Encore un ver avec MSN ... :( [ Résolu ] !!!
Dernière réponse : dans Sécurité
bonjour a tous !
une fois de plus MSN apporte des cochonnerie, j'ai du accepter un fichier par un contact ( connu) et depuis j'ai Avast qui s'ennerve a essayer de me prevenir d'un virus de type ver et qui n'arrive pas a la supprimler ! voici le details il apparait une fois que je coupe ma session MSN : C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798
Nom du logiciel malvaillant : VME family
type : Virus/Ver
Version : 000757-2, 16/07/2007
Help me please![:(]( ":(")
A + Jé ( RESOLU )
une fois de plus MSN apporte des cochonnerie, j'ai du accepter un fichier par un contact ( connu) et depuis j'ai Avast qui s'ennerve a essayer de me prevenir d'un virus de type ver et qui n'arrive pas a la supprimler ! voici le details il apparait une fois que je coupe ma session MSN : C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798
Nom du logiciel malvaillant : VME family
type : Virus/Ver
Version : 000757-2, 16/07/2007
Help me please
A + Jé ( RESOLU )
Autres pages sur : ver msn resolu
Lassé par la pub ? Créez un compte
Bonjour
Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/d...
Fais un scan et poste l'analyse ici.
Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/d...
Fais un scan et poste l'analyse ici.
Bonjour ![:)]( ":)")
voici le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 18:38:24, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9737764D-C01F-4823-83C9-41D9A73C0418}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
que dois je faire ensuite?
Merci !
voici le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 18:38:24, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9737764D-C01F-4823-83C9-41D9A73C0418}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
que dois je faire ensuite?
Merci !
Re
$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...
$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer
Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche
Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.
$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...
$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer
Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche
Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.
Bonjour ![:)]( ":)")
voici le resultat :
Logfile of HijackThis v1.99.1
Scan saved at 18:23:04, on 18/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9737764D-C01F-4823-83C9-41D9A73C0418}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Que dois je fais maintenant?![:)]( ":)")
A +
voici le resultat : Logfile of HijackThis v1.99.1
Scan saved at 18:23:04, on 18/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9737764D-C01F-4823-83C9-41D9A73C0418}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Que dois je fais maintenant?
A +
oups le voici :
SDFix: Version 1.92
Run by Jerome on 18/07/2007 at 18:14
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\Jerome\LOCALS~1\Temp\GLF5E.tmp.dll - Deleted
C:\DOCUME~1\Jerome\LOCALS~1\Temp\GLF67.tmp.dll - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\Sharing Folders\loic_deblossac@hotmail.com\Thumbs.db
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\Sharing Folders\sesotris3@hotmail.com\Thumbs.db
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArtSmall.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArt_{BB264330-8DD6-4042-AD84-C0F8DD26E8DC}_Large.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArt_{BB264330-8DD6-4042-AD84-C0F8DD26E8DC}_Small.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\desktop.ini
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\Folder.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\Thumbs.db
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
SDFix: Version 1.92
Run by Jerome on 18/07/2007 at 18:14
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\Jerome\LOCALS~1\Temp\GLF5E.tmp.dll - Deleted
C:\DOCUME~1\Jerome\LOCALS~1\Temp\GLF67.tmp.dll - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\Sharing Folders\loic_deblossac@hotmail.com\Thumbs.db
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\Sharing Folders\sesotris3@hotmail.com\Thumbs.db
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArtSmall.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArt_{BB264330-8DD6-4042-AD84-C0F8DD26E8DC}_Large.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArt_{BB264330-8DD6-4042-AD84-C0F8DD26E8DC}_Small.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\desktop.ini
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\Folder.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\Thumbs.db
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
Plus de signe d'infection dans ces rapports.
Télécharge MSNFix.zip (de !aur3n7) sur le Bureau
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.
Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste le
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
Télécharge MSNFix.zip (de !aur3n7) sur le Bureau
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le (clic droit >> Extraire ici) et double clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, exécute l'option N.
Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Poste le
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
Voici le rapport:
SDFix: Version 1.92
Run by Jerome on 18/07/2007 at 18:14
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\Jerome\LOCALS~1\Temp\GLF5E.tmp.dll - Deleted
C:\DOCUME~1\Jerome\LOCALS~1\Temp\GLF67.tmp.dll - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\Sharing Folders\loic_deblossac@hotmail.com\Thumbs.db
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\Sharing Folders\sesotris3@hotmail.com\Thumbs.db
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArtSmall.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArt_{BB264330-8DD6-4042-AD84-C0F8DD26E8DC}_Large.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArt_{BB264330-8DD6-4042-AD84-C0F8DD26E8DC}_Small.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\desktop.ini
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\Folder.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\Thumbs.db
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
SDFix: Version 1.92
Run by Jerome on 18/07/2007 at 18:14
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\Jerome\LOCALS~1\Temp\GLF5E.tmp.dll - Deleted
C:\DOCUME~1\Jerome\LOCALS~1\Temp\GLF67.tmp.dll - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\Sharing Folders\loic_deblossac@hotmail.com\Thumbs.db
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\Sharing Folders\sesotris3@hotmail.com\Thumbs.db
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArtSmall.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArt_{BB264330-8DD6-4042-AD84-C0F8DD26E8DC}_Large.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\AlbumArt_{BB264330-8DD6-4042-AD84-C0F8DD26E8DC}_Small.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\desktop.ini
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\Folder.jpg
C:\Documents and Settings\Jerome\Mes documents\Ma musique\Mariah.Carey.-.The.Emancipation.Of.Mimi.2005.MP3.192kbps.www.mp3-es.com\Thumbs.db
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Finished
Arg je m'etais trompé de rapport
voici le bon :
MSN_Fix 1.337
C:\Documents and Settings\Jerome\Bureau\MSNFix\MSNFix
Fix exécuté le 18/07/2007 - 20:26:07,12 By Jerome
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\_default.pif
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\_default.pif
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 18072007_20271784.zip
Info ... Info .... Info .... Info .... Info .... Info
Le groupe "Casahack Security Team" propose une copie de MSNFix sous le nom de MSN_reg
Ce groupe n'est et n'a jamais été associé à MSNFix
l'outil diffusé sous l appellation MSN_reg par Net-Viper n est qu'une copie de MSNFix
Alerte diffusée le 14 juillet http://sosvirus.changelog.fr/Alerte_copieur.html
MSNFix ne dispose d'auncun site de téléchargement miroir
Seule la version téléchargée à partir de changelog.fr peut être estampillée officielle.
Info ... Info .... Info .... Info .... Info .... Info
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://246694.aceboard.fr
------------------------------------------------------------------------
Commande ECHO d‚sactiv‚e.
--------------------------------------------- END ---------------------------------------------
voici le bon :
MSN_Fix 1.337
C:\Documents and Settings\Jerome\Bureau\MSNFix\MSNFix
Fix exécuté le 18/07/2007 - 20:26:07,12 By Jerome
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\_default.pif
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\_default.pif
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 18072007_20271784.zip
Info ... Info .... Info .... Info .... Info .... Info
Le groupe "Casahack Security Team" propose une copie de MSNFix sous le nom de MSN_reg
Ce groupe n'est et n'a jamais été associé à MSNFix
l'outil diffusé sous l appellation MSN_reg par Net-Viper n est qu'une copie de MSNFix
Alerte diffusée le 14 juillet http://sosvirus.changelog.fr/Alerte_copieur.html
MSNFix ne dispose d'auncun site de téléchargement miroir
Seule la version téléchargée à partir de changelog.fr peut être estampillée officielle.
Info ... Info .... Info .... Info .... Info .... Info
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://246694.aceboard.fr
------------------------------------------------------------------------
Commande ECHO d‚sactiv‚e.
--------------------------------------------- END ---------------------------------------------
Bien.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
Voici le rapport :
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, July 18, 2007 10:03:29 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 18/07/2007
Enregistrements dans la base antivirus Kaspersky : 342397
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
Statistiques de l'analyse:
Total d'objets analysés: 41114
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 00:50:55
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayman35@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayman35@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Historique\History.IE5\MSHist012007071820070719\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DF839C.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DF83A9.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DF8D33.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DF8D3F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFCBAE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFCBBF.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFD492.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFD4A3.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFF111.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-07-18.18-19-08.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{6DCE9677-9EF3-420B-9585-7A3E88943730}\RP120\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_648.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, July 18, 2007 10:03:29 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 18/07/2007
Enregistrements dans la base antivirus Kaspersky : 342397
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
Statistiques de l'analyse:
Total d'objets analysés: 41114
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 00:50:55
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\formhistory.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\GoogleToolbarData\googlesafebrowsing.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\history.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayfreeman3@hotmail.com\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Messenger\gayman35@hotmail.fr\SharingMetadata\Working\database_F26C_2A0D_6C29_CD63\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayman35@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayman35@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Application Data\Mozilla\Firefox\Profiles\umlrxowq.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Historique\History.IE5\MSHist012007071820070719\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DF839C.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DF83A9.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DF8D33.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DF8D3F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFCBAE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFCBBF.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFD492.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFD4A3.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temp\~DFF111.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Jerome\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-07-18.18-19-08.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{6DCE9677-9EF3-420B-9585-7A3E88943730}\RP120\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_648.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
Rien avec Kaspersky.
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt![:p]( ":p")
aste List of Files/Folders to be moved.
C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt
aste List of Files/Folders to be moved.C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles
Pas de formatage.
Qui te donne cette localisation ?
$$ Télécharge et installe
CCleaner.
http://www.pcastuces.com/logitheque/ccleaner.htm
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner
Clique sur Options, Avancé et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Ne touche pas aux autres réglages.
AVG Anti-Spyware
http://www.ewido.net/en/download/
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
$$ Lance le nettoyage avec CCleaner.
$$ Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le.
Qui te donne cette localisation ?
$$ Télécharge et installe
CCleaner.
http://www.pcastuces.com/logitheque/ccleaner.htm
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner
Clique sur Options, Avancé et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Ne touche pas aux autres réglages.
AVG Anti-Spyware
http://www.ewido.net/en/download/
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
$$ Lance le nettoyage avec CCleaner.
$$ Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
Poste le.
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:54:04 18/07/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Administrateur\Cookies\system@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\Default User\Cookies\system@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\Jerome\Cookies\jerome@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Program Files\Alcohol Soft\Alcohol 120\STAR_SYN_CLIENT.dll.BAK -> Trojan.Agent.abd : Nettoyé.
C:\Program Files\Alcohol Soft\Alcohol 120\star_syn_client.dll -> Trojan.Agent.abd : Nettoyé.
Fin du rapport
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 23:54:04 18/07/2007
+ Résultat de l'analyse:
C:\Documents and Settings\Administrateur\Cookies\system@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\Default User\Cookies\system@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\Jerome\Cookies\jerome@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Program Files\Alcohol Soft\Alcohol 120\STAR_SYN_CLIENT.dll.BAK -> Trojan.Agent.abd : Nettoyé.
C:\Program Files\Alcohol Soft\Alcohol 120\star_syn_client.dll -> Trojan.Agent.abd : Nettoyé.
Fin du rapport
Ce qui est bizarre, c'est que OTMoveIt ne le trouve pas.
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse
"Jerome" - 2007-07-19 19:50:52 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))
2007-07-19 19:50 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 18:46 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-07-19 18:46 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-07-19 18:45 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-18 23:03 <REP> d-------- C:\Program Files\CCleaner
2007-07-18 18:14 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-17 18:38 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-07-12 20:49 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-12 20:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-24 12:51 <REP> d-------- C:\Program Files\VirtualDJ
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-19 16:39:15 -------- d-----w C:\Program Files\Google
2007-07-19 16:36:30 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-07-11 16:33:45 83,046 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-11 16:33:45 504,492 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-24 10:46:00 -------- d-----w C:\Program Files\eMule
2007-06-17 22:21:52 -------- d-----w C:\Program Files\DJ Mix Pro
2007-05-29 20:32:07 -------- d-----w C:\Program Files\adslTV
2007-05-29 20:31:37 -------- d-----w C:\DOCUME~1\Jerome\APPLIC~1\vlc
2007-05-28 18:14:20 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-26 17:12:17 -------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-05-26 17:10:04 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-05-26 17:09:21 -------- d-----w C:\Program Files\Logitech
2007-05-24 17:58:04 -------- d-----w C:\Program Files\Navilog1
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 17:30:13 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-02-26 19:10:13 19,120 ----a-w C:\DOCUME~1\Jerome\APPLIC~1\GDIPFONTCACHEV1.DAT
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2003-05-07 10:32 C:\WINDOWS\system32\VTTimer.exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-03 16:22]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 07:59 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)
*Newly Created Service* - USNJSVC
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 19:53:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-19 19:54:07
--- E O F ---
((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))
2007-07-19 19:50 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 18:46 <REP> d-------- C:\Program Files\Messenger Plus! Live
2007-07-19 18:46 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-07-19 18:45 <REP> d-------- C:\Program Files\MSN Messenger
2007-07-18 23:03 <REP> d-------- C:\Program Files\CCleaner
2007-07-18 18:14 <REP> d-------- C:\WINDOWS\ERUNT
2007-07-17 18:38 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-07-12 20:49 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-12 20:49 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-24 12:51 <REP> d-------- C:\Program Files\VirtualDJ
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-19 16:39:15 -------- d-----w C:\Program Files\Google
2007-07-19 16:36:30 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-07-11 16:33:45 83,046 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-11 16:33:45 504,492 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-24 10:46:00 -------- d-----w C:\Program Files\eMule
2007-06-17 22:21:52 -------- d-----w C:\Program Files\DJ Mix Pro
2007-05-29 20:32:07 -------- d-----w C:\Program Files\adslTV
2007-05-29 20:31:37 -------- d-----w C:\DOCUME~1\Jerome\APPLIC~1\vlc
2007-05-28 18:14:20 -------- d-----w C:\Program Files\MSXML 4.0
2007-05-26 17:12:17 -------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-05-26 17:10:04 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-05-26 17:09:21 -------- d-----w C:\Program Files\Logitech
2007-05-24 17:58:04 -------- d-----w C:\Program Files\Navilog1
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 17:30:13 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-02-26 19:10:13 19,120 ----a-w C:\DOCUME~1\Jerome\APPLIC~1\GDIPFONTCACHEV1.DAT
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2003-05-07 10:32 C:\WINDOWS\system32\VTTimer.exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-02-03 16:22]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 07:59 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoControlPanel"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"HideClock"=0 (0x0)
*Newly Created Service* - USNJSVC
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 19:53:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-19 19:54:07
--- E O F ---
Rien avec Combofix.
Télécharge Registry Search
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
Dézippe le sur le bureau et double-clique sur regsrch.vbs
copie colle le nom 1138689798 dans la zone de recherche et clique sur OK
Tu recevras un message disant que la recherche est terminée, clique sur 'OK'
Sauvegarde le résultat pour le mettre dans ton prochain post.
Télécharge Registry Search
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
Dézippe le sur le bureau et double-clique sur regsrch.vbs
copie colle le nom 1138689798 dans la zone de recherche et clique sur OK
Tu recevras un message disant que la recherche est terminée, clique sur 'OK'
Sauvegarde le résultat pour le mettre dans ton prochain post.
Je viens de faire une recherche sur le net, et un internaute à eu le même cas que toi.
Il ne trouvais pas ce fichier cité par Avast.
Je n'en sais pas plus, cela n'a pas continué.
Ne fais pas le scan.
Fais un clic droit sur l'icône d'Avast.
Clique sur Visualisateur de journeaux Avast.
Cherche dans quelle catégorie se trouve cette l'alerte et poste moi le rapport.
Il ne trouvais pas ce fichier cité par Avast.
Je n'en sais pas plus, cela n'a pas continué.
Ne fais pas le scan.
Fais un clic droit sur l'icône d'Avast.
Clique sur Visualisateur de journeaux Avast.
Cherche dans quelle catégorie se trouve cette l'alerte et poste moi le rapport.
Yop ! voila :
20/07/2007 19:51:55 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
20/07/2007 19:51:53 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
20/07/2007 19:51:50 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
20/07/2007 19:51:41 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
20/07/2007 19:51:29 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
20/07/2007 09:22:42 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
20/07/2007 09:22:41 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
20/07/2007 09:22:40 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
20/07/2007 09:22:39 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
20/07/2007 09:22:14 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
20/07/2007 00:26:26 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
20/07/2007 00:26:23 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
20/07/2007 00:26:21 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
20/07/2007 00:26:20 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
20/07/2007 00:25:28 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
20/07/2007 00:04:01 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\723.vir" file.
20/07/2007 00:04:00 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\723.4.vir" file.
20/07/2007 00:03:59 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\723.3.vir" file.
20/07/2007 00:03:56 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\723.2.vir" file.
20/07/2007 00:03:54 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\1138689798.vir" file.
20/07/2007 00:03:51 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\1138689798.3.vir" file.
20/07/2007 00:03:50 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\1138689798.2.vir" file.
20/07/2007 00:03:48 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\-1136720181.vir" file.
20/07/2007 00:03:47 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\-1136720181.4.vir" file.
20/07/2007 00:03:44 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\-1136720181.3.vir" file.
20/07/2007 00:03:13 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\-1136720181.2.vir" file.
19/07/2007 23:47:59 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
19/07/2007 23:47:58 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
19/07/2007 23:47:53 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
19/07/2007 23:47:46 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
19/07/2007 23:47:05 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
19/07/2007 23:28:53 Jerome 8316 Sign of "Win32![:D]( ":D")
adobra-EY [Trj]" has been found in "C:\Documents and Settings\Jerome\Bureau\MSNFix\MSNFix\incl\fichier.txt" file.
19/07/2007 22:58:38 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
19/07/2007 22:58:37 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
19/07/2007 22:58:36 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
19/07/2007 22:58:35 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
19/07/2007 22:58:28 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
19/07/2007 18:48:56 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
19/07/2007 18:48:55 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
19/07/2007 18:48:54 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
19/07/2007 18:48:52 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
19/07/2007 18:48:48 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
19/07/2007 00:53:18 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
19/07/2007 00:53:16 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
19/07/2007 00:53:13 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
19/07/2007 00:53:12 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
19/07/2007 00:53:01 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
18/07/2007 23:59:14 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
18/07/2007 23:59:13 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
18/07/2007 23:59:11 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
18/07/2007 23:59:10 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
18/07/2007 23:58:07 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
18/07/2007 22:09:44 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
18/07/2007 22:09:42 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
18/07/2007 22:09:41 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
18/07/2007 22:09:39 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
18/07/2007 22:09:12 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
18/07/2007 20:31:15 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
18/07/2007 20:31:13 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
18/07/2007 20:31:11 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
18/07/2007 20:31:09 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
18/07/2007 20:30:23 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
18/07/2007 18:43:07 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
18/07/2007 18:43:06 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
18/07/2007 18:43:04 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
18/07/2007 18:43:02 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
18/07/2007 18:42:57 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 23:59:45 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 23:59:44 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 23:59:43 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 23:59:42 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 23:59:37 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 22:02:24 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 22:02:23 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 22:02:22 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 22:02:20 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 21:32:36 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 21:28:19 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 21:28:16 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 21:28:13 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 21:27:44 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 21:25:32 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 21:19:16 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 21:19:14 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 21:19:12 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 21:19:10 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 21:13:21 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 21:02:43 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 21:02:33 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 21:02:29 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 21:02:00 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 20:59:38 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 20:57:00 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 20:56:48 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 20:56:46 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 20:56:28 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 20:55:41 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 13:35:33 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 13:35:33 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 13:35:33 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 13:35:22 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 13:35:18 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:59:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:59:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:59:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:59:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:58:59 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:34:07 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:34:05 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:34:03 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:34:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:32:48 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:27:26 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:27:24 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:27:19 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:25:23 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:23:18 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:13:50 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:13:30 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:13:14 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:10:36 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:09:07 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:04:15 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:04:13 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:04:11 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:04:08 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:03:14 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
16/07/2007 23:36:10 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
16/07/2007 23:36:10 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
16/07/2007 23:36:10 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
16/07/2007 23:36:10 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
16/07/2007 23:35:08 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
16/07/2007 23:19:17 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
16/07/2007 23:19:16 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
16/07/2007 23:18:25 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
16/07/2007 23:18:17 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
16/07/2007 23:17:54 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
16/06/2007 15:32:43 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
16/06/2007 15:28:20 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\723" file.
16/06/2007 15:27:46 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
16/06/2007 12:09:20 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
16/06/2007 12:08:27 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\723" file.
16/06/2007 12:08:12 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
16/06/2007 00:06:02 SYSTEM 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\723" file.
16/06/2007 00:01:02 SYSTEM 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
15/06/2007 00:04:18 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
15/06/2007 00:04:17 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\723" file.
20/07/2007 19:51:55 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
20/07/2007 19:51:53 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
20/07/2007 19:51:50 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
20/07/2007 19:51:41 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
20/07/2007 19:51:29 Jerome 1552 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
20/07/2007 09:22:42 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
20/07/2007 09:22:41 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
20/07/2007 09:22:40 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
20/07/2007 09:22:39 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
20/07/2007 09:22:14 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
20/07/2007 00:26:26 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
20/07/2007 00:26:23 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
20/07/2007 00:26:21 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
20/07/2007 00:26:20 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
20/07/2007 00:25:28 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
20/07/2007 00:04:01 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\723.vir" file.
20/07/2007 00:04:00 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\723.4.vir" file.
20/07/2007 00:03:59 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\723.3.vir" file.
20/07/2007 00:03:56 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\723.2.vir" file.
20/07/2007 00:03:54 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\1138689798.vir" file.
20/07/2007 00:03:51 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\1138689798.3.vir" file.
20/07/2007 00:03:50 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\1138689798.2.vir" file.
20/07/2007 00:03:48 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\-1136720181.vir" file.
20/07/2007 00:03:47 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\-1136720181.4.vir" file.
20/07/2007 00:03:44 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\-1136720181.3.vir" file.
20/07/2007 00:03:13 Jerome 8316 Sign of "VME family" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\-1136720181.2.vir" file.
19/07/2007 23:47:59 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
19/07/2007 23:47:58 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
19/07/2007 23:47:53 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
19/07/2007 23:47:46 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
19/07/2007 23:47:05 Jerome 8316 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
19/07/2007 23:28:53 Jerome 8316 Sign of "Win32
adobra-EY [Trj]" has been found in "C:\Documents and Settings\Jerome\Bureau\MSNFix\MSNFix\incl\fichier.txt" file. 19/07/2007 22:58:38 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
19/07/2007 22:58:37 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
19/07/2007 22:58:36 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
19/07/2007 22:58:35 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
19/07/2007 22:58:28 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
19/07/2007 18:48:56 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
19/07/2007 18:48:55 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
19/07/2007 18:48:54 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
19/07/2007 18:48:52 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
19/07/2007 18:48:48 Jerome 1528 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
19/07/2007 00:53:18 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
19/07/2007 00:53:16 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
19/07/2007 00:53:13 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
19/07/2007 00:53:12 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
19/07/2007 00:53:01 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
18/07/2007 23:59:14 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
18/07/2007 23:59:13 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
18/07/2007 23:59:11 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
18/07/2007 23:59:10 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
18/07/2007 23:58:07 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
18/07/2007 22:09:44 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
18/07/2007 22:09:42 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
18/07/2007 22:09:41 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
18/07/2007 22:09:39 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
18/07/2007 22:09:12 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
18/07/2007 20:31:15 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
18/07/2007 20:31:13 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
18/07/2007 20:31:11 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
18/07/2007 20:31:09 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
18/07/2007 20:30:23 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
18/07/2007 18:43:07 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
18/07/2007 18:43:06 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
18/07/2007 18:43:04 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
18/07/2007 18:43:02 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
18/07/2007 18:42:57 Jerome 1608 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 23:59:45 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 23:59:44 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 23:59:43 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 23:59:42 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 23:59:37 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 22:02:24 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 22:02:23 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 22:02:22 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 22:02:20 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 21:32:36 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 21:28:19 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 21:28:16 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 21:28:13 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 21:27:44 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 21:25:32 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 21:19:16 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 21:19:14 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 21:19:12 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 21:19:10 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 21:13:21 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 21:02:43 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 21:02:33 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 21:02:29 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 21:02:00 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 20:59:38 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 20:57:00 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 20:56:48 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 20:56:46 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 20:56:28 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 20:55:41 SYSTEM 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 13:35:33 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 13:35:33 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 13:35:33 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 13:35:22 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 13:35:18 Jerome 1612 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:59:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:59:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:59:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:59:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:58:59 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:34:07 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:34:05 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:34:03 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:34:01 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:32:48 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:27:26 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:27:24 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:27:19 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:25:23 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:23:18 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:13:50 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:13:30 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:13:14 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:10:36 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:09:07 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
17/07/2007 00:04:15 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
17/07/2007 00:04:13 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
17/07/2007 00:04:11 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
17/07/2007 00:04:08 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
17/07/2007 00:03:14 Jerome 1512 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
16/07/2007 23:36:10 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
16/07/2007 23:36:10 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
16/07/2007 23:36:10 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
16/07/2007 23:36:10 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
16/07/2007 23:35:08 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
16/07/2007 23:19:17 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-2130967797" file.
16/07/2007 23:19:16 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1764566431" file.
16/07/2007 23:18:25 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1723691077" file.
16/07/2007 23:18:17 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\-1136720181" file.
16/07/2007 23:17:54 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\1138689798" file.
16/06/2007 15:32:43 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
16/06/2007 15:28:20 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\723" file.
16/06/2007 15:27:46 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
16/06/2007 12:09:20 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
16/06/2007 12:08:27 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\723" file.
16/06/2007 12:08:12 Jerome 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
16/06/2007 00:06:02 SYSTEM 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\723" file.
16/06/2007 00:01:02 SYSTEM 1616 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
15/06/2007 00:04:18 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\real\members.stg\723" file.
15/06/2007 00:04:17 SYSTEM 1620 Sign of "VME family" has been found in "C:\Documents and Settings\Jerome\Local Settings\Application Data\Microsoft\Windows Live Contacts\gayfreeman3@hotmail.com\shadow\members.stg\723" file.
Lassé par la pub ? Créez un compte
