E-8507-B20123812CF9}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{4D7503EF-EA76-48EF-8853-F9972D9EDF5C}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{4CD403E8-C83E-41B8-A895-FCEE1A4D6CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8151E3B8-D46D-4564-BEA6-6557386D5320}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B0406940-8CA9-4E6F-9CF3-E4C13EC133EC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E14E56EE-22BE-48C4-8FE1-DD4F0B378052}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 10:03]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS
msgopro.sys [2006-09-27 17:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS
msunidr.sys [2006-10-19 16:49]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-11-04 03:24]
R3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 02:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 02:03]
S3 IntelDHSvcConf;IntelDHSvcConf;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-11-18 07:59]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-04 18:28]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Acer Empowering Technology Monitor - C:\Acer\Empowering Technology\SysMonitor.exe
HKLM-Run-eDataSecurity Loader - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1iof34ro.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins
pitunes.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-21 20:36:59
Windows 6.0.6000  NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\conime.exe
C:\Windows\System32undll32.exe
C:\Windows\System32undll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-21 20:41:55 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-21 18:41:48
ComboFix2.txt  2008-08-21 16:59:09

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 59,208,974,336 octets libres

217	--- E O F ---	2008-08-18 01:02:51

sKe69 · Answer

Ok ... A ce stade là , tu vas faire 2 choses :

1- refaire un coup de FindB .

2- Double clique sur l'icone OAD pour le lancer 

- nom du fichier à rechercher --->tape ou fais un copier coller de : SROSA
- Type de recherche : sélectionne l'option 6 puis valide ["entrée"] 

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé. 
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé. 

Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...

- Sauvegardes ce rapport sur ton Bureau et fais un copier / coller de celui-c dans ton prochain post.
 
Puis recommences avec :
Megadrv3


--> postes bien tous les rapports (même si il sont vierges ) et attends la suite ( ne reboot pas le PC ! ) ...

maxouxd · Answer

+- FindB mis a jours le 21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\Windows\Prefetch :


C:\Windows\Prefetch\WINTEMS.EXE Absent 
C:\Windows\Prefetch\MDELK.EXE Absent 
C:\Windows\Prefetch\HLDRRR.EXE Absent 
C:\Windows\Prefetch\FLEC006.EXE Absent 
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent 
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent 
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent 


+- Recherche dans : C:\Windows\system32 :


C:\Windows\system32\hldrrr.exe Absent 
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent 
C:\Windows\system32\ban_list.txt Présent!!


+- Recherche dans : C:\Windows\system32\drivers :


C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent 
C:\Windows\system32\drivers\hldrrr.exe Absent 
C:\Windows\system32\drivers\downld Présent!!


+- Recherche dans : C:\Users\Max\AppData\Roaming :


C:\Users\Max\AppData\Roaming\m\flec006.exe Absent 
C:\Users\Max\AppData\Roaming\m\list.oct Absent 
C:\Users\Max\AppData\Roaming\m\data.oct Absent 
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent 
C:\Users\Max\AppData\Roaming\m\ Absent 
C:\Users\Max\AppData\Roaming\m\shared\ Absent 


+- Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam    REG_SZ    "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition    REG_SZ    "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe


+- Recherche terminee !



+- Execute le : 21/08/2008 a 18:46:09,40

maxouxd · Answer

sa m'énerve, OAD marche pas regarde :  https://www.casimages.com/i/080821090654247282.jpg.html

Utilisateur anonyme · Answer

executer en tant qu administrateur ...

maxouxd · Answer

21/08/2008 ---- 21:08:48,76  

----------------------------------
§§§§§§ [SROSA] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************


[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\Software\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files]
"C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS"=""

[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003_Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files]
"C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS"=""

*******************
     [Fichier] 
*******************



*********************
     [Même date] 
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------

maxouxd · Answer

21/08/2008 ---- 21:16:38,16  

----------------------------------
§§§§§§ [Megadrv3] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************

Aucune entrée détectée

*******************
     [Fichier] 
*******************



*********************
     [Même date] 
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------

sKe69 · Answer

Question aux helpers :

ce-ci :
[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\S­oftware\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files­] 
"C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS"="" 

[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003_Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Files] 
"C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS"=""


--> c'est OTMoveIt non ?

Utilisateur anonyme · Answer

je vais te mp

sKe69 · Answer

Re, 
rapport en analyse .... sois patient .... ;)

maxouxd · Answer

jle suis tkt ;)

sKe69 · Answer

Bien ... Si tu a un doc CFScript sur ton bureau , supprimes le et on reprend ,


1-Crées un doc texte sur ton bureau : 
pointes ta souris sur ton bureau , cliques droit : vas dans "nouveau" et choisis "document texte" . 

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer : 

Driver:: 
SROSA

File:: 
C:\Windows\system32\mdelk.exe 
C:\Windows\system32\ban_list.txt 
C:\Windows\system32\drivers\mdelk.exe 
C:\Windows\system32\drivers\srosa.sys 

Folder:: 
C:\Windows\system32\drivers\downld 
 
Registry:: 
[-HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\­S­­­oftware\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\F­il­e­s­] 

[-HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\­S­­oftware\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\Fi­le­s­] 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Run] 
"CCUTRAYICON"="FactoryMode"


Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi : 
CFScript puis valides ...
 

2-Nettoyage :

!! Déconnectes toi, fermes toutes tes applications et désactives TOUTES TES DEFENSES ( tu les réactiveras après )  !! 

--->Sur ton bureau, fais un glissé avec ta souris le fichier CFScript sur l'icône de ComboFix.exe . 

(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tapes 1 puis valide. 

Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!) 

!! Ne touches à rien tant que le scan n'est pas terminé !! 

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport FindB pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

afideg · Answer

Re olivier

J'ai pensé à _OTMoveIt 
Quoiqu'il en soit, je ne trouve pas 
[HKEY_USERS\S-1-5-21-3006126301-.........-1003_Classes\VirtualStore\MACHINE\SOFTWARE
sur mon PC

Ne suffit-il pas de faire 
[HKEY_USERS\S-1-5-21-3006126301-1578542936-2715256611-1003\S­­oftware\Classes\VirtualStore\MACHINE\SOFTWARE\OTSCANIT\File­s­] 
"C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS"=-
pour supprimer cette valeur ?



Pour 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"CCUTRAYICON"="FactoryMode" [X] 
Je ne trouve que ceci:
• O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode 
• CCUTRAYICON U CCU_TrayIcon.exe Related to Traybar Launcher from Intel Corporation belonging to Intel(R) Viiv(TM) Note: Located in \%Program Files%\Intel\IntelDH\CCU\ 
• ccu_trayicon.exe ==>  Common Path(s):  %programfiles%\intel\inteldh\ccu
• Internal Name: CCU_Engine.exe ; CCU_TrayIcon.exe ; CCU_Desktop.exe


Albert

maxouxd · Answer

+- FindB mis a jours le 21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\Windows\Prefetch :


C:\Windows\Prefetch\WINTEMS.EXE Absent 
C:\Windows\Prefetch\MDELK.EXE Absent 
C:\Windows\Prefetch\HLDRRR.EXE Absent 
C:\Windows\Prefetch\FLEC006.EXE Absent 
C:\Windows\Prefetch\KEYGENPATCH.EXE-????????.pf Absent 
C:\Windows\Prefetch\WINTEMS.EXE-????????.pf Présent!!
C:\Windows\Prefetch\MDELK.EXE-????????.pf Présent!!
C:\Windows\Prefetch\HLDRRR.EXE-????????.pf Absent 
C:\Windows\Prefetch\FLEC006.EXE-????????.pf Absent 


+- Recherche dans : C:\Windows\system32 :


C:\Windows\system32\hldrrr.exe Absent 
C:\Windows\system32\mdelk.exe Présent!!
C:\Windows\system32\wintems.exe Absent 
C:\Windows\system32\ban_list.txt Présent!!


+- Recherche dans : C:\Windows\system32\drivers :


C:\Windows\system32\drivers\mdelk.exe Présent!!
C:\Windows\system32\drivers\srosa.sys Absent 
C:\Windows\system32\drivers\hldrrr.exe Absent 
C:\Windows\system32\drivers\downld Présent!!


+- Recherche dans : C:\Users\Max\AppData\Roaming :


C:\Users\Max\AppData\Roaming\m\flec006.exe Absent 
C:\Users\Max\AppData\Roaming\m\list.oct Absent 
C:\Users\Max\AppData\Roaming\m\data.oct Absent 
C:\Users\Max\AppData\Roaming\m\srvlist.oct Absent 
C:\Users\Max\AppData\Roaming\m\ Absent 
C:\Users\Max\AppData\Roaming\m\shared\ Absent 


+- Registre :


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    IAAnotif    REG_SZ    "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    Acer Empowering Technology Monitor    REG_SZ    C:\Acer\Empowering Technology\SysMonitor.exe
    eDataSecurity Loader    REG_SZ    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    CCUTRAYICON    REG_SZ    FactoryMode
    NMSSupport    REG_SZ    "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
    WarReg_PopUp    REG_SZ    C:\Acer\WR_PopUp\WarReg_PopUp.exe
    Acer Tour Reminder    REG_SZ    C:\Acer\AcerTour\Reminder.exe
    V0230Mon.exe    REG_SZ    C:\Windows\V0230Mon.exe
    Adobe Reader Speed Launcher    REG_SZ    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    NeroFilterCheck    REG_SZ    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    WPCUMI    REG_SZ    C:\Windows\system32\WpcUmi.exe
    NvSvc    REG_SZ    RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
    NvCplDaemon    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter    REG_SZ    RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    AppleSyncNotifier    REG_SZ    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    QuickTime Task    REG_SZ    "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    iTunesHelper    REG_SZ    "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    Sidebar    REG_SZ    C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    msnmsgr    REG_SZ    "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    Steam    REG_SZ    "c:\program files\valve\steam\steam.exe" -silent
    Speech Recognition    REG_SZ    "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    WMPNSCFG    REG_SZ    C:\Program Files\Windows Media Player\WMPNSCFG.exe


+- Recherche terminee !



+- Execute le : 21/08/2008 a 18:46:09,40

afideg · Answer

Max

Si tu as le courage

Télécharge System Repair Engineer - SREng (par Smallfrogs) sur ton Bureau :
http://www.kztechs.com/eng/download.html   
Et clic comme indiqué ici   http://img120.imageshack.us/img120/9794/screenshot414rr9.png
Extrais tout son contenu sur ton Bureau
(clic-droit sur le fichier .zip >> "Extraire tout...")
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil
Avec VISTA, il faut : 
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, (l'ouvrir) clic-droit sur SREngPS.exe , choisir éventuellement "Exécuter en tant qu'administrateur" afin de lancer l'outil.

Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]. L'analyse durera quelques instants.
Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plait



Merci
Al.

maxouxd · Answer

[CODE] 2008-08-21,22:22:36 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows Vista Home Premium Edition (Build 6000) - Administrative User - Completed Functions Allowed Follow item(s) have been selected: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Running Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows] <"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation] <"c:\program files\valve\steam\steam.exe" -silent> [(Verified)Valve] <"C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup> [(Verified)Microsoft Windows] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"> [Intel Corporation] [N/A] <"C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup> [Intel Corporation] [Acer Inc.] [Acer Inc.] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [Nero AG] [(Verified)Microsoft Windows] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Apple Inc.] <"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.] <"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.] <"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH] <"C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s> [(Verified)Comodo CA Limited] <"C:\Program Files\COMODO\Firewall\cfp.exe" -h> [(Verified)Comodo CA Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <"C:\Program Files\COMODO\Firewall\cfpconfg.exe" -z -o> [(Verified)Comodo CA Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] < C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll> [(Verified)Comodo CA Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing] ================================== Startup Folders [Empowering Technology Launcher] C:\Acer\EMPOWE~1\EAPLAU~1.EXE [Acer Inc.]> [Empowering Technology Launcher] C:\Acer\EMPOWE~1\EAPLAU~1.EXE [Acer Inc.]> ================================== Services [ePerformance Service / AcerMemUsageCheckService][Running/Auto Start] <> [Intel(R) Alert Service / AlertService][Running/Auto Start] <"C:\Program Files\Intel\IntelDH\CCU\AlertService.exe"> [Avira AntiVir Personal - Free Antivirus Scheduler / AntiVirScheduler][Running/Auto Start] <"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"> [Avira AntiVir Personal - Free Antivirus Guard / AntiVirService][Running/Auto Start] <"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"> [Apple Mobile Device / Apple Mobile Device][Running/Auto Start] <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"> [DQLWinService / DQLWinService][Running/Auto Start] <"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe"><> [eDSService.exe / eDataSecurity Service][Running/Auto Start] <"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"> [eRecovery Service / eRecoveryService][Running/Auto Start] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Intel(R) Matrix Storage Event Monitor / IAANTMON][Running/Auto Start] [IntelDHSvcConf / IntelDHSvcConf][Stopped/Manual Start] <"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe"> [Service de l'iPod / iPod Service][Running/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [Intel(R) Software Services Manager / ISSM][Stopped/Manual Start] <"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe"> [LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start] <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"> [Intel(R) Viiv(TM) Media Server / M1 Server][Stopped/Manual Start] [Intel(R) Application Tracker / MCLServiceATL][Stopped/Manual Start] <"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe"> [NBService / NBService][Stopped/Manual Start] [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Running/Auto Start] <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"> [PnkBstrA / PnkBstrA][Running/Auto Start] [Intel(R) Remoting Service / Remote UI Service][Stopped/Manual Start] <"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe"> [Steam Client Service / Steam Client Service][Running/Manual Start] ================================== Drivers [adp94xx / adp94xx][Stopped/Disabled] <\SystemRoot\system32\drivers\adp94xx.sys> [adpahci / adpahci][Stopped/Disabled] <\SystemRoot\system32\drivers\adpahci.sys> [adpu160m / adpu160m][Stopped/Disabled] <\SystemRoot\system32\drivers\adpu160m.sys> [adpu320 / adpu320][Stopped/Disabled] <\SystemRoot\system32\drivers\adpu320.sys> [aic78xx / aic78xx][Stopped/Disabled] <\SystemRoot\system32\drivers\djsvs.sys> [aliide / aliide][Stopped/Disabled] <\SystemRoot\system32\drivers\aliide.sys> [arc / arc][Stopped/Disabled] <\SystemRoot\system32\drivers\arc.sys> [arcsas / arcsas][Stopped/Disabled] <\SystemRoot\system32\drivers\arcsas.sys> [avgio / avgio][Running/System Start] <\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys> [avgntflt / avgntflt][Running/Manual Start] <\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys> [avipbb / avipbb][Running/System Start] [blbdrive / blbdrive][Stopped/Disabled] <\SystemRoot\system32\drivers\blbdrive.sys> [Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start] <\SystemRoot\system32\drivers\brfiltlo.sys> [Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start] <\SystemRoot\system32\drivers\brfiltup.sys> [Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled] <\SystemRoot\system32\drivers\brserid.sys> [Brother WDM Serial driver / BrSerWdm][Stopped/Disabled] <\SystemRoot\system32\drivers\brserwdm.sys> [Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled] <\SystemRoot\system32\drivers\brusbmdm.sys> [Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start] <\SystemRoot\system32\drivers\brusbser.sys> [cmdide / cmdide][Stopped/Disabled] <\SystemRoot\system32\drivers\cmdide.sys> [Pilote de la connexion réseau Intel(R) PRO/1000 PCI Express / e1express][Running/Manual Start] [Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start] [elxstor / elxstor][Stopped/Disabled] <\SystemRoot\system32\drivers\elxstor.sys> [GEARAspiWDM / GEARAspiWDM][Running/Manual Start] [gmer / gmer][Stopped/Manual Start] [Intel(R) Management Engine Interface / HECI][Running/Manual Start] [HpCISSs / HpCISSs][Stopped/Disabled] <\SystemRoot\system32\drivers\hpcisss.sys> [Intel RAID Controller / iaStor][Running/Boot Start] <\SystemRoot\system32\DRIVERS\iaStor.sys> [Contrôleur RAID Intel Vista / iaStorV][Stopped/Disabled] <\SystemRoot\system32\drivers\iastorv.sys> [igfx / igfx][Stopped/Manual Start] [iirsp / iirsp][Stopped/Disabled] <\SystemRoot\system32\drivers\iirsp.sys> [int15 / int15][Running/Auto Start] <\??\C:\Acer\Empowering Technology\eRecovery\int15.sys> [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [IntelDH Driver / IntelDH][Running/Manual Start] [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] [ITEATAPI_Service_Install / iteatapi][Stopped/Disabled] <\SystemRoot\system32\drivers\iteatapi.sys> [ITERAID_Service_Install / iteraid][Stopped/Disabled] <\SystemRoot\system32\drivers\iteraid.sys> [LSI_FC / LSI_FC][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_fc.sys> [LSI_SAS / LSI_SAS][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_sas.sys> [LSI_SCSI / LSI_SCSI][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_scsi.sys> [megasas / megasas][Stopped/Disabled] <\SystemRoot\system32\drivers\megasas.sys> [Mraid35x / Mraid35x][Stopped/Disabled] <\SystemRoot\system32\drivers\mraid35x.sys> [nfrd960 / nfrd960][Stopped/Disabled] <\SystemRoot\system32\drivers frd960.sys> [GoProto Protocol Driver for NMS / nmsgopro][Running/Auto Start] [UniDriver for NMS / nmsunidr][Running/Auto Start] [Upper Class Filter Driver / NTIDrvr][Running/Manual Start] [N-trig HID Tablet Driver / ntrigdigi][Stopped/Disabled] <\SystemRoot\system32\drivers trigdigi.sys> [nvlddmkm / nvlddmkm][Running/Manual Start] [nvraid / nvraid][Stopped/Disabled] <\SystemRoot\system32\drivers vraid.sys> [nvstor / nvstor][Stopped/Disabled] <\SystemRoot\system32\drivers vstor.sys> [IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start] [IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start] [PSDFilter / PSDFilter][Running/Boot Start] <\SystemRoot\system32\DRIVERS\psdfilter.sys> [PSDNSERVER / PSDNServ][Running/Boot Start] <\SystemRoot\system32\drivers\PSDNServ.sys> [psdvdisk / psdvdisk][Running/Boot Start] <\SystemRoot\system32\drivers\psdvdisk.sys> [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled] <\SystemRoot\system32\drivers\ql2300.sys> [QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled] <\SystemRoot\system32\drivers\ql40xx.sys> [SDDMI2 / SDDMI2][Stopped/Manual Start] <\??\C:\Windows\system32\DDMI2.sys> [SiSRaid2 / SiSRaid2][Stopped/Disabled] <\SystemRoot\system32\drivers\sisraid2.sys> [SiSRaid4 / SiSRaid4][Stopped/Disabled] <\SystemRoot\system32\drivers\sisraid4.sys> [ssmdrv / ssmdrv][Running/System Start] [Symc8xx / Symc8xx][Stopped/Disabled] <\SystemRoot\system32\drivers\symc8xx.sys> [SYMDNS / SYMDNS][Stopped/Manual Start] <\SystemRoot\System32\Drivers\SYMDNS.SYS> [SYMFW / SYMFW][Stopped/Manual Start] <\SystemRoot\System32\Drivers\SYMFW.SYS> [SYMIDS / SYMIDS][Stopped/Manual Start] <\SystemRoot\System32\Drivers\SYMIDS.SYS> [SYMREDRV / SYMREDRV][Stopped/Manual Start] <\SystemRoot\System32\Drivers\SYMREDRV.SYS> [SYMTDI / SYMTDI][Stopped/System Start] <\SystemRoot\System32\Drivers\SYMTDI.SYS> [Sym_hi / Sym_hi][Stopped/Disabled] <\SystemRoot\system32\drivers\sym_hi.sys> [Sym_u3 / Sym_u3][Stopped/Disabled] <\SystemRoot\system32\drivers\sym_u3.sys> [TSHWMDTCP / TSHWMDTCP][Stopped/Manual Start] <\??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys> [uliahci / uliahci][Stopped/Disabled] <\SystemRoot\system32\drivers\uliahci.sys> [UlSata / UlSata][Stopped/Disabled] <\SystemRoot\system32\drivers\ulsata.sys> [ulsata2 / ulsata2][Stopped/Disabled] <\SystemRoot\system32\drivers\ulsata2.sys> [V0230Vfx / V0230Vfx][Running/Manual Start] [Live! Cam Video IM Pro / V0230VID][Running/Manual Start] [viaide / viaide][Stopped/Disabled] <\SystemRoot\system32\drivers\viaide.sys> [vsmraid / vsmraid][Stopped/Disabled] <\SystemRoot\system32\drivers\vsmraid.sys> [Comodo Firewall Network Driver / Inspect][Running/Manual Start] ================================== Browser Add-ons [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Ask Toolbar BHO] {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [Send to OneNote from Internet Explorer button] {2670000A-7350-4f3c-8081-5663EE0C6C49} [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Show Norton Toolbar] {90222687-F593-4738-B738-FBEE9C7B26DF} [Acer eDataSecurity Management] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [Ask Toolbar] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [YInstStarter Class] {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [] {00000000-0000-0000-0000-000000000000} <, > [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, > [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [] {2670000A-7350-4F3C-8081-5663EE0C6C49} <, > [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [Acer eDataSecurity Management] {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A> [] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, > [] {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} <, > [Free Threaded XML DOM Document 6.0] {88D96A06-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A> [XSL Template 6.0] {88D96A08-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A> [Show Norton Toolbar] {90222687-F593-4738-B738-FBEE9C7B26DF} [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, > [] {CC59E0F9-7E43-44FA-9FAA-8377850BF205} <, > [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [Ask Toolbar BHO] {F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [E&xporter vers Microsoft Excel] ================================== Running Processes [PID: 468 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 532 / SYSTEM][C:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 576 / SYSTEM][C:\Windows\system32\wininit.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 588 / SYSTEM][C:\Windows\system32\csrss.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 620 / SYSTEM][C:\Windows\system32\services.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 632 / SYSTEM][C:\Windows\system32\lsass.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 648 / SYSTEM][C:\Windows\system32\lsm.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 788 / SYSTEM][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 844 / SERVICE RÉSEAU][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 896 / SERVICE LOCAL][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\system32\RtkAPO.dll] [Realtek Semiconductor Corp., 11.0.6000.25 built by: WinDDK] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 924 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 936 / SYSTEM][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 1044 / SYSTEM][C:\Windows\system32\winlogon.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 1088 / SERVICE RÉSEAU][C:\Windows\system32\SLsvc.exe] [Microsoft Corporation, 6.0.6000.16509 (vista_gdr.070620-1500)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 1140 / SERVICE LOCAL][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 1240 / SERVICE RÉSEAU][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 1396 / SYSTEM][C:\Windows\System32\spoolsv.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\System32\msonpmon.dll] [Microsoft Corporation, 12.3.4518.1014] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Windows\system32\spool\PRTPROCS\W32X86\msonpppr.dll] [Microsoft Corporation, 12.3.4518.1014] [PID: 1420 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe] [Avira GmbH, 8.00.00.16] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\schedr.dll] [Avira GmbH, 8.00.03.00] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 8.00.00.16] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3.3.17.1] [PID: 1436 / SERVICE LOCAL][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 316 / Max][C:\Windows\system32\Dwm.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\system32 vd3dum.dll] [NVIDIA Corporation, 7.15.11.6925] [PID: 1000 / Max][C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe] [Intel Corporation, 6.2.0.2002] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll] [Intel Corporation, 6.2.0.2002] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_FRA.dll] [Intel Corporation, 6.2.0.2002] [C:\Program Files\Intel\IntelDH\bin\IntelDH.dll] [Intel(R) Corporation, 1.6.372.0] [PID: 572 / Max][C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe] [Intel Corporation, 3, 0, 0, 179] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\GTAgnt.dll] [Intel Corporation, 1, 0, 1, 12] [C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\CfgData.DLL] [Intel Corporation, 1, 0, 3, 41] [C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\ActMgr.dll] [Intel Corporation, 1, 0, 1, 18] [c:\progra~1\common~1\intel\inteldh ms\support\gtaction\handlers\grouph.dll] [Intel Corporation, 1, 0, 3, 39] [c:\progra~1\common~1\intel\inteldh ms\support\gtaction\handlers\pnph.dll] [Intel Corporation, 1, 0, 2, 5] [c:\progra~1\common~1\intel\inteldh ms\support\gtaction\handlers\qdiagh.dll] [Intel Corporation, 1, 0, 2, 32] [c:\progra~1\common~1\intel\inteldh ms\support\gtaction\handlers rgloadh.dll] [Intel Corporation, 1, 0, 1, 12] [c:\progra~1\common~1\intel\inteldh ms\support\gtaction\handlers rgregh.dll] [Intel Corporation, 1, 0, 1, 32] [C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\TrgMgr.DLL] [Intel Corporation, 1, 0, 2, 21] [C:\PROGRA~1\COMMON~1\Intel\IntelDH\NMS\Support\gdql_in.dll] [Intel Corporation, 1, 0, 1, 140] [C:\PROGRA~1\COMMON~1\INTEL\INTELDH\NMS\SUPPORT\GTACTION\TRIGGERS\NETWORKT.DLL] [Intel Corporation, 1, 0, 1, 26] [PID: 1184 / Max][C:\Windows\V0230Mon.exe] [Creative Technology Ltd., 1.01.01.00] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 1924 / Max][C:\Windows\System32\wpcumi.exe] [Microsoft Corporation, 1.0.0.1] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [PID: 1720 / Max][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 7.7.0.43] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 7.7.0.30] [C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 7.7.0.43] [C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.5 (861)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll] [Apple Inc., 7, 8, 118, 0] [PID: 2052 / Max][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe] [Avira GmbH, 8.00.70.02] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\cclib.dll] [Avira GmbH, 8.00.70.05] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [c:\program files\avira\antivir personaledition classic\ccgen.dll] [Avira GmbH, 8.00.70.03] [c:\program files\avira\antivir personaledition classic\ccgenrc.dll] [Avira GmbH, 8.00.70.00] [c:\program files\avira\antivir personaledition classic\ccguard.dll] [Avira GmbH, 8.00.70.04] [c:\program files\avira\antivir personaledition classic\ccgrdrc.dll] [Avira GmbH, 8.00.72.00] [c:\program files\avira\antivir personaledition classic\avipc.dll] [Avira GmbH, 1.0.6.0] [c:\program files\avira\antivir personaledition classic\ccupdate.dll] [Avira GmbH, 8.00.70.02] [c:\program files\avira\antivir personaledition classic\ccupdrc.dll] [Avira GmbH, 8.00.70.00] [c:\program files\avira\antivir personaledition classic\cclic.dll] [Avira GmbH, 8.00.70.04] [c:\program files\avira\antivir personaledition classic\cclicrc.dll] [Avira GmbH, 8.00.70.00] [c:\program files\avira\antivir personaledition classic\ccmsg.dll] [Avira GmbH, 8.00.00.06] [PID: 2064 / Max][C:\Program Files\Windows Sidebar\sidebar.exe] [Microsoft Corporation, 6.0.6000.16615 (vista_gdr.071215-2230)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\system32 vd3dum.dll] [NVIDIA Corporation, 7.15.11.6925] [C:\Windows\system32\icm32.dll] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 2076 / Max][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 60, 0, 324] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Messenger\UXCore.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.200.513.1] [C:\Program Files\Windows Live\Messenger\wldlog.dll] [N/A, ] [C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Messenger\uxcontacts.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))] [C:\Program Files\Windows Live\Messenger\LiveNatTrav.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Messenger\LiveTransport.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Messenger\PresenceIM.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll] [Patchou, 4, 60, 0, 326] [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ] [C:\Program Files\Windows Live\Messenger\msgslang.9.0.1407.1107.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes1.dll] [Patchou, 4, 60, 0, 324] [C:\Program Files\Windows Live\Messenger\msgrvsta.thm] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Messenger\uccapi.dll] [Microsoft Corporation, 2.0.6362.525 built by: lcs_se_ls2007_uccasdk] [C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.6362.525 built by: lcs_se_ls2007_uccasdk] [C:\Program Files\Windows Live\Messenger\msgswcam.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Windows\system32\sirenacm.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))] [C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\Program Files\Windows Live\Contacts\lmcdata.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Contacts\contact.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))] [C:\Program Files\Windows Live\Contacts\conproxy.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))] [C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Messenger Plus! Live\libsndfile.dll] [N/A, ] [C:\Program Files\Messenger Plus! Live\lame_enc.dll] [N/A, ] [C:\Program Files\Windows Live\Messenger\wmv9vcm.dll] [Microsoft Corporation, 9.0.1.1184] [C:\Windows\system32\iyuv_32.dll] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 2096 / Max][C:\Program Files\Valve\Steam\Steam.exe] [Valve Corporation, 1.0.0.0] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Valve\Steam\Steam.dll] [Valve Corporation, 2.0.0.0] [C:\Program Files\Valve\Steam\SteamUI.dll] [Valve Corporation, 1, 0, 0, 1] [C:\Program Files\Valve\Steam\vstdlib_s.dll] [Valve Corporation, 3, 0, 0, 1] [C:\Program Files\Valve\Steam ier0_s.dll] [Valve Corporation, 1, 0, 0, 1] [C:\Program Files\Valve\Steam\bin\FileSystem_Steam.dll] [Valve Corporation, 3, 0, 0, 1] [C:\Program Files\Valve\Steam\bin\vgui2.dll] [Valve Corporation, 3, 0, 0, 1] [C:\Program Files\Valve\Steam\steamclient.dll] [Valve Corporation, 3, 0, 0, 1] [C:\Program Files\Valve\Steam\bin\p2pvoice.dll] [Valve Corporation, 1, 0, 0, 1] [C:\Program Files\Valve\Steam\bin\mss32_s.dll] [N/A, ] [c:\program files\valve\steam\bin\friendsUI.dll] [Valve Corporation, 3, 0, 0, 1] [c:\program files\valve\steam\bin\serverbrowser.dll] [N/A, ] [C:\Windows\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [PID: 2208 / Max][C:\Program Files\Windows Sidebar\sidebar.exe] [Microsoft Corporation, 6.0.6000.16615 (vista_gdr.071215-2230)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\system32\icm32.dll] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL] [Microsoft Corporation, 12.0.4518.1014] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [PID: 2644 / SYSTEM][C:\Acer\Empowering Technology\ePerformance\MemCheck.exe] [, 1.0.0.0] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7fe79782947b85d961fd55cb5e02a129\mscorlib.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System\fcc712bc5da45a672e7f1ad176dbd5a5\System.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\61b951bd03727a096c1c02cb18d5ce30\System.ServiceProcess.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll] [, 1.0.0.0] [C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll] [, 1.0.0.0] [C:\Acer\Empowering Technology\ePerformance\log4net.dll] [The Apache Software Foundation, 1.2.10.0] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d7b63c1d2ab17ac3cc24881c4ff78b63\System.Configuration.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f76a7622c73e26e4d2daf54068d7ff79\System.Xml.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c11c5eb32a435c14a33e62b1e150e988\System.Web.ni.dll] [Microsoft Corporation, 2.0.50727.833 (QFE.050727-8300)] [PID: 2712 / SYSTEM][C:\Program Files\Intel\IntelDH\CCU\AlertService.exe] [Intel(R) Corporation, 1.6.414.0] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 2736 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe] [Avira GmbH, 8.00.01.27] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 8.00.00.16] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardmsg.dll] [Avira GmbH, 8.00.08.00] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3.3.17.1] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL] [Avira GmbH, 8.00.02.00] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL] [Avira GmbH, 1.02.00.23] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVGIO.DLL] [Avira GmbH, 8.00.01.03] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll] [Avira GmbH, 8.1.1.8] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aevdf.dll] [Avira GmbH, 8.1.0.5] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll] [Avira GmbH, 8.1.0.68] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll] [Avira GmbH, 8.1.0.23] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aerdl.dll] [Avira GmbH, 8.1.0.20] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll] [Avira GmbH, 8.1.2.1] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll] [N/A, ] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll] [Avira GmbH, 8.1.0.22] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll] [Avira GmbH, 8.1.0.50] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aehelp.dll] [Avira GmbH, 8.1.0.15] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll] [Avira GmbH, 8.1.0.36] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeemu.dll] [Avira GmbH, 8.1.0.7] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\aebb.dll] [Avira GmbH, 8.1.0.1] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.0.6.0] [PID: 2752 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple Inc., 2.0.28.0] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 2772 / SYSTEM][C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe] [, 1, 0, 0, 8] [C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins msmc.dll] [Gteko Ltd., 1, 0, 0, 9] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 2784 / SYSTEM][C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe] [HiTRSUT, 2, 7, 0, 2] [C:\Windows\system32\PSDUtil.dll] [HiTRUST, 2, 2, 0, 28] [C:\Windows\system32\CryptoAPI.dll] [HiTRUST, 2, 2, 0, 34] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Windows\system32\sysenv.dll] [HiTRUST, 2, 5, 3021, 108] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 2916 / SYSTEM][C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe] [Intel Corporation, 6.2.0.2002] [PID: 2960 / SYSTEM][C:\Program Files\Common Files\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.136.1] [C:\Program Files\Common Files\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.136.1] [C:\Program Files\Common Files\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.136.1] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 3008 / SYSTEM][C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe] [Symantec Corporation, 3.2.0.68] [C:\Program Files\Symantec\LiveUpdate\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Symantec\LiveUpdate\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 3060 / SYSTEM][C:\Windows\system32\PnkBstrA.exe] [N/A, ] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 3080 / SERVICE RÉSEAU][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 3096 / SERVICE LOCAL][C:\Windows\system32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [PID: 3128 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 3252 / SYSTEM][C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe] [Acer Inc., 2.5.4.1] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7fe79782947b85d961fd55cb5e02a129\mscorlib.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System\fcc712bc5da45a672e7f1ad176dbd5a5\System.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\61b951bd03727a096c1c02cb18d5ce30\System.ServiceProcess.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll] [, 2.05.4001] [C:\Acer\Empowering Technology\eRecovery\IERYETF.dll] [, 2.05.4001] [C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [C:\Acer\Empowering Technology\eRecovery\INT15.dll] [N/A, ] [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3fe3f7ba542ab78e52e49d19640a7e64\System.Management.ni.dll] [Microsoft Corporation, 2.0.50727.312 (rtmLHS.050727-3100)] [PID: 3640 / Max][C:\Program Files\Windows Live\Contacts\wlcomm.exe] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Windows Live\Contacts\contact.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))] [C:\Program Files\Windows Live\Contacts\conproxy.dll] [Microsoft Corp., 9.0.1407.1107 (next-working.client.messenger (by BTSA010 on TK1BLD46))] [C:\Program Files\Windows Live\Contacts\consync.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Contacts\wldlog.dll] [N/A, ] [C:\Program Files\Windows Live\Contacts\lmcdata.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Contacts\abssm.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [PID: 3800 / SYSTEM][C:\Program Files\Common Files\Steam\SteamService.exe] [Valve Corporation, 1, 0, 0, 1] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Program Files\Valve\Steam\bin\SteamService.dll] [Valve Corporation, 1, 0, 0, 1] [C:\Program Files\Valve\Steam ier0_s.dll] [Valve Corporation, 1, 0, 0, 1] [C:\Program Files\Valve\Steam\vstdlib_s.dll] [Valve Corporation, 3, 0, 0, 1] [PID: 3812 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 3820 / SYSTEM][C:\Windows\system32 askeng.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 3844 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 7.7.0.43] [C:\Program Files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL] [Apple Inc., 7.7.0.30] [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 7.7.0.43] [PID: 4084 / Max][C:\Windows\system32 askeng.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 524 / Max][C:\Program Files\Windows Media Player\wmpnscfg.exe] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 1128 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\wmpnetwk.exe] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [PID: 1912 / Max][C:\Windows\system32\wbem\unsecapp.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 4340 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger] [PID: 2860 / Max][C:\Windows\system32\conime.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 4536 / SYSTEM][C:\Windows\System32\svchost.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 3244 / SYSTEM][C:\Windows\system32\SearchIndexer.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 3040 / Max][C:\Windows\Explorer.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll] [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [C:\PROGRA~1\WI4EB4~1\wmpband.dll] [Microsoft Corporation, 11.0.6000.6324 (vista_rtm.061101-2205)] [C:\Windows\system32\sysenv.dll] [HiTRUST, 2, 5, 3021, 108] [C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll] [Malwarebytes Corporation, 1, 1, 0, 0] [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 7, 2, 0] [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\WinRAR arext.dll] [N/A, ] [C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll] [Avira GmbH, 7.00.00.15] [C:\Windows\system32\eDSshellExt.dll] [HiTRUST, 2, 5, 3024, 20] [C:\Windows\system32\CryptoAPI.dll] [HiTRUST, 2, 2, 0, 34] [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [PID: 3680 / Max][C:\Windows\system32 otepad.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll] [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)] [PID: 5916 / Max][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.0.1] [C:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.0.1] [C:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.5.9] [C:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000] [C:\Program Files\Mozilla Firefox\js3250.d

maxouxd · Answer

[C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.1]
    [C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.5.9]
    [C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
    [C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\Mozilla Firefox
spr4.dll]  [Mozilla Foundation, 4.7.1]
    [C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.0.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox
ss3.dll]  [Mozilla Foundation, 3.12.0.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox
ssutil3.dll]  [Mozilla Foundation, 3.12.0.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.1]
    [C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.1]
    [C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.0.3 Basic ECC]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
    [C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.1]
    [C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.1]
    [C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.0.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox
ssdbm3.dll]  [Mozilla Foundation, 3.12.0.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.0.3 Basic ECC]
    [C:\Program Files\Mozilla Firefox
ssckbi.dll]  [Mozilla Foundation, 1.70]
    [C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.1]
    [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll]  [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 4196 / SYSTEM][C:\Windows\system32\vssvc.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 3636 / SYSTEM][C:\Windows\system32\SearchProtocolHost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
    [C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Windows Live\Messenger\fsshext.9.0.1407.1107.dll]  [Microsoft Corporation, 9.0.1407.1107_next-working.client.messenger]
    [C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll]  [Microsoft Corporation, 5.2.6000.16386 (vista_rtm.061101-2205)]
[PID: 4276 / Max][C:\Program Files\COMODO\Firewall\cfp.exe]  [N/A, ]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
    [C:\Windows\system32\guard32.dll]  [N/A, ]
    [C:\Windows\system32\cssdll32.dll]  [COMODO, 1, 0, 0, 7]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 6076 / SYSTEM][C:\Windows\system32\SearchFilterHost.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\guard32.dll]  [N/A, ]
    [C:\Windows\system32\cssdll32.dll]  [COMODO, 1, 0, 0, 7]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
[PID: 1864 / Max][C:\Users\Max\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 4504 / Max][C:\Users\Max\Desktop\SRE7a302d90.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\COMCTL32.dll]  [Microsoft Corporation, 6.10 (vista_rtm.061101-2205)]
    [C:\Users\Max\Desktop\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2736, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE]

==================================
API HOOK
N/A

maxouxd · Answer

jme met en pause, a demain.

Merci, merci beaucoup a tous !!

sKe69 · Answer

Max ,
* il faudrait aussi le dernier rapport combofix stp ...

* Fais ce-ci :

Télécharges : - CCleaner 
https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ). 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage 
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )


 * Puis comme l'a demandé afideg, refais un scan en ligne avec Kaspersky et postes le nouveau rapport obtenu ...

Parcontre je ne sais pas si ont est dans une session Administrateur , car si ce n'est pas le cas on peut tourner en rond un momment non ? ...

afideg · Answer

Re,

Rien trouvé de particulièrement probant dans le log System Repair Engineer 
Même pas de SROSA.SYS dans les drivers !

Bonne nuit à tous

Al.

Utilisateur anonyme · Answer

_;) non moi non plus

moi je dis "passer combofix" sur le session SAM (papa) 

malewarebyte ensuite sur les sessions 

findB pour verif

afideg · Answer

Re,

N'oublie pas ceci:

C:\Users\Enzo\AppData\Roaming\Microsoft\SystemCertificates\M­y 
C:\Users\Max\AppData\Roaming\Microsoft\SystemCertificates\My­ 
C:\Users\Sophie\AppData\Roaming\Microsoft\SystemCertificates­\My 


Bonne nuit
Al.

maxouxd · Answer

mes parents arrivent ce soir.

maxouxd · Answer

Mais ya pas de session admin ! je suis admin, sam aussi , ainsi que Sophie !


Les combo fix passent pas sur le forum (trop long)

https://www.sendspace.com/file/85i9yp

sKe69 · Answer

Salut,

fais ce-ci pour voir ( en mode normal ) :

Télécharge DiagHelp.zip sur ton bureau :
( note : si ton anti-virus s'affolle lors du téléchargement ou de l'installe, c'est normal , ignore l'alerte ).

-> http://www.malekal.com/download/DiagHelp.zip

!! déconnectes toi et fermes toutes tes applications en cours !!  

Fais un clic droit sur le fichier et extraire tout .

--> Un nouveau dossier va être créé : "DiagHelp"  
Ouvres le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )
 
--> Une fenêtre va s'ouvrir, choisis l'option 1 
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera : 
une page IE va s'ouvrir , fermes la . 
Re-appuis sur une touche, le bloc-note s'ouvre : 
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...

maxouxd · Answer

il me dis qu'il manque des fichiers et que j'ai mal extracté

maxouxd · Answer

Pareil, j'ai l'impression que mon UAC, n'est pas désactivé ! pourtant j'ai décoché la case...

maxouxd · Answer

si jte dis sa, c'est que je viens de vérifier.

sKe69 · Answer

Bon .... laisse tomber DiagHelp ... Bagle doit empècher son fonctionnement ...

Installes Elibagla directement sous C  -> " C:\Elibagla.exe "

Ensuite tu vas démarrer en mode sans échec  :

->Tu vas lancer Elibagla deux fois dans chaques sessions et tu sauvegarderas chaques rapports directement sous C ( pour les retrouver facilement )

-> Ensuite tu lanceras Combofix ( de ta session ) .

Redémarres ton PC ( si ce n'est pas déjà fait par Combo ) et postes nous tous les rapports 
obtenus ( en précisant pour ceux d'Elibagla , de quelles sessions ils proviennent ... ) .

maxouxd · Answer

Complexe, sa va mettre du temps, j'y go quand mes parents sont là !

afideg · Answer

Bonjour à tous, À l'avenir et pour DiagHelp sous Vista, voici la procédure à appliquer. ATTENTION : Avec VISTA il faut : 1°- Désactive le UAC « contrôle des comptes utilisateurs » (tu le réactiveras après ta désinfection): Explications, là: < https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html > ou là; < https://www.generation-nt.com/ > (Vas dans "démarrer" puis "panneau de configuration". - Double Clique sur l'icône "Comptes d'utilisateurs" - Clique ensuite sur désactiver et valide). (toujours redémarrer le PC pour que ce soit effectif) 2°- Télécharge DiagHelp.zip < http://www.malekal.com/download/DiagHelp.zip > sur ton bureau - - Ne double-clic pas dessus !! ==> Fais un "clic-droit" sur le fichier et "extraire tout" . - - Un nouveau dossier va être créé DiagHelp - - Ouvre-le et clic-droit sur go.cmd (le .cmd peut ne pas apparaître) < http://img149.imageshack.us/img149/4927/screenshot173gl8.gif >, puis choisir "Exécuter en temps qu'administrateur". Et poursuivre comme indiqué à l'origine sous XP ==> C’est-à-dire : •- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande. Notes: 1)- Lors du scan, une fenêtre "Sysinternals Software Licence Terms" va s'ouvrir > clique sur "Agree" 2)- Tu vas certainement recevoir une alerte du pare-feu te demandant si tu acceptes que le processus "sigcheck.exe" puisse se connecter à Internet > "Accepte". 3)- Pendant l'analyse, à la fin du rapport "catchme", il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran! N'oublie pas ! 4- (**) A la fin du scan tu seras dirigé vers la page de l'auteur afin d'expédier le fichier C:\upload_moi_xxxxx.zip ==> Envoie le fichier (c'est chez le concepteur) s’il te plaît. (Si l'envoi ne va pas, alors expédie-le en pièce jointe à partir de ta messagerie e-Mail habituelle) Si tu reçois un message d'erreur ferme simplement la page internet et clique sur la touche [Enter] •- A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... •- Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-notes. Ce dernier se trouve sur C:\resultat.txt - Copie/colle le contenu du bloc-notes qui s'ouvre, pour cela : « Dans le bloc-notes, cliquez sur le menu Edition / Sélectionner tout > à nouveau menu Edition / copier > pour terminer dans un nouveau message ici, faire un clic droit / coller. » - Tutoriel ici : < http://www.malekal.com/DiagHelp/DiagHelp.php > NOTE : (**) Avant la fin Diaghelp ouvre le navigateur pour les besoins de l'upload. Quand cela plante, (maintenant j'attends même plus), je ferme le navigateur pour laisser terminer le scan et avoir accès au fichier texte Al.

Utilisateur anonyme · Answer

Juste pour dire bonjours , Al, Ske, et Maxou !!

@+

afideg · Answer

Hey,

Ou sans doute usé d'avoir à s'occuper d'une famille nombreuse  Enzo, Max, Sophie et le vieux Sam .

Hi, hi.

Salut D & O    ;)

Al.

Utilisateur anonyme · Answer

-;)

maxouxd · Answer

Mdrrrr sa va bien être comme sa pour vous un jour. (bientôt ?)

Hadrienen · Answer

250 e message (j'inaugure^^)


Je vois que vous essayer tant bien que mal à le sortir du Bagle de ***** , je vous en félicite :) ..perserver fera vaincre.

EDIT: ici un cas de bagle supprimé...peut etre vous l'avez déjà vu ou non, alors je poste au cas ou...

http://www.commentcamarche.net/forum/affich 2609792 virus bagle impossible a eliminer?page=4#0

maxouxd · Answer

et puis lui il peut démarrer Hikackthis ! le méchant !

maxouxd · Answer

Exactement, si jlexecute pas en mode admin, sa marche mais bloque. En mode admin, il me dit que j'ai ma extrait...

Hadrienen · Answer

Vous avez essayer un Anti Bagle ? (dsl j'ai pas tout lu...)

afideg · Answer

Salut maxouxd,

Accepterais-tu de relancer ScanOnlineKaspersky ?
http://www.commentcamarche.net/forum/affich 7950743 virus srosa sys bagle gen win 32?page=5#95
SVP
Merci

Al.

Hadrienen · Answer

Un Anti Bagle ..qui normalement devrait etre efficace.... maxouxd , avant de l'utiliser demande accord des autres.

https://www.01net.com/telecharger/
http://francias.softpicks.net/software/Anti-Bagle_fr-20960.htm

maxouxd · Answer

Attendez jvous envoie un Antivir bientot.

maxouxd · Answer

Oups, nan je suis en mode normal =S

maxouxd · Answer

Avira AntiVir Personal Report file date: 2008-08-22 15:12 Scanning for 1566590 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Boot mode: Normally booted Username: SYSTEM Computer name: BQC Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 2008-08-12 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 13:54:15 ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 2008-08-14 17:12:58 ANTIVIR3.VDF : 7.0.6.51 217600 Bytes 2008-08-21 17:13:02 Engineversion : 8.1.1.23 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21 AESCRIPT.DLL : 8.1.0.68 315770 Bytes 2008-08-21 17:13:21 AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-10 12:44:49 AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-24 12:37:48 AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-07-15 12:58:35 AEOFFICE.DLL : 8.1.0.22 192890 Bytes 2008-08-21 17:13:19 AEHEUR.DLL : 8.1.0.50 1388918 Bytes 2008-08-21 17:13:17 AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-10 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 2008-08-21 17:13:06 AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-07-31 08:33:21 AECORE.DLL : 8.1.1.8 172406 Bytes 2008-07-31 08:33:21 AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-10 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 2008-08-21 17:13:03 AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-08-22 15:12 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'cfp.exe' - '1' Module(s) have been scanned Scan process 'mfpmp.exe' - '0' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'conime.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'SteamService.exe' - '1' Module(s) have been scanned Scan process 'wlcomm.exe' - '1' Module(s) have been scanned Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'eDSService.exe' - '1' Module(s) have been scanned Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'AlertService.exe' - '1' Module(s) have been scanned Scan process 'MemCheck.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'Steam.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'sidebar.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'wpcumi.exe' - '1' Module(s) have been scanned Scan process 'V0230Mon.exe' - '1' Module(s) have been scanned Scan process 'IntelHCTAgent.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 62 processes with 62 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD4 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD5 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD6 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\mONEY\Monopoly.2003.New.Edition.Multilanguage.Powered.By.NordAllianZ.par.eMule-Paradise.com.rar [WARNING] An exception has been identified! [WARNING] In the module 'aecore.dll' an exception occured. Calling the function AVEPROC_TestFile in file: \?\C:\mONEY\Monopoly.2003.New.Edition.Multilanguage.Powered.By.NordAllianZ.par.eMule-Paradise.com.rar Error description:ACCESS_VIOLATION EAX = 08810568 EBX = 02876AE8 ECX = 088104B4 EDX = 000001D2 ESI = 073CE6DF EDI = 02876ae4 EIP = 01DDC8C3 EBP = 07BF0030 ESP = 0233F1E8 Flg = 00010283 CS = 00000023 SS = 0000001B Begin scan in 'D:\' D:\Documents and Settings\Sam.BQC\Local Settings\Temporary Internet Files\Content.IE5\SHUNGPIN\swflash[1].cab [0] Archive type: CAB (Microsoft) --> Flash9d.ocx [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Documents and Settings\Sam.BQC\Local Settings\Temporary Internet Files\Content.IE5\WLUB0DEZ\hardwaredetection_2_0_4_9[1].cab [0] Archive type: CAB (Microsoft) --> setupmconfig.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.erb back-door program [NOTE] The file was moved to '4920c2f8.qua'! Begin scan in 'E:\' End of the scan: 2008-08-22 15:47 Used time: 34:46 Minute(s) The scan has been done completely. 21225 Scanning directories 388826 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 388823 Files not concerned 4025 Archives were scanned 8 Warnings 1 Notes

Utilisateur anonyme · Answer

re Max 

1) quand reviens papa ?

2) post un nouveau scan FindB

3) edit, je viens de tester dialghelp et y a soucis

afideg · Answer

Re,

Nardino donne ceci : 
« DiagHelp fonctionne parfaitement sous Vista, mais il faut faire désactiver l'UAC au préalable et surtout ne pas oublier de le faire réactiver après utilisation et désinfection, si nécessaire. 
On obtiendra : 
Sur le bureau, catchme.log 
A la racine du système, resultat.txt 
upload_moi_V-Vista.tar.gz   »

Euh! ... Puis passe Kaspersky on line  .... 


Je m'en vais.
Al.

maxouxd · Answer

online scanner démarre !

maxouxd · Answer

rolala analyse terminée !! mais il m'affiche pas le tableau pour enregistrer le rapport : Internet explorer freeze !

Virus Srosa.Sys Bagle Gen Win 32

247 réponses

Votre réponse

Discussions similaires

Newsletters