[ RESOLU] Message recurrent system alert + popups
Forum Sécurité - Virus : [ RESOLU] Message recurrent system alert + popups
probleme resolu grace a Sham_Rock encor merci d avoir pris le temp de m aide
bonjour voila , mon probleme me semble etre le meme que mal de personnes . n etant pas tres fort en informatique
j ai lu est apliquer vos commentaire
pourrier vous me dire que faire maintenat
merci de votre reponse bien cordialement angel
ci jointle raport de HijackThis v2.0.2 >>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:19, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: atfxqogp - {EC2B736E-2B50-4709-A63E-F69855335854} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Angelo\Bureau\install_sbd_fr.exe
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [70dd8309] rundll32.exe "C:\WINDOWS\system32\oaircuoy.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_4_13.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O21 - SSODL: vregfwlx - {0B0B4CF9-4B47-447C-97EA-5469BD55148A} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: vltdfabw - {60ECEEE2-F39E-4007-8669-2C1AA0E7F7BA} - C:\WINDOWS\vltdfabw.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 7762 bytes
dans l attente d une reponse bien a vous
Message édité par ANGELSTUNING le 09-06-2008 à 20:12:51
re>>
voici le raport SmitFraudFix v2.323
SmitFraudFix v2.323
Rapport fait à 11:25:17,18, 03/06/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B03B654-22F7-420B-B1F2-F8FF7F33433F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B03B654-22F7-420B-B1F2-F8FF7F33433F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4B03B654-22F7-420B-B1F2-F8FF7F33433F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
re je suis vraiment desoler si j ai l aire detre un peu lourd
mais c et que mon ordi est comme un drogue pour moi et le fait de ne pas men servir me ren fous
je vous poste le raport de a-squared Anti-Malware 3.5
Version - a-squared Anti-Malware 3.5
Dernière mise à jour : 03/06/2008 11:59:29
Paramètres des balayages :
Éléments : Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balaye dans les ADS : Marche
Début du balayage : 03/06/2008 12:00:05
c:\windows\system32\fonts Objets détectés : Trace.Directory.IamBigBrother
c:\program files\xp antivirus Objets détectés : Trace.Directory.XP Antivirus 2008
c:\documents and settings\administrateur\menu démarrer\xp antivirus 2008 Objets détectés : Trace.Directory.XP Antivirus 2008
c:\documents and settings\administrateur\application data\microsoft\internet explorer\quick launch\xp antivirus 2008.lnk Objets détectés : Trace.File.XP Antivirus 2008
c:\documents and settings\administrateur\bureau\xp antivirus 2008.lnk Objets détectés : Trace.File.XP Antivirus 2008
c:\program files\xp antivirus\xpa.exe Objets détectés : Trace.File.XP Antivirus 2008
c:\documents and settings\administrateur\menu démarrer\xp antivirus 2008\xp antivirus 2008.lnk Objets détectés : Trace.File.XP Antivirus 2008
Analysé
Fichiers : 73731
Traces : 182836
Cookies : 2
Processus : 15
Objets trouvés
Fichiers : 0
Traces : 7
Cookies : 0
Processus : 0
Clés du Registre : 0
Fin du balayage : 03/06/2008 12:25:27
Temps du balayage : 0:25:22
c:\documents and settings\administrateur\application data\microsoft\internet explorer\quick launch\xp antivirus 2008.lnk Objets Supprimés Trace.File.XP Antivirus 2008
c:\documents and settings\administrateur\bureau\xp antivirus 2008.lnk Objets Supprimés Trace.File.XP Antivirus 2008
c:\program files\xp antivirus\xpa.exe Objets Supprimés Trace.File.XP Antivirus 2008
c:\documents and settings\administrateur\menu démarrer\xp antivirus 2008\xp antivirus 2008.lnk Objets Supprimés Trace.File.XP Antivirus 2008
c:\program files\xp antivirus Objets Supprimés Trace.Directory.XP Antivirus 2008
c:\documents and settings\administrateur\menu démarrer\xp antivirus 2008 Objets Supprimés Trace.Directory.XP Antivirus 2008
c:\windows\system32\fonts Objets Supprimés Trace.Directory.IamBigBrother
Objets Supprimés
Fichiers : 0
Traces : 7
Cookies : 0
bonjour
tu es bien infecté... (Trojans, Smitfraud et Vundo)
Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.
Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.c [...] /SDFix.exe ***
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
- Redémarre ton ordinateur
- Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
- A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
- Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
- Choisis ton compte.
Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
Message édité par Sham_Rock le 03-06-2008 à 17:26:29
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
merci a Sham_Rock d avoir repondu
ci joint le rapport de SDFix>>
SDFix: Version 1.187
Run by Administrateur on 03/06/2008 at 18:59
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
msupdate
VEF05
Path :
c:\windows\system32\mssrv32.exe
System32\Drivers\veF05.sys
msupdate - Deleted
VEF05 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Restored Windows ProductId registry value
Rebooting
Service VEF05 - Deleted
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\ljJDWOeC.dll - Deleted
C:\WINDOWS\SYSTEM32\CTFMONB.BMP - Deleted
C:\Documents and Settings\Angelo\Favoris\Error Cleaner.url - Deleted
C:\Documents and Settings\Angelo\Favoris\Privacy Protector.url - Deleted
C:\Documents and Settings\Angelo\Favoris\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\system32\Engines\plugins\UpDate\UA27601.DLL - Deleted
C:\WINDOWS\system32\Engines\plugins\UpDate\UA27602.DLL - Deleted
C:\WINDOWS\system32\Engines\plugins\UpDate\UA27603.DLL - Deleted
C:\WINDOWS\system32\Engines\plugins\UpDate\UA27604.DLL - Deleted
C:\WINDOWS\system32\Engines\plugins\UpDate\UADAILY.DLL - Deleted
C:\Program Files\Fichiers communs\AntivirusFiable\ugac.exe - Deleted
C:\WINDOWS\system32\mssrv32.exe - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
C:\WINDOWS\system32\drivers\VEF05.sys - Deleted
Folder C:\Program Files\Fichiers communs\AntivirusFiable - Removed
Folder C:\WINDOWS\system32\Engines - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 23:17:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
VEF05
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 3 Jun 2008 256 A.SHR --- "C:\BOOT.BAK"
Fri 25 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 17 Apr 2008 113 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\DFC5A2B2.TMP"
Sat 19 Apr 2008 71,680 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLB19.tmp"
Fri 25 Apr 2008 71,680 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLB3C.tmp"
Fri 25 Apr 2008 71,680 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLB43.tmp"
Sat 19 Apr 2008 146,432 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLC28.tmp"
Sun 20 Apr 2008 146,432 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLC33.tmp"
Fri 18 May 2007 45,056 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\gtapi.dll"
Tue 22 Apr 2008 873,216 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\Hx61.tmp"
Thu 31 May 2001 340,866 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IEC3A.tmp"
Thu 31 May 2001 340,866 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IEC4B.tmp"
Thu 25 Jul 2002 346,602 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IEC9A.tmp"
Mon 21 Apr 2008 23,494 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\ms2340.tmp"
Mon 21 Apr 2008 79,915 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\ms2348.tmp"
Sun 29 Oct 2006 145,184 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\ose00000.exe"
Thu 24 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcf1.tmp"
Fri 25 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcf2.tmp"
Tue 22 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcf7.tmp"
Mon 21 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcf99.tmp"
Wed 23 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcfA.tmp"
Thu 24 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcfC.tmp"
Fri 18 Apr 2008 5,248 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\plf1.tmp"
Fri 18 Apr 2008 5,248 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\plfD.tmp"
Tue 23 Jan 2001 59,392 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\set23.tmp"
Mon 14 Nov 2005 121,064 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\Set57.tmp"
Tue 23 Jan 2001 59,392 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\setC.tmp"
Thu 24 Apr 2008 373,576 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\SystemRequirementsLab.exe"
Tue 9 Jan 2007 1,636,376 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\ycomp_setup.exe"
Sat 20 Jan 2007 455,600 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\_is11.exe"
Fri 18 Apr 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~32.tmp"
Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF12E0.tmp"
Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF12F3.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF13F9.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1466.tmp"
Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1730.tmp"
Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1743.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1CCF.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1CF8.tmp"
Sat 26 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1FA0.tmp"
Sat 26 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1FC0.tmp"
Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF25CD.tmp"
Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF25F4.tmp"
Mon 21 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2A95.tmp"
Mon 21 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2AAF.tmp"
Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2D44.tmp"
Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2DB1.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2F48.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2F66.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3005.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF300F.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3041.tmp"
Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF34B8.tmp"
Sat 26 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF35B8.tmp"
Sat 26 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF35CE.tmp"
Mon 2 Jun 2008 49,152 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3710.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3A60.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3A73.tmp"
Tue 22 Apr 2008 442,368 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3AC5.tmp"
Sat 26 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3C74.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3D0E.tmp"
Tue 22 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3E25.tmp"
Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF4183.tmp"
Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF46B8.tmp"
Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF46DE.tmp"
Tue 27 May 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF489F.tmp"
Thu 24 Apr 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF48FB.tmp"
Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF4B61.tmp"
Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF4B79.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF50E2.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF50F5.tmp"
Sat 26 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5339.tmp"
Mon 21 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF553D.tmp"
Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF556E.tmp"
Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5581.tmp"
Tue 22 Apr 2008 425,984 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5641.tmp"
Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5776.tmp"
Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5789.tmp"
Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5806.tmp"
Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5819.tmp"
Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF58DC.tmp"
Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF59BF.tmp"
Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5D20.tmp"
Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5EEE.tmp"
Sun 27 Apr 2008 32,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6027.tmp"
Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6210.tmp"
Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6223.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF63DB.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF67AB.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF682D.tmp"
Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6BDE.tmp"
Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6BF6.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6C2A.tmp"
Thu 24 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6DEF.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6FFC.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7093.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF70B2.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF70B6.tmp"
Mon 21 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF76F.tmp"
Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7758.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7802.tmp"
Mon 21 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF782.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7878.tmp"
Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7AB4.tmp"
Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7ACB.tmp"
Sat 31 May 2008 32,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7FD0.tmp"
Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF85E0.tmp"
Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF860B.tmp"
Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF87F4.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF88EB.tmp"
Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8B48.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8C04.tmp"
Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8C1F.tmp"
Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8CCC.tmp"
Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8CDF.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8D35.tmp"
Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8D74.tmp"
Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8D87.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9498.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9574.tmp"
Sat 26 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9597.tmp"
Sat 26 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF95EE.tmp"
Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF97B.tmp"
Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF98E.tmp"
Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9C74.tmp"
Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9CAE.tmp"
Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9CEA.tmp"
Sun 1 Jun 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9F18.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9FDB.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA041.tmp"
Sat 26 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA3D.tmp"
Sat 26 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA50.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA7BD.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA84A.tmp"
Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA8CA.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFAAD0.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFAAE3.tmp"
Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFABF3.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFAE7A.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFB068.tmp"
Thu 24 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFB0E9.tmp"
Tue 22 Apr 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFB5B1.tmp"
Wed 28 May 2008 32,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFB5B5.tmp"
Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFBFA6.tmp"
Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC080.tmp"
Tue 22 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC0B2.tmp"
Sun 1 Jun 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC0E.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC28.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC3CC.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC56.tmp"
Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC68D.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCAE1.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCAF4.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCDE3.tmp"
Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCF1C.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCF32.tmp"
Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFD21E.tmp"
Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFD2EF.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFD475.tmp"
Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFDC85.tmp"
Thu 24 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFE514.tmp"
Fri 25 Apr 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFE5F8.tmp"
Mon 21 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFEA9F.tmp"
Mon 21 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFEC0A.tmp"
Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFF757.tmp"
Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFF76A.tmp"
Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFFB77.tmp"
Mon 21 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFFC2B.tmp"
Mon 21 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFFC40.tmp"
Sun 20 Apr 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~E7.tmp"
Thu 24 Apr 2008 37,601,280 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~PST1235.tmp"
Thu 24 Apr 2008 48,254,976 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~PST1978.tmp"
Sun 1 Jun 2008 802 A..H. --- "C:\Documents and Settings\Angelo\Mes documents\eMule Downloads\downloads.bak"
Fri 25 Apr 2008 170,697,558 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT11.tmp"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT8.tmp"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT7.tmp"
Tue 27 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1d01f188c8132c12d35c3222b7723a4\BITA.tmp"
Sun 1 Jun 2008 5 A..H. --- "C:\Documents and Settings\Angelo\Application Data\eMule\config\clients.met.bak"
Fri 18 Apr 2008 141 A..H. --- "C:\Documents and Settings\Angelo\Application Data\Microsoft\Internet Explorer\brndlog.bak"
Mon 2 Jun 2008 16,072 A..H. --- "C:\Documents and Settings\Angelo\Application Data\Microsoft\Office\fbc117.tmp"
Thu 24 Apr 2008 254 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMD14.tmp"
Wed 23 Apr 2008 242 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMD147.tmp"
Fri 30 May 2008 2,904 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMD8C.tmp"
Fri 25 Apr 2008 222 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMDA7.tmp"
Fri 25 Apr 2008 390 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMDBE.tmp"
Tue 18 Dec 2007 2,048 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\InstTemp0\userinstall.dll"
Tue 27 Sep 2005 86,016 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\is-DV2JP.tmp\SecurityUtil.dll"
Mon 21 Apr 2008 147,456 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\isp35.tmp\_Setup.dll"
Fri 18 Apr 2008 368,640 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\isp5B.tmp\_Setup.dll"
Fri 17 Nov 2006 1,556,480 ...H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\SetupX.exe"
Fri 24 Sep 2004 2,361,579 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\TFRINS\ftpexpert3.exe"
Sun 5 Jan 2003 1,507,584 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\VIES1220\Ins9xmsi.exe"
Sun 5 Jan 2003 1,520,896 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\VIES1220\Insntmsi.exe"
Tue 4 Feb 2003 446,464 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\VIES1220\Setup.exe"
Sat 20 Jan 2007 492,032 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\{9B64C10A-36F0-4843-B70F-18CA7E2E8514}\ISSetup.dll"
Wed 17 May 2006 373,680 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\{9B64C10A-36F0-4843-B70F-18CA7E2E8514}\_Setup.dll"
Mon 21 Apr 2008 116,688 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\bye40.tmp\Disk1\setup.exe"
Tue 22 Apr 2008 121,064 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\bye6C.tmp\Disk1\setup.exe"
Wed 18 Dec 2002 509,984 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\50comupd.exe"
Fri 10 Nov 2006 598,016 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\AReadyLB_Nero.dll"
Mon 11 Mar 2002 1,708,856 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\instmsia.exe"
Mon 11 Mar 2002 1,822,520 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\instmsiw.exe"
Tue 23 Jan 2001 117,288 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\ShFolder.Exe"
Mon 27 May 2002 263,848 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\APATCH.DLL"
Fri 17 Nov 2006 860,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\NeroDelTmp.exe"
Fri 22 Sep 2006 823,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\NiReg.exe"
Fri 17 Nov 2006 3,334,144 ...H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\NPS.dll"
Fri 17 Nov 2006 946,176 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\UninstallNero.exe"
Thu 5 Jan 2006 160,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\unrar.dll"
Fri 5 Mar 2004 815,104 A..H. --- "C:\Documents and Settings\Angelo\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll"
Fri 5 Mar 2004 757,760 A..H. --- "C:\Documents and Settings\Angelo\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll"
Fri 30 May 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\34E74534-CFA6-405E-83AB-B5A6EC541A13_data.bak"
Mon 2 Jun 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\9A4C8EC9-4E87-4DEE-92EB-224F2B6187AB_data.bak"
Sun 18 May 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\A84D2A17-CBD7-4FDD-86B9-92287D9657C9_data.bak"
Mon 17 Oct 2005 2,600,960 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\BCGCBPRO8002D9B60E3.dll"
Fri 23 Dec 2005 32,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\BCGPOleAcc9B39C142.dll"
Wed 31 May 2006 1,347,584 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\Drweb323680E0DF.dll"
Thu 9 Nov 2006 184,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\em2v01DC7D73.dll"
Thu 9 Nov 2006 184,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\em2v6300DBD6.dll"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus78D63180.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusAF831C96.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus9071448E.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus74C97B78.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus985FC367.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusD6EBAEF5.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusA455ADFC.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusDC8C5D2A.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusE1DA3D0E.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus5C39907C.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus55EBB4A3.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus536CC5AD.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusB1DBFAF0.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus38B07F0B.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusF33DEC0A.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus5461AF19.DLL"
Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus5ABC3C3B.DLL"
Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71u4D1989F2.dll"
Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71uF18EADFB.dll"
Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71u12406601.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71109CB9C7.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71249A74F9.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC713F517409.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71461BF8FA.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC7149090881.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC715B49AA52.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC716011AF24.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC716251E7FF.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC718A0B572D.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71AE66EE48.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71CB545924.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71E906F697.dll"
Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71F47B49DB.dll"
Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71uE8BEE4D1.dll"
Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71u4C5C5DD0.dll"
Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71u93490C3B.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp714D58BA94.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7198B02AF4.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7150E1E867.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71346249B2.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7162535DFA.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71EF1A49EE.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71EB0FA0C2.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71BBF6D7CF.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr719D484A5A.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71F4FBCFF4.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71402AC422.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71E0570AA5.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7144B7F012.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71E0BAC39B.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7166D31FF4.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71F02E11D7.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71BB261ECC.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7169869529.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71318C1171.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71F2E0F0EF.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp710E7F954E.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71C138A21F.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp714536764D.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71FC7343DA.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71C50F23DB.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7151207FF7.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp712CF144D3.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7193442B58.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7113A22A6A.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7135AD2B54.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr712E243769.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71EE7C0081.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71CC2005AB.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71D1A5E404.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71F5084597.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr716A7F987A.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71BA5A88D0.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr713C2058C6.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71B4C16822.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7158986D1C.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7177B7CF3F.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7178516802.dll"
Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71F525E9F7.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7103CBFF9A.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71264D7D03.dll"
Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71FD47894B.dll"
Fri 4 May 2001 290,869 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\Msvcrt11D4118E.dll"
Thu 9 Nov 2006 45,568 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\ndvddiscD56CC44A.dll"
Thu 9 Nov 2006 126,976 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeAcEnc9FC8C58A.dll"
Thu 9 Nov 2006 135,168 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeEm2a57A96039.dll"
Thu 9 Nov 2006 135,168 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeEm2a529CBA7F.dll"
Thu 9 Nov 2006 3,371,008 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroIPP55B9FD4A.dll"
Thu 9 Nov 2006 3,371,008 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroIPP18F99FA5.dll"
Thu 9 Nov 2006 1,265,664 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroMediaConD4CB9F82.dll"
Thu 9 Nov 2006 1,265,664 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroMediaCon041A55CE.dll"
Thu 16 Nov 2006 81,920 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroRcPluginHauppaugeD1EEA012.dll"
Thu 16 Nov 2006 81,920 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroRcPluginAti3935D9B2.dll"
Fri 27 Oct 2006 34,816 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeRSDB05C2D9D9.dll"
Thu 9 Nov 2006 323,584 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeVcr50E5ADBC.dll"
Thu 16 Nov 2006 3,375,705 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\SetupNeroMobileUnsignedA8C35C16.exe"
Fri 27 Oct 2006 94,208 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\TMPVImporterF67588C5.dll"
Fri 27 Oct 2006 425,984 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\UDFImporter4B649A67.dll"
Wed 31 May 2006 364,544 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\VMPEGEncNDX44D4A2E4.dll"
Mon 14 Aug 2006 74,520 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\DirectX\DSETUP.dll"
Mon 14 Aug 2006 2,248,984 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\DirectX\dsetup32.dll"
Mon 14 Aug 2006 484,632 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\DirectX\dxsetup.exe"
Sat 19 Apr 2008 54 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{8E7E718E-D9CE-45A6-87F6-EAEEAC89F140}\AddressBook\AddressBook.imb.bak"
Tue 12 Feb 2008 210,843 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{8E7E718E-D9CE-45A6-87F6-EAEEAC89F140}\EmoticonCenter\emoticons.bak"
Sat 19 Apr 2008 604 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{8E7E718E-D9CE-45A6-87F6-EAEEAC89F140}\Message Store\Folders.bak"
Fri 30 May 2008 137,702 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\AddressBook\AddressBook.imb.bak"
Tue 12 Feb 2008 210,843 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\EmoticonCenter\emoticons.bak"
Mon 8 Mar 1999 147,728 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\asycfilt.dll"
Thu 6 Apr 2000 995,383 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\mfc42.dll"
Thu 6 Apr 2000 77,878 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\msvcirt.dll"
Tue 29 Aug 2000 401,462 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\msvcp60.dll"
Thu 6 Apr 2000 278,581 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\msvcrt.dll"
Wed 12 Apr 2000 598,288 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\oleaut32.dll"
Mon 8 Mar 1999 164,112 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\olepro32.dll"
Finished!
puis un nouveu log HijackThis>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37: VIRUS ALERT!, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\V0350Mon.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [70dd8309] rundll32.exe "C:\WINDOWS\system32\scbqyxlq.dll",b
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [16899942494817479532891503971405] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_4_13.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 11213 bytes
re bonjour
suit a l aide de Sham_Rock mon probleme a l aire de s etre un peu calmer
car de puis
plus de message d alert intempestif ni de popup me demandant d acheter des antivirus !!!!!
mais
je ne peut toujour pas faire de mise a jour windos et g toujour le petit message a droite de l horloge 13:36: VIRUS ALERT!
ci quelqu un a une solution je suis preneur
encore merci pour votre aide futur 
bonjour
j'ai bien dit que tu étais multi infecté... 
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
bonjour
voici le raport de Malwarebytes' Anti-Malware 1.14
Malwarebytes' Anti-Malware 1.14
Database version: 821
15:22:40 04/06/2008
mbam-log-6-4-2008 (15-22-40).txt
Scan type: Full Scan (C:\|)
Objects scanned: 91703
Time elapsed: 17 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\xxywULcC.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{713bf591-b901-41fb-a39d-599ee61c9564} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{713bf591-b901-41fb-a39d-599ee61c9564} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70dd8309 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{10b5e5c2-8901-4e3c-bf61-ac6e11039292} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywulcc -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\xxywULcC.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qxiiglya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angelo\Local Settings\Temporary Internet Files\Content.IE5\TJME5ZHH\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0000018.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0000021.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0003014.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0003018.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angelo\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
re
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport
\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
bon soire desoler pour le retard
voici les raport
ComboFix 08-06-04.3 - Angelo 2008-06-05 21:25:53.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1398 [GMT 2:00]
Endroit: C:\Documents and Settings\Angelo\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Favoris\Online Security Test.url
C:\Documents and Settings\Angelo\ResErrors.log
C:\WINDOWS\system32\aylgiixq.ini
C:\WINDOWS\system32\CcLUwyxx.ini
C:\WINDOWS\system32\CcLUwyxx.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oaircuoy.dll
C:\WINDOWS\system32\qlxyqbcs.ini
C:\WINDOWS\system32\youcriao.ini
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
.
2008-06-05 09:32 . 2008-06-05 21:25 <REP> d-------- C:\327882R2FWJFW
2008-06-05 09:32 . 2008-06-05 09:32 400,896 --a------ C:\WINDOWS\system32\CF28365.exe
2008-06-04 15:48 . 2008-06-04 17:52 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-04 15:03 . 2008-06-04 15:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-04 14:59 . 2008-06-04 14:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 14:59 . 2008-06-04 14:59 <REP> d-------- C:\Documents and Settings\Angelo\Application Data\Malwarebytes
2008-06-04 14:59 . 2008-06-04 14:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 14:59 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 14:59 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 12:22 . 2008-06-04 12:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-04 12:22 . 2008-06-04 12:22 0 --a------ C:\dump_dvd.vob
2008-06-03 18:56 . 2008-06-03 18:56 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-03 18:52 . 2008-06-03 23:19 <REP> d-------- C:\SDFix
2008-06-03 11:48 . 2008-06-05 12:48 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-06-03 11:02 . 2008-06-03 11:25 4,554 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-03 10:43 . 2008-06-03 10:43 <REP> d-------- C:\Program Files\Trend Micro
2008-06-03 03:07 . 2008-06-03 03:07 <REP> d-------- C:\Program Files\Lavasoft
2008-06-03 03:07 . 2008-06-03 03:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 03:05 . 2008-06-04 00:16 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-03 03:01 . 2008-06-03 03:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-03 00:00 . 2004-08-05 14:00 452,037 -ra------ C:\txtsetup.sif
2008-06-03 00:00 . 2004-08-05 14:00 263,488 -ra------ C:\$LDR$
2008-06-02 23:58 . 2008-06-02 23:58 <REP> d--hs---- C:\AntivirusFiable
2008-06-02 23:57 . 2008-06-02 23:57 <REP> d-------- C:\Documents and Settings\Angelo\Application Data\AntivirusFiable
2008-06-02 23:36 . 2008-06-03 10:57 0 --a------ C:\WINDOWS\system32\ieupdates.exe.tmp
2008-06-02 21:49 . 2008-06-02 21:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Bitdefender
2008-06-02 21:18 . 2008-06-02 18:46 94,208 --a------ C:\WINDOWS\ekaf.exe
2008-06-02 00:45 . 2008-06-02 00:45 <REP> d-------- C:\Program Files\Google
2008-06-02 00:45 . 2008-06-05 09:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-27 17:57 . 2008-05-27 17:57 <REP> d-------- C:\Documents and Settings\Angelo\Application Data\Bitdefender
2008-05-27 17:43 . 2008-05-27 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-27 12:52 . 2008-05-27 12:53 <REP> d-------- C:\Program Files\EPSON
2008-05-27 12:52 . 2004-11-25 07:07 79,679 --a------ C:\WINDOWS\system32\E_FLMAEE.DLL
2008-05-27 12:52 . 2003-05-21 04:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBAEE.DLL
2008-05-27 12:52 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-05-27 12:52 . 2000-06-07 03:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHAEE.DLL
2008-05-27 12:50 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-27 12:50 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 19:31 --------- d-----w C:\Program Files\FlashGet
2008-06-02 19:01 --------- d-----w C:\Program Files\CopyRightLeft
2008-06-01 21:02 --------- d-----w C:\Program Files\eMule
2008-05-27 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-27 18:16 --------- d-----w C:\Program Files\MSN Pictures Displayer
2008-05-27 15:43 --------- d-----w C:\Program Files\Fichiers communs\Softwin
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-25 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-25 17:08 --------- d-----w C:\Program Files\Yahoo!
2008-04-25 11:12 --------- d-----w C:\Documents and Settings\Angelo\Application Data\Ahead
2008-04-25 07:38 --------- d-----w C:\Program Files\Creative
2008-04-24 09:23 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-04-23 01:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-22 21:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-22 16:46 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-22 15:30 --------- d-----w C:\Program Files\RegCleaner
2008-04-22 11:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-22 11:51 --------- d-----w C:\Program Files\LG Electronics
2008-04-22 11:51 --------- d-----w C:\Documents and Settings\Angelo\Application Data\LGSync
2008-04-22 11:39 --------- d-----w C:\Program Files\LGE GSM PC Sync
2008-04-22 09:16 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-04-22 09:12 --------- d-----w C:\Program Files\Nero
2008-04-22 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-21 22:51 --------- d-----w C:\Program Files\illiminable
2008-04-21 22:51 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-04-21 22:51 --------- d-----w C:\Program Files\Fichiers communs\Droppix
2008-04-21 22:51 --------- d-----w C:\Documents and Settings\Angelo\Application Data\Droppix
2008-04-21 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-04-21 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
2008-04-21 22:50 --------- d-----w C:\Program Files\Droppix
2008-04-21 22:44 --------- d-----w C:\Documents and Settings\Angelo\Application Data\DivX
2008-04-21 22:41 --------- d-----w C:\Program Files\Free Easy Burner
2008-04-21 22:30 --------- d-----w C:\Documents and Settings\Angelo\Application Data\eMule
2008-04-21 22:29 --------- d-----w C:\Program Files\DivX
2008-04-21 21:18 --------- d-----w C:\Program Files\SAMSUNG
2008-04-21 20:48 --------- d-----w C:\Program Files\Sonic
2008-04-21 20:48 --------- d-----w C:\Program Files\Fichiers communs\Sonic
2008-04-21 20:48 --------- d-----w C:\Documents and Settings\Angelo\Application Data\Sonic
2008-04-21 20:44 --------- d-----w C:\Program Files\ArcSoft
2008-04-21 19:55 --------- d-----w C:\Program Files\Lavalys
2008-04-21 19:09 --------- d-----w C:\Documents and Settings\Angelo\Application Data\MSN Pictures Displayer
2008-04-21 17:16 --------- d-----w C:\Program Files\MSBuild
2008-04-21 17:16 --------- d-----w C:\Program Files\Microsoft Works
2008-04-21 17:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-21 17:13 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-21 15:34 --------- d-----w C:\Program Files\VirginMega
2008-04-21 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-04-21 14:34 --------- d-----w C:\Program Files\Orange
2008-04-21 14:32 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
2008-04-21 14:29 --------- d-----w C:\Program Files\SAGEM
2008-04-21 14:29 --------- d-----w C:\Documents and Settings\Angelo\Application Data\InstallShield
2008-04-21 14:28 --------- d-----w C:\Program Files\Securitoo
2008-04-21 14:21 --------- d-----w C:\Program Files\Wanadoo
2008-04-21 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-21 01:00 --------- d-----w C:\Program Files\Windows Live
2008-04-20 18:14 --------- d-----w C:\Program Files\JAlbumWin
2008-04-20 17:44 --------- d-----w C:\Documents and Settings\Angelo\Application Data\ACD Systems
2008-04-20 17:42 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-04-20 17:42 --------- d-----w C:\Program Files\ACD Systems
2008-04-20 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-19 22:37 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-19 22:36 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-19 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-19 21:29 --------- d-----w C:\Documents and Settings\Angelo\Application Data\vlc
2008-04-19 21:26 --------- d-----w C:\Program Files\IncrediMail
2008-04-19 21:25 --------- d-----w C:\Program Files\VideoLAN
2008-04-19 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-19 21:11 --------- d-----w C:\Program Files\Macromedia
2008-04-19 21:11 --------- d-----w C:\Program Files\Fichiers communs\Macromedia Shared
2008-04-19 21:11 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-04-19 21:08 --------- d-----w C:\Documents and Settings\Angelo\Application Data\Visicom Media
2008-04-19 21:07 --------- d-----w C:\Program Files\Visicom Media
2008-04-19 20:19 --------- d-----w C:\Program Files\Softwin
2008-04-19 12:08 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-19 10:09 --------- d-----w C:\Program Files\Futuremark
2008-04-19 09:57 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-19 09:56 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-18 16:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-18 16:48 --------- d-----w C:\Documents and Settings\Angelo\Application Data\ma-config.com
2008-04-18 16:44 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
2008-04-18 16:44 86,016 ----a-w C:\WINDOWS\SoundMan.exe
2008-04-18 16:44 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
2008-04-18 16:44 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-04-18 16:44 4,630,016 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-18 16:44 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
2008-04-18 16:44 2,165,760 ----a-w C:\WINDOWS\MicCal.exe
2008-04-18 16:44 16,858,112 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-04-18 16:44 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
2008-04-18 16:44 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2008-04-18 16:44 --------- d-----w C:\Program Files\Realtek
2008-04-18 16:30 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-18 15:39 9,216 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
2008-04-18 15:39 52,736 ----a-w C:\WINDOWS\system32\drivers\ViPrt.sys
2008-04-18 15:39 16,896 ----a-w C:\WINDOWS\system32\drivers\ViBus.sys
2008-04-18 15:39 --------- d-----w C:\Program Files\VIA
2008-04-18 15:32 --------- d-----w C:\Program Files\ma-config.com
2008-04-18 14:51 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-18 14:48 --------- d-----w C:\Program Files\Services en ligne
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-02 00:45 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-01-24 12:32 2289664]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-11-19 13:49 214456]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-03-28 19:01 32768]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01 155648]
"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.exe" [2000-03-23 02:00 39936]
"EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2005-03-08 06:00 98304]
"Détecteur de disque"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 01:55 189952]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-05-12 09:02 1961104]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-01-04 17:33 684118]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 10:10 2007088]
"Easy PDF Creator"="C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\veF05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\V0350Cvw.dll]
--a------ 2004-08-05 14:00 12288 C:\WINDOWS\system32\RegSvr32.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2008-04-18 17:39]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2008-04-18 17:39]
R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2008-04-18 17:39]
S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe" [2008-02-01 16:12]
S3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-04-01 19:01]
S3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 12:45]
S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-04-22 19:01]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f48aea5-11d4-11dd-a09e-00138f7628bd}]
\Shell\AutoRun\command - 1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 21:30:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-05 21:34:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 19:34:36
Pre-Run: 180,553,342,976 octets libres
Post-Run: 181,537,222,656 octets libres
273 --- E O F --- 2008-05-28 19:31:02
puis a nouveua un HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:54, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\V0350Mon.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_4_13.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 10847 bytes
re
~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O24 - Desktop Component 0: Privacy Protection - (no file)
Clique sur Fix checked (en bas à gauche)
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\327882R2FWJFW
C:\WINDOWS\system32\CF28365.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\ieupdates.exe.tmp
C:\WINDOWS\ekaf.exe
C:\AntivirusFiable
C:\Documents and Settings\Angelo\Application Data\AntivirusFiable
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
re
C:\327882R2FWJFW moved successfully.
C:\WINDOWS\system32\CF28365.exe moved successfully.
C:\WINDOWS\system32\tmp.reg moved successfully.
C:\WINDOWS\system32\ieupdates.exe.tmp moved successfully.
C:\WINDOWS\ekaf.exe moved successfully.
C:\AntivirusFiable\AVQuar moved successfully.
C:\AntivirusFiable moved successfully.
C:\Documents and Settings\Angelo\Application Data\AntivirusFiable\Logs moved successfully.
C:\Documents and Settings\Angelo\Application Data\AntivirusFiable moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_221702
re
supprime:
C:\_OTMoveIt
C:\Qoobox
vide ta corbeille
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://webscanner.kaspersky.fr/
~ Clique sur Online Scanner.
~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.
~Sélectionne le poste de travail comme analyse.
~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.
Tuto du scan en ligne
Message édité par Sham_Rock le 06-06-2008 à 18:28:50
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
re bonsoir
voici le raport de KASPERSKY ON-LINE
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, June 06, 2008 11:01:40 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 6/06/2008
Enregistrements dans la base antivirus Kaspersky : 741994
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: faux
Analyser les bases de messagerie: faux
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Statistiques de l'analyse:
Total d'objets analysés: 60299
Nombre de virus trouvés: 5
Nombre d'objets infectés: 28 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 00:21:42
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Application Data\Ahead\Nero Home\bl.db L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Application Data\Ahead\Nero Home\is2.db L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1825.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Temp\~DFAFF8.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Angelo\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0002017.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0002018.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0004011.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0004012.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005011.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005012.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005013.dll Infecté : Trojan.Win32.Vapsup.gcc ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005014.dll Infecté : Trojan.Win32.Vapsup.gcc ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005015.dll Infecté : Trojan.Win32.Vapsup.gbo ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005016.dll Infecté : Trojan.Win32.Vapsup.gcc ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005017.exe Infecté : Trojan.Win32.Vapsup.gcc ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005020.exe Infecté : Trojan-Downloader.Win32.FraudLoad.gen ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005032.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005033.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005053.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005054.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005067.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005068.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005085.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005087.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005093.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0006094.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0006095.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007094.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007095.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007115.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007122.exe Infecté : Trojan.Win32.Buzus.fit ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP7\A0009671.exe Infecté : Trojan.Win32.Vapsup.gcc ignoré
C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP7\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\bdss.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\a2cache_1E003AB0.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\tmp000017bb\tmp00000000 L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
encore merci de votre aide
bonsoir
~Désactive puis réactive la restauration en suivant ce tuto:
http://service1.symantec.com/SUPPO [...] 0101856924
Il faudra désactiver la restauration, redémarrer l'ordinateur et réactiver aussitôt la restauration.
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
/!\Marre de la pub: Firefox sécurisé/!\
Répondre à Sham_Rock
Il y a 470 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
