Se connecter / S'enregistrer
Votre question

[ RESOLU] Message recurrent system alert + popups

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Juin 2008 11:24:42

probleme resolu grace a Sham_Rock encor merci d avoir pris le temp de m aide




bonjour voila , mon probleme me semble etre le meme que mal de personnes . n etant pas tres fort en informatique
j ai lu est apliquer vos commentaire
pourrier vous me dire que faire maintenat
merci de votre reponse bien cordialement angel
ci jointle raport de HijackThis v2.0.2 >>>>>
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:19, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: atfxqogp - {EC2B736E-2B50-4709-A63E-F69855335854} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Angelo\Bureau\install_sbd_fr.exe
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [70dd8309] rundll32.exe "C:\WINDOWS\system32\oaircuoy.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CT...
O21 - SSODL: vregfwlx - {0B0B4CF9-4B47-447C-97EA-5469BD55148A} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: vltdfabw - {60ECEEE2-F39E-4007-8669-2C1AA0E7F7BA} - C:\WINDOWS\vltdfabw.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7762 bytes


dans l attente d une reponse bien a vous

Autres pages sur : resolu message recurrent system alert popups

3 Juin 2008 12:24:16

re>>
voici le raport SmitFraudFix v2.323

SmitFraudFix v2.323

Rapport fait à 11:25:17,18, 03/06/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4B03B654-22F7-420B-B1F2-F8FF7F33433F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4B03B654-22F7-420B-B1F2-F8FF7F33433F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4B03B654-22F7-420B-B1F2-F8FF7F33433F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

3 Juin 2008 12:30:46

re je suis vraiment desoler si j ai l aire detre un peu lourd
mais c et que mon ordi est comme un drogue pour moi et le fait de ne pas men servir me ren fous

je vous poste le raport de a-squared Anti-Malware 3.5

Version - a-squared Anti-Malware 3.5
Dernière mise à jour : 03/06/2008 11:59:29

Paramètres des balayages :

Éléments : Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Balaye dans les archives : Marche
Analyse heuristique : Marche
Balaye dans les ADS : Marche

Début du balayage : 03/06/2008 12:00:05

c:\windows\system32\fonts Objets détectés : Trace.Directory.IamBigBrother
c:\program files\xp antivirus Objets détectés : Trace.Directory.XP Antivirus 2008
c:\documents and settings\administrateur\menu démarrer\xp antivirus 2008 Objets détectés : Trace.Directory.XP Antivirus 2008
c:\documents and settings\administrateur\application data\microsoft\internet explorer\quick launch\xp antivirus 2008.lnk Objets détectés : Trace.File.XP Antivirus 2008
c:\documents and settings\administrateur\bureau\xp antivirus 2008.lnk Objets détectés : Trace.File.XP Antivirus 2008
c:\program files\xp antivirus\xpa.exe Objets détectés : Trace.File.XP Antivirus 2008
c:\documents and settings\administrateur\menu démarrer\xp antivirus 2008\xp antivirus 2008.lnk Objets détectés : Trace.File.XP Antivirus 2008

Analysé

Fichiers : 73731
Traces : 182836
Cookies : 2
Processus : 15

Objets trouvés

Fichiers : 0
Traces : 7
Cookies : 0
Processus : 0
Clés du Registre : 0

Fin du balayage : 03/06/2008 12:25:27
Temps du balayage : 0:25:22

c:\documents and settings\administrateur\application data\microsoft\internet explorer\quick launch\xp antivirus 2008.lnk Objets Supprimés Trace.File.XP Antivirus 2008
c:\documents and settings\administrateur\bureau\xp antivirus 2008.lnk Objets Supprimés Trace.File.XP Antivirus 2008
c:\program files\xp antivirus\xpa.exe Objets Supprimés Trace.File.XP Antivirus 2008
c:\documents and settings\administrateur\menu démarrer\xp antivirus 2008\xp antivirus 2008.lnk Objets Supprimés Trace.File.XP Antivirus 2008
c:\program files\xp antivirus Objets Supprimés Trace.Directory.XP Antivirus 2008
c:\documents and settings\administrateur\menu démarrer\xp antivirus 2008 Objets Supprimés Trace.Directory.XP Antivirus 2008
c:\windows\system32\fonts Objets Supprimés Trace.Directory.IamBigBrother

Objets Supprimés

Fichiers : 0
Traces : 7
Cookies : 0
Contenus similaires
3 Juin 2008 17:24:23

bonjour
tu es bien infecté... (Trojans, Smitfraud et Vundo)

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    3 Juin 2008 23:41:46

    merci a Sham_Rock d avoir repondu

    ci joint le rapport de SDFix>>


    SDFix: Version 1.187
    Run by Administrateur on 03/06/2008 at 18:59

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :

    Name :
    msupdate
    VEF05

    Path :
    c:\windows\system32\mssrv32.exe
    System32\Drivers\veF05.sys

    msupdate - Deleted
    VEF05 - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Default Desktop Wallpaper
    Restored Windows ProductId registry value

    Rebooting

    Service VEF05 - Deleted

    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\ljJDWOeC.dll - Deleted
    C:\WINDOWS\SYSTEM32\CTFMONB.BMP - Deleted
    C:\Documents and Settings\Angelo\Favoris\Error Cleaner.url - Deleted
    C:\Documents and Settings\Angelo\Favoris\Privacy Protector.url - Deleted
    C:\Documents and Settings\Angelo\Favoris\Spyware&Malware Protection.url - Deleted
    C:\WINDOWS\system32\Engines\plugins\UpDate\UA27601.DLL - Deleted
    C:\WINDOWS\system32\Engines\plugins\UpDate\UA27602.DLL - Deleted
    C:\WINDOWS\system32\Engines\plugins\UpDate\UA27603.DLL - Deleted
    C:\WINDOWS\system32\Engines\plugins\UpDate\UA27604.DLL - Deleted
    C:\WINDOWS\system32\Engines\plugins\UpDate\UADAILY.DLL - Deleted
    C:\Program Files\Fichiers communs\AntivirusFiable\ugac.exe - Deleted
    C:\WINDOWS\system32\mssrv32.exe - Deleted
    C:\WINDOWS\system32\WinCtrl32.dll - Deleted
    C:\WINDOWS\system32\drivers\VEF05.sys - Deleted



    Folder C:\Program Files\Fichiers communs\AntivirusFiable - Removed
    Folder C:\WINDOWS\system32\Engines - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-03 23:17:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :

    VEF05



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 3 Jun 2008 256 A.SHR --- "C:\BOOT.BAK"
    Fri 25 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Thu 17 Apr 2008 113 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\DFC5A2B2.TMP"
    Sat 19 Apr 2008 71,680 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLB19.tmp"
    Fri 25 Apr 2008 71,680 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLB3C.tmp"
    Fri 25 Apr 2008 71,680 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLB43.tmp"
    Sat 19 Apr 2008 146,432 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLC28.tmp"
    Sun 20 Apr 2008 146,432 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\GLC33.tmp"
    Fri 18 May 2007 45,056 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\gtapi.dll"
    Tue 22 Apr 2008 873,216 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\Hx61.tmp"
    Thu 31 May 2001 340,866 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IEC3A.tmp"
    Thu 31 May 2001 340,866 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IEC4B.tmp"
    Thu 25 Jul 2002 346,602 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IEC9A.tmp"
    Mon 21 Apr 2008 23,494 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\ms2340.tmp"
    Mon 21 Apr 2008 79,915 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\ms2348.tmp"
    Sun 29 Oct 2006 145,184 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\ose00000.exe"
    Thu 24 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcf1.tmp"
    Fri 25 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcf2.tmp"
    Tue 22 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcf7.tmp"
    Mon 21 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcf99.tmp"
    Wed 23 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcfA.tmp"
    Thu 24 Apr 2008 534 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\pcfC.tmp"
    Fri 18 Apr 2008 5,248 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\plf1.tmp"
    Fri 18 Apr 2008 5,248 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\plfD.tmp"
    Tue 23 Jan 2001 59,392 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\set23.tmp"
    Mon 14 Nov 2005 121,064 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\Set57.tmp"
    Tue 23 Jan 2001 59,392 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\setC.tmp"
    Thu 24 Apr 2008 373,576 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\SystemRequirementsLab.exe"
    Tue 9 Jan 2007 1,636,376 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\ycomp_setup.exe"
    Sat 20 Jan 2007 455,600 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\_is11.exe"
    Fri 18 Apr 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~32.tmp"
    Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF12E0.tmp"
    Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF12F3.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF13F9.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1466.tmp"
    Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1730.tmp"
    Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1743.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1CCF.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1CF8.tmp"
    Sat 26 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1FA0.tmp"
    Sat 26 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1FC0.tmp"
    Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF25CD.tmp"
    Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF25F4.tmp"
    Mon 21 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2A95.tmp"
    Mon 21 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2AAF.tmp"
    Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2D44.tmp"
    Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2DB1.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2F48.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF2F66.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3005.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF300F.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3041.tmp"
    Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF34B8.tmp"
    Sat 26 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF35B8.tmp"
    Sat 26 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF35CE.tmp"
    Mon 2 Jun 2008 49,152 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3710.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3A60.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3A73.tmp"
    Tue 22 Apr 2008 442,368 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3AC5.tmp"
    Sat 26 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3C74.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3D0E.tmp"
    Tue 22 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF3E25.tmp"
    Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF4183.tmp"
    Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF46B8.tmp"
    Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF46DE.tmp"
    Tue 27 May 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF489F.tmp"
    Thu 24 Apr 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF48FB.tmp"
    Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF4B61.tmp"
    Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF4B79.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF50E2.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF50F5.tmp"
    Sat 26 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5339.tmp"
    Mon 21 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF553D.tmp"
    Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF556E.tmp"
    Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5581.tmp"
    Tue 22 Apr 2008 425,984 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5641.tmp"
    Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5776.tmp"
    Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5789.tmp"
    Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5806.tmp"
    Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5819.tmp"
    Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF58DC.tmp"
    Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF59BF.tmp"
    Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5D20.tmp"
    Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF5EEE.tmp"
    Sun 27 Apr 2008 32,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6027.tmp"
    Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6210.tmp"
    Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6223.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF63DB.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF67AB.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF682D.tmp"
    Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6BDE.tmp"
    Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6BF6.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6C2A.tmp"
    Thu 24 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6DEF.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF6FFC.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7093.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF70B2.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF70B6.tmp"
    Mon 21 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF76F.tmp"
    Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7758.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7802.tmp"
    Mon 21 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF782.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7878.tmp"
    Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7AB4.tmp"
    Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7ACB.tmp"
    Sat 31 May 2008 32,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF7FD0.tmp"
    Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF85E0.tmp"
    Wed 23 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF860B.tmp"
    Wed 23 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF87F4.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF88EB.tmp"
    Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8B48.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8C04.tmp"
    Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8C1F.tmp"
    Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8CCC.tmp"
    Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8CDF.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8D35.tmp"
    Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8D74.tmp"
    Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF8D87.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9498.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9574.tmp"
    Sat 26 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9597.tmp"
    Sat 26 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF95EE.tmp"
    Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF97B.tmp"
    Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF98E.tmp"
    Sun 20 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9C74.tmp"
    Sun 20 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9CAE.tmp"
    Thu 29 May 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9CEA.tmp"
    Sun 1 Jun 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9F18.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DF9FDB.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA041.tmp"
    Sat 26 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA3D.tmp"
    Sat 26 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA50.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA7BD.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA84A.tmp"
    Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFA8CA.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFAAD0.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFAAE3.tmp"
    Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFABF3.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFAE7A.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFB068.tmp"
    Thu 24 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFB0E9.tmp"
    Tue 22 Apr 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFB5B1.tmp"
    Wed 28 May 2008 32,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFB5B5.tmp"
    Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFBFA6.tmp"
    Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC080.tmp"
    Tue 22 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC0B2.tmp"
    Sun 1 Jun 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC0E.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC28.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC3CC.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC56.tmp"
    Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFC68D.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCAE1.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCAF4.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCDE3.tmp"
    Tue 22 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCF1C.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFCF32.tmp"
    Tue 22 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFD21E.tmp"
    Fri 25 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFD2EF.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFD475.tmp"
    Fri 25 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFDC85.tmp"
    Thu 24 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFE514.tmp"
    Fri 25 Apr 2008 131,072 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFE5F8.tmp"
    Mon 21 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFEA9F.tmp"
    Mon 21 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFEC0A.tmp"
    Thu 24 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFF757.tmp"
    Thu 24 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFF76A.tmp"
    Fri 25 Apr 2008 16,384 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFFB77.tmp"
    Mon 21 Apr 2008 311,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFFC2B.tmp"
    Mon 21 Apr 2008 512 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~DFFC40.tmp"
    Sun 20 Apr 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~E7.tmp"
    Thu 24 Apr 2008 37,601,280 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~PST1235.tmp"
    Thu 24 Apr 2008 48,254,976 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\~PST1978.tmp"
    Sun 1 Jun 2008 802 A..H. --- "C:\Documents and Settings\Angelo\Mes documents\eMule Downloads\downloads.bak"
    Fri 25 Apr 2008 170,697,558 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT11.tmp"
    Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT8.tmp"
    Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT7.tmp"
    Tue 27 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1d01f188c8132c12d35c3222b7723a4\BITA.tmp"
    Sun 1 Jun 2008 5 A..H. --- "C:\Documents and Settings\Angelo\Application Data\eMule\config\clients.met.bak"
    Fri 18 Apr 2008 141 A..H. --- "C:\Documents and Settings\Angelo\Application Data\Microsoft\Internet Explorer\brndlog.bak"
    Mon 2 Jun 2008 16,072 A..H. --- "C:\Documents and Settings\Angelo\Application Data\Microsoft\Office\fbc117.tmp"
    Thu 24 Apr 2008 254 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMD14.tmp"
    Wed 23 Apr 2008 242 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMD147.tmp"
    Fri 30 May 2008 2,904 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMD8C.tmp"
    Fri 25 Apr 2008 222 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMDA7.tmp"
    Fri 25 Apr 2008 390 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\IncrediMail\CMDBE.tmp"
    Tue 18 Dec 2007 2,048 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\InstTemp0\userinstall.dll"
    Tue 27 Sep 2005 86,016 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\is-DV2JP.tmp\SecurityUtil.dll"
    Mon 21 Apr 2008 147,456 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\isp35.tmp\_Setup.dll"
    Fri 18 Apr 2008 368,640 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\isp5B.tmp\_Setup.dll"
    Fri 17 Nov 2006 1,556,480 ...H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\SetupX.exe"
    Fri 24 Sep 2004 2,361,579 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\TFRINS\ftpexpert3.exe"
    Sun 5 Jan 2003 1,507,584 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\VIES1220\Ins9xmsi.exe"
    Sun 5 Jan 2003 1,520,896 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\VIES1220\Insntmsi.exe"
    Tue 4 Feb 2003 446,464 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\VIES1220\Setup.exe"
    Sat 20 Jan 2007 492,032 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\{9B64C10A-36F0-4843-B70F-18CA7E2E8514}\ISSetup.dll"
    Wed 17 May 2006 373,680 A..HR --- "C:\Documents and Settings\Angelo\Local Settings\Temp\{9B64C10A-36F0-4843-B70F-18CA7E2E8514}\_Setup.dll"
    Mon 21 Apr 2008 116,688 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\bye40.tmp\Disk1\setup.exe"
    Tue 22 Apr 2008 121,064 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\bye6C.tmp\Disk1\setup.exe"
    Wed 18 Dec 2002 509,984 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\50comupd.exe"
    Fri 10 Nov 2006 598,016 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\AReadyLB_Nero.dll"
    Mon 11 Mar 2002 1,708,856 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\instmsia.exe"
    Mon 11 Mar 2002 1,822,520 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\instmsiw.exe"
    Tue 23 Jan 2001 117,288 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\ShFolder.Exe"
    Mon 27 May 2002 263,848 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\APATCH.DLL"
    Fri 17 Nov 2006 860,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\NeroDelTmp.exe"
    Fri 22 Sep 2006 823,296 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\NiReg.exe"
    Fri 17 Nov 2006 3,334,144 ...H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\NPS.dll"
    Fri 17 Nov 2006 946,176 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\UninstallNero.exe"
    Thu 5 Jan 2006 160,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Setup\unrar.dll"
    Fri 5 Mar 2004 815,104 A..H. --- "C:\Documents and Settings\Angelo\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\FlashPlayerW.dll"
    Fri 5 Mar 2004 757,760 A..H. --- "C:\Documents and Settings\Angelo\Application Data\Macromedia\Dreamweaver MX 2004\Configuration\Flash Player\NPSWF32.dll"
    Fri 30 May 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\34E74534-CFA6-405E-83AB-B5A6EC541A13_data.bak"
    Mon 2 Jun 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\9A4C8EC9-4E87-4DEE-92EB-224F2B6187AB_data.bak"
    Sun 18 May 2008 0 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\A84D2A17-CBD7-4FDD-86B9-92287D9657C9_data.bak"
    Mon 17 Oct 2005 2,600,960 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\BCGCBPRO8002D9B60E3.dll"
    Fri 23 Dec 2005 32,768 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\BCGPOleAcc9B39C142.dll"
    Wed 31 May 2006 1,347,584 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\Drweb323680E0DF.dll"
    Thu 9 Nov 2006 184,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\em2v01DC7D73.dll"
    Thu 9 Nov 2006 184,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\em2v6300DBD6.dll"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus78D63180.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusAF831C96.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus9071448E.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus74C97B78.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus985FC367.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusD6EBAEF5.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusA455ADFC.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusDC8C5D2A.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusE1DA3D0E.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus5C39907C.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus55EBB4A3.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus536CC5AD.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusB1DBFAF0.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus38B07F0B.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplusF33DEC0A.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus5461AF19.DLL"
    Tue 4 May 2004 1,645,320 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\gdiplus5ABC3C3B.DLL"
    Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71u4D1989F2.dll"
    Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71uF18EADFB.dll"
    Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71u12406601.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71109CB9C7.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71249A74F9.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC713F517409.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71461BF8FA.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC7149090881.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC715B49AA52.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC716011AF24.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC716251E7FF.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC718A0B572D.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71AE66EE48.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71CB545924.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71E906F697.dll"
    Wed 19 Mar 2003 1,060,864 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\MFC71F47B49DB.dll"
    Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71uE8BEE4D1.dll"
    Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71u4C5C5DD0.dll"
    Tue 18 Mar 2003 1,047,552 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\mfc71u93490C3B.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp714D58BA94.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7198B02AF4.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7150E1E867.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71346249B2.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7162535DFA.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71EF1A49EE.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71EB0FA0C2.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71BBF6D7CF.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr719D484A5A.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71F4FBCFF4.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71402AC422.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71E0570AA5.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7144B7F012.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71E0BAC39B.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7166D31FF4.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71F02E11D7.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71BB261ECC.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7169869529.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71318C1171.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71F2E0F0EF.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp710E7F954E.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71C138A21F.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp714536764D.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71FC7343DA.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71C50F23DB.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7151207FF7.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp712CF144D3.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7193442B58.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7113A22A6A.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7135AD2B54.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr712E243769.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71EE7C0081.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71CC2005AB.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71D1A5E404.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71F5084597.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr716A7F987A.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71BA5A88D0.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr713C2058C6.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71B4C16822.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7158986D1C.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7177B7CF3F.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp7178516802.dll"
    Wed 19 Mar 2003 499,712 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcp71F525E9F7.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr7103CBFF9A.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71264D7D03.dll"
    Fri 21 Feb 2003 348,160 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\msvcr71FD47894B.dll"
    Fri 4 May 2001 290,869 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\Msvcrt11D4118E.dll"
    Thu 9 Nov 2006 45,568 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\ndvddiscD56CC44A.dll"
    Thu 9 Nov 2006 126,976 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeAcEnc9FC8C58A.dll"
    Thu 9 Nov 2006 135,168 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeEm2a57A96039.dll"
    Thu 9 Nov 2006 135,168 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeEm2a529CBA7F.dll"
    Thu 9 Nov 2006 3,371,008 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroIPP55B9FD4A.dll"
    Thu 9 Nov 2006 3,371,008 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroIPP18F99FA5.dll"
    Thu 9 Nov 2006 1,265,664 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroMediaConD4CB9F82.dll"
    Thu 9 Nov 2006 1,265,664 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroMediaCon041A55CE.dll"
    Thu 16 Nov 2006 81,920 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroRcPluginHauppaugeD1EEA012.dll"
    Thu 16 Nov 2006 81,920 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeroRcPluginAti3935D9B2.dll"
    Fri 27 Oct 2006 34,816 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeRSDB05C2D9D9.dll"
    Thu 9 Nov 2006 323,584 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\NeVcr50E5ADBC.dll"
    Thu 16 Nov 2006 3,375,705 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\SetupNeroMobileUnsignedA8C35C16.exe"
    Fri 27 Oct 2006 94,208 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\TMPVImporterF67588C5.dll"
    Fri 27 Oct 2006 425,984 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\UDFImporter4B649A67.dll"
    Wed 31 May 2006 364,544 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Cab\Tmp\VMPEGEncNDX44D4A2E4.dll"
    Mon 14 Aug 2006 74,520 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\DirectX\DSETUP.dll"
    Mon 14 Aug 2006 2,248,984 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\DirectX\dsetup32.dll"
    Mon 14 Aug 2006 484,632 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\DirectX\dxsetup.exe"
    Sat 19 Apr 2008 54 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{8E7E718E-D9CE-45A6-87F6-EAEEAC89F140}\AddressBook\AddressBook.imb.bak"
    Tue 12 Feb 2008 210,843 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{8E7E718E-D9CE-45A6-87F6-EAEEAC89F140}\EmoticonCenter\emoticons.bak"
    Sat 19 Apr 2008 604 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{8E7E718E-D9CE-45A6-87F6-EAEEAC89F140}\Message Store\Folders.bak"
    Fri 30 May 2008 137,702 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\AddressBook\AddressBook.imb.bak"
    Tue 12 Feb 2008 210,843 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Application Data\IM\Identities\{F962A678-4983-4883-A976-913E0946550D}\EmoticonCenter\emoticons.bak"
    Mon 8 Mar 1999 147,728 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\asycfilt.dll"
    Thu 6 Apr 2000 995,383 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\mfc42.dll"
    Thu 6 Apr 2000 77,878 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\msvcirt.dll"
    Tue 29 Aug 2000 401,462 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\msvcp60.dll"
    Thu 6 Apr 2000 278,581 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\msvcrt.dll"
    Wed 12 Apr 2000 598,288 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\oleaut32.dll"
    Mon 8 Mar 1999 164,112 A..H. --- "C:\Documents and Settings\Angelo\Local Settings\Temp\NeroDemo11545\Redist\MS\System\olepro32.dll"

    Finished!

    puis un nouveu log HijackThis>>>>

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:37: VIRUS ALERT!, on 03/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\V0350Mon.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Creative\News\NewsUpd.EXE
    C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Orange\Launcher\Launcher.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\INCRED~1\bin\ImApp.exe
    C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C:\Program Files\Orange\Deskboard\deskboard.exe
    C:\Program Files\Orange\connectivity\connectivitymanager.exe
    C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
    O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
    O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
    O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [70dd8309] rundll32.exe "C:\WINDOWS\system32\scbqyxlq.dll",b
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [16899942494817479532891503971405] C:\Program Files\XP Antivirus\xpa.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.orange.fr
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CT...
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 11213 bytes
    4 Juin 2008 13:17:52

    re bonjour
    suit a l aide de Sham_Rock mon probleme a l aire de s etre un peu calmer
    car de puis
    plus de message d alert intempestif ni de popup me demandant d acheter des antivirus !!!!!

    mais
    je ne peut toujour pas faire de mise a jour windos et g toujour le petit message a droite de l horloge 13:36: VIRUS ALERT!

    ci quelqu un a une solution je suis preneur

    encore merci pour votre aide futur :hello: 

    4 Juin 2008 14:44:50

    bonjour
    j'ai bien dit que tu étais multi infecté... :) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    4 Juin 2008 15:25:21

    bonjour
    voici le raport de Malwarebytes' Anti-Malware 1.14


    Malwarebytes' Anti-Malware 1.14
    Database version: 821

    15:22:40 04/06/2008
    mbam-log-6-4-2008 (15-22-40).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 91703
    Time elapsed: 17 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 8
    Registry Values Infected: 2
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 11

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\xxywULcC.dll (Trojan.Vundo) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{713bf591-b901-41fb-a39d-599ee61c9564} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{713bf591-b901-41fb-a39d-599ee61c9564} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70dd8309 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{10b5e5c2-8901-4e3c-bf61-ac6e11039292} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywulcc -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\xxywULcC.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\qxiiglya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Angelo\Local Settings\Temporary Internet Files\Content.IE5\TJME5ZHH\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0000018.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0000021.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0003014.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0003018.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007121.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Angelo\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
    4 Juin 2008 23:31:44

    re

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    5 Juin 2008 21:39:04

    bon soire desoler pour le retard

    voici les raport

    ComboFix 08-06-04.3 - Angelo 2008-06-05 21:25:53.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1398 [GMT 2:00]
    Endroit: C:\Documents and Settings\Angelo\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Favoris\Online Security Test.url
    C:\Documents and Settings\Angelo\ResErrors.log
    C:\WINDOWS\system32\aylgiixq.ini
    C:\WINDOWS\system32\CcLUwyxx.ini
    C:\WINDOWS\system32\CcLUwyxx.ini2
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\oaircuoy.dll
    C:\WINDOWS\system32\qlxyqbcs.ini
    C:\WINDOWS\system32\youcriao.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-05 09:32 . 2008-06-05 21:25 <REP> d-------- C:\327882R2FWJFW
    2008-06-05 09:32 . 2008-06-05 09:32 400,896 --a------ C:\WINDOWS\system32\CF28365.exe
    2008-06-04 15:48 . 2008-06-04 17:52 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-06-04 15:03 . 2008-06-04 15:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-06-04 14:59 . 2008-06-04 14:59 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-04 14:59 . 2008-06-04 14:59 <REP> d-------- C:\Documents and Settings\Angelo\Application Data\Malwarebytes
    2008-06-04 14:59 . 2008-06-04 14:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-04 14:59 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-04 14:59 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-04 12:22 . 2008-06-04 12:22 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-06-04 12:22 . 2008-06-04 12:22 0 --a------ C:\dump_dvd.vob
    2008-06-03 18:56 . 2008-06-03 18:56 <REP> d-------- C:\WINDOWS\ERUNT
    2008-06-03 18:52 . 2008-06-03 23:19 <REP> d-------- C:\SDFix
    2008-06-03 11:48 . 2008-06-05 12:48 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2008-06-03 11:02 . 2008-06-03 11:25 4,554 --a------ C:\WINDOWS\system32\tmp.reg
    2008-06-03 10:43 . 2008-06-03 10:43 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-03 03:07 . 2008-06-03 03:07 <REP> d-------- C:\Program Files\Lavasoft
    2008-06-03 03:07 . 2008-06-03 03:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-06-03 03:05 . 2008-06-04 00:16 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-06-03 03:01 . 2008-06-03 03:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-06-03 00:00 . 2004-08-05 14:00 452,037 -ra------ C:\txtsetup.sif
    2008-06-03 00:00 . 2004-08-05 14:00 263,488 -ra------ C:\$LDR$
    2008-06-02 23:58 . 2008-06-02 23:58 <REP> d--hs---- C:\AntivirusFiable
    2008-06-02 23:57 . 2008-06-02 23:57 <REP> d-------- C:\Documents and Settings\Angelo\Application Data\AntivirusFiable
    2008-06-02 23:36 . 2008-06-03 10:57 0 --a------ C:\WINDOWS\system32\ieupdates.exe.tmp
    2008-06-02 21:49 . 2008-06-02 21:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Bitdefender
    2008-06-02 21:18 . 2008-06-02 18:46 94,208 --a------ C:\WINDOWS\ekaf.exe
    2008-06-02 00:45 . 2008-06-02 00:45 <REP> d-------- C:\Program Files\Google
    2008-06-02 00:45 . 2008-06-05 09:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-05-27 17:57 . 2008-05-27 17:57 <REP> d-------- C:\Documents and Settings\Angelo\Application Data\Bitdefender
    2008-05-27 17:43 . 2008-05-27 17:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
    2008-05-27 12:52 . 2008-05-27 12:53 <REP> d-------- C:\Program Files\EPSON
    2008-05-27 12:52 . 2004-11-25 07:07 79,679 --a------ C:\WINDOWS\system32\E_FLMAEE.DLL
    2008-05-27 12:52 . 2003-05-21 04:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBAEE.DLL
    2008-05-27 12:52 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2008-05-27 12:52 . 2000-06-07 03:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHAEE.DLL
    2008-05-27 12:50 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-05-27 12:50 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-05 19:31 --------- d-----w C:\Program Files\FlashGet
    2008-06-02 19:01 --------- d-----w C:\Program Files\CopyRightLeft
    2008-06-01 21:02 --------- d-----w C:\Program Files\eMule
    2008-05-27 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-27 18:16 --------- d-----w C:\Program Files\MSN Pictures Displayer
    2008-05-27 15:43 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
    2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
    2008-04-25 17:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-04-25 17:08 --------- d-----w C:\Program Files\Yahoo!
    2008-04-25 11:12 --------- d-----w C:\Documents and Settings\Angelo\Application Data\Ahead
    2008-04-25 07:38 --------- d-----w C:\Program Files\Creative
    2008-04-24 09:23 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-04-23 01:00 --------- d-----w C:\Program Files\MSXML 4.0
    2008-04-22 21:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-04-22 16:46 --------- d-----w C:\Program Files\Enigma Software Group
    2008-04-22 15:30 --------- d-----w C:\Program Files\RegCleaner
    2008-04-22 11:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-22 11:51 --------- d-----w C:\Program Files\LG Electronics
    2008-04-22 11:51 --------- d-----w C:\Documents and Settings\Angelo\Application Data\LGSync
    2008-04-22 11:39 --------- d-----w C:\Program Files\LGE GSM PC Sync
    2008-04-22 09:16 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-04-22 09:12 --------- d-----w C:\Program Files\Nero
    2008-04-22 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-21 22:51 --------- d-----w C:\Program Files\illiminable
    2008-04-21 22:51 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
    2008-04-21 22:51 --------- d-----w C:\Program Files\Fichiers communs\Droppix
    2008-04-21 22:51 --------- d-----w C:\Documents and Settings\Angelo\Application Data\Droppix
    2008-04-21 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
    2008-04-21 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Droppix
    2008-04-21 22:50 --------- d-----w C:\Program Files\Droppix
    2008-04-21 22:44 --------- d-----w C:\Documents and Settings\Angelo\Application Data\DivX
    2008-04-21 22:41 --------- d-----w C:\Program Files\Free Easy Burner
    2008-04-21 22:30 --------- d-----w C:\Documents and Settings\Angelo\Application Data\eMule
    2008-04-21 22:29 --------- d-----w C:\Program Files\DivX
    2008-04-21 21:18 --------- d-----w C:\Program Files\SAMSUNG
    2008-04-21 20:48 --------- d-----w C:\Program Files\Sonic
    2008-04-21 20:48 --------- d-----w C:\Program Files\Fichiers communs\Sonic
    2008-04-21 20:48 --------- d-----w C:\Documents and Settings\Angelo\Application Data\Sonic
    2008-04-21 20:44 --------- d-----w C:\Program Files\ArcSoft
    2008-04-21 19:55 --------- d-----w C:\Program Files\Lavalys
    2008-04-21 19:09 --------- d-----w C:\Documents and Settings\Angelo\Application Data\MSN Pictures Displayer
    2008-04-21 17:16 --------- d-----w C:\Program Files\MSBuild
    2008-04-21 17:16 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-21 17:15 --------- d-----w C:\Program Files\Microsoft.NET
    2008-04-21 17:13 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-04-21 15:34 --------- d-----w C:\Program Files\VirginMega
    2008-04-21 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    2008-04-21 14:34 --------- d-----w C:\Program Files\Orange
    2008-04-21 14:32 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
    2008-04-21 14:29 --------- d-----w C:\Program Files\SAGEM
    2008-04-21 14:29 --------- d-----w C:\Documents and Settings\Angelo\Application Data\InstallShield
    2008-04-21 14:28 --------- d-----w C:\Program Files\Securitoo
    2008-04-21 14:21 --------- d-----w C:\Program Files\Wanadoo
    2008-04-21 14:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-04-21 01:00 --------- d-----w C:\Program Files\Windows Live
    2008-04-20 18:14 --------- d-----w C:\Program Files\JAlbumWin
    2008-04-20 17:44 --------- d-----w C:\Documents and Settings\Angelo\Application Data\ACD Systems
    2008-04-20 17:42 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
    2008-04-20 17:42 --------- d-----w C:\Program Files\ACD Systems
    2008-04-20 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
    2008-04-19 22:37 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
    2008-04-19 22:36 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-19 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-19 21:29 --------- d-----w C:\Documents and Settings\Angelo\Application Data\vlc
    2008-04-19 21:26 --------- d-----w C:\Program Files\IncrediMail
    2008-04-19 21:25 --------- d-----w C:\Program Files\VideoLAN
    2008-04-19 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
    2008-04-19 21:11 --------- d-----w C:\Program Files\Macromedia
    2008-04-19 21:11 --------- d-----w C:\Program Files\Fichiers communs\Macromedia Shared
    2008-04-19 21:11 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
    2008-04-19 21:08 --------- d-----w C:\Documents and Settings\Angelo\Application Data\Visicom Media
    2008-04-19 21:07 --------- d-----w C:\Program Files\Visicom Media
    2008-04-19 20:19 --------- d-----w C:\Program Files\Softwin
    2008-04-19 12:08 --------- d-----w C:\Program Files\MSXML 6.0
    2008-04-19 10:09 --------- d-----w C:\Program Files\Futuremark
    2008-04-19 09:57 --------- d-----w C:\Program Files\Reference Assemblies
    2008-04-19 09:56 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-18 16:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-04-18 16:48 --------- d-----w C:\Documents and Settings\Angelo\Application Data\ma-config.com
    2008-04-18 16:44 9,715,200 ----a-w C:\WINDOWS\RTLCPL.exe
    2008-04-18 16:44 86,016 ----a-w C:\WINDOWS\SoundMan.exe
    2008-04-18 16:44 69,632 ----a-w C:\WINDOWS\Alcmtr.exe
    2008-04-18 16:44 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
    2008-04-18 16:44 4,630,016 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2008-04-18 16:44 2,808,832 ----a-w C:\WINDOWS\alcwzrd.exe
    2008-04-18 16:44 2,165,760 ----a-w C:\WINDOWS\MicCal.exe
    2008-04-18 16:44 16,858,112 ----a-w C:\WINDOWS\RTHDCPL.exe
    2008-04-18 16:44 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
    2008-04-18 16:44 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
    2008-04-18 16:44 --------- d-----w C:\Program Files\Realtek
    2008-04-18 16:30 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-04-18 15:39 9,216 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
    2008-04-18 15:39 52,736 ----a-w C:\WINDOWS\system32\drivers\ViPrt.sys
    2008-04-18 15:39 16,896 ----a-w C:\WINDOWS\system32\drivers\ViBus.sys
    2008-04-18 15:39 --------- d-----w C:\Program Files\VIA
    2008-04-18 15:32 --------- d-----w C:\Program Files\ma-config.com
    2008-04-18 14:51 --------- d-----w C:\Program Files\microsoft frontpage
    2008-04-18 14:48 --------- d-----w C:\Program Files\Services en ligne
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-02 00:45 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2008-01-24 12:32 2289664]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-11-19 13:49 214456]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04 139264]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "V0350Mon.exe"="C:\WINDOWS\V0350Mon.exe" [2007-03-28 19:01 32768]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
    "StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01 155648]
    "P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "NewsUpd"="C:\Program Files\Creative\News\NewsUpd.exe" [2000-03-23 02:00 39936]
    "EPSON Stylus DX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.exe" [2005-03-08 06:00 98304]
    "Détecteur de disque"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [1999-08-30 01:55 189952]
    "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
    "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-05-12 09:02 1961104]
    "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
    "Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-01-04 17:33 684118]
    "Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 10:10 2007088]
    "Easy PDF Creator"="C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
    "VIDC.ACDV"= ACDV.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\veF05.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\V0350Cvw.dll]
    --a------ 2004-08-05 14:00 12288 C:\WINDOWS\system32\RegSvr32.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\FlashGet\\FlashGet.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=

    R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2008-04-18 17:39]
    R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2008-04-18 17:39]
    R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2008-04-18 17:39]
    S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe" [2008-02-01 16:12]
    S3 VF0350Afx;VF0350 Audio FX;C:\WINDOWS\system32\Drivers\V0350Afx.sys [2007-04-01 19:01]
    S3 VF0350Vfx;VF0350 Video FX;C:\WINDOWS\system32\DRIVERS\V0350VFx.sys [2007-03-05 12:45]
    S3 VF0350Vid;Live! Cam Video IM (VF0350);C:\WINDOWS\system32\DRIVERS\V0350Vid.sys [2007-04-22 19:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f48aea5-11d4-11dd-a09e-00138f7628bd}]
    \Shell\AutoRun\command - 1.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-05 21:30:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Messenger\msmsgs.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-05 21:34:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-05 19:34:36

    Pre-Run: 180,553,342,976 octets libres
    Post-Run: 181,537,222,656 octets libres

    273 --- E O F --- 2008-05-28 19:31:02




    puis a nouveua un HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:35:54, on 05/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\V0350Mon.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Creative\News\NewsUpd.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
    O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
    O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
    O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0....
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CT...
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Droppix Service - Droppix - C:\Program Files\Fichiers communs\Droppix\DxService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    O24 - Desktop Component 0: Privacy Protection - (no file)

    --
    End of file - 10847 bytes





    5 Juin 2008 22:05:15

    re

    ~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O24 - Desktop Component 0: Privacy Protection - (no file)

    Clique sur Fix checked (en bas à gauche)


    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\327882R2FWJFW
    C:\WINDOWS\system32\CF28365.exe
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\ieupdates.exe.tmp
    C:\WINDOWS\ekaf.exe
    C:\AntivirusFiable
    C:\Documents and Settings\Angelo\Application Data\AntivirusFiable


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur MoveIt![/#f]

    [#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.

    Accepte en cliquant sur YES.

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log



    5 Juin 2008 22:28:31

    re



    C:\327882R2FWJFW moved successfully.
    C:\WINDOWS\system32\CF28365.exe moved successfully.
    C:\WINDOWS\system32\tmp.reg moved successfully.
    C:\WINDOWS\system32\ieupdates.exe.tmp moved successfully.
    C:\WINDOWS\ekaf.exe moved successfully.
    C:\AntivirusFiable\AVQuar moved successfully.
    C:\AntivirusFiable moved successfully.
    C:\Documents and Settings\Angelo\Application Data\AntivirusFiable\Logs moved successfully.
    C:\Documents and Settings\Angelo\Application Data\AntivirusFiable moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_221702
    6 Juin 2008 18:28:35

    re

    supprime:
    C:\_OTMoveIt
    C:\Qoobox

    vide ta corbeille

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://webscanner.kaspersky.fr/

    ~ Clique sur Online Scanner.
    ~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

    ~Sélectionne le poste de travail comme analyse.

    ~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

    Tuto du scan en ligne
    6 Juin 2008 23:05:01

    re bonsoir

    voici le raport de KASPERSKY ON-LINE

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Friday, June 06, 2008 11:01:40 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 6/06/2008
    Enregistrements dans la base antivirus Kaspersky : 741994
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: faux
    Analyser les bases de messagerie: faux

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Statistiques de l'analyse:
    Total d'objets analysés: 60299
    Nombre de virus trouvés: 5
    Nombre d'objets infectés: 28 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 00:21:42

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Application Data\Ahead\Nero Home\bl.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Application Data\Ahead\Nero Home\is2.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Historique\History.IE5\MSHist012008060620080607\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Temp\~DF1825.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Temp\~DFAFF8.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Angelo\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0002017.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0002018.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0004011.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0004012.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005011.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005012.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005013.dll Infecté : Trojan.Win32.Vapsup.gcc ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005014.dll Infecté : Trojan.Win32.Vapsup.gcc ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005015.dll Infecté : Trojan.Win32.Vapsup.gbo ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005016.dll Infecté : Trojan.Win32.Vapsup.gcc ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005017.exe Infecté : Trojan.Win32.Vapsup.gcc ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005020.exe Infecté : Trojan-Downloader.Win32.FraudLoad.gen ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005032.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005033.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005053.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005054.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005067.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005068.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005085.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005087.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0005093.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0006094.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0006095.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007094.sys Infecté : Trojan-Downloader.Win32.Mutant.adi ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007095.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007115.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP2\A0007122.exe Infecté : Trojan.Win32.Buzus.fit ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP7\A0009671.exe Infecté : Trojan.Win32.Vapsup.gcc ignoré
    C:\System Volume Information\_restore{16139789-EC94-4865-9205-96DBB834ED40}\RP7\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\bdss.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\a2cache_1E003AB0.dat L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\tmp000017bb\tmp00000000 L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    Analyse terminée.



    encore merci de votre aide


    7 Juin 2008 23:52:01

    bonsoir

    ~Désactive puis réactive la restauration en suivant ce tuto:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
    Il faudra désactiver la restauration, redémarrer l'ordinateur et réactiver aussitôt la restauration.

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS