SDFix: Version 1.156

Run by Alexandre on sam. 22/03/2008 at 13:32

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ALEXAN~1\Bureau\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\real.txt - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 13:36:59
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

C:\DOCUMENTS AND SETTINGS\TEST\LOCAL SETTINGS\TEMP\SERVICES.EXE [1396] 0x82027020

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iMesh\\Client\\iMeshClient.exe"="C:\\Program Files\\iMesh\\Client\\iMeshClient.exe:*:Enabled:iMesh"
"C:\\Documents and Settings\\Isabelle\\Bureau\\RGateLXP.exe"="C:\\Documents and Settings\\Isabelle\\Bureau\\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Disabled:Lecteur Windows Media"
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Program Files\\Caplio Software\\RGateLXP.exe"="C:\\Program Files\\Caplio Software\\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC"
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"="C:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"="C:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\\Program Files\\StreamCast\\Morpheus\\MorphEXE.exe"="C:\\Program Files\\StreamCast\\Morpheus\\MorphEXE.exe:*:Enabled:Morpheus"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Program Files\\Ubisoft\\Blue Byte\\THE SETTLERS - L'H‚ritage des Rois\\bin\\settlershok.exe"="C:\\Program Files\\Ubisoft\\Blue Byte\\THE SETTLERS - L'H‚ritage des Rois\\bin\\settlershok.exe:*:Enabled:THE SETTLERS - Heritage of Kings"
"C:\\Program Files\\Gnutella\\Gnutella.exe"="C:\\Program Files\\Gnutella\\Gnutella.exe:*:Enabled:Gnutella"
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"="C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe:*:Enabled:CmCenter Module"
"C:\\Program Files\\JoWooD\\Far West\\Bin\\win32\\farwest.exe"="C:\\Program Files\\JoWooD\\Far West\\Bin\\win32\\farwest.exe:*:Enabled:farwest"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Documents and Settings\\Propri‚taire\\Bureau\\Morpheus\\Morpheus.exe"="C:\\Documents and Settings\\Propri‚taire\\Bureau\\Morpheus\\Morpheus.exe:*:Disabled:Morpheus"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"="C:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe:*:Enabled:ImperialGlory"
"C:\\Documents and Settings\\Alexandre\\Mes documents\\Dossiers inutiles\\My Games\\A\\R\\A\\S\\Lemoncast\\lemoncast.exe"="C:\\Documents and Settings\\Alexandre\\Mes documents\\Dossiers inutiles\\My Games\\A\\R\\A\\S\\Lemoncast\\lemoncast.exe:*:Enabled:OneClick"
"C:\\rome TW\\RomeTW.exe"="C:\\rome TW\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX04.063\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX04.063\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.609\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.609\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.703\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.703\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.328\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.328\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.391\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.391\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.406\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.406\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.281\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.281\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX46.390\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX46.390\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.281\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.281\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\MessengerDiscovery\\Loader.exe"="C:\\Program Files\\MessengerDiscovery\\Loader.exe:*:Enabled:Loader"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"D:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="D:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Enabled:Zapu Control"
"SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List"="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List:*:enabled:@shell32.dll,-1"
"D:\\Medieval TW II\\medieval2.exe"="D:\\Medieval TW II\\medieval2.exe:*:Enabled:Medieval 2: Total War"
"C:\\Program Files\\Sierra Entertainment\\Empire Earth III Public Demo\\EE3.exe"="C:\\Program Files\\Sierra Entertainment\\Empire Earth III Public Demo\\EE3.exe:*:Enabled:Empire Earth III Public Demo"
"D:\\Sierra\\Empire Earth\\Empire Earth.exe"="D:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
@=""
"C:\\DOCUME~1\\test\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\test\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\ALEXAN~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 15 Jun 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 24 Nov 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
Mon 3 Dec 2007 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti18.tmp"
Tue 19 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 28 Oct 2007 20,233,232 A..H. --- "C:\Documents and Settings\Propri‚taire\Local Settings\Temp\BIT2.tmp"
Thu 2 Mar 2006 401 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Tue 15 Jun 2004 4,348 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Tue 16 Aug 2005 488 A.SH. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sat 1 Dec 2007 857 ...H. --- "C:\Documents and Settings\Alexandre\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Premium Security Suite
Report file date: mardi 25 mars 2008 12:00

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Demo Version
Serial number:
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ORDI

Version information:
BUILD.DAT : 168 23343 Bytes 19/09/2007 13:52:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:56
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:14
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.32 2875432 Bytes 16/08/2007 13:13:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 13:23:28
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\Avira Premium Security Suite\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 25 mars 2008 13:16

The scan of running processes will be started
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'medieval2.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'WMPNETWK.EXE' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AVESVC.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'HPGS2WNF.EXE' - '1' Module(s) have been scanned
Scan process 'WMPNSCFG.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'HPGS2WND.EXE' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'SYMLCSVC.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\test\Local Settings\Temp\services.exe
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!


End of the scan: mardi 25 mars 2008 14:18
Used time: 2:18:37 min

The scan has been done completely.

11037 Scanning directories
263800 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
263800 Files not concerned
2218 Archives were scanned
3 Warnings
0 Notes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:08, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\hpgs2wnd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lesroyaumes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
R3 - URLSearchHook: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll (file missing)
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\test\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll (file missing)
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbSha1.dll
O3 - Toolbar: Online TV Toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl1.dll (file missing)
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [carpediem] C:\Documents and Settings\Alexandre\Mes documents\Dossiers inutiles\My Games\A\R\A\s\Lemoncast\lemoncast.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SDFix] D:\PROGRA~1\SDFix\RunThis.bat /second
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-776561741-412668190-725345543-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User 'Propriétaire')
O4 - HKUS\S-1-5-21-776561741-412668190-725345543-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Propriétaire')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Personal Player.lnk = C:\Program Files\Web Hottest Videos Personal Player\Adobe Photoshop CS2 v9.0 FR Officielle Incl-Crack et Keygen Web hottest videos personal player.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add a new emoticon - C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX01.281\MessengerMixLive_1.1\MessengerMixLive_1.1\MixCE.htm
O8 - Extra context menu item: Set as My Display Picture - C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX01.281\MessengerMixLive_1.1\MessengerMixLive_1.1\MixDP.htm
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://wanwanhouse.homeip.net/kxhcm10.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/m(...)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (OD2 Music Manager) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E4E6BC4-D8DD-416C-96EF-E36F8594E216}: NameServer = 195.238.2.21 195.238.2.22
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Intel Corporation - (no file)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 16807 bytes

SDFix: Version 1.156

Run by Alexandre on lun. 31/03/2008 at 15:43

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ALEXAN~1\Bureau\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\real.txt - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 15:47:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

C:\DOCUMENTS AND SETTINGS\TEST\LOCAL SETTINGS\TEMP\SERVICES.EXE [1400] 0x81EF57A8

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iMesh\\Client\\iMeshClient.exe"="C:\\Program Files\\iMesh\\Client\\iMeshClient.exe:*:Enabled:iMesh"
"C:\\Documents and Settings\\Isabelle\\Bureau\\RGateLXP.exe"="C:\\Documents and Settings\\Isabelle\\Bureau\\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Disabled:Lecteur Windows Media"
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe"="C:\\Program Files\\iMesh\\iMesh5\\iMesh.exe:*:Enabled:iMesh 5"
"C:\\Program Files\\Caplio Software\\RGateLXP.exe"="C:\\Program Files\\Caplio Software\\RGateLXP.exe:*:Enabled:RICOH Gate La for DSC"
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"="C:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"="C:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\\Program Files\\StreamCast\\Morpheus\\MorphEXE.exe"="C:\\Program Files\\StreamCast\\Morpheus\\MorphEXE.exe:*:Enabled:Morpheus"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Program Files\\Ubisoft\\Blue Byte\\THE SETTLERS - L'H‚ritage des Rois\\bin\\settlershok.exe"="C:\\Program Files\\Ubisoft\\Blue Byte\\THE SETTLERS - L'H‚ritage des Rois\\bin\\settlershok.exe:*:Enabled:THE SETTLERS - Heritage of Kings"
"C:\\Program Files\\Gnutella\\Gnutella.exe"="C:\\Program Files\\Gnutella\\Gnutella.exe:*:Enabled:Gnutella"
"C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe"="C:\\Program Files\\InstantTouch\\bin\\CmCenterV2.exe:*:Enabled:CmCenter Module"
"C:\\Program Files\\JoWooD\\Far West\\Bin\\win32\\farwest.exe"="C:\\Program Files\\JoWooD\\Far West\\Bin\\win32\\farwest.exe:*:Enabled:farwest"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Documents and Settings\\Propri‚taire\\Bureau\\Morpheus\\Morpheus.exe"="C:\\Documents and Settings\\Propri‚taire\\Bureau\\Morpheus\\Morpheus.exe:*:Disabled:Morpheus"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"="C:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe:*:Enabled:ImperialGlory"
"C:\\Documents and Settings\\Alexandre\\Mes documents\\Dossiers inutiles\\My Games\\A\\R\\A\\S\\Lemoncast\\lemoncast.exe"="C:\\Documents and Settings\\Alexandre\\Mes documents\\Dossiers inutiles\\My Games\\A\\R\\A\\S\\Lemoncast\\lemoncast.exe:*:Enabled:OneClick"
"C:\\rome TW\\RomeTW.exe"="C:\\rome TW\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX04.063\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX04.063\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.609\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.609\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.703\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.703\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.328\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.328\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.391\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.391\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.406\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.406\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.281\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX01.281\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX46.390\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX46.390\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.281\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temp\\Rar$EX00.281\\MessengerMixLive_1.1\\MessengerMixLive_1.1\\MsgMixLive.exe:*:Enabled:Messenger M!X Live the MSN Messenger/WLM Add-on"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\MessengerDiscovery\\Loader.exe"="C:\\Program Files\\MessengerDiscovery\\Loader.exe:*:Enabled:Loader"
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"D:\\Program Files\\Zapu\\Zapu\\wDivi.exe"="D:\\Program Files\\Zapu\\Zapu\\wDivi.exe:*:Enabled:Zapu Control"
"SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List"="SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List:*:enabled:@shell32.dll,-1"
"D:\\Medieval TW II\\medieval2.exe"="D:\\Medieval TW II\\medieval2.exe:*:Enabled:Medieval 2: Total War"
"C:\\Program Files\\Sierra Entertainment\\Empire Earth III Public Demo\\EE3.exe"="C:\\Program Files\\Sierra Entertainment\\Empire Earth III Public Demo\\EE3.exe:*:Enabled:Empire Earth III Public Demo"
"D:\\Sierra\\Empire Earth\\Empire Earth.exe"="D:\\Sierra\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
@=""
"C:\\DOCUME~1\\test\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\test\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\Alexandre\\Local Settings\\Temporary Internet Files\\Content.IE5\\6JTHJGBV\\utorrent[1].exe"="C:\\Documents and Settings\\Alexandre\\Local Settings\\Temporary Internet Files\\Content.IE5\\6JTHJGBV\\utorrent[1].exe:*:Enabled:æTorrent"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\System32\\PnkBstrA.exe"="C:\\WINDOWS\\System32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\System32\\PnkBstrB.exe"="C:\\WINDOWS\\System32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"="C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\ALEXAN~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 15 Jun 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 24 Nov 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
Mon 3 Dec 2007 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti18.tmp"
Tue 19 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 28 Oct 2007 20,233,232 A..H. --- "C:\Documents and Settings\Propri‚taire\Local Settings\Temp\BIT2.tmp"
Thu 2 Mar 2006 401 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Tue 15 Jun 2004 4,348 ...H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Tue 16 Aug 2005 488 A.SH. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sun 30 Mar 2008 1,301 ...HR --- "C:\Documents and Settings\Alexandre\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\WERede6.dir00\Mini033108-01.dmp
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\WERede6.dir00\sysdata.xml

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, April 09, 2008 9:29:03 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 9/04/2008
Enregistrements dans la base antivirus Kaspersky : 621625
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\

Statistiques de l'analyse:
Total d'objets analysés: 149976
Nombre de virus trouvés: 5
Nombre d'objets infectés: 7 / 0
Nombre d'objets suspects: 2
Durée de l'analyse: 01:25:21

Nom de l'objet infecté / Nom du virus / Dernière action
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edbtmp.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\DefaultWsdlHelpGenerator.aspx Infecté : Worm.Win32.Mefir.p ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\CyberLink\PowerDVD\iPower\start.htm.tmp Infecté : Worm.Win32.Mefir.p ignoré
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RasDialer.zip/Free-Internet_By_Tuttogratis.exe Suspect : Password-protected-EXE ignoré
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RasDialer.zip ZIP: suspect - 1 ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Alexandre\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Alexandre\Local Settings\Historique\History.IE5\MSHist012008040920080410\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Alexandre\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Alexandre\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Alexandre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Alexandre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Alexandre\Bureau\bo\sniffpass.zip/SniffPass.exe Infecté : Sniffer.Win32.Agent.f ignoré
C:\Documents and Settings\Alexandre\Bureau\bo\sniffpass.zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\Alexandre\Bureau\Zik\Linkin Park - Somewhere I Belong (1).mp3 L'objet est verrouillé ignoré
C:\Documents and Settings\Alexandre\Bureau\Raccourcis Bureau non utilisés\californi.exe/caiforni.exe Infecté : not-virus:BadJoke.Win16.Aloap ignoré
C:\Documents and Settings\Alexandre\Bureau\Raccourcis Bureau non utilisés\californi.exe RAR: infecté - 1 ignoré
C:\Documents and Settings\Alexandre\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Alexandre\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\test\Local Settings\Temp\services.exe L'objet est verrouillé ignoré
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll L'objet est verrouillé ignoré
C:\System Volume Information\_restore{19090A55-35B6-47E7-93DA-114C14D4AC5B}\RP11\change.log L'objet est verrouillé ignoré
D:\Documents and Settings\Alexandre\Mes documents\LimeWire\Saved\same mistake james blunt.mp3 Infecté : Trojan-Downloader.WMA.Wimad.n ignoré

Analyse terminée.